...
Disabling the autostart of the DHCP Client service (assuming unnecessary if fixed IP addresses are used)
...
Disabling the autostart of the "IKE and AuthIP IPsec Keying Modules" service (unnecessary if VPN connections are not made from the computer).
sc config "IKEEXT" start= disabled
Disabling the autostart of the "IPsec Policy Agent" service (unnecessary if VPN connections are not made from the computer).
sc config "PolicyAgent" start= disabled
...
powershell -command "Get-SmbServerConfiguration | Select EnableSMB1Protocol"
powershell -command "Set-SmbServerConfiguration -EnableSMB1Protocol $false"
powershell -command "Get-SmbServerConfiguration | Select EnableSMB2Protocol"
powershell -command "Set-SmbServerConfiguration -EnableSMB2Protocol $true"
| Kotva | ||||
|---|---|---|---|---|
|
- We recommend enabling encryption of D2000 inter-process communication.
- We recommend using the D2000 Security Access Server for client access from external networks.
- We recommend using SFTP instead of FTP in the update mechanism for D2000 client installations (D2u_*).
- If some system processes (e.g. OPC UA Server, KOM process, Event Handler) are in a separate network with a lower security level, it is possible to configure a reverse connection (D2000 Server connects to the respective process).
- For encrypted communication, we recommend using certificates issued by a well-known certification authority (internal or external), whose authenticity can be unequivocally verified and which provide a sufficient guarantee of their origin. The recommendation applies to services such as Terminal Services, HTTPS, and others.
...