Windows 2012 Template / Hardening for Vmware Guest

Hello,

Is any body has any document for creating Windows 2012 template / best practice for Vmware guest OS?
LVL 22
Haresh NikumbhSr. Tech leadAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
in fact, it should be hardening of Win2012 guest as it is or even stripping it into server core state and also hardening of VMware ESXi/ESX/vSphere collectively. there are already established guide for each independent based on even standards/practices from NIST and CIS  
Another good start which I do advocate is check the principal recommendations such as

>Server Hardening - Windows Server 2012, you should check out microsoft security compliance mgr for the gpo template http://technet.microsoft.com/en-us/security/jj720323.aspx

>VMware Security Hardening Guides, also can catch this blog on some sample script to automate https://www.vmware.com/support/support-resources/hardening-guides.html

As a whole, probably the below tips can form a summary checklist for collective check (include Guest OS)
http://windowsitpro.com/windows/15-tips-vmware-security
Tip 1: Isolate the Host Network
Tip 2: Use the Host Machine Only for Your Virtual Infrastructure
Tip 3: Secure Remote Access Consoles
Tip 4: Limit Local Logons on Host
Tip 5: Encrypt Virtual Drives
Tip 6: Encrypt VM Backups
Tip 7: Set a User Context
Tip 8: Use Hardened Guest OS Templates
Tip 9: Turn off Host and Guest Interaction
Tip 10: Take Sensitive VMs Offline
Tip 11: Use Startup Passwords
Tip 12: Disable Scripting in the Guest OSs
Tip 13: Remove or Disconnect Devices
Tip 14: Always Log Off a VM Session
Tip 15: Update Written Security Polices to Include VMs
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Aaron TomoskySD-WAN SimplifiedCommented:
For general template creation stuff, I use most of this (not the def profile copy as sysprep does that for you if you do it right)
http://notesfrommwhite.net/2014/07/20/how-to-build-a-windows-2012-r2-vmware-template/
0
btanExec ConsultantCommented:
Good to take note besides the hardening on the independent OS and ESX is from VMWare hardening guide pdf
By capturing a hardened base operating system image (with no applications installed) in a template, you can ensure that all your virtual machines are created with a known baseline level of security. You can then use this template to create other, application-specific, templates or use the application template to deployvirtual machines

Provide templates for virtual machine creation that contain hardened, patched and properly configured OS deployments. If possible, predeploy applications in templates as well, although care should be taken that the application doesn’t depend upon virtual machine–specific information to be deployed. In vSphere, you can convert a template to a virtual machine and back again quickly, which makes updating templates quite easy. VMware Update Manager also provides the ability to automatically patch the operating system and certain applications in a template, thereby ensuring that they remain up to date.
Another consideration that you may be interested is whether to do it at the template-level or configuration-level. This is depends how you plan to use the application in your organization.  
E.g. Users create configurations from templates so the template approach work;
E.g. Users check out fully-built "gold masters" from library most of (if not all) the time so using templates is less prefer
Also for cloning, it is prefer for configuration cloning (and the Library and sharing), and not at the template level.
0
Haresh NikumbhSr. Tech leadAuthor Commented:
Thanks
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.