To improve Windows Server I suggest you ...

Windows Firewall should block all communication until core windows services are 100% available

Currently,automating a windows deployment causes undo complexity as a server will being responding to commands on boot regardless of if internal systems are completely available. The biggest culprit to this is WinRM, as it will answer and even allow authentication despite the host OS still being in a boot state. For example, I can tell Ansible to poll windows WinRM 5985 while it reboots, but it will open ports and allow authentication _during the boot screen_ even though the OS hasn't finished init, and thus when any followup commands are guaranteed to fail (even something as benign as gathering the hostname).

A simple fix would be a delayed enabling of firewall rules (even if the rule was to disable the firewall) so that the OS can ensure it's ready to accept commands and not cause devs to write silly wait conditions or unnecessary checks.

1 vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)

We’ll send you updates on this idea

Justin DynamicD shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base