Usernames
When provisioning a new VPS, an Administrator user will be added to the VPS, whose password will need to be set after the service is started for the first time. This configuration can only be done via the console: (My Zone > Cloud Servers > server > Access)
Login via console
From the VNC console, it is possible to log in with all user IDs that have a password set within the VPS and are not locked.
The console cannot be accessed “directly” from the internet without My Zone.
It is possible to log in to the VPS via the console even when the VPS has no internet connection.
If it is possible to log into your VPS over the network (e.g. SSH or RDP), consider creating another user(s) with admin privileges in addition to the Administrator user, and perhaps also disable the possibility to use the Administrator username with Windows’ user management tools. Since Internet-based attacks usually include attacks against the Windows Administrator user, it is very likely that at some point Windows will lock the Administrator user account for a certain period of time and it will not be possible to log into the VPS with the Administrator name, even from the console.
RDP login
Without an RDP license, it is possible to log in to Windows via RDP in up to two sessions at a time. After provisioning the VPS, the RDP server will not work by default.
Use the commands (Administrator privileges) to start it and open the required port in the firewall:
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f netsh advfirewall firewall set rule group="Remote Desktop" new enable=yes
To stop RDP and close the firewall gateway, use the commands.
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f netsh advfirewall firewall set rule group="Remote Desktop" new enable=no
Vaikimisi on RDP kaudu võimalik sisse logida ka Administrator kasutajal. Kuna Internetist lähtuvate rünnakute osaks on tavaliselt ka Windowsi Administrator kasutajanime vastu suunatud jõuründed, on soovitav Administrator kasutajale lisaks teha teine/teised admin-õigustes kasutaja/d ja Administrator kasutajatunnuse kasutamise võimalus Windowsi kasutajahalduse vahenditega keelata.
SSH Login
SSHD can be started in Windows with commands (Administrator rights)
powershell -command add-windowscapability -online -name openssh.server powershell -command start-service sshd powershell -command set-service -name sshd -startuptype automatic
“add-windowscapability” opens the SSH port in the firewall.
By default, the Administrator user can also log in via SSH. Since attacks from the Internet usually include attacks against the Windows Administrator username, it is recommended to additionally make the Administrator user a second user/users with admin privileges and to disable the Administrator username with the Windows user management tools.
Network Interface
For efficient use of IP addresses, the subnet mask for all VPSs is 255.255.255.255 (meaning the prefix length of the VPS’s IP address is 32 bits).
The network interface is called Ethernet0.
Default Gateway
The IP address of the default gateway is not in the same subnet as the IP address of the VPS – the gateway address and the VPS address are not similar at all! (because the VPS address is subnetless).