Browse by Tags

Tagged Content List
  • Blog Post: Getting a CMD prompt as SYSTEM in Windows Vista and Windows Server 2008

    Ned here again. In the course of using Windows, it is occasionally useful to be someone besides… you. Maybe you need to be an Administrator temporarily in order to fix a problem. Or maybe you need to be a different user as only they seem to have a problem. Or maybe, just maybe, you want to be...
  • Blog Post: Friday Mail Sack: Newfie from the Grave Edition

    Heya, Ned here again. Since this another of those catch up mail sacks, there’s plenty of interesting stuff to discuss. Today we talk NSPI, DFSR, USMT, NT 4.0 (!!!), Win2008/R2 AD upgrades, Black Hat 2010, and Irish people who live on icebergs. Faith and Begorrah! NSPI max sessions per...
  • Blog Post: The Security Log Haystack – Event Forwarding and You

    Hi. This is your guest writer Mark Renoden . I’m a Senior Premier Field Engineer based in Sydney, Australia and I’m going to talk to you about the use of Event Forwarding to collect security events. This is particularly useful when: You have specific events you’re looking for...
  • Blog Post: Global Object Access Auditing is Magic

    Hi folks, Ned here again. I mentioned this once in a Friday Mail Sack but today I circle around and explain a well-hidden security feature added in Windows 7 and Windows Server 2008 R2: Global Object Access Auditing Oh boy, auditing! I bet you are excited! What is it and how to enable it ...
  • Blog Post: Designing and Implementing a PKI: Part I Design and Planning

    The series: Designing and Implementing a PKI: Part I Design and Planning Designing and Implementing a PKI: Part II Implementation Phases and Certificate Authority Installation Designing and Implementing a PKI: Part III Certificate Templates Designing and Implementing a PKI: Part IV Configuring SSL for...
  • Blog Post: Managing RID Issuance in Windows Server 2012

    Hi all, Ned here again to talk further about managing your RID pool . By default, a domain has capacity for roughly one billion security principals, such as users, security groups, managed service accounts, and computers. If you run out, you can’t create any more. There aren’t any domains with that many...
  • Blog Post: Kerberos errors in network captures

    Hi guys, Joji Oshima here again. When troubleshooting Kerberos authentication issues, a network capture is one of the best pieces of data to collect. When you review the capture, you may see various Kerberos errors but you may not know what they mean or if they are real problems. In this post, I’m going...
  • Blog Post: If you use Symantec Products, Read Me

    Ned here again, with a public service announcement similar to the previous one we did for RSA as it implicitly affects so many Microsoft customers. Symantec has announced: Symantec can confirm that a segment of its source code has been accessed. Upon investigation of the claims made by Anonymous...
  • Blog Post: Understanding LDAP Security Processing

    It’s Randy again, here to discuss LDAP security. Lightweight Directory Access Protocol is an interface used to read from and write to the Active Directory database. Therefore, your Active Directory Administration tools (i.e. AD Users and Computers , AD Sites and Services , etc.) as well as third...
  • Blog Post: RSA Key Blocking is Coming

    Hey all, Ned here again with one of my rare public service announcement posts: In August 2012, Microsoft will issue a software update for Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. The update will block the use...
  • Blog Post: You probably don't need ACCTINFO2.DLL

    Hi folks, Ned here again. Customers periodically ask us for a rumored replacement for the Windows 2000 acctinfo.dll that works on 64-bit Windows 7 and Windows Server 2008 R2 . That old DLL added an extra tab to the Active Directory Users and Computers snap-in to centralize some user account info: ...
  • Blog Post: Monthly Mail Sack: Yes, I Finally Admit It Edition

    Heya folks, Ned here again. Rather than continue the lie that this series comes out every Friday like it once did, I am taking the corporate approach and rebranding the mail sack. Maybe we’ll have the occasional Collector’s Edition versions. This week month, I answer your questions on: The semi-myth...
  • Blog Post: Friday Mail Sack: Carl Sandburg Edition

    Hi folks, Jonathan again. Ned is taking some time off visiting his old stomping grounds – the land of Mother-in-Laws and heart-breaking baseball. Or, as Sandburg put it: “ Hog Butcher for the World , Tool Maker, Stacker of Wheat, Player with Railroads and the Nation's Freight Handler;...
  • Blog Post: Restrictions for Unauthenticated RPC Clients: The group policy that punches your domain in the face

    Hi folks, Ned here again. Around six years ago we released Service Pack 1 for Windows Server 2003. Like Windows XP SP2, it was a security-focused update. It was the first major server update since the Trustworthy Computing initiative began so there were things like a bootstrapping firewall, Data Execution...
  • Blog Post: Hunting down DES in order to securely deploy Kerberos

    Hello folks, Ned here again. By now many businesses have begun deploying Windows Server 2008 R2 and Windows 7. Since Active Directory has become ubiquitous, Kerberos is now commonplace. What you may not know is that we made a significant change to default cryptographic support in Kerberos starting in...
  • Blog Post: Purging Old NT Security Protocols

    Hi folks, Ned here again (with some friends ). Everyone knows that Kerberos is Microsoft’s preeminent security protocol and that NTLM is both inefficient and, in some iterations, not strong enough to avoid concerted attack. NTLM V2 using complex passwords stands up well to common hash cracking tools...
  • Blog Post: MD5 Signature Hash Deprecation and Your Infrastructure

    Hi everyone, David here with a quick announcement. Yesterday, MSRC announced a timeframe for deprecation of built-in support for certificates that use the MD5 signature hash. You can find more information here: http://blogs.technet.com/b/srd/archive/2013/08/13/cryptographic-improvements-in-microsoft...
  • Blog Post: Friday Mail Sack: LeBron is not Jordan Edition

    Hi folks, Ned here again. Today we discuss trusts rules around domain names, attribute uniqueness, the fattest domains we’ve ever seen, USMT data-only migrations, kicking FRS while it’s down, and a few amusing side topics. Scottie, don’t be that way. Go Mavs. Creating trusts...
  • Blog Post: Friday Mail Sack: They Pull Me Back in Edition

    Hiya world, Ned is back with your best questions and comments. I’ve been off to teach this fall’s MCM , done Win8 stuff , and generally been slacking keeping busy; sorry for the delay in posting. That means a hefty backlog - get ready to slurp. Today we talk: Weirdness with NETDOM...
  • Blog Post: RSA SecurID Do Over

    Ned here. If you are using RSA SecurID, you’re probably aware they were compromised several months ago . You may also have heard that since then, hackers have been using that stolen info to attack or compromise various organizations. What you may not know is RSA is now issuing replacement tokens...
  • Blog Post: The Security Descriptor Definition Language of Love (Part 2)

    Hi. Jim here from DS here with a follow up to my SDDL blog part I. At the end of my last post I promised to dissect further the SDDL output returned by running the CACLS with the /S switch on tools share as follows: Here is the output exported to a .txt file: "D:AI(D;OICI;FA;;;BG)(A;;FA;;;BA...
  • Blog Post: Reading LDAP SSL Network Traffic with NetMon 3.4 and NMDecrypt

    Hi folks, Ned here again. Today I show you how to decrypt LDAP traffic protected by SSL by using Network Monitor and its handy add-on NetMon Decryption Expert . This is useful when you need to see what an application is asking your domain controllers, especially when that app has lousy logging. Since...
  • Blog Post: Friday Mail Sack: Ride ‘Em Cowboy Edition

    Howdy partners, Ned here. This week we talk event logs, auditing, NTLM “fallback”, file server monitoring, and SCOM 2007 management pack dissection. It was a fairly quiet week for questions since everyone is off for vacation at this point, I reckon. That didn't mean it wasn't crazy at work...
  • Blog Post: Friday Mail Sack: Beard-Seconds Edition

    Hiya folks, Ned here again. This week we talk: DC DNS A Records and Web Servers Forwarding Security event log subscriptions Domain password filters Auditing NTLM vs NTLMv2 on Win2003 Programmatically determining if UNC is DFS namespace DFSR and Excel Shared Workbooks DFS, DC,...
  • Blog Post: Default Security Templates in Windows 2008

    Hi, David here again. You might be familiar with Security Templates that we use in Windows 2000 and 2003. The template is sort of the master set of security settings that we apply to a server when you either set it up or configure it using the Security Configuration and Analysis tool. Here in DS we often...