Windows Security: IT Pro Writer's Weblog

MaxConcurrentAPI configuration information updated

2012-08-02T17:55:51Z

New content has been added to the Wiki article “Configuring MaxConcurrentAPI for NTLM pass-through authentication” that can help you with decisions when you configure this setting. Also, check out the Additional resources in the article as many more links to specific guidance have been added over the past few months.

New TechNet Wiki post for MaxConcurrentAPI

2012-04-19T22:17:05Z

The authentication team posted a new article that might help you with diagnosing issues with authentication bottlenecks on the domain controller. Although it does not provide specific guidance, it does describe how all the elements interact (NetLogon, NTLM pass-through authentication, and the MaxConcurrentAPI setting). The article also contains links to many more additional resources which might help you with remediation.

Give it a read.

Configuring MaxConcurrentAPI for NTLM pass-through authentication

Have you installed Windows 8 Consumer Preview or Windows Server "8" Beta yet?

2012-03-06T20:39:59Z

I am excited to be able to start talking with you about Windows 8 Consumer Preview and Windows Server "8" Beta. We’ve all been working hard on our individual feature sets and putting everything together. As writers we have been reviewing the user interface text, notifications, and other messages as well as putting together plans for our final articles and guides that we will publish when everything is done. Yes, the beta TechNet content is sparse, but it will fill up as we move from the consumer preview to the final release. Keep checking in to see new content and updates.

This morning I had the opportunity to go on site at a small non-profit organization and observe their experience upgrading from Windows XP to Windows 8 Consumer Preview on one computer – hey, they only have five computers, so this is upgrading 20% of their infrastructure! They plan to test it out for a couple of weeks and then upgrade their other computers. When I go on site I am purely an observer, asking questions and watching. I specifically do not provide answers, although I might provide a hint or a short cut if I watch someone struggling for a considerable amount of time. This is because my job at Microsoft is to write content and I need to know the different steps people take to figure something out.

When I first started working with the new Windows 8 interface, I was very confused and disconcerted. I feared that I had gotten too old to work in tech! I daydreamed of retreating to open my own book store and never touching a computer again!

But I overcame my fears and learned to love the new interface. It is much faster and cleaner than the previous versions and I actually felt more productive writing, responding to mail, and doing research when I was using my test computer running Windows 8 Consumer Preview than I did on my standard Windows 7 computers.

My customer visit this morning brought that experience back to me as I watched them interact with the Metro user interface for the first time. Their first question to me – How do I change back to “classic” mode? I told them to give it a chance, and that there is no “switch to classic mode” setting in the Control Panel.

Account settings were also confusing and being able to set up administrative access correctly took longer than it should have. I definitely will be looking into creating content for that topic!

After a lot of How? Where? What? experiences, the customer was flying along using Windows 8 Consumer Preview. It took him about 75 minutes to become comfortable with the new interface. By the time I left, he was enthusiastically talking about how much faster he could do his tasks on Windows 8 Consumer Preview than he could on Windows XP.

If you are going through similar experiences, be sure to visit the Windows 8 Consumer Preview and Windows Server "8" Beta Forums and tell us about them. We writers are lurking about looking for content ideas and answering questions!

Wishing you a productive day, today and every day!

Starr Andersen |Senior Technical Writer| WSiX

TechNet Metro is Live

2012-02-16T01:05:02Z

Did you notice that TechNet is now using the metro design? Take a look on our new Windows Server Security Page and let us know what you think:

http://technet.microsoft.com/en-us/windowsserver/ff843381

Private Cloud Security

2012-02-01T23:25:18Z

Last month we released a new document at Microsoft TechNet Wiki, it is called A Solution for Private Cloud Security and you can access the document from: http://social.technet.microsoft.com/wiki/contents/articles/6642.a-solution-for-private-cloud-security.aspx

You can also download the ZIP file (set of three DOCs) from the link below:

http://gallery.technet.microsoft.com/A-Solution-for-Private-67209ab1

These papers will guide you through the design of private cloud security, the understanding of the security blueprint and the secure service operation of a private cloud. Feel free to leave your comments and feedbacks, they are very important to us.

PowerShell’s quick Tour of System Services

2011-12-13T17:56:08Z

The Threats and Countermeasures Guide on system services tells us that any service can be a potential point of attack.

So, want to see what services are running on your machine?

In PowerShell here’s how to do it: From the PowerShell console run, Get-Service.

That’s it. Lists all the services installed on your system. And with an extra bonus helping of service status: running, stopped, paused, along with some pending states.

Want to see more about using PowerShell to look at security features? Take a look at the Task-Based Guide to Windows PowerShell Cmdlets.

More fun with PowerShell coming soon to a blog near you.

Judith Herman
Senior Technical Writer
(Likes to play with Group Policy , Command-line tools and Windows PowerShell)

Driving with one eye on the mirror…

2011-12-06T11:00:00Z

As the writers focus on upcoming releases, we also are cruisng through the readership activity of published content and listening for developing trends in how our security technologies are being used. We work the backend to help us develop the upcoming content. Examples of this are AppLocker and Kerberos.

AppLocker was introduced as the better tool over Software Restriction Policies in Windows Server 2008 R2 and Windows 7. AppLocker content was developed to provide both conceptual and procedural information before the product was widely deployed. As we hear feedback from deployments, writers update that content to promote greater success. Over the past year, here's what has been updated:

Understanding the Publisher Rule Condition in AppLocker - http://technet.microsoft.com/en-us/library/ee460943(WS.10).aspx
Frequently Asked Questions - http://technet.microsoft.com/en-us/library/ee619725(WS.10).aspx
Security Considerations for AppLocker - http://technet.microsoft.com/en-us/library/ee844118(WS.10).aspx
Troubleshooting AppLocker - http://technet.microsoft.com/en-us/library/ee791895(WS.10).aspx
Top KBs

2532445 You can circumvent AppLocker rules by using an Office macro on a computer that is running Windows 7 or Windows Server 2008 R2 - http://support.microsoft.com/default.aspx?scid=kb;en-US;2532445
976922 The "Run only allowed Windows applications" Group Policy setting displays no entries on a computer that is running Windows Vista, Windows Server 2008, or Windows 7 - http://support.microsoft.com/default.aspx?scid=kb;en-US;976922
2384558 Inheritance of ownership in Group Policy Management Console does not work as expected - http://support.microsoft.com/default.aspx?scid=kb;en-US;2384558

In the case of the Windows implementation of Kerberos authentication, the basic conceptual content was written in 2005. We have been posting changes with each release in the form of What's New or What's Changed. Additionally, we add to the documentation set as issues or specific deployments are brought to light. This work for deployed releases is then evalulated for upcoming content - either folded in to the foundational doc set, updated in place, or left to stand as a one-off topic. Here's what we did last year:

Changes in Kerberos Authentication - http://technet.microsoft.com/en-us/library/dd560670(WS.10).aspx
Kerberos Interoperability Step-by-Step Guide for Windows Server 2003 - http://social.technet.microsoft.com/wiki/contents/articles/kerberos-interoperability-step-by-step-guide-for-windows-server-2003.aspx
Top KBs relevant to Windows Server 2008 R2

978055 FIX: User accounts that use DES encryption for Kerberos authentication types cannot be authenticated in a Windows Server 2003 domain after a Windows Server 2008 R2 domain controller joins the domain - http://support.microsoft.com/default.aspx?scid=kb;EN-US;978055
975363 You are intermittently prompted for credentials or experience time-outs when you connect to Authenticated Services - http://support.microsoft.com/default.aspx?scid=kb;EN-US;975363
2002013 Troubleshooting Active Directory operations that fail with error 5: Access is denied - http://support.microsoft.com/default.aspx?scid=kb;en-US;2002013

Eric Mitchell

Senior Technical Writer

Windows iX IT PRO Security Team

November Updates – W8 and TNWIKI

2011-11-21T16:33:18Z

Hello Community, one month has passed since we last updated this blog, sorry for that…we are really busy working on the content experience for Windows 8. Did you download Windows 8 Developer’s Preview yet? Did you see some of the cool security features that are coming? If not, take a look on those posts here:

After finishing reading those posts, make sure to also watch this great presentation about UEFI that was delivered during BUILD Conference:

What’s New on the TNWIKI World?

Recently the TechNet Wiki Ninjas put together a new blog to get more in touch with the community, by sharing updates and trends in the Wiki space. Make sure to visit them at http://blogs.technet.com/wikininjas and find out why you should start contributing with the TechNet Wiki.

Last but not least there is one new article that was published last week at TechNet Wiki that I’m sure you will enjoy, mainly the WSUS Admins. Long time ago we had a piece of content explaning how to deploy updates using WSUS for remote clients through ISA Server 2004. This content was never updated for ISA Server 2006, neither it was for Forefront TMG 2010. This is past, now this content is up to date and will allow you to publish WSUS 3 SP2 via Forefront TMG 2010 SP2. Best of all? Now this resides at TechNet Wiki and as the product evolves the community will have a chance to contribute with the article by enhancing it and perhaps even adding new sections (such as Troubleshooting). The article is called Publishing Windows Server Updates Services (WSUS) 3 SP2 through Forefront TMG 2010 SP2.

Enjoy it!

New articles published at TechNet Wiki

2011-10-19T18:41:30Z

Hello Community!

Just a quick update to let you know that this week we released two new articles at TechNet Wiki:

Besides that, we made a small change on the Windows Server Update Services Learning Roadmap Community Edition by adding a link to a slide deck from TechED 2009 about WSUS.

WSUS Page Updated

2011-10-12T22:31:28Z

Hello folks,

We just want to announce a small change on the WSUS Home Page:

We added a link to the WSUS Learning Roadmap, which is a community based content on TechNet Wiki. What else do you want to see on the WSUS Home Page? Let us know by writing a comment on this post.

Looking forward to hear (read) your feedback!

TechNet Wiki Security Portal

2011-10-12T22:27:04Z

As you probably know, TechNet Wiki has different portals and one of those is dedicated to Security:

If you visit this portal you will notice that we added a new entry that allows you to expand the Security Portal for a different language:

The IT PRO community in Brazil started to add content on the Portuguese Security Portal and you can also participate by creating your own Security Portal (for your own language). Make sure to add your entry under “Other Languages” option and than create a page following the same approach as the Security Portal in English, but now for your own language.

We’re looking forward to see your participation on this project. Let’s make TechNet Wiki a multi-language platform !

Updates and Feedback

2011-09-20T20:09:33Z

September is already here and our first wave of TechNet Wiki articles were released with two new additions:

Event Settings on Windows - Security Considerations – this article cover some core security settings related to Events on Windows system.
Unable to Update Forefront TMG 2010 NIS Signature When Using WSUS – this article cover some settings on WSUS that can affect Forefront TMG.

While we are working to have more and more updates coming up to you we also would love to hear your feedback about our content. Today we would like to hear your feedback about our famous Threats and Countermeasures Guide, which was updated last April to cover Windows Server 2008 R2 and Windows 7.

Today this guide cover the following areas:

Each area will cover Windows settings based on three pillars:

Vulnerability - Explains how an attacker might exploit a feature or its configuration.
Countermeasure - Explains how to implement the countermeasure.
Potential impact - Explains the possible negative consequences of countermeasure implementation.

We want to hear from you about this content. Do you like it? Why do you like it or why you don’t like it? How can we improve it? What should be there and what shouldn’t? Feel free to add your comments (good or bad) in this post, or on the bottom of the Threats and Countermeasures page as shown below:

Your feedback is very important to us !

Last wave of updates for August 2011 - more WSUS

2011-08-31T23:25:44Z

Today our last wave of updates for this month just went live, here are those (both related to WSUS):

Configure the network connections: the update here was on the “Configure your Firewall” section, we added the second bullet as per recent feedback received from our support folks.
Health monitoring in WSUS 3.0 SP2: this article had a minor update on the second paragraph of “ Health Check” section.

That’s all for this month and I hope to bring more updates to you in September!

Cryptography Next Generation and more WSUS this week

2011-08-25T20:21:57Z

As I promised on the previous post here are some updates on TechNet Library and TechNet Wiki:

Keep in mind that many of the updates that we are doing on our TechNet Library are based on your feedback. Which means that we do look at your comments, the ones that it is possible to add on the bottom of the page as shown below:

Your feedback is very important to assist us to improve the overall documentation experience. Thanks for sharing your thoughts and please keep it coming!

Next week we have more updates.

Credential Roaming and WSUS Updates at TechNet Wiki

2011-08-22T22:07:52Z

I want to start this week by sharing a couple of new articles that we published at TechNet Wiki. The first one is about Credential Roaming behavior on Windows 7. The second one is about the general considerations regarding WSUS installed on a Domain Controller. Use the links below to access those articles:

We are working in some other updates at TechNet Library content as well as new content at TechNet Wiki page. Stay tuned in this blog to get the latest news from Security Writers Team.

New WSUS Articles at TechNet Wiki

2011-08-12T04:18:48Z

Hello Community,

Just want to drop a quick note to bring awareness about two new WSUS articles that we published this week at TechNet Wiki:

We are working very close to WSUS Product Team to identify scenarios that are not well documented (or sometimes not documented at all) and we will keep working to publish those at TechNet Wiki. Keep your eye on our blog for news about that as well as on WSUS Page.

WSUS 3 SP2 Documentation Updated

2011-07-21T18:47:19Z

Yesterday we published an updated version of WSUS 3 SP2 documentation with some changes that were included to reflect customer’s feedback about the product and documentation. The changes were made in the following guides:

Thanks for your feedback and keep it coming !

Security Tools Community Edition is Live at TechNet Wiki

2011-07-15T14:39:13Z

In the Security space there is room for lots of creativity when the subject is hunting for bugs or security holes. When investigating security related issues many tools can be used, for example to identify unexpected activity you can use SysInternals Tools and this list goes on and on. Do you have your set of tools that you use to troubleshoot security related issues on Windows OS? How about sharing this with the whole community? That’s right; we are pleased to announce our Security Tools Community Edition article. This article is live at Microsoft TechNet Wiki and we are looking forward to have your contribution with it. Go there now and start to share your insights:

http://social.technet.microsoft.com/wiki/contents/articles/security-tools-community-edition.aspx

Takeown Command - Article Updated

2011-07-14T02:59:12Z

To better reflect the supportability statement of the takeown command and to address a comment made by a community member we updated the Takeown command article. Check it out the latest version here:

http://technet.microsoft.com/en-us/library/cc753024(WS.10).aspx

Keep up the great community work and keep sending your feedback to us.

Our New Windows Server Security Page is Online

2011-07-01T22:11:35Z

This week we launched our new Windows Server Security page with some major changes in the format, content and distribution. The main page now have a clear option to navigate through different Windows versions to find Security related content as shown below:

We added a new section that cover recent forums entries and blog posts:

Towards the bottom of the page you also have the addition of the Security Talk (with Tom Shinder and Yuri Diogenes) and the featured Security MVPs. Well, instead of me saying what changed were made, I want you to go and experience yourself our new page at http://technet.microsoft.com/en-us/windowsserver/windows-server-security.aspx .

Enjoy !!

Solutions to Common Volume Activation Errors

2011-05-27T21:32:24Z

Roland Winkler, one of our Senior Writers wrote this great piece of content about common volume activation problems:

“Volume activation is designed to be a relatively quick and simple process. However, organizations still encounter a number of common errors when using volume activation. The following are solutions to some of the more common volume activation errors encountered by Microsoft customers. “

Check it out the full article at http://social.technet.microsoft.com/wiki/contents/articles/solutions-to-common-volume-activation-errors.aspx

Windows Security Guide

2011-05-26T16:27:05Z

Recently we released a newer version of the Threats and Countermeasure Guide and after that we received some questions regarding the Windows Security Guide. The most common question was: why when I try to download the Windows Server 2008 Security Guide from Download Center I get only the RTF file?

The answer is: the Windows Server 2008 Security Guide has been replaced by the Windows Server 2008 Security Compliance Management Toolkit, part of the Security Compliance Management Toolkit Series. Usually the follow up question is: ok, I installed SCM and I still can’t find the document. Where is it?

In order to visualize the document you need to load a baseline, to do that follow the steps that are available in the SCM screen as shown in the window below (Getting Started section):

Once you have the baseline loaded, highlight the baseline name in the left pane and choose Documents tab in the right pane. There you will see the Windows Security Guide document as shown in the window below:

From this point on you just need to open the document.

Note: For more information about Microsoft Security Compliance Manager visit http://technet.microsoft.com/en-us/library/cc677002.aspx .

Threats and Countermeasures Guide: Security Settings in Windows Server 2008 R2 and Windows 7 - Updated

2011-04-28T12:07:50Z

We are really happy to announce that and updated version of the Windows Threats and Countermeasures Guide is now available online at http://technet.microsoft.com/en-us/library/hh125921(WS.10).aspx . This new version cover changes in Windows Server 2008 R2 and Windows 7.

This guide consists of the following sections:

Threats and Countermeasures Guide: Account Policies: This section discusses the Group Policy settings that are applied at the domain level: password policies, account lockout policies, and Kerberos protocol authentication policies.
Threats and Countermeasures Guide: Advanced Security Audit Policy: This section discusses the use of advanced audit policy settings, which are now integrated with Group Policy to monitor and enforce your security measures. It describes the various settings, and it provides examples of how audit information is modified when the settings are changed.
Threats and Countermeasures Guide: User Rights: This section discusses the various logon rights and privileges that are provided by the Windows 7 and Windows Server 2008 R2 operating systems, and it provides guidance about which accounts should be assigned these rights.
Threats and Countermeasures Guide: Security Options: This section provides guidance about security settings for digital data signatures, Administrator and Guest account names, drive access, driver installation behavior, and logon prompts.
Threats and Countermeasures Guide: Event Log: This section provides guidance about how to configure the settings that relate to the various event logs on computers running Windows Server 2008 R2 or Windows 7.
Threats and Countermeasures Guide: System Services: Windows Server 2008 R2 and Windows 7 include a variety of system services. Many of these services are configured to run by default, but others are not present unless you install specific components. This section describes the various services included with the operating systems so that you can best decide which ones to leave enabled and which ones can be safely disabled.
Threats and Countermeasures Guide: Software Restriction Policies: This section provides a brief overview of the Software Restriction Policy feature that is available in Windows Server 2008 R2 and Windows 7. It provides links to additional resources about how to design and use policy settings to control which applications can be used in your organization.
Threats and Countermeasures Guide: Application Control Policies: This section provides a brief overview of the AppLocker™ feature that is available in Windows Server 2008 R2 and Windows 7. It provides links to additional resources about how to design and use policy settings to control which applications can be used in your organization.
Threats and Countermeasures Guide: External Storage Devices: This section describes Group Policy settings that can be used to limit, prevent, or allow the use of external storage devices in networked computers.
Threats and Countermeasures Guide: Additional Resources: This section provides links to additional information sources about Windows security topics from Microsoft that you may find useful.

We hope you enjoy it !!

WSUS Home Page Updated

2011-04-25T18:48:41Z

The WSUS Home Page was updated to include a section for TechNet Wiki Articles, check it out how it looks at http://technet.microsoft.com/en-us/windowsserver/bb332157

WSUS FAQ page was also updated to include updates from WSUS 3 SP2, more info at http://technet.microsoft.com/en-us/windowsserver/bb980625.aspx. Stay tune in this channel as more updates are coming next month for WSUS, including a Test Lab Guide that it is in development (see Test Lab Guide Page – under “Test Lab Guides Under Development” section for more details).

UAC, Kerberos and WSUS Updates

2011-04-21T02:51:43Z

Hello Community, our team was quiet busy this month updating and creating new content for you. Today we have some updates to share with you:

User Account Control Step-by-Step Guide – this article was updated to include considerations when disabling UAC on Windows Server 2008.
Kerberos Interoperability Step-by-Step Guide for Windows Server 2003 – this is TechNet Wiki content article that you can enhance with resources that you consider useful.
Windows Server Update Services Learning Roadmap Community Edition – need a learning roadmap to ramp up on WSUS? This is your core framework that you can enhance it since it’s available at TechNet Wiki.
The Windows Security Survival Guide was featured in the April’s edition of Microsoft Security Newsletter, check it out here, under Security Guidance section.

Do you have any feedback about any of the articles highlighted in the Windows Server Security page? If you do, leave your comments here and we will follow up on that.