Attack Computer Wiz

A Security & Technology Weblog

Starting with Windows Server 2016 and also in 2019, an out of the box build will often display the following error when trying to initial a Remote Desktop Connection.

"The connection cannot proceed because authentication is not enabled and the remote computer requires that authentication be enabled to connect."

To make this error go away, perform the following steps:

  1. Open "regedit"
  2. Go to: 
  3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
  4. Set “SecurityLayer” to a "zero"

user Posted by Mike Wright

| More

While building my first Domain Joined Windows 10 RTM system I discovered that the System Center Configuration Manager 2012 R2 client would not install. After reviewing the installation log, I discovered that the error code was "0x80070307". After a little research I discovered that this is due to SCCM trying to install the Windows Update Agent on the Windows 10 machine that is either already there or is older than the one on Windows 10 out of the box. The work around was simple, but it did not address Group Policy Deployments which, in the past, were not Operating System specific, rather they were just a blanket policy that covered everything.

The answer, copy my existing SCCM deployment GPO, modify the installation command, create WMI filters for the Operating Systems and apply the WMI filters to the GPO's.

Here is the step by step:

  1. In GPMC, navigate to "Group Policy Objects" and locate your SCCM deployment GPO.
  2. Right click your existing SCCM deployment GPO and choose "Copy".
  3. Move back up to the "Group Policy Objects" folder object and right click it, then chose "Paste".
  4. Find your "Copy of..." and rename it appropriately.
  5. Right click the new GPO and choose "Edit".
  6. Navigate to: "Computer Configuration > Policies > Administrative Templates ... > Classic Administrative Templates (ADM) > Configuration Manger 2012 > Configuration Manger 2012 Client > Configure Configuration Manger 2012 Client Deployment Settings.
  7. Under "Options", copy your existing string to notepad. It may look something like this: 

    1. CCMSetup.exe SMSSITECODE=**** FSP=****.net MP=****.net

  8. Modify your string so that is now looks like the below:

    1. CCMSetup.exe /skipprereq:windowsupdateagent30-x64.exe SMSSITECODE=**** FSP=****.net MP=****.net

  9. Close the editor.
  10. In GPMC, navigate to "WMI Filters".
  11. In the right pane, right click and choose "New".
  12. Name your WMI Filter "Windows 10 OS" and click the "Add" button.
  13. Leave the "Namespace" as it is (root\CIMv2).
  14. In the Query box type: 

    1. select * from Win32_OperatingSystem where Version like "10.%"

  15. Click "OK".
  16. In the right pane, right click and choose "New".
  17. Name your WMI Filter "Windows OS pre 10" and click the "Add" button.
  18. Leave the "Namespace" as it is (root\CIMv2).
  19. In the Query box type: 

    1. select * from Win32_OperatingSystem where Version like "6.%" or Version like "5.%" 

      *note: this will get Vista-8.1 and 2003-2012R2

  20. Click "OK", you should now see your two new WMI filters.
  21. Go back to "Group Policy Objects" and locate both your old and your new SCCM GPO's.
  22. Left click each GPO and on the very bottom of the "Scope" tab, choose your WMI filter for the appropriate Operating System, repeat for both GPO's.
  23. Lastly, assign your new Windows 10 GPO to the appropriate OU(s).
Next you can confirm that your WMI settings are working on each OS type:

  1. Shift+Right click CMD and chose "Run and Administrator"
  2. Type "gpupdate / force"
  3. Type "gpresult /z >> c:\temp\log.log
  4. Review the logs on each to make sure, they should look something like the below:

Now that you have confirmed that your new GPO with WMI filter is applied, simply reboot your Windows 10 computer and re-check your ccmsetup status.You should see "Configuration Manger" in control panel within a few second of your reboot. If not, review logs.


user Posted by Mike Wright

| More

Without IIS it is not as straight forward as one would like, but it is still pretty simple with this walk through.

  1. Launch "MMC" and add the Certificates Snap-in specifying "Local Computer".
  2. Open the "Personal > Certificates" and right click your existing certificate, choose "Delete from the options.
  3. Right click any open space where your old certificate was and choose "Import".
  4. Navigate to your new certificate, specify the certificate password and continue through the prompts.
  5. Once you see the new certificate in the MMC, double click it and choose the "Details" tab. Scroll down to "Thumb Print" and click it one time. You will see a series of letters and numbers in the bottom window. Copy those numbers and paste them into a blank Notepad document. Move Notepad aside but do not close it.
  6. Close the Certificates MMC.
  7. Open AD FS Management and navigate to AD FS > Service > Certificates.
  8. On the right side, click "Set Service Communications Certificate" and chose your new certificate.
  9. Close AD FS Management.
  10. Back to NotePad, Delete all the spaces from your pasted text. 
  11. Copy the thumb print (CTRL+C).
  12. Launch PowerShell as Administrator.
  13. In Powershell, type: Set-AdfsSslCertificate
  14. When prompted for the Thumb Print, press CTRL+V to paste your certificate thumb print into PowerShell and press enter.
  15. Close PowerShell.
  16. Open Services and restart the ADFS Service.
  17. Launch your ADFS portal and confirm your new certificate is being used.

Thanks for reading, I hope this helped!

user Posted by Mike Wright

| More

From their website:

"The EC-Council CCISO Body of Knowledge covers all five the CCISO Information Security Management Domains in depth and was written by seasoned CISOs for current and aspiring CISOs. Domain 1 covers the Policy, Legal, and Compliance aspects of Governance. Domain 2 delves into the all-important topic of audit management from the CISO’s perspective and also covers IS controls. Domain 3 covers the Role of the CISO from a Project and Operations Management perspective. Domain 4 summarizes the technical aspects that CISOs manage in their day-to-day jobs, but from an executive standpoint. Domain 5 is all about Strategic Planning and Finance – crucial areas for C-Level executives to understand in order to succeed and drive information security throughout their organizations."

A discounted training voucher can be found at the below link, limited time only:

user Posted by Mike Wright

| More

In some cases users in an Active Directory environment may see repeated lockouts after a recent password change. This is commonly associated with forgetting their new password, forgetting that they are logged onto another machine or server somewhere, or their old credentials are cached.

If after you have rebooted the machine, checked domain logs to try to figure out where accounts may be logged in, deleted Temporary Internet Files and you are at your whits end, cached credentials may likely be your culprit.

On your affected machine, run the blow command and delete any cached credentials that appear. This would especially be relevant if you are using a Proxy server.

rundll32.exe keymgr.dll, KRShowKeyMgr

user Posted by Mike Wright

| More