Attack Computer Wiz

A Security & Technology Weblog

Without IIS it is not as straight forward as one would like, but it is still pretty simple with this walk through.

  1. Launch "MMC" and add the Certificates Snap-in specifying "Local Computer".
  2. Open the "Personal > Certificates" and right click your existing certificate, choose "Delete from the options.
  3. Right click any open space where your old certificate was and choose "Import".
  4. Navigate to your new certificate, specify the certificate password and continue through the prompts.
  5. Once you see the new certificate in the MMC, double click it and choose the "Details" tab. Scroll down to "Thumb Print" and click it one time. You will see a series of letters and numbers in the bottom window. Copy those numbers and paste them into a blank Notepad document. Move Notepad aside but do not close it.
  6. Close the Certificates MMC.
  7. Open AD FS Management and navigate to AD FS > Service > Certificates.
  8. On the right side, click "Set Service Communications Certificate" and chose your new certificate.
  9. Close AD FS Management.
  10. Back to NotePad, Delete all the spaces from your pasted text. 
  11. Copy the thumb print (CTRL+C).
  12. Launch PowerShell as Administrator.
  13. In Powershell, type: Set-AdfsSslCertificate
  14. When prompted for the Thumb Print, press CTRL+V to paste your certificate thumb print into PowerShell and press enter.
  15. Close PowerShell.
  16. Open Services and restart the ADFS Service.
  17. Launch your ADFS portal and confirm your new certificate is being used.

Thanks for reading, I hope this helped!

user Posted by John "Mike" Wright

| More

From their website:

"The EC-Council CCISO Body of Knowledge covers all five the CCISO Information Security Management Domains in depth and was written by seasoned CISOs for current and aspiring CISOs. Domain 1 covers the Policy, Legal, and Compliance aspects of Governance. Domain 2 delves into the all-important topic of audit management from the CISO’s perspective and also covers IS controls. Domain 3 covers the Role of the CISO from a Project and Operations Management perspective. Domain 4 summarizes the technical aspects that CISOs manage in their day-to-day jobs, but from an executive standpoint. Domain 5 is all about Strategic Planning and Finance – crucial areas for C-Level executives to understand in order to succeed and drive information security throughout their organizations."

A discounted training voucher can be found at the below link, limited time only:

user Posted by John "Mike" Wright

| More

In some cases users in an Active Directory environment may see repeated lockouts after a recent password change. This is commonly associated with forgetting their new password, forgetting that they are logged onto another machine or server somewhere, or their old credentials are cached.

If after you have rebooted the machine, checked domain logs to try to figure out where accounts may be logged in, deleted Temporary Internet Files and you are at your whits end, cached credentials may likely be your culprit.

On your affected machine, run the blow command and delete any cached credentials that appear. This would especially be relevant if you are using a Proxy server.

rundll32.exe keymgr.dll, KRShowKeyMgr

user Posted by John "Mike" Wright

| More

System Center Endpoint Protection (SPEC) may not install via SCCM policy if a conflicting application exists and cannot be uninstalled. This is commonly associated with an existing Antivirus application.

In order to find what the conflict is;

  1. Open regedit 
  2. Navigate to \HKLM\SOFTWARE\Microsoft\CCM\EPAgent 
  3. Look at “StateEventMessage” where you will find a message similar to the below:
System Center Endpoint Protection installation error. The System Center Endpoint Protection Setup wizard was unable to remove one or more programs that conflict with System Center Endpoint Protection. To install System Center Endpoint Protection you must manually uninstall the following programs and then run the wizard again. Error code:0x80041108. Programs: Trend Micro OfficeScan Client

In this example, the Trend Micro OfficeScan Client was installed and for whatever reason, SCEP could not remove it. At this point you will need to manually remove the conflicting application and re-initiate a policy refresh to the SCCM server.

Navigate to Control Panel, open the Configuration Manager client, clicked on the Actions tab, and force each action to run.

After a while the new SCEP icon will appears as expected.

user Posted by John "Mike" Wright

| More

Open an elevated Command Prompt and type the appropriate lines for your need.

Replace FQDN with the Fully Qualified Domain Name of your KMS server:

Windows 7, Windows 8, Windows 8.1, Server 2008/2008R2 and Server 2012/2012R2:

  1. CD \Windows\System32 
  2. cscript slmgr.vbs /skms FQDN 
  3. cscript slmgr.vbs /ato 

Office 2010 32 bit

  1. CD \Program Files (x86)\Microsoft Office\Office14 
  2. cscript ospp.vbs /sethst:FQDN 
  3. cscript ospp.vbs /act 
Office 2010 64 bit

  1. CD \Program Files\Microsoft Office\Office14 
  2. cscript ospp.vbs /sethst:FQDN 
  3. cscript ospp.vbs /act 
Office 2013 32 bit

  1. CD \Program Files (x86)\Microsoft Office\Office15 
  2. cscript ospp.vbs /sethst:FQDN 
  3. cscript ospp.vbs /act 

Office 2013 64 bit

  1. CD \Program Files\Microsoft Office\Office15 
  2. cscript ospp.vbs /sethst:FQDN 
  3. cscript ospp.vbs /act
If your product is still not activating, you may have KMS configuration issues. A good place to start looking for problems is to run the below command on the same machine that you ran the above commands. This will tell you when and what KMS server your client is trying to activate.

  1. cscript ospp.vbs /dhistoryacterr

user Posted by John "Mike" Wright

| More