tag:blogger.com,1999:blog-72699922094066928032024-03-04T22:22:00.966-08:00Attack Computer WizA Security & Technology WeblogAttack Computer Wiz Teamhttp://www.blogger.com/profile/01291621860627895123noreply@blogger.comBlogger238125tag:blogger.com,1999:blog-7269992209406692803.post-64278137809162212212019-03-07T21:15:00.000-08:002019-03-07T21:15:03.284-08:00Windows Server 2016 & 2019 - Remote Desktop Cannot ProceedStarting with Windows Server 2016 and also in 2019, an out of the box build will often display the following error when trying to initial a Remote Desktop Connection.<br />
<br />
"The connection cannot proceed because authentication is not enabled and the remote computer requires that authentication be enabled to connect."<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLcIGkzna0dnLq3h3wdgK_VUyglBqBsje0pDr217-THg0rOGnBElUzDTipuu0gUFC-UxcGk2UjxNEOB85qlKp3NooQjwQB05px2xi9lvi5lTmCB_3RbuJ-lcwBhwfwsjQGPsmTtYXLVg/s1600/2019RDCErr.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="151" data-original-width="581" height="164" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgLcIGkzna0dnLq3h3wdgK_VUyglBqBsje0pDr217-THg0rOGnBElUzDTipuu0gUFC-UxcGk2UjxNEOB85qlKp3NooQjwQB05px2xi9lvi5lTmCB_3RbuJ-lcwBhwfwsjQGPsmTtYXLVg/s640/2019RDCErr.png" width="640" /></a></div>
<br />
To make this error go away, perform the following steps:<br />
<br />
<ol>
<li>Open "regedit"</li>
<li>Go to: </li>
<span style="background-color: #eeeeee;">
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp</span>
<br />
<li>Set “SecurityLayer” to a "zero"</li>
</ol>
Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-68555429993220163082015-08-04T08:03:00.002-07:002015-08-05T08:05:25.103-07:00Configuration Manager Fails on Windows 10 GPO Deployment - FixedWhile building my first Domain Joined Windows 10 RTM system I discovered that the System Center Configuration Manager 2012 R2 client would not install. After reviewing the installation log, I discovered that the error code was "0x80070307". After a little <a href="http://ccmexec.com/2015/04/sccm-2012-client-fails-to-install-windows-10-build-10049/" target="_blank">research </a>I discovered that this is due to SCCM trying to install the Windows Update Agent on the Windows 10 machine that is either already there or is older than the one on Windows 10 out of the box. The work around was simple, but it did not address Group Policy Deployments which, in the past, were not Operating System specific, rather they were just a blanket policy that covered everything.<br />
<br />
The answer, copy my existing SCCM deployment GPO, modify the installation command, create WMI filters for the Operating Systems and apply the WMI filters to the GPO's.<br />
<br />
Here is the step by step:<br />
<ol>
<li>In GPMC, navigate to "Group Policy Objects" and locate your SCCM deployment GPO.</li>
<li>Right click your existing SCCM deployment GPO and choose "Copy".</li>
<li>Move back up to the "Group Policy Objects" folder object and right click it, then chose "Paste".</li>
<li>Find your "Copy of..." and rename it appropriately.</li>
<li>Right click the new GPO and choose "Edit".</li>
<li>Navigate to: "Computer Configuration > Policies > Administrative Templates ... > Classic Administrative Templates (ADM) > Configuration Manger 2012 > Configuration Manger 2012 Client > Configure Configuration Manger 2012 Client Deployment Settings.</li>
<li>Under "Options", copy your existing string to notepad. It may look something like this: </li>
<br />
<ol>
<span style="background-color: #cccccc;">CCMSetup.exe SMSSITECODE=**** FSP=****.net MP=****.net</span><br /><br />
</ol>
<li>Modify your string so that is now looks like the below:</li>
<br />
<ol>
<span style="background-color: #cccccc;">CCMSetup.exe <span style="color: red;">/skipprereq:windowsupdateagent30-x64.exe </span>SMSSITECODE=**** FSP=****.net MP=****.net</span><br /><br />
</ol>
<li>Close the editor.</li>
<li>In GPMC, navigate to "WMI Filters".</li>
<li>In the right pane, right click and choose "New".</li>
<li>Name your WMI Filter "Windows 10 OS" and click the "Add" button.</li>
<li>Leave the "Namespace" as it is (root\CIMv2).</li>
<li>In the Query box type: </li>
<ol><br />
<span style="background-color: #cccccc;">select * from Win32_OperatingSystem where Version like "10.%"</span><br /><br />
</ol>
<li>Click "OK".</li>
<li>In the right pane, right click and choose "New".</li>
<li>Name your WMI Filter "Windows OS pre 10" and click the "Add" button.</li>
<li>Leave the "Namespace" as it is (root\CIMv2).</li>
<li>In the Query box type: </li>
<br />
<ol>
<span style="background-color: #cccccc;">select * from Win32_OperatingSystem where Version like "6.%" or </span><span style="background-color: #cccccc;">Version like "5.%</span><span style="background-color: #cccccc;">"</span><span style="background-color: white;"> </span><br /><br />
<span style="background-color: white;">*note: this will get Vista-8.1 and 2003-2012R2</span><br /><br />
</ol>
<li>Click "OK", you should now see your two new WMI filters.</li>
<li>Go back to "Group Policy Objects" and locate both your old and your new SCCM GPO's.</li>
<li>Left click each GPO and on the very bottom of the "Scope" tab, choose your WMI filter for the appropriate Operating System, repeat for both GPO's.</li>
<li>Lastly, assign your new Windows 10 GPO to the appropriate OU(s).</li>
</ol>
Next you can confirm that your WMI settings are working on each OS type:<br />
<br />
<ol>
<li>Shift+Right click CMD and chose "Run and Administrator"</li>
<li>Type "gpupdate / force"</li>
<li>Type "gpresult /z >> c:\temp<folder>\log.log</folder></li>
<li>Review the logs on each to make sure, they should look something like the below:</li>
</ol>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4hKmVjchKWCIvacolSUkBghSkI0imDSdMy8TMyHb1JPUYU0bGtp6xrtNYLmekwItiD00DY_3f5zIptPba_PJiQLGQ0I_N4db0kZg2I58DhCuU1Zx8CNpzWKBmVBRRPbwFfmg6WD1Irg/s1600/gpo-8.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="172" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj4hKmVjchKWCIvacolSUkBghSkI0imDSdMy8TMyHb1JPUYU0bGtp6xrtNYLmekwItiD00DY_3f5zIptPba_PJiQLGQ0I_N4db0kZg2I58DhCuU1Zx8CNpzWKBmVBRRPbwFfmg6WD1Irg/s400/gpo-8.jpg" width="400" /></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigwzt057By9_sCZHq88UBlb6npfOtJbzyT4jBVXRQYd33PDRM7vlnCQcy4pNoOA4k1VDU4q7yy2SMqvzI4sYg_B4HGizr7KD0yAZltVsNKT-NEfsJodlfDaDesPcuhm7PGqgR_rUjPBA/s1600/gpo-10.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="173" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEigwzt057By9_sCZHq88UBlb6npfOtJbzyT4jBVXRQYd33PDRM7vlnCQcy4pNoOA4k1VDU4q7yy2SMqvzI4sYg_B4HGizr7KD0yAZltVsNKT-NEfsJodlfDaDesPcuhm7PGqgR_rUjPBA/s400/gpo-10.jpg" width="400" /></a></div>
<br />
Now that you have confirmed that your new GPO with WMI filter is applied, simply reboot your Windows 10 computer and re-check your ccmsetup status.You should see "Configuration Manger" in control panel within a few second of your reboot. If not, review logs.<br />
<br />
Thanks!<br />
<br />
<br />Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-40807823687498005462015-06-24T15:03:00.000-07:002015-06-24T15:09:09.821-07:00Replacing SSL Certificate ADFS 3.0 2012 R2Without IIS it is not as straight forward as one would like, but it is still pretty simple with this walk through.<br />
<br />
<ol>
<li>Launch "MMC" and add the Certificates Snap-in specifying "Local Computer".</li>
<li>Open the "Personal > Certificates" and right click your existing certificate, choose "Delete from the options.</li>
<li>Right click any open space where your old certificate was and choose "Import".</li>
<li>Navigate to your new certificate, specify the certificate password and continue through the prompts.</li>
<li>Once you see the new certificate in the MMC, double click it and choose the "Details" tab. Scroll down to "Thumb Print" and click it one time. You will see a series of letters and numbers in the bottom window. Copy those numbers and paste them into a blank Notepad document. Move Notepad aside but do not close it.</li>
<li>Close the Certificates MMC.</li>
<li>Open AD FS Management and navigate to AD FS > Service > Certificates.</li>
<li>On the right side, click "Set Service Communications Certificate" and chose your new certificate.</li>
<li>Close AD FS Management.</li>
<li>Back to NotePad, Delete all the spaces from your pasted text. </li>
<li>Copy the thumb print (CTRL+C).</li>
<li>Launch PowerShell as Administrator.</li>
<li>In Powershell, type: <i><span style="color: red;">Set-AdfsSslCertificate</span></i></li>
<li>When prompted for the Thumb Print, press CTRL+V to paste your certificate thumb print into PowerShell and press enter.</li>
<li>Close PowerShell.</li>
<li>Open Services and restart the ADFS Service.</li>
<li>Launch your ADFS portal and confirm your new certificate is being used.</li>
</ol>
<br />
Thanks for reading, I hope this helped!<br />
<br />Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-80421196358082483892014-06-11T07:41:00.000-07:002014-06-11T07:41:52.111-07:00EC-Council Announces Certified Chief Information Security Officer CCISOFrom their website:<br />
<br />
<i>"The EC-Council CCISO Body of Knowledge covers all five the CCISO Information Security Management Domains in depth and was written by seasoned CISOs for current and aspiring CISOs. Domain 1 covers the Policy, Legal, and Compliance aspects of Governance. Domain 2 delves into the all-important topic of audit management from the CISO’s perspective and also covers IS controls. Domain 3 covers the Role of the CISO from a Project and Operations Management perspective. Domain 4 summarizes the technical aspects that CISOs manage in their day-to-day jobs, but from an executive standpoint. Domain 5 is all about Strategic Planning and Finance – crucial areas for C-Level executives to understand in order to succeed and drive information security throughout their organizations."</i><br />
<br />
A discounted training voucher can be found at the below link, limited time only:<br />
<br />
<a href="https://www.savelocal.com/dealslp/offer?oid=3cc8ab80-54eb-418c-811c-646dd381674d&soid=1102006433698&ss=c18c7bb6-d9a0-499d-bdc3-27af69a79ba9&src=email&resp=false" target="_blank">SaveLocal.com</a><br />
<br />
<a href="http://ciso.eccouncil.org/" target="_blank">http://ciso.eccouncil.org/</a><br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVjlFwz_232Hd6pC7wGa13bpcf4ouCN0bqh8ZWA0gbNdhoMqtpX9jygmrKybi8Lrj78RjX1P37iJ0D7smD7xWXrtuU9cAP74lIOhxXHT3zIXmjtURI3rKDksyQGnn1UG3W_cbefT7KcQ/s1600/ciso.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgVjlFwz_232Hd6pC7wGa13bpcf4ouCN0bqh8ZWA0gbNdhoMqtpX9jygmrKybi8Lrj78RjX1P37iJ0D7smD7xWXrtuU9cAP74lIOhxXHT3zIXmjtURI3rKDksyQGnn1UG3W_cbefT7KcQ/s1600/ciso.png" height="192" width="320" /></a></div>
<br />Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-51032669594980311752014-06-11T07:35:00.002-07:002014-06-11T07:35:35.690-07:00User Account Locked After Recent Password ChangeIn some cases users in an Active Directory environment may see repeated lockouts after a recent password change. This is commonly associated with forgetting their new password, forgetting that they are logged onto another machine or server somewhere, or their old credentials are cached.<br />
<br />
If after you have rebooted the machine, checked domain logs to try to figure out where accounts may be logged in, deleted Temporary Internet Files and you are at your whits end, cached credentials may likely be your culprit.<br />
<br />
On your affected machine, run the blow command and delete any cached credentials that appear. This would especially be relevant if you are using a Proxy server.<br />
<br />
<pre><code>rundll32.exe keymgr.dll, KRShowKeyMgr</code></pre>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwpuv5XlwTXAr19AWJFbInfwJnFXtGjejNYzfCXOD2kcp2cEFNkgZAyOO7enR_9MkgDMFKlBKWf5eaaVawahJ2QsqCNLLC8kkOlN_G405GKiOe0iwb1ohcYUn1-2gu1vTqviarv6booA/s1600/6-11-2014+7-32-41+AM.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgwpuv5XlwTXAr19AWJFbInfwJnFXtGjejNYzfCXOD2kcp2cEFNkgZAyOO7enR_9MkgDMFKlBKWf5eaaVawahJ2QsqCNLLC8kkOlN_G405GKiOe0iwb1ohcYUn1-2gu1vTqviarv6booA/s1600/6-11-2014+7-32-41+AM.jpg" height="318" width="320" /></a></div>
<br />Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-49945349126216387602014-06-11T07:22:00.002-07:002014-06-11T07:22:39.510-07:00System Center Endpoint Protection Fails to Install via SCCM PolicySystem Center Endpoint Protection (SPEC) may not install via SCCM policy if a conflicting application exists and cannot be uninstalled. This is commonly associated with an existing Antivirus application.<br />
<br />
In order to find what the conflict is;<br />
<br />
<ol>
<li>Open regedit </li>
<li>Navigate to \HKLM\SOFTWARE\Microsoft\CCM\EPAgent </li>
<li>Look at “StateEventMessage” where you will find a message similar to the below:</li>
</ol>
<span style="color: #0070c0;">System Center Endpoint Protection installation error. The System Center Endpoint Protection Setup wizard was </span><span style="color: red;">unable to remove one or more programs that conflict with System Center Endpoint Protection</span><span style="color: #0070c0;">. To install System Center Endpoint Protection you must </span><span style="color: red;">manually uninstall </span><span style="color: #0070c0;">the following programs and then run the wizard again. Error code:0x80041108. Programs: </span><span style="color: red;">Trend Micro OfficeScan Client</span>
<br />
<br />
In this example, the Trend Micro OfficeScan Client was installed and for whatever reason, SCEP could not remove it. At this point you will need to manually remove the conflicting application and re-initiate a policy refresh to the SCCM server.<br />
<br />
Navigate to Control Panel, open the Configuration Manager client, clicked on the Actions tab, and force each action to run.<br />
<br />
After a while the new SCEP icon will appears as expected.
<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5KcRbQMpplmGupR5LhFDucML_jBB0vWlAJexofhtErGDBry1AyGuYYLR0tx1Uu1QK47BUg1p8V-fEp8dh9uMYm2PEk73R6U4n1hkcNEeT37QwkPYLApEJRpoa9xLu2py0xXIhXmSOhg/s1600/scep.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5KcRbQMpplmGupR5LhFDucML_jBB0vWlAJexofhtErGDBry1AyGuYYLR0tx1Uu1QK47BUg1p8V-fEp8dh9uMYm2PEk73R6U4n1hkcNEeT37QwkPYLApEJRpoa9xLu2py0xXIhXmSOhg/s1600/scep.png" /></a></div>
<br />Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-60453674935098585342014-06-11T07:01:00.000-07:002014-06-11T07:23:28.041-07:00Manually Active Windows / Office Using an Enterprise KMS Server<div class="MsoNormal">
Open an elevated Command Prompt and type the appropriate lines for your need.<br />
<br />
Replace <span style="color: red;">FQDN </span>with the Fully Qualified Domain Name of your KMS server:<br />
<br />
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQ0yOE8no_Lc1_Hg7CRyJKQEhwGfw0KGt5zWk9ULlnZrkXGcnbMuYFVyOWxELp7cU2ygjv9ROcaKPKW_lrBXHpscFbUQznlKfwLkiVaD1PTVSSkYdvYtUjavHZ6qWEkAq_oKhU4PajCQ/s1600/6-11-2014+6-59-39+AM.jpg" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhQ0yOE8no_Lc1_Hg7CRyJKQEhwGfw0KGt5zWk9ULlnZrkXGcnbMuYFVyOWxELp7cU2ygjv9ROcaKPKW_lrBXHpscFbUQznlKfwLkiVaD1PTVSSkYdvYtUjavHZ6qWEkAq_oKhU4PajCQ/s320/6-11-2014+6-59-39+AM.jpg" /></a><br />
<b>Windows 7, Windows 8, Windows 8.1, Server 2008/2008R2 and Server 2012/2012R2:</b><br />
<br />
<ol>
<pre><code>
<li>CD \Windows\System32 </li>
<li>cscript slmgr.vbs /skms <span style="color: red;">FQDN </span></li>
<li>cscript slmgr.vbs /ato </li>
</code></pre>
</ol>
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgapBhyphenhyphenJO40QIgglCycNucmaVLXNw8BUOelnvkXsjxrSNjExwo6n3mFQXpB4exuJSDT79tfbJBZkIXORGPDd8gIBH4DW7cv13J8GlAR7EXukiJNbkzEo-zlFXCPY7Vkjs5IxfcpPgWJJQ/s1600/office2013activationrequired.png" imageanchor="1"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgapBhyphenhyphenJO40QIgglCycNucmaVLXNw8BUOelnvkXsjxrSNjExwo6n3mFQXpB4exuJSDT79tfbJBZkIXORGPDd8gIBH4DW7cv13J8GlAR7EXukiJNbkzEo-zlFXCPY7Vkjs5IxfcpPgWJJQ/s320/office2013activationrequired.png" /></a><br />
<b>Office 2010 32 bit</b><br />
<br />
<ol>
<pre><code>
<li>CD \Program Files (x86)\Microsoft Office\Office14 </li>
<li>cscript ospp.vbs /sethst:<span style="color: red;">FQDN</span> </li>
<li>cscript ospp.vbs /act </li>
</code></pre>
</ol>
<b>Office 2010 64 bit</b><br />
<br />
<ol>
<pre><code>
<li>CD \Program Files\Microsoft Office\Office14 </li>
<li>cscript ospp.vbs /sethst:<span style="color: red;">FQDN</span> </li>
<li>cscript ospp.vbs /act </li>
</code></pre>
</ol>
<b>Office 2013 32 bit</b><br />
<br />
<ol>
<pre><code>
<li>CD \Program Files (x86)\Microsoft Office\Office15 </li>
<li>cscript ospp.vbs /sethst:<span style="color: red;">FQDN</span> </li>
<li>cscript ospp.vbs /act </li>
</code></pre>
</ol>
<br />
<b>Office 2013 64 bit</b><br />
<br />
<ol>
<pre><code>
<li>CD \Program Files\Microsoft Office\Office15 </li>
<li>cscript ospp.vbs /sethst:<span style="color: red;">FQDN</span> </li>
<li>cscript ospp.vbs /act</li>
</code></pre>
</ol>
<ol start="1" style="margin-top: 0in;" type="1">
</ol>
<ol start="1" style="margin-top: 0in;" type="1">
</ol>
If your product is still not activating, you may have KMS configuration issues. A good place to start looking for problems is to run the below command on the same machine that you ran the above commands. This will tell you when and what KMS server your client is trying to activate.<br />
<br />
<ol>
<pre><code>
<li>cscript ospp.vbs /dhistoryacterr</li>
</code></pre>
</ol>
</div>
Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-43962520609985858932014-01-23T13:34:00.001-08:002014-01-23T15:08:58.957-08:00RSA San Francisco 2014 Free Expo Passes<br />
<br />
Here is the registration link: <a href="https://ae.rsaconference.com/US14/portal/newreg.ww">https://ae.rsaconference.com/US14/portal/newreg.ww</a><br />
<br />
Use one of the codes below to get your free Expo only pass. Be sure to visit the vendor whose code you used.<br />
<br />
I will be updating them as I get them.<br />
<br />
Duo Security - Booth #2518 - EC4DURY<br />
F5 Networks - Booth #1801 - EC4F5NET<br />
Proofpoint - Booth #1527 #520 and #3615 - SC4PROOFB or EC4PROOFE<br />
APCOM - Booth # 632 - EC4APCON<br />
OPSWAT - Booth #2531 - EC4PSWT<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiapbBo20Lifegh-YkftsJWqz0d2U5t2bBk1gbaJrRJJgXrDqlmAkCVXD8PIXmQlRgMQr91K9ZFMZuKmD5qxG3fNC8-NtLEIqiGAAgoqiKdgfm5L8Gp7mJBtGk3_8ZNbl3qSWHW3GvXkw/s1600/RSA2014.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiapbBo20Lifegh-YkftsJWqz0d2U5t2bBk1gbaJrRJJgXrDqlmAkCVXD8PIXmQlRgMQr91K9ZFMZuKmD5qxG3fNC8-NtLEIqiGAAgoqiKdgfm5L8Gp7mJBtGk3_8ZNbl3qSWHW3GvXkw/s1600/RSA2014.png" height="200" width="400" /></a></div>
<br />
<br />Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-57992929719006926022014-01-23T07:13:00.002-08:002014-01-23T13:34:35.447-08:00DCPromo Demotion Fails "Access is denied"While trying to demote an existing Windows Server 2008 R2 Domain Controllers I ran into quite the headache. After running "dcpromo" and following the first few steps of the demotion it seems to start and run just fine. But within a few seconds I was promoted for credentials with the below "access is denied" message.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUYb6old-wfY20g3AGQGCGnHUUhTtxYndkLweiRe8g62Gxta2mjo_-Gmivf-fQA2UksE0CvJM8RunnS9hSVOvyiexeIoDzc6Sq6VBzeXPa7hLpCIS0juxd-qjVhkoQXQFsH8Ct0NTa2Q/s1600/image.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjUYb6old-wfY20g3AGQGCGnHUUhTtxYndkLweiRe8g62Gxta2mjo_-Gmivf-fQA2UksE0CvJM8RunnS9hSVOvyiexeIoDzc6Sq6VBzeXPa7hLpCIS0juxd-qjVhkoQXQFsH8Ct0NTa2Q/s1600/image.png" height="237" width="400" /></a></div>
<br />
I searched and searched but was not able to find a good solution so finally I gave up and ran "dcpromo /forceremoval". I then did the metadata cleanup and moved on. I then tried to remove the old DC computer object from the Domain Controllers OU and I was denied access again. I scratched my head and realized that the object was protected. Could this whole problem be that simple!? The answer is YES, it was that simple.<br />
<br />
On my next DC demotion I re-created the same errors. I cancelled the dcpromo, went into ADUC and unchecked the "Protect object from accidental deletion" box, ran dcpromo and and everything went smooth without error!<br />
<span style="color: #2a2a2a; font-family: monospace; font-size: x-small;"><span style="line-height: 18px;"><br /></span></span>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisMSnscJofsX_C94GXlLq81ENmU-9BEXkPd-UsfWpk9MZyZIOFEeQuby83MOsys2EeLid9TXjlFl_fsgwNlFmNpTAVjDXNkhyphenhyphensbfk3jkEkqS0kWiWjbLfQeDHTnSIQE9Si0re5wYUr-Q/s1600/1-23-2014+6-33-58+AM.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEisMSnscJofsX_C94GXlLq81ENmU-9BEXkPd-UsfWpk9MZyZIOFEeQuby83MOsys2EeLid9TXjlFl_fsgwNlFmNpTAVjDXNkhyphenhyphensbfk3jkEkqS0kWiWjbLfQeDHTnSIQE9Si0re5wYUr-Q/s1600/1-23-2014+6-33-58+AM.png" height="400" width="356" /></a></div>
<span style="color: #2a2a2a; font-family: monospace; font-size: x-small;"><span style="line-height: 18px;"> </span></span>Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-89808799404156364402013-02-11T17:30:00.000-08:002013-02-11T17:30:01.244-08:00RSA San Francisco 2013 Free Expo PassesHere is the registration link: https://ae.rsaconference.com/US13/portal/login.ww<br />
<br />
Use one of the codes below to get your free Expo only pass. Be sure to visit the vendor whose code you used.<br />
<br />
AhnLab - FXE13AHN <br />
APCON - FXE13APC<br />
OneLogin - FXE13LOGIN <br />
Proofpoint - FXE13PRF<br />
Symantec - FXE13SYM<br />
<br />Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-66364771040556663052012-12-27T18:30:00.000-08:002012-12-27T18:30:00.542-08:00Speaking at RSA 2013 in San FranciscoI have been fortunate enough to once again be selected as a speaker for the RSA Conference in San Francisco. This years conference (2013) will be held at the Moscone Center from February 24 though March 1. I will be hosting a Peer2Peer (P2P) session entitled "To Report, or Not To Report, Will My Job Be At Risk? That is the Question" on Wednesday February 27, in Room 110, at 10:40. I am one of only 9 P2P sessions and attendance is restricted to only 25 people. If you want to participate be sure to get there early.<br />
<br />
During this hour long session we will discuss ways to encourage our users to report policy violations and security incidents that they wittiness. If we can be informed of issues that arise early, before they get out of control, we can deal with them and mitigate further risk.<br />
<br />
When was your last virus outbreak? Wouldn't it have been great if the very first user called and reported it before it spread? Do you have some war stories to share? Do you have some suggestions to bring? Is there something that does/does not work for your agency?<br />
<br />
If you have any ideas please post them to comments or email me with them. I would love to hear your ideas and to see you there!Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-71282624109389630432012-11-14T18:30:00.000-08:002012-11-14T18:30:00.448-08:00How to Change The Product Key in Windows 8For reasons unknown to me, during the installation of Windows 8 Enterprise (from Technet), you are not prompted to enter in your Windows Key. This may be on other versions too, I do not have other versions to test. Once Windows 8 is installed you are prompted to Activate Windows and you see the nag text in the lower right corner. There does not seem to be an easy "click here" way to enter in your correct product key. But, if you follow the below steps, you will be able to enter your key easy enough and active your Windows 8 installation. <br />
<ol>
<li>Press the "Windows Key" on your keyboard which will bring you to the "Modern" menu. </li>
<li>Type "cmd" and you will see "Command Prompt" displayed on the left side of your screen. </li>
<li>"Right Click" "Command Prompt" and on the bottom of your screen choose "Run as Administrator". </li>
<li>Click "Yes" on the User Access Control warning screen. </li>
<li>At the command prompt screen type "slmgr.vbs -ipk PRODUCT KEY". It should look something like "slmgr.vbs -ipk 11111-22222-33333-44444-55555". Press "Enter" </li>
<li>You should now be prompted that the product key was installed successfully, if not your key is invalid, you typed it wrong, or you forgot to include the dashes. I suggest you copy and paste. </li>
<li>Next, still at the command prompt, typ "slmgr.vbs -ato" and press "Enter". </li>
<li>You should now be prompted that Windows was successfully activated.</li>
</ol>
Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com2tag:blogger.com,1999:blog-7269992209406692803.post-85774063120084082372012-10-24T17:30:00.000-07:002012-11-14T08:07:08.363-08:00To report, or not to report, will my job at risk? That is the question. As security practitioners we understand that prompt and accurate reporting of a security incident can save time, money, and can minimize damage. But when a user clicks a malicious link, replies to a spear phishing email, or gets a virus warning; they may confuse the need to report as an RGE (Resume Generating Event). How can we encourage users to report incidents without the fear of repercussion?
There is nothing more frustrating then getting a phone call reporting an incident that occurred days, weeks, or months in the past.<br />
<br />
Did the user really not notice for a month that their computer was gone and the cables were left dangling off their desk? Did they think it would just re-appear? What about a cell phone that is missing, was it just misplaced? How long should the user look for it before they report it missing? When is too long, too long?
How can management create an environment that users are willing to come forward when the realize that a security incident has occurred? What can be done to encourage, or reward reporting?<br />
<br />
These are the questions; what are the answers? Maybe my topic will be accepted at RSA 2012 San Francisco Peer2Peer and we will find out!
Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-42433015012136737132012-09-27T19:10:00.000-07:002012-09-27T19:10:00.129-07:00Cybergeddon, a Yahoo SeriesI just finished watching Yahoo's Cybergeddon. It is about 1 1/2 hours long and follows Chloe Jocelyn, a hacker turned FBI agent, who is trying to stop a cyber terrorist bent on revenge. It is very entertaining and mentions some real life tools and virus's. While of course it is fiction and a lot of the dramatization seem to be right of of the 1995 movie "Hackers", it is very entertaining and, believe it or not semi-plausible.<br />
<br />
Check it out: <a href="http://cybergeddon.yahoo.com/#chapters" rel="nofollow" target="_blank">Cybergeddon</a>Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-49526010063816175792012-09-27T17:44:00.000-07:002012-09-28T10:45:48.278-07:00Hey Ashley, Thanks for the Naked PicsI talk and write about it often. It was the subject of my final project during my Masters studies. I even spoke about the topic at the <a href="http://attackcomputerwiz.blogspot.com/2012/04/rsa-conference-2012-garage-sale.html" target="_blank">RSA Conference in 2012</a>. For years one of my many hobbies has been to acquire storage media devices that people have disposed of and review them to find out what they left behind. I find devices at yard sales, laying on the ground, auctions, storage units that have been sold at auction, and pretty much anywhere you can think of. They are not always the old 256mb worthless drives either, recently I found a very nice 16gb SanDisk for 50 cents at a yard sale. Below is a very small sampling of my collection.<br />
<div class="separator" style="clear: both; text-align: center;">
</div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOZtkwrfGPOzRXKRPLNx1N7uJmpa5gLhDafrzjMw5yfY1QfoCHXapL8youwDQRpCyx8vY6XDfKOMek_SYS4Pf99YvV30UlyJlRo94EEDQBY2LeBaQmPqUlTIXfrveMNN3BPlsyUcSD0g/s1600/usbd.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a></div>
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi5DwCIWjVYrfluGX6356gCoEnon7edw2iSN5Hapt7ayqpHzUtjkcuKcBDyXkW0yc5PAlsFf24AZcAz-abBIzO2aaOWmAsOpdfI0TNwLHce7aMmAxuLMUBg4dmLWuYETt4fcOb-cxT7Dw/s1600/usbd.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"></a></div>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieBoQ2neIKk7D4xSZUnZ_WiNCI7yJlWa-xfI4py3VVKE7ajkmixd6KWjyjJJWIeA1QLYzWjwcwp-p7JQ0t1aVUUVYByKJaVqufvouZYIGC-xxV6f7SIoBEeqlRj1BLEoZTuBMMXeAYJQ/s1600/usbd.JPG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="USB Drives" border="0" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEieBoQ2neIKk7D4xSZUnZ_WiNCI7yJlWa-xfI4py3VVKE7ajkmixd6KWjyjJJWIeA1QLYzWjwcwp-p7JQ0t1aVUUVYByKJaVqufvouZYIGC-xxV6f7SIoBEeqlRj1BLEoZTuBMMXeAYJQ/s1600/usbd.JPG" title="USB Drives" /></a></div>
<br />
<br />
I seem to be able to find two or three drives every couple weeks. Often these finds come with financial information, family photos, documents, bank statements, and of course nude personal photos. Unless you are living in a cave some where, in which case you are not reading this, you cannot turn your head without hearing about an identity theft or loss of data somewhere. Heck, I just saw a trailer for a movie called <a href="http://www.identitythiefmovie.com/" rel="nofollow" target="_blank">Identity Thief</a> staring Jason Bateman and Melissa McCarthy, which looks hilarious by the way!<br />
<br />
One would think with mainstream media and even Hollywood educating us everyday of the risks of identity theft, that everyone would be securing their devices or at best not keep sensitive data on them at all! Alas, this is not the case and in nearly every device I review I am able to find sensitive documents and images. In most cases simply by viewing it, rarely do I need to run any recovery tools to find them.<br />
<br />
So until people figure out that they cannot simply toss or sell these items without proper sanitation, or <a href="http://attackcomputerwiz.blogspot.com/2010/04/what-if-you-lost-your-usb-thumb-drive.html" target="_blank">encrypt </a>them, or even better smashing them into little pieces rather then trying to get 50 cents, their precious documents and data will be used in ways they do not intend.<br />
<br />
And Ashley, thanks for the naked pics.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidKuho_Ebs6Ic4Si7SX1c_KffG3Gq_tF7i1s5rMVR_6KzlkGL1JGZUVWosaSXmYthTR8RcHbX8IRqQIkfOAaA0xuSViWFLodItJzh8po32DJwGHH6whuTMTRoR7Pbf8Th-vOMTS9XIyQ/s1600/ashley.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img alt="Ashley" border="0" height="133" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidKuho_Ebs6Ic4Si7SX1c_KffG3Gq_tF7i1s5rMVR_6KzlkGL1JGZUVWosaSXmYthTR8RcHbX8IRqQIkfOAaA0xuSViWFLodItJzh8po32DJwGHH6whuTMTRoR7Pbf8Th-vOMTS9XIyQ/s640/ashley.jpg" title="Ashley" width="500" /></a></div>
Want to see more? Click here >>> Just kidding ;)Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-64771401545863514992012-09-26T20:19:00.001-07:002012-09-26T20:19:46.226-07:00To Unlock A Full Price AT&T iPhone 5, Just Restore It In iTunesI am not able to confirm this but it sounds good and if it is true this is great for iPhone 5 owners that have the need to unlock their new phone without the normal head ache. Check out the below link for details, great job Romain!<br />
<br />
<a href="http://techcrunch.com/2012/09/26/to-unlock-a-full-price-att-iphone-5-just-restore-it-in-itunes/" rel="nofollow" target="_blank">TechCrunch</a>Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-1617969050537743272012-09-26T20:14:00.000-07:002012-09-26T20:14:10.449-07:00Facebook Purges Fake LikesFacebook began purging massive numbers of Likes that were believed to be from fake and fraudulent sources. According to the <a href="https://www.facebook.com/notes/facebook-security/improvements-to-our-site-integrity-systems/10151005934870766" rel="nofollow" target="_blank">Facebook Security Page</a> <span>"on average, less than 1% of Likes on any given Page will be
removed, providing they and their affiliates have been abiding by our
terms. These newly improved automated efforts will remove those Likes
gained by malware, compromised accounts, deceived users, or purchased
bulk Likes."</span><br />
<br />
<span>Further they state <span>that "users will continue to connect to the Pages and Profiles they
authentically want to subscribe to, and Pages will have a more accurate
measurement of fan count and demographics. This improvement will allow
Pages to produce ever more relevant and interesting content, and brands
will see an increase in the true engagement around their content."</span></span><br />
<br />
As you can see in the image below from <a href="http://pagedata.appdata.com/pages/leaderboard/fc/fan_count" rel="nofollow" target="_blank">PageData</a>, some fan pages have lost a large number of fans.<br />
<br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidv3b_UYDb9O237PC9N5MhqHV13WpKGpa0VMG03gsMwQ6-V6V3RrQioUwx3N5A5EThcav0p6J295UgJTdxyyRYEN1OtCNDJ7VWcHCQVIGbIShgURrpGwDjS0MxEyzCUbNMGWsVkkRsIw/s1600/2012-09-25-fb.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="592" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidv3b_UYDb9O237PC9N5MhqHV13WpKGpa0VMG03gsMwQ6-V6V3RrQioUwx3N5A5EThcav0p6J295UgJTdxyyRYEN1OtCNDJ7VWcHCQVIGbIShgURrpGwDjS0MxEyzCUbNMGWsVkkRsIw/s640/2012-09-25-fb.jpg" width="600" /></a></div>
Source: PageData<br />
<br />Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-46125322825959941612012-09-24T18:16:00.000-07:002012-09-24T18:16:00.587-07:00CTRL+ALT+DEL Missing From Windows 8 Domain MembersI have installed and am currently evaluating Windows 8 Enterprise RTM. In my test domain I discovered right away a glaring item was missing. No I don't mean the start menu, though the lack of a start menu is going to thoroughly confuse most users. What I noticed was missing, as compared to all previous versions of Windows, is the CTRL+ALT+DEL key press to logon to the domain. In all previous versions of Windows after the computer starts up, before the user is allowed to type in their username and password, they are required to press CTRL+ALT+DEL. This key press has been historically tied to ending any unauthorized processes. But in theory, it also requires a human interaction before the logon. This extra key press can show that a user intended to logon. Should they violate corporate policy it may be shown that they did press the keys, they did logon, they were displayed a policy banner, and so on. Alas, in Windows 8 this requirement seems to have become optional.<br />
<br />
Now domain administrators need a way to enable this requirement with as little work and as little impact as possible. What I discovered in my testing, and confirmed by a review by others in the same position, a Global Policy Object modification can accomplish this.<br />
<br />
To require CTRL+ALT+DEL during logon of WIndows 8 Domain member system follow the below steps.<br />
<ol>
<li>Navigate to the following GPO setting: "<b>Computer > Policies > Windows Settings > Security Settings > Local Policies > Security Options</b>"</li>
<li>Locate the following key: "<b>Interactive logon: Do not require CTRL+ALT+DEL</b>"</li>
<li>Change the setting to: "<b>Disabled</b>"</li>
<li>Reboot the computer or preform a "<b>gpupdate /force</b>" from the command prompt. </li>
</ol>
On your next logon you will be required to press CTRL+ALT+DEL to logon to the domain member Windows 8 system. This can be applied at the top level of your domain to apply to all child objects.Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-74629103121974018532012-09-21T14:36:00.000-07:002012-09-21T14:36:00.028-07:00Setting up TrueCrypt Full Disk Encryption on Windows 8<!--[if gte mso 9]><xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
</o:OfficeDocumentSettings>
</xml><![endif]--><br />
<!--[if gte mso 9]><xml>
<w:WordDocument>
<w:View>Normal</w:View>
<w:Zoom>0</w:Zoom>
<w:TrackMoves/>
<w:TrackFormatting/>
<w:PunctuationKerning/>
<w:ValidateAgainstSchemas/>
<w:SaveIfXMLInvalid>false</w:SaveIfXMLInvalid>
<w:IgnoreMixedContent>false</w:IgnoreMixedContent>
<w:AlwaysShowPlaceholderText>false</w:AlwaysShowPlaceholderText>
<w:DoNotPromoteQF/>
<w:LidThemeOther>EN-US</w:LidThemeOther>
<w:LidThemeAsian>X-NONE</w:LidThemeAsian>
<w:LidThemeComplexScript>X-NONE</w:LidThemeComplexScript>
<w:Compatibility>
<w:BreakWrappedTables/>
<w:SnapToGridInCell/>
<w:WrapTextWithPunct/>
<w:UseAsianBreakRules/>
<w:DontGrowAutofit/>
<w:SplitPgBreakAndParaMark/>
<w:EnableOpenTypeKerning/>
<w:DontFlipMirrorIndents/>
<w:OverrideTableStyleHps/>
</w:Compatibility>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr></w:WordDocument>
</xml><![endif]--><!--[if gte mso 9]><xml>
<w:LatentStyles DefLockedState="false" DefUnhideWhenUsed="true"
DefSemiHidden="true" DefQFormat="false" DefPriority="99"
LatentStyleCount="267">
<w:LsdException Locked="false" Priority="0" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Normal"/>
<w:LsdException Locked="false" Priority="9" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="heading 1"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 2"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 3"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 4"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 5"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 6"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 7"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 8"/>
<w:LsdException Locked="false" Priority="9" QFormat="true" Name="heading 9"/>
<w:LsdException Locked="false" Priority="39" Name="toc 1"/>
<w:LsdException Locked="false" Priority="39" Name="toc 2"/>
<w:LsdException Locked="false" Priority="39" Name="toc 3"/>
<w:LsdException Locked="false" Priority="39" Name="toc 4"/>
<w:LsdException Locked="false" Priority="39" Name="toc 5"/>
<w:LsdException Locked="false" Priority="39" Name="toc 6"/>
<w:LsdException Locked="false" Priority="39" Name="toc 7"/>
<w:LsdException Locked="false" Priority="39" Name="toc 8"/>
<w:LsdException Locked="false" Priority="39" Name="toc 9"/>
<w:LsdException Locked="false" Priority="35" QFormat="true" Name="caption"/>
<w:LsdException Locked="false" Priority="10" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Title"/>
<w:LsdException Locked="false" Priority="1" Name="Default Paragraph Font"/>
<w:LsdException Locked="false" Priority="11" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtitle"/>
<w:LsdException Locked="false" Priority="22" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Strong"/>
<w:LsdException Locked="false" Priority="20" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Emphasis"/>
<w:LsdException Locked="false" Priority="59" SemiHidden="false"
UnhideWhenUsed="false" Name="Table Grid"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Placeholder Text"/>
<w:LsdException Locked="false" Priority="1" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="No Spacing"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 1"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 1"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 1"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 1"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 1"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 1"/>
<w:LsdException Locked="false" UnhideWhenUsed="false" Name="Revision"/>
<w:LsdException Locked="false" Priority="34" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="List Paragraph"/>
<w:LsdException Locked="false" Priority="29" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Quote"/>
<w:LsdException Locked="false" Priority="30" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Quote"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 1"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 1"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 1"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 1"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 1"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 1"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 1"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 1"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 2"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 2"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 2"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 2"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 2"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 2"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 2"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 2"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 2"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 2"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 2"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 2"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 2"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 2"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 3"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 3"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 3"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 3"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 3"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 3"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 3"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 3"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 3"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 3"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 3"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 3"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 3"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 3"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 4"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 4"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 4"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 4"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 4"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 4"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 4"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 4"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 4"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 4"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 4"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 4"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 4"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 4"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 5"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 5"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 5"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 5"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 5"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 5"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 5"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 5"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 5"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 5"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 5"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 5"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 5"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 5"/>
<w:LsdException Locked="false" Priority="60" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Shading Accent 6"/>
<w:LsdException Locked="false" Priority="61" SemiHidden="false"
UnhideWhenUsed="false" Name="Light List Accent 6"/>
<w:LsdException Locked="false" Priority="62" SemiHidden="false"
UnhideWhenUsed="false" Name="Light Grid Accent 6"/>
<w:LsdException Locked="false" Priority="63" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 1 Accent 6"/>
<w:LsdException Locked="false" Priority="64" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Shading 2 Accent 6"/>
<w:LsdException Locked="false" Priority="65" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 1 Accent 6"/>
<w:LsdException Locked="false" Priority="66" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium List 2 Accent 6"/>
<w:LsdException Locked="false" Priority="67" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 1 Accent 6"/>
<w:LsdException Locked="false" Priority="68" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 2 Accent 6"/>
<w:LsdException Locked="false" Priority="69" SemiHidden="false"
UnhideWhenUsed="false" Name="Medium Grid 3 Accent 6"/>
<w:LsdException Locked="false" Priority="70" SemiHidden="false"
UnhideWhenUsed="false" Name="Dark List Accent 6"/>
<w:LsdException Locked="false" Priority="71" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Shading Accent 6"/>
<w:LsdException Locked="false" Priority="72" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful List Accent 6"/>
<w:LsdException Locked="false" Priority="73" SemiHidden="false"
UnhideWhenUsed="false" Name="Colorful Grid Accent 6"/>
<w:LsdException Locked="false" Priority="19" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Emphasis"/>
<w:LsdException Locked="false" Priority="21" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Emphasis"/>
<w:LsdException Locked="false" Priority="31" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Subtle Reference"/>
<w:LsdException Locked="false" Priority="32" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Intense Reference"/>
<w:LsdException Locked="false" Priority="33" SemiHidden="false"
UnhideWhenUsed="false" QFormat="true" Name="Book Title"/>
<w:LsdException Locked="false" Priority="37" Name="Bibliography"/>
<w:LsdException Locked="false" Priority="39" QFormat="true" Name="TOC Heading"/>
</w:LatentStyles>
</xml><![endif]--><!--[if gte mso 10]>
<style>
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;
mso-bidi-font-family:"Times New Roman";
mso-bidi-theme-font:minor-bidi;}
</style>
<![endif]-->
<br />
<div class="MsoNormal">
Setting up TrueCrypt Full Disk Encryption on a Windows 8
system is very straight forward and does not require anything new from previous
versions of Windows. By following the below steps you can setup full disk
encryption on your new Windows 8 system, or previous versions of Windows. </div>
<br />
<ol>
<li>Download and install the latest version of TrueCrypt. (7.1a
at the time of this post) <a href="http://www.truecrypt.org/" rel="nofollow" target="_blank">http://www.truecrypt.org/.</a>
</li>
<li>Launch TrueCrypt and click on “<b>System</b>”, then “<b>Encrypt System
Partition/Drive...</b>”.</li>
<li>Choose a “<b>Normal</b>” or a "<b>Hidden</b>” system encryption, for this
guide I am choosing “<b>Normal</b>”, click “<b>Next</b>”.</li>
<li>Choose to “<b>Encrypt the Windows system partition</b>” or “<b>Encrypt
the whole drive</b>”, for this guide I am choose whole drive, click “<b>Next</b>” *Choosing
whole drive will take a considerable amount of time however all of your data on
the drive will be secure, not just the Windows system.</li>
<li>If prompted, acknowledge the 'User Account Control' by
clicking “<b>Yes</b>”.</li>
<li>Choose your option on whether or not to encrypt the “<b>Host
Protected Area</b>”. *The host
protected area may have drivers, such as RAID drivers, that need to be accessed
‘pre-boot’. </li>
<li>Choose whether you have a single OS installed or are booting
between multiple OS’s, click “<b>Next</b>”.</li>
<li>Choose the 'Encryption Algorithm' and the 'Hash Algorithm' you
want to use. Read each description and select the one that you feel is best for
you. By clicking the “<b>Benchmark</b>” button you can estimate how many megabytes
per second your encryption task may take. Click “<b>Next</b>”.</li>
<li>Create your encryption password, the bigger the better, recommended
is 20 characters, click “<b>Next</b>”. *Here is a link to check the strength of your
password <a href="http://howsecureismypassword.net/" rel="nofollow" target="_blank">http://howsecureismypassword.net/.</a></li>
<li>On the next screen you will see moving text. Simply move
your mouse around your screen for a while to create a random data pool. Do this
for as long or as little as you like, but you should give it a few seconds at
the very least. Click “<b>Next</b>”.</li>
<li>The next screen will show you the generated keys. You do not
need to do anything here, just click “<b>Next</b>”.</li>
<li>On the 'Rescue Disk' screen you need to specify a path for
an ISO file to be created. You will need this ISO file in the event you need to
boot your system from a disk. So “<b>Browse</b>” to a location and save your rescue
disk. Click “<b>Next</b>”.</li>
<li>Acknowledge the action and insert a blank CD into your CD
burner. Choose your CD burner from the drop down box and click “<b>Burn</b>”.</li>
<li>Now, <u>before you continue</u>, navigate to the location of the
ISO file that you created in the last step. Copy that ISO file to an
external location such as a thumb drive. If your disk is lost or broken you can
use this ISO file to create a new one.</li>
<li>Click “<b>Close</b>”, then click “<b>Next</b>” to verify that your cd is
good, click “<b>Next</b>” again.</li>
<li>Remove the burned disk, label it, and store it in a safe
location.</li>
<li>On the next screen you are asked if you want to wipe unused
space on your disk. This can be important if you need to securely erase any data
that can possibly be recovered. Choose your wipe mode (3 pass is sufficient) or
choose “<b>None</b>” if this is not a concern to you. Click “<b>Next</b>”.</li>
<li>Next you are asked to perform a 'Pretest'. Be sure that all
of your applications are closed and your work is saved. Next click “<b>Next</b>”,
agree to the terms, then click “<b>Yes</b>” to reboot your computer and begin the
pretest.</li>
<li>Assuming there are no issues, your computer will reboot
normally and after the POST screen you are asked for your TrueCrypt password.
Type the password that you created earlier and press “<b>Enter</b>” on your keyboard. </li>
<li>Assuming there are no issues, your computer will start into
Windows as it always does. Logon if needed and click on the “<b>Desktop</b>” button
from your new start screen. Once on the desktop Trucrypt should be waiting for
you. Simply press the “<b>Encrypt</b>” button to begin the whole disk encryption process.
You may need to agree to the terms again and User Account Control may prompt
you for permission again.</li>
<li>At this point just sit back and wait. </li>
</ol>
<br />
<div class="MsoNormal">
Depending on the size
of your disk and the level of encryption you chose you may be waiting a very
long time. You can use your system normally during the encryption process. Just
don’t do any intense gaming. Stick to Facebook and email until it is done.</div>
<div class="MsoNormal">
<br /></div>
<div class="MsoNormal">
When it is all done simply reboot your computer and you are
done! You can now sleep better tonight. </div>
Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com3tag:blogger.com,1999:blog-7269992209406692803.post-7917648513413496332012-09-20T17:48:00.000-07:002012-09-20T17:48:00.287-07:00RSA Conference 2013 Registration is OpenRSA Conference 2013 registration is now open. Register before November 16, 2012 and receive a substantial discount. I have attended this conference for many years and was a speaker once. It is a great event with tons of training, networking, social opportunities.<br />
<br />
This years event will be held on February 25 through March 1 at the Moscone Center in San Francisco California.<br />
<br />
<a href="http://www.rsaconference.com/events/2013/usa/index.htm" rel="nofollow" target="_blank">Main site is here</a><br />
<a href="http://www.rsaconference.com/events/2013/usa/registration/rates-and-packages.htm" rel="nofollow" target="_blank">Register here</a><br />
<a href="http://www.rsaconference.com/events/2013/usa/pdf/rsac-2012-justification.pdf" rel="nofollow" target="_blank">Tools to help justify your trip are here</a><br />
<br />
<img alt="Photobucket" border="0" src="http://i872.photobucket.com/albums/ab288/ACWiz/RSA2013/rsa201301_zps5702d222.jpg" width="500" /><br />
<br />
<br />Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-47602428484069409972012-09-20T17:03:00.000-07:002012-09-20T17:03:00.771-07:00How to Install .NET Framework 3.5 on Windows 8.NET Framework 3.5 is not installed out of the box in Windows 8. I found that this version is still required for a handful of applications and it must be installed. The "check the box" method within the Windows 8 GUI did not work for me so I needed to find another way to get it installed. I found an <a href="http://msdn.microsoft.com/en-us/library/hh506443.aspx" rel="nofollow" target="_blank">MSDN</a> post that explained it. In short, easiest way that I found to get .NET Framework 3.5 is by following the below steps:<br />
<ol>
<li>Open a "<b>cmd</b>" prompt by browsing to the "<b>C:\Windows\System32\</b>", find the "<b>cmd.exe</b>" icon and right click, choose "<b>Run as administrator</b>".</li>
<li>In the cmd console type "<strong>DISM /Online /Enable-Feature /FeatureName:NetFx3 /All /LimitAccess /Source:<span style="color: red;">d</span>:\sources\sxs" </strong>replace the "d" in "/Source:<span style="color: red;"><b>d</b></span>:\sources\" with the drive letter that corresponds with your DVD drive, your mounted ISO, or if you run into difficulties with this, copy the entire contents of your sxs directory from your DVD to your local drive and change the path accordingly.</li>
<li>Execute the command and confirm success.</li>
</ol>
That was it. After I preformed the above steps I could install and run my .NET 3.5 applications without issue. Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com1tag:blogger.com,1999:blog-7269992209406692803.post-8836909311026506412012-09-19T17:06:00.000-07:002012-09-20T06:45:42.094-07:00Remote Server Administration Tools (RSAT) for Windows 8The replacement for AdminPack.msi is called Remote Server Administration
Tools or RSAT. It is a little bit different in Windows 8 than it was on Windows 7. These tools can be used to manage servers running Windows 2012. They can also manage Windows 2008/2008R2 and 2003, though limitations may apply.<br />
<br />
In order to install and configure these tools on Windows
8 follow the below instructions. <br />
<ol>
<li>Download and Install the appropriate package from this link, <a href="http://www.microsoft.com/en-us/download/details.aspx?id=28972" target="_blank">Download Link</a></li>
<li>Return to your "<b>Start</b>" screen and you will see the new feature "<b>Server Manager</b>".</li>
<li>Click on "<b>Server Manager</b>" and in the upper right corner click on "Tools". This is where your RSAT tools are.</li>
</ol>
<br />
If you if find that there are too many tools here that you do not need to use, simply follow the below steps to remove the unwanted options.<br />
<ol>
<li>Click on <b>Control Panel </b>> <b>Programs and Features</b>.</li>
<li>Click on "<b>Turn Windows features on or off</b>".</li>
<li>Expand the "<b>Remote Server Administration Tools</b>".</li>
<li>Now choose any or all of the tools that you wish to disable from this workstation and Click <b>OK</b>.</li>
</ol>
Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-16229293418943311872012-04-02T06:57:00.001-07:002015-06-18T09:27:14.977-07:00RSA Conference 2012 - Garage Sale Forensics: VIDEOPosted below is my abbreviated presentation from the 2012 RSA Security Conference in San Francisco. I hate watching myself on video and no, despite my swaying back and forth, it was not film on a ship in rough seas.<br />
<br />
Garage Sale Forensics: Data Discovery Through Discarded Devices<br />
<br />
"A review of how data storage devices can be discovered and the data left
on those devices used for unauthorized purposes. Individuals and
organizations may dispose of a device without completely purging all
data that resides or resided on it. This presentation will show where
devices can be located, how data can be recovered, and how the
organization or individual can protect themselves from loss."<br />
<br />
<iframe allowfullscreen="" frameborder="0" height="315" src="http://www.youtube.com/embed/jUJrVxIlKYk" width="560"></iframe>Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-24821803742886686362012-03-20T06:48:00.000-07:002012-03-20T06:48:42.636-07:00Fake Anti-Virus Affiliate SupportChester Wisniewski over at Sophos posted an article yesterday on the inner workings of a fake anti-virus company. It is a good story and well worth the read. You can find it at the link below. Often support people and users ask me how these types of virus’, worms, etc., make it past our firewalls, AV, and other controls that they spend so much money on. This story points out that this particular fave AV vendor updates there payloads every two hours.<br />
<br />
Wow!<br />
<br />
This is an example of how technology cannot fix <strike>stupid</strike> human behavior. Really, how can vendors create definitions within a two hour window? Fake AV is not a technology problem, it is a people problem. In many cases fake AV is a social engineering trick that dupes the user into infecting their own system. People need to be educated on what these types of attacks look like, how to prevent them, and who to notify when they occur (or are suspected).<br />
<br />
<a href="http://nakedsecurity.sophos.com/2012/03/19/a-sneak-peak-into-fake-anti-virus-affiliate-support/?utm_source=twitter&utm_medium=NakedSecurity&utm_campaign=naked%252Bsecurity" target="_Blank">"A sneak peek into fake anti-virus affiliate support"</a>Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0tag:blogger.com,1999:blog-7269992209406692803.post-91777173915051390002012-03-08T17:01:00.000-08:002012-03-08T17:01:00.665-08:00There is no Passcode Bypass Bug in iOS 5.1There are a number of rumors floating around and early bandwagon jumpers who are claiming that there is a bug that allows users to bypass the passcode, PIN, or password lock on an iPhone that has updated to iOS 5.1. This is untrue, the described bug is not a bug at all. It is a failure on the users part to properly set security timeouts on their device.<br /><br />The videos and descriptions show how anyone can bypass the passcode on an iPhone by simply activating the new camera feature on a locked device, click on the gallery button, and then click the home button. The videos show that the unauthorized user is now logged in without a passcode. Well the fact is, the device was never locked, the screen was only turned off. If the user in the demonstration would have set this timeout to immediate, rather than 1 minute or more, then the device would have truly been locked and this alleged bypass would not work. Check your settings by tapping “Settings”, “General”, “Passcode Lock”, “Required Passcode”. The Required Passcode setting should be set to “Immediately” to properly secure your device.<br /><br />This is not an Apple failure this is a user failure! <br />
<br />
<a target="_Blank" href="http://9to5mac.com/2012/03/08/in-ios-5-1-major-security-flaw-with-the-new-lock-screen-camera-slider/">9to5Mac</a><br />
<a target="_Blank" href="http://nakedsecurity.sophos.com/2012/03/08/security-hole-iphone-ipad-not-locked/">Sophos </a>Mike Wrighthttp://www.blogger.com/profile/00183079823289533859noreply@blogger.com0