Archives
-
Group Policy Deployment: Core Network Companion Guide
We have a new document in our technet library. The Core Network Companion Guide has a section specifically about Group Policy Deployment. Check it out! Or just take a look at James McIllece’s blog post summarizing the deployment guide companion.
-
Mitigating Pass the Hash Attacks
In the recent months, we have seen more and more targeted attacks towards our customers. A lot of them use a technique called Pass the Hash. This made us publishing a paper, which explains Pass the Hash but much more important shows some fairly simple to implement mitigations against this type of attack. As they are fairly prevalent currently, I would urge you reading through the paper and implement the mitigations:
-
Listing Disabled GPOs in a Forest
This blog post is written by Judith, our technical writer, and based on an old blog post by Jeffrey Snover. (http://blogs.msdn.com/b/powershell/archive/2007/01/11/sorting-out-groupby.aspx) Jeffrey wrote a piece that showed how to sort system services with the Format-Table (ft) cmdlet and the –GroupBy parameter.
-
Update: ZoomIt v4.41
ZoomIt v4.41: This update fixes a bug in ZoomIt v4.4 that prevented it from running on 32-bit Windows XP.
-
Updates: DebugView v4.81, ProcDump v5.11, ZoomIt v4.4
DebugView v4.81: Version 4.81 of DebugView, a utility that logs user and kernel-mode
debug output messages, fixes a bug that could cause it on some executions
to fail to capture debug output and enter a CPU-bound loop. -
Group Policy in Windows Server 2012: Infrastructure Status
You may be asking yourself, “What does infrastructure status have to do with Group Policy”. Well, group policy depends on other technologies to ensure that policy settings are replicated throughout your environment so that end users / computers will get the settings that you configure.
-
Group Policy in Windows Server 2012: Results Report Improvements
Another change we made in Windows Server 2012 is in the Resultant Set of Policy reports. In previous versions of Server, you had to look at the results report, and the event log, and the tracing logs to find all the information you needed about why policy did or did not apply. Now, we’ve consolidated most of that information right into the results report to make troubleshooting Group Policy easier.
-
Group Policy in Windows Server 2012: Using Remote GPUpdate
If someone calls to say their computer doesn’t work quite right, the first thing you might have them do is run gpupdate /force to ensure they have the latest policy applied to their system. Now, you have the power to reach out and force a gpupdate without needing to be at the computer, remote in, or ask the user do it themselves.
-
Group Policy in Windows Server 2012: Overview
Now that Windows 8 and Windows Server 2012 have been released, we’d like to share with you some of the exciting enhancements that we’ve added for Group Policy.
-
Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1
AdExplorer v1.44: This release fixes a bug that caused AdExplorer to crash when it encountered corrupted extended rights schemas.
-
Kaspersky Lab: Microsoft software products pretty darn secure
What a statement! The last time I was on a panel with Eugene Kaspersky, he told us that the world will end and the only way to prevent this from happening is a new really secure OS (and they have one…).
-
The Case of the Unexplained FTP Connections
A key part of any cybersecurity plan is “continuous monitoring”, or enabling auditing and monitoring throughout a network environment and configuring automated analysis of the resulting logs to identify anomalous behaviors that merit investigation. This...(read more)
-
Two Papers on Current Issues
Trustworthy Computing just released two papers on current issues:
-
The Future of Crime
You should spend 15 minutes on this TED talk – really worth it!!
-
Security Lessons from Star Wars
Exactly the right article for a weekend: May the (En)Force(ment) Be With You – Security Lessons from Star Wars
-
Updates: Coreinfo v3.1, Desktops v2.0, Livekd v5.3, PsPasswd v1.23, Testlimit v5.22, Whois v1.11
Coreinfo v3.1: This update to Coreinfo, a command line utility that reports detailed information about a system’s processor topology, CPU features, and cache topology, fixes a bug affecting the calculation of NUMA node costs and adds support for several more processor features, including RDRAND, LAHF/SAHF, Prefetchw and Intel Speedstep.
-
Windows Internals 6th Edition Part 2 Published, and Mark Talks Sysinternals History on Defrag Tools
Windows Internals 6th Edition, Part 2 Published: Part 2 of Windows Internals 6th Edition, is now available. The 6th edition covers kernel and system changes in Windows 7 and Windows Server 2008 R2 and adds 250 pages of expanded feature coverage and hand-on experiments.
-
New: PsPing v1.0; Updates: DebugView v4.8, Process Explorer v15.23, Sigcheck v1.81
PsPing v1.0: PsPing is a new Sysinternals PsTools command-line utility for measuring network performance. In addition to standard ICMP ping functionality, it can report the latency of connecting to TCP ports, the latency of TCP round-trip communication between systems, and the TCP bandwidth available to a connection between systems. Besides obtaining min, max, and average values in 0.01ms resolution, you can also use PsPing to generate histograms of the results that are easy to import into spreadsheets.
-
Group Policy Settings Reference Spreadsheet
The Group Policy settings reference spreadsheet that covers
the available administrative template settings and security settings for
Windows Server 2012, Windows 8, and all earlier versions of Windows is now
available in the download center here: http://go.microsoft.com/fwlink/?LinkId=261775. -
Updates: Autoruns v11.34, ProcDump v5.0, Sigcheck v1.8, VMMap v3.11
Autoruns v11.34: This release of Autoruns fixes a bug that caused it to not show some Internet Explorer extensions.
-
Windows Azure Host Updates: Why, When, and How
Windows Azure’s compute platform, which includes Web Roles, Worker Roles, and Virtual Machines, is based on machine virtualization. It’s the deep access to the underlying operating system that makes Windows Azure’s Platform-as-a-Service (PaaS) uniquely...(read more)
-
Updates: AccessChk v5.1, Autoruns v.11.33, Coreinfo v3.05, Whois v1.1
AccessChk v5.1: This update to AccessChk, a command-line utility that shows the security settings and effective access on many object types, including registry keys and files, now reports Windows 8 claims and capabilities, shows the token of processes running as local system, lists security descriptor flags, and checks for remote interactive logon rights.
-
Update: ZoomIt v4.31
ZoomIt v4.31: This release fixes a bug that caused ZoomIt to sometimes report an error when dismissing the options dialog.
-
Updates: Handle v3.5, Process Explorer v15.22, Process Monitor v3.03, RAMMap v1.21, ZoomIt v4.3
Handle v3.5: This update to Handle, a command-line utility that lists open handles, uses the most recent Process Explorer driver so that it now resolves system process handles and types.
-
The Case of the Veeerrry Slow Logons
This case is my favorite kind of case, one where I use my own tools to solve a problem affecting me personally. The problem at the root of it is also one you might run into, especially if you travel, and demonstrates the use of some Process Monitor...(read more)
-
Updates: Autoruns v11.32, Process Explorer v15.21, Process Monitor v3.02, PSKill v1.15, RAMMap v1.2
Autoruns v11.32: This update fixes a bug that prevented Autoruns from correctly elevating when the Run as Administrator option is selected.
-
Announcing Trojan Horse, the Novel!
Many of you have read Zero Day , my first novel. It’s a cyberthriller that features Jeff Aiken and the beautiful Daryl Haugen, computer security experts that save the world from a devastating cyberattack. Its reviews and sales exceeded my expectations...(read more)
-
Windows Server “8” Settings Spreadsheet
The latest Group Policy settings reference spreadsheet that covers the available administrative template settings and security settings for Windows Server “8” Beta, Windows 8 Consumer Preview and all earlier versions of Windows is now available in the download center here: http://download.microsoft.com/download/8/F/B/8FBD2E85-8852-45EC-8465-92756EBD9365/WindowsServer8BetaandWindows8ConsumerPreviewGroupPolicySettings.xlsx
-
The Case of My Mom’s Broken Microsoft Security Essentials Installation
As a reader of this blog I suspect that you, like me, are the IT support staff for your family and friends. And I bet many of you performed system maintenance duties when you visited your family and friends during the recent holidays. Every time I’m visiting...(read more)