Friday, August 15, 2014

Security baselines for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 - FINAL

Microsoft is pleased to announce the final release of security baseline settings for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11. Some of the highlights of the new security baselines (many of which we intend to backport to older versions of Windows and IE):
  • Use of new and existing settings to help block some Pass the Hash attack vectors;
  • Recommendations to control the storage of plaintext-equivalent passphrases;
  • Blocking the use of web browsers on domain controllers;
  • Incorporation of the Enhanced Mitigation Experience Toolkit (EMET) into the standard baselines;
  • Removal of the recommendation to enable "FIPS mode" (this is discussed in greater detail in this blog post: Why We’re Not Recommending “FIPS Mode” Anymore);
  • Removal of almost all service startup settings, and all server role baselines that contain only service startup settings.

Source : Microsoft Security Guidance

Changes in the Security Guidance for Windows 8.1, Server 2012 R2 and IE11 since the beta

We have made a small number of changes in the baseline security guidance for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11 since we released the beta version of our guidance last April. This blog post discusses those changes and the reasons for them.

Source :

Sysmon – New Sysinternals tool logs system activity in Event Log

Microsoft released the new Sysinternals tools, Sysmon, which allows you to monitor Windows process creations, file creation time changes, and network connections in the Windows Event Log.

Source :

Friday, August 08, 2014

Generating a self-signed certificate

Many online articles suggests using the MakeCert.exe tool available in the Windows SDK for creating a self-signed certificate, but now there is an easier approach available.\LocalMachine\My

Source : PowerShell Magazine » #PSTip Generating a self-signed certificate