Friday, December 16, 2016

WSUS Server Cleanup Wizard task “Delete computers that have not contacted the server in 30 days or more” fails with connection error

Hello Everyone, my name is Moni and I am a Support Engineer in the Windows Devices and Deployment team here at Microsoft. In this post, I’ll be discussing an issue where the Server Cleanup Wizard for WSUS 3.0 Service Pack 2 times out when attempting to delete computers that have not contacted the server in 30 days or more.
...
Details of the error are as follows:
The WSUS administration console was unable to connect to the WSUS Server Database.Verify that SQL server is running on the WSUS Server. If the problem persists, try restarting SQL.System.Data.SqlClient.SqlException — Access to table dbo.tbDownstreamServerClientSummaryRollup is blocked because the signature is not valid.Source.Net SqlClient Data ProviderStack Trace:at System.Windows.Forms.Control.MarshaledInvoke(Control caller, Delegate method, Object[] args, Boolean synchronous)at System.Windows.Forms.Control.Invoke(Delegate method, Object[] args)at Microsoft.UpdateServices.UI.SnapIn.Wizards.ServerCleanup.ServerCleanupWizard.OnCleanupComplete(Object sender, PerformCleanupCompletedEventArgs e) 

Source : SUS Blog

Wednesday, November 30, 2016

Test Active Directory replication with PowerShell

When Active Directory replication breaks, IT is in trouble. PowerShell comes with a few cmdlets that allow you to test if Active Directory replication is working properly.


Source : 4sysops

Friday, October 21, 2016

Just Enough Administration (JEA)


Just Enough Administration (JEA) is a new extension in the Windows Management Framework that allows you to restrict the rights of IT admins in remote PowerShell sessions. In this first part of my JEA series, I will give an overview of the basic concepts.
Source : 4sysops.com

Tuesday, October 18, 2016

Recreating the SUSDB and WSUS Content folder for a Windows Server 2012 based WSUS computer | SUS Blog

Occasionally you may find that you want to start over in WSUS with a fresh database (SUSDB). There can be any number of reasons for this, but typically I see people doing this if their SUSDB is rather old, has a ton of unneeded updates in it, and maintenance has not been done on the SUSDB in years. In those cases you can find that a rebuild may be faster and easier than fixing the problematic SUSDB. Typically speaking, I see people wanting to recreate the just the content dir if they accidentally unchecked the “download update files to this server only when updates are approved” and ended up with a hard drive full of unneeded files. Whatever the reason, here are the steps for recreating the SUSDB and the WSUS Content folder for a Windows Server 2012 based WSUS computer

Source : SUS Blog

Monday, October 17, 2016

Update multiple SQL Server systems with PowerShell

In this article, I'll show you how to create a tool in PowerShell that will allow you to update multiple SQL servers in one swath with a single command.

Source : 4sysops

Monday, October 03, 2016

Beware Cookie Sharing in Cross-Zone Scenarios

The Problem
From time to time, various users have complained to the IE team that they’re unable to log into assorted websites and services that they care about: Hotmail and GMail are two common examples. They report that after entering their credentials into the login page, the page seems to get caught in some sort of redirect loop, redirecting from the login page to the site back to the login page. This pattern either continues endlessly or until an error message is displayed.
Source : IEInternals

Friday, September 23, 2016

Security Compliance Manager 4.0 now available for download!

The Security Compliance Manager (SCM) is a free tool from Microsoft that enables you to quickly configure, and manage the computers in your environment using Group Policy and Microsoft System Center Configuration Manager. This version of SCM supports Windows 10, and Windows Server 2016.

Source : Microsoft Security Guidance

LGPO.exe v2.0 PRE-RELEASE: support for MLGPO and REG_QWORD

LGPO.exe is a command-line utility to automate the management of local group policy objects (LGPO). Version 1.0 was released last January. The PRE-RELEASE LGPO.exe v2.0 is attached to this blog post, and adds support for Multiple Local Group Policy Objects (MLGPO) and 64-bit REG_QWORD registry values. It also adds support for /e mnemonic options to enable the GP client side extensions for LAPS, Credential Guard, and Device Guard.

Source : Microsoft Security Guidance

Wednesday, September 21, 2016

Update on WSUS 3.0 SP2 End of Life

As you may have seen, there has been an update to the extended support lifecycle for WSUS 3.0 SP2 (WSUS 3.2). We received feedback that ending this product’s life in July 2017 would cause a significant disruption for those Windows Server 2008/R2 deployments that planned to rely upon it until January 2020. As such, the end of life for this product is now January 2020.

Source : WSUS Product Team Blog

Storage Replica in Windows Server 2016

Storage Replica is a new feature in Windows Server 2016 that allows us to do storage-agnostic block-level replication of data.

Source : 4sysops

Wednesday, August 24, 2016

Offline Files (CSC) to Work Folders Migration Guide

Hi all,
I’m Jeff Patterson, Program Manager for Work Folders and Offline Files.
Jane wrote a blog last year which covers how to use Folder Redirection with Work Folders. The blog is great for new environments. If Folder Redirection and Offline Files are currently used, there are some additional steps that need to be performed which are covered in this migration guide.

Server Storage at Microsoft

Step-by-Step: Getting Started with PowerShell on Linux

On August 18, 2016,  the PowerShell Team announced that we were now providing PowerShell as an open source project on GitHub, available on Windows, Linux and macOS! The official announcement blog can be found here and the PowerShell Webinar is here.

CANITPRO

Tuesday, August 23, 2016

Enabling Intellisense for PowerShell cmdlets in VSCode on Mac OS X

VSCode is the primary way to edit and debug PowerShell scripts on Mac OS and Linux. If you do not have it yet, follow these instructions on GitHub on installing VSCode on Mac OS/Linux/Windows and adding its PowerShell extension.

Source : Dmitry's Blog

Run PowerShell on Mac OS X

As you have probably heard by now, Microsoft has just open-sourced PowerShell and made it available for Linux and Mac OS X. In this blog post, I will take you through the steps to download, install and run PowerShell on a Mac.

Source : Dmitry's Blog

Friday, August 19, 2016

Open source PowerShell on Windows, Linux, and OS X!

As you can see this announcement is huge – not only you can freely read and change the code of the PowerShell itself, you can build it and run it almost anywhere.

Wednesday, August 10, 2016

Use Windows 10 Anniversary’s Connect App to Cast Your Smartphone Screen to Your PC


The Connect app in Windows 10 Anniversary Update gives smartphone users the ability to “cast” their screens to a PC or laptop running Microsoft’s latest version of its ever-evolving operating system. Let’s call this feature the “poor-man’s Continuum.” But, more importantly, it gives Android users something that has been solely constrained to Windows devices – the ability to mirror smartphone and tablet screens to Windows 10. Notably, this feature doesn’t work for iOS and the host device must support Miracast.

Source  : SuperSite for Windows

GitHub - googleinurl/SCANNER-INURLBR

Excellent tool to search for WordPress vulnerabilities !

Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found

Source : GitHub - googleinurl/SCANNER-INURLBR

Thursday, August 04, 2016

How To: Activate Limited Periodic Scanning in the Windows 10 Anniversary Update

Although Microsoft provides Windows Defender as an integrated part of Windows 10 they do not mandate that as your only option.

Once you install your favorite third party anti-virus/malware solution Windows Defender gets out of the way and is turned off so it does not cause any conflicts with your scanning/protection software of choice.

In the recently released Windows 10 Anniversary Update there is a new option for those of you using third party security software that allows you to take advantage of the years worth of research Microsoft has invested into protecting systems from viruses and malware.

Source : SuperSite for Windows

Differences between PowerShell versions


This article covers the differences between the PowerShell versions.

Source : 4sysops

Wednesday, June 22, 2016

How to fix broken GPO because of MS16-072

So as many of you may know, yesterday Microsoft released a security hotfix that changed the behavior of Group Policy. Put simply if you have a security group filtered User Group Policy Object and you also removed the “Authenticated Users” group from the policy it will no longer apply after you install MS16-072.

Source : Group Policy Central

Tuesday, May 31, 2016

My favorite Windows PowerShell ISE add-ons

Today, I will introduce to my favorite PowerShell ISE add-ons: Script Browser, Module Browser, and ISE Geek. At the end of the post, I'll leave you with a hand-selected list of some other ISE add-ins.

Source : 4sysops

Thursday, May 12, 2016

Analyzing website performance with the Windows Performance Toolkit

To build fast sites, developers need powerful tools to analyze the performance of their sites and debug issues. In-browser tools like the F12 Developer Tools are a great start and the primary tools for analyzing what’s happening behind the scenes when a page slows down. However, some scenarios require measuring performance characteristics in the context of other applications and the operating system itself. For these scenarios, we use the Windows Performance Toolkit.

Source : Microsoft Edge Dev Blog

Tuesday, May 10, 2016

Microsoft IIS Administration API - Introducing the IIS Administration API

IIS is a mature technology with a large amount of configuration available. Historically the configuration of IIS has been done through WMI, Appcmd, PowerShell, and graphically through IIS Manager. All of these technologies have continued to serve their purpose, allowing users to configure the web server to meet their needs. Recently the IIS team has been working on a project to open up IIS configuration even more by creating a REST API that exposes the configuration system. This API is not meant to replace any of the existing configuration access mechanisms, but stand beside them and offer an open method for interacting with IIS. The REST API communicates with HTTPS making it accessible from any device that knows how to send a web request. This allows IIS to be configured more freely and opens the door for configuration clients that were not possible before, such as mobile applications.
Today we want to not only let everyone know that we are working on a REST API for IIS, we also want to let you see it. The API that we have created has a built in tool called the API Explorer that allows those with access to the API to browse the entire API surface. This means once you have a link to the root URL of the API you can navigate to this tool and browse all of the API that is available. Here is a picture of the API Explorer in action displaying an application pool resource.


Source : blogs.iis.net

Script ADMirror PowerShell Module


A set of functions to dump OUs, Users, Groups and GPOs from one Active Directory and mirror them to another, test Active Directory. Perfect for creating a test environment.

Source : gallery.technet.microsoft.com

Friday, May 06, 2016

Recommendation: Asus SOHO Wi-Fi Router RT-AC66U

I’ve lost count of the number of Wi-Fi routers I’ve been through over the last ten years, most ranging from just OK to the plain terrible. When I started experiencing problems with WI-FI connectivity a few months ago, I decided once again it was time to replace my router, and after lots of research, I picked the Asus RT-AC66U.

SOurce : Petri

WSUS : The long-term fix for KB3148812 issues


A new update is available for Windows Server 2012 and 2012 R2. This update requires manual steps in order to complete the installation. While the KB itself covers those steps, this post provides additional details on the release.

Source : WSUS Product Team Blog

Thursday, April 28, 2016

Honeyports, powershell script

If its happen that you like to run your honeypot on a Windows system then Honeyport is something worth to try.
Honeyports is a powershell script that will Creates a job that listens on TCP Ports specified and when a connection is established, it can either simply log or add a local firewall rule to block the host from further connections.
The script is written by John Hoyt, Carlos Perez and Greg Foss and it’s available on https://github.com/Pwdrkeg/honeyport/

Source InfoSec Handlers Diary Blog

Friday, April 15, 2016

Are your DCs too busy to be monitored?: AD Data Collector Set solutions for long report compile times or report data deletion | Ask the Directory Services Team

Hi all, Herbert Mauerer here. In this post we’re back to talk about the built-in AD Diagnostics Data collector set available for Active Directory Performance (ADPERF) issues and how to ensure a useful report is generated when your DCs are under heavy load.

Source : Ask the Directory Services Team

Wednesday, April 06, 2016

Improving Windows 10 logon time

One of the most noticeable things about Windows 10, as compared to previous iterations of the Microsoft operating system, is the amount of time it takes for the first logon—that is, the logon time when a user doesn’t have a profile on the local machine.

Source : 4sysops

Friday, March 18, 2016

Previewing Server 2016 TP4: Temporary Group Memberships

Hello, Ryan Ries here again with some juicy new Active Directory hotness. Windows Server 2016 is right around the corner, and it’s bringing a ton of new features and improvements with it. Today we’re going to talk about one of the new things you’ll be seeing in Active Directory, which you might see referred to as “expiring links,” or what I like to call “temporary group memberships.”
One of the challenges that every security-conscious Active Directory administrator has faced is how to deal with contractors, vendors, temporary employees and anyone else who needs temporary access to resources within your Active Directory environment. Let’s pretend that your Information Security team wants to perform an automated vulnerability scan of all the devices on your network, and to do this, they will need a service account with Domain Administrator privileges for 5 business days. Because you are a wise AD administrator, you don’t like the idea of this service account that will be authenticating against every device on the network having Domain Administrator privileges, but the CTO of the company says that you have to give the InfoSec team what they want.
(Trust me, this stuff really happens.)

Source : Ask the Directory Services Team

Offline Files and Continuous Availability: the monstrous union you should not consecrate

Hi all, Ned here again with a quick chat about mixing Continuous Availability and Offline Files. As you know, we have severalpublic docs recommending against combining CA and Client Side Caching (aka CSC aka Offline Files) because when users attempt to go offline, it will take up to six minutes. This usually leads to unhappy humans and applications. Today I’ll explain more and give you some options.

Source : Server Storage at Microsoft

Work Folders for Android – Released

We are happy to announce that an Android app for Work Folders has been released into the Google PlayStore® and is available as a free download.

Source : Server Storage at Microsoft

Thursday, February 18, 2016

Step-By-Step: Removing A Domain Controller Server Manually - Canadian IT Professionals - Site Home - TechNet Blogs

The proper way to remove a DC server in an Active Directory infrastructure is to run DCPROMO and remove it. The following video provides an example of these steps...

Source : Canadian IT Professionals

Friday, February 12, 2016

Configure Ubuntu with SAMBA and set up the domain controller - 4sysops

In the previous post, we installed Ubuntu in a VirtualBox VM. Now it’s time to install SAMBA and configure the domain controller.

Source : 4sysops

Thursday, February 11, 2016

When it comes to Windows 10 privacy, don't trust amateur analysts

Another day, another sensational report from Forbes. Oh my goodness, is Windows 10 really "phoning home" thousands of times a day? Nope. in fact, anyone who has even a basic understanding of how networks work should cringe at this shoddy report.

Source : ZDNet

How to Clean a Hacked WordPress Website - A Simple Guide

First things first, do not panic
This article will guide you through the process of cleaning a hacked WordPress website. The process is documented in an easy to follow step by step format; identifying the source of the hack, identifying the infection, cleaning the code, regaining control of your WordPress website or blog and removing the Google malware alert. This guide will help you recover from the typical WordPress hacks such as backdoors, malware, spam and other similar types of infections.

Source : wpwhitesecurity

Install Ubuntu Server with the netboot.xyz

In the last post of this series, I described how to prepare your VirtualBox environment. In today’s post, I’ll show you how to install the Ubuntu server with the help of the netboot.xyz iPXE .iso.

Source : 4sysops

Wednesday, February 10, 2016

Windows 10 Tip: Disable Fast Startup - Petri

Fast startup was introduced in Windows 8 and uses session 0 hibernation to save the kernel state to disk. Reading the kernel state from disk is 30 to 70 percent faster than a full system initialization on most systems. 
While fast startup should be beneficial in most cases, especially in combination with UEFI, it can also be problematic. For example, I’ve come across systems that refuse to connect to wireless networks without a cold boot, assumedly due to a problem with the reinitialized driver. But if an updated driver doesn’t solve the problem, you might want to disable fast startup.

Source : Petri

Set up Ubuntu as a domain controller with SAMBA on VirtualBox

If you want to run a domain controller on your network but don’t have access to a Windows Server license, you can use SAMBA, the free open-source software, and VirtualBox, the free virtualization software. We’ll describe the procedure for setting up a virtual server using VirtualBox and netboot.xyz iPXE and move on to setting up your domain controller with SAMBA.

Source : 4sysops

Microsoft Finally Offers Windows 10 Update Information

After months of complaints, Microsoft has finally opened a Windows 10 Update History web site that will document the changes it makes to its flagship OS.

Source : Thurrott.com

Thursday, January 28, 2016

Introducing the Windows PowerShell ISE Preview


A new preview release model for the PowerShell ISE 
The biggest news is that we've developed a new strategy to ship a separate preview edition of the PowerShell ISE. This enables us to add new features and release them to all of you much faster than before. Previously you had to wait for new Windows or WMF releases before you would get an updated ISE. Thanks to the PowerShell Gallery, we can now ship the Windows PowerShell ISE Preview as often as we like!

Source : Windows PowerShell Blog

Windows 10 Tip: Easily Filter Search Results And Power Search Features

If you have ever used the search feature in Windows 10, and there is a good chance you have, there is a new way to filter search results that should help you find what you are looking for, faster. It looks like this feature was added in a recent update and if you haven’t tried it yet, here’s how it works ...
Source : Thurrott.com

Tuesday, January 26, 2016

NMAP + Powershell + whatever tool is next

Early on in many penetration test or security assessment, you will often find yourself wading through what seems like hundreds or thousands of text files, each seemingly hundreds or thousands of pages long (likely because they are). One key to success in these situations is to automate the analysis of these files as much as possible – you want to get the “drudgery” job done and move on to subsequent tasks that need real eyes on the screen and hands on the keyboard.
Let’s look at NMAP for instance. It’s a valuable tool, we all use it. But if you are scanning a /16 or a /8 network (or even lots of /24’s), the volume of output can be .. daunting? .. significant? .. collosal ?

Source : InfoSec Handlers Diary Blog

Monday, January 25, 2016

HOTFIX: Update to enable WSUS support for Windows 10 feature upgrades

A new hotfix is available that enables Windows Server Update Services (WSUS) on a Windows Server 2012 or Windows Server 2012 R2 to sync and distribute feature upgrades for Windows 10. Note that this hotfix is not required to enable WSUS to sync and distribute servicing updates for Windows 10. This hotfix also addresses an issue where Windows 10 computers are displayed as Windows Vista.

Source : Microsoft WSUS and Software Update Team Blog

Assessing Remote Certificates with Powershell

Building on our last conversation about HTTPS and Powershell, let’s look at another common thing you’d do with HTTPS in a system administrator, or in a security assessment or penetration test – let’s assess the HTTPS certificates themselves.

Source InfoSec Handlers Diary Blog

For those on WSUS 3.0 SP2 (or SBS 2011)

As indicated in a previous post, we are making changes to WSUS 4.0 and later that will provide a smoother Windows 10 servicing experience. Because WSUS 3.0 SP2 is already in extended support (receiving no support at all after July 2017), and we are not shipping these improvements further down-level, it is a good idea to start planning your WSUS migration now. Here is some guidance on how to respond to the recent changes based on your current situation, with the assumption that you intend to deploy Windows 10 in your environment.

Source : WSUS Product Team Blog

Security baseline for Windows 10 (v1511, "Threshold 2") -- FINAL - Microsoft Security Guidance - Site Home - TechNet Blogs

Microsoft is please to announce the final release of the security configuration baseline settings for Windows 10 version 1511, also known as "November Update," "Build 10586," "Threshold 2," or "TH2." The downloadable attachment to this blog post includes importable GPOs, tools for applying the GPOs to local GPO, custom ADMX files for Group Policy settings, and all the settings in spreadsheet form. We will also be publishing SCM .CAB files for this Windows 10 baseline shortly, and will announce their availability on the Security Guidance blog. (Note that we will not be providing updated SCM .CAB files for the IE11 guidance. For that content, see the attachment on this blog post.)

Source : Microsoft Security Guidance

New tool: Policy Analyzer

Policy Analyzer is a utility for analyzing and comparing sets of Group Policy Objects (GPOs). It can highlight when a set of Group Policies has redundant settings or internal inconsistencies, and can highlight the differences between versions or sets of Group Policies. It can also compare GPOs against current local policy settings and against local registry settings. And you can export its findings to a Microsoft Excel spreadsheet.

Source : Microsoft Security Guidance

Tuesday, January 19, 2016

Getting Started with the PowerShell 5.0 Information Stream

One of the great additions to PowerShell 5.0 is the new information stream. You can use this stream as a logging mechanism in your scripts and functions, which is something I want to demonstrate today.

Source : Petri

Monday, January 18, 2016

Sync PowerShell scripts between computers with Git

In the first article of this series, I taught you how to install and configure the Git version control system (VCS) to help you manage your Windows PowerShell scripts. Today, you'll learn how to sync your PowerShell scripts between your computers.

Source : 4sysops

Wednesday, January 06, 2016

Meet Ransom32: The first JavaScript ransomware

Software as a service (or SaaS) is a relatively new model of how a lot of software companies are conducting their business today – often to great success. So it comes as no surprise that malware writers and cyber crooks are attempting to adopt this model for their own nefarious purposes. In the past year a whole bunch of these “Ransomware as a Service” campaigns appeared, like for example Tox, Fakben or Radamant. Today we want to spotlight the newest of these campaigns.

Source : Meet Ransom32: The first JavaScript ransomware

PowerSploit

PowerSploit is an offensive security framework for penetration testers and reverse engineers. It was born out of the realization that PowerShell was the ideal post-exploitation utility in Windows due to its ability to perform a wide range of administrative and low-level tasks all without the need to drop malicious executables to disk, thus, evading antivirus products with ease.

Source : PowerShell Magazine

Monday, January 04, 2016

Prevent WPScan from scanning · security.szurek.pl

Below I will show few methods which can prevent WPScan scan.

Source : security.szurek.pl

Recent updates to the Remote Desktop Client Preview for Mac

Hello everyone, this is Ayesha Mascarenhas on the Remote Desktop team. We released the Remote Desktop client preview for Mac in August this year. Over the last few months many of you have shared feedback and feature suggestions. Today, I’m sharing with you some of the updates we have made to the Remote Desktop client preview app for Mac since it was first released.

Source : Remote Desktop Services (Terminal Services) Team Blog

Reinstall KB3093594 to fix stability issues in Windows Live Mail 2012

In the second week of this month, Microsoft had alerted Windows Live Mail 2012 users that some chnages are coming to users of Microsoft accounts like Outlook, Live, Hotmail, MSN accounts that may prevent mails being delivered to Windows Live Mail 2012. And it said, in order to continue using this Mail client, you need to install this update.(Update for Windows Live Essentials Mail 2012 (KB3093594) )

Source : meraTechPort

Android for the Windows Guy: Use Your Microsoft Accounts

You’ve adopted an Android smart phone, but your contacts, email, and calendaring information are tied up in your Outlook.com or Office 365 account. No worries, you can access it all from Android, and even make sure that your phone calls and text messages correctly identify who’s reaching out to you. 
The best news? You can make this work no matter which apps you choose to use to manage your contacts, email and calendar.

Source : Thurrott.com

Using WPScan: Finding WordPress Vulnerabilities

When using WPScan you can scan your WordPress website for known vulnerabilities within the core version, plugins, and themes. You can also find out if any weak passwords, users, and security configuration issues are present. The database atwpvulndb.com is used to check for vulnerable software and the WPScan team maintains the ever-growing list of vulnerabilities. 
Last time, we taught you how to install WPScan on Mac and Linux
This time we are going to dive into how to use WPScan with the most basic commands.
Source : Sucuri Blog

MMCSnapInsView – MMC snap-in launcher

NirSoft released the free MMCSnapInsView tool that allows you to view and launch all MMC snap-ins that are installed on a Windows computer.
Source : MMCSnapInsView – MMC snap-in launcher

Concurrent Remote Desktop (CRDP) for Windows 10

Concurrent Remote Desktop allows you (the administrator) to simultaneously use a client computer while a standard user is still interactively using it. For IT, this is huge! Imagine never having to kick a person off of their computer because you need to work on it. Concurrent Remote Desktop (CRDP) makes this possible. This guide will cover CRDP setup for Windows 10.
Source : DeployHappiness