I just Offloaded ATP on Server 2016 but registry still has "OnboardingState REG_DWORD 0x1"
I just Offloaded ATP on Server 2016 but registry still has "OnboardingState REG_DWORD 0x1" "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status OnboardingState should be 0x0 when offboarded as far as…
ACCESS_ALLOWED_CALLBACK_OBJECT_ACE and ACCESS_DENIED_CALLBACK_OBJECT_ACE: why these ACEs does not count during access control processing?
During my own internal testing I found that any ACEs with types ACCESS_ALLOWED_CALLBACK_OBJECT_ACE and ACCESS_DENIED_CALLBACK_OBJECT_ACE does not count during access control processing. I made different variations of the ACEs: with or without ObjectType…
if ent CA renew with new key, does client know to chain up previous issued cert with previous ent CA cert, but not latest CA cert?
client have old ent ca cert(not expire yet), new ent ca cert (the latest) so, when win 10 check the previous issued cert which issued by old ent ca cert, does it know to chain up with old ent ca cert by SKID? rather then always choose latest CA cert?
MBAM clent cannot connect MBAM server issue
Hi I deployed the MBAM, and client got the MDOP MBAM GP policy, now met 2 issue : client events: certificate issue IIS certificate issue, I binging it ,
Is Enter-PSSession secure when using domain administrator account?
Sometimes I need to open a remote power shell session on workstations for administration. It is convenient for me to do this on a domain controller under a domain administrator account. To do this, I run the command: "Enter-PSSession -ComputerName…
MS Defender Logging and Reporting
I'm in search of a tool that can manage MS Defender on Clients and Servers. I have not found one yet My current RMM (Solarwinds) can only check if the AV Signatures are up to date, but not if something was found on a client nor what action was taken. …
Getting bunch of CodeIntegrity events without enableing WDAC
I am getting bunch of events under Microsoft -> Windows -> CodeIntegrity without enabling WDAC. Anyone know what these events are referring to? Anyone know what this scrobj.dll is for? Windows blocked file…
if ent CA renew with new key, does client can chain up previous issued cert with new ent CA cert?
I checked that saying existing cert will has no impact until its expire, but I need more information about the details, and I wish to know the mechanism, does client can chain up previous issued cert with new ent CA cert? if chain by AKID to…
MBAM cannot take effect
hi I have deployed the MBAM, installed MDOP MBAM in client, the client already got the GP policy (https://learn.microsoft.com/zh-cn/microsoft-desktop-optimization-pack/mbam-v25/planning-for-mbam-25-group-policy-requirements). now the client…
How to sign .exe files
Hello! I have a problem with the signtool. I have read the Documentation of the signtool already, but I still don't know how to sign them, also with the examples, it still doesn't work. I have installed Microsoft SDK, then went into CMD and typed in…
Password complexity setting for AD domain with Windows 10 workstations
I am trying to setup the Windows 10 password policy for our office workstation. Seems like there is a 'Password must meet complexity requirements' option in the policy setting, which require any 3 combination out of 5 criteria. But I cannot set custom…
Just Enough Administration for Domain Controllers
I am building a JEA file for Domain Controllers, one file will be to perform read only items, the second file would be to perform certain executable/ change items like restart services or do role activities. I have read the various documentation out…
How do I see LDAPS status on a Windows DC ?
Hello experts, We have 2 Server 2016 Domain Controllers in our environment and the both should be running LDAPS. They were both working last year. I updated the certificates on both of them about a month ago, but now only one is working for LDAPS…
No Mapping Between Account Names and Security IDs
Hi all- I'm having a bit of a strange issue on a Server 2008 R2. There are essentially two folders on the server that users need to read/write from. Right now, one works as expected but the other does not allow remote users to write. If they log in…
Windows Defender creating thousands of files
Since 28/04/2021 around 22:00, thousands of files started to be created in folder C:\ProgramData\Microsoft\Windows Defender\Scans\History\Store\ on one of my domain controllers. There were over 200k files which caused that night's backup to take over…
shares reporting tool
Does any one know of a free reporting tool with a user interface that can be run remotely against a server and produce the share and directory permissions, as the old legacy MBSA tool used to do, e.g. Most free security permissions reporting…
Windows Changed my PFX certificate - Old certificate will not import
Windows 10 Pro Version 2004 Build 19041.928 Hey guys. This is the second time my Windows machine has decided to change my PFX certificate on me without asking/warning. I have an external HDD with files that are encrypted with a PFX file that…
Certificate Enrollment Web Service/Policy Web Service research - cross-forest PKI certificate auto-enrollment
Hi, is it possible to use Certificate Enrollment Web Service/Policy Web Service to auto-enroll certificates to systems in forests without any trust with forest where 2-Tier PKI resides? If so how, for instance, servers/desktops/laptops will auto-enroll…
win10 版本号20H2 受到Exploit/CVE-2020-0796网络入侵攻击,请问应该怎么解决?
版本:Windows 10 家庭中文版 版本号:20H2 操作系统内部版本:19042.964 受到来自 Exploit/CVE-2020-0796 的网络入侵攻击,请问应该如何解决?
NPS authentication and management
Hello, I have a customer with NPS role installed on DC01 and radius client + radius server configured. Radius client are wifi controller and radius server is fortigate On his policy connexion settings I don't understand exactly how it works. On…