Microsoft Enhanced Mitigation Experience Toolkit (EMET) v5 security technology which I outlined in a previous post has several protection methods which will be detailed here. According to my sources at Microsoft đ, EMET can be installed on workstations and servers (testing is always highly recommended before placing in production). Given the tremendous security improvements when …
Category: Technical Reference
Aug 20 2014
Microsoft EMET 5 Released
Microsoft’s EMETÂ (Enhanced Mitigation Experience Toolkit) is a free download from Microsoft that enhances Windows security by preventing common malware and exploitation software methods. It does need to be well-tested before deployment, but there are several legacy Windows methods leveraged by malware to get into a system and take control. Installing EMET provides very strong protection …
Aug 15 2014
Removing an Orphan (inactive) Active Directory Domain
Removing an Orphan (inactive) Active Directory Domain One of my customers has a forest with several domains, one of which hasnât been used in a while (call it domain âRedShirtâ). The 2 Domain Controllers in the domain, âRedShirtâ both tombstoned. Yes, I know, how does that happen? ALWAYS monitor your environment. Since the domain hasnât …
Aug 06 2014
PowerShell: One-liners to Get You Started
Some of the scenarios covered in the blog post: The server rebooted recently – who did it and when exactly? Is there an easy way to see if KB2862152 is installed? I need to backup all of the GPOs in the domain every day What are the IP settings on my system(s)? What are the …
Jul 30 2014
New 2012 SIDs cause lookup issues for older clients
The crux of the issue is that Windows Server 2012 (and above) introduce two new SIDs. The problem is that Windows 7 and Windows Server 2008 R2 clients do not know about these SIDs because when they (Windows 7 and 2008 R2) were written these particular SIDs didnât exist. References: http://blogs.technet.com/b/askpfeplat/archive/2014/06/30/troubleshooting-windows-server-2012-r2-domain-controller-new-sids-a-real-world-example.aspx http://support.microsoft.com/kb/2830145
Jul 27 2014
RODC Trick: Remove a Userâs Password from a RODC without forcing the user to change her password
TechNet (RODC FAQ) states: How can you clear a password that is cached on an RODC? There is no mechanism to erase passwords after they are cached on an RODC. If you want to clear a password that is stored on an RODC, an administrator should reset the password in the hub site. This way, …
Jul 16 2014
PowerShell: Determine PowerShell Version
$PSVersionTable.PSVersion If the variable doesn’t exist, then the system is running version 1.0.
Jul 01 2014
LSASS Crashing, CNF Objects May Be the Cause
What Happens and How Do I Know if Iâm Affected? When CNF mangled NTDS settings objects are created, the Lsass.exe process may crash and unexpectedly reboot one or more domain controllers. So there is a pretty good chance youâll know about it. You may not know the root cause of the crash. More specifically though …
Jun 17 2014
57 Tips Every Admin Should Know
GFI’s 57 Tips Every Admin Should Know: The longer a person serves as a network admin, the more tips and tricks they are likely to pick up along the way. Some could be shortcuts, others might seem like magic, but all are intended to save you time and help you solve problems. Assume that all …
Jun 10 2014
PowerShell 101: PowerShell Guide/CheatSheet
Michael Sorens has put together a comprehensive guide to using PowerShell: This series of articles evolved out of my own notes on PowerShell as I poked and prodded it to show me more. As my collection burgeoned, I began to organize them until I had one-line recipes for most any simple PowerShell task. Simple, though, …
Recent Comments