All Questions
533
questions
-1
votes
1
answer
48
views
Can already opened event log screens of powershell on windows event viewer can be hacked offline by hackers? [closed]
Can Windows powershell give me fake or altered outputs if I use common commands primarily used in powershell checking hash codes is option but they can be altered too theorically so its not that ...
1
vote
2
answers
203
views
IIS 10 - IP Address And Domain Restrictions is denying all traffic
I have a server that has multiple sites set up on it in IIS 10.
On one of the sites, I want to allow access to a range of IP Addresses, and deny traffic to the site from all other IP Addresses.
In IIS,...
- 123
-2
votes
1
answer
169
views
How to default to TLS1.3 for all dns traffic to and from Windows 11 box?
I was browsing Wireshark output and noticed that the handshake process for talking to Google DNS servers was asking for TLS1.2 vs the supported default TLS1.3 at 2001:4860:4860::8844.(https://...
- 173
-4
votes
1
answer
202
views
Completely unable by any and all means to move Hyper-V VM from one computer to another due to "permission issue"
This is completely incomprehensible how this issue is so pervasive. I want to do something VERY SIMPLE: move a VM from one computer (HOST1) to another (HOST2), but some bull$h!t error ALWAYS HAPPENS ...
-1
votes
1
answer
180
views
assign AD GPO to a specific set of computers: what mechanism?
(In exploratory mode: not sure what is the right question to ask, and how to ask it. Also, new to AD GPOs: please forgive lack of clarity in the question.)
Question: how do I assign an Active ...
- 304
0
votes
1
answer
419
views
PKI hierarchy. Root CA CAand subordinate
I have to deploy a new PKI hierarchy
I have one domain and several subdomains
I had thought about having a Root CA and a Sub CA.
What are the advantages of this option over having a root CA only?
Do ...
- 29
0
votes
0
answers
43
views
CA root and CA subordinate administrator
I want to deploy a new PKI infrastructure on a domain that has several subdomains and trusted domains.
I would like to be able to delegate the administration between several administrators ...
- 29
0
votes
0
answers
42
views
Hyper-V (Windows 11) - Disable all network access on host but not VMs
Is it possible to create a setup where the Windows 11 Hyper-V VM host has all network access completely disabled, but the VMs running on it still retain full access?
In a model similar to what Qubes ...
- 243
0
votes
0
answers
117
views
How to stop Windows Server 2022 successful anomymous RDP logins
I have a Windows Server 2022 server with IPBAN installed to make hacking it more difficult but in the logs occasionally I see:
2023-02-20 03:59:23.5304|WARN|IPBan|Login succeeded, address: XX.XXX.XXX....
-2
votes
1
answer
203
views
Windows Firewall Disabled every startup [closed]
I have an antivirus installed (Panda Antivirus) and it always worked well for me.
Everytime I startup my pc I get the notifications (screenshots below) to turn Windows Firewall ON.
I never had this ...
- 3
1
vote
1
answer
9k
views
Encryption type requested is not supported by the KDC
I am having intermittent issues with RDP'ing from a Windows 11 Enterprise PC to another Windows 11 Enterpise PC.
Both PC's are domain joined and on the same subnet.
Both PC's have a GPO applied to ...
- 123
-1
votes
1
answer
40
views
How should I design my 'public' network of an project?
I'm thinking about doing some online projects as a Developer/IT Technician, and I have some concerns regarding security.
I'm unable to host my servers locally for my project and I thought why not to ...
- 1
0
votes
0
answers
326
views
Windows Event Collector receiving TCP connections but no logs
I have recently built a new WEC (Windows Event Collector).
The subscription has been created, and the WEC has been added to the Group Policy which defines Windows Event Collectors.
The computers are ...
1
vote
2
answers
175
views
How to find out & set policy in Window Server 2016. To search in security event viewer for users accidentally delete shared network folder?
I am trying to set GPO so that I can search user in event viewer who accidentally deleted the share drive in the network.
What other event IDs list can I search so that I know which category it ...
- 25
2
votes
0
answers
34
views
Disable computer on a schedule
I'm looking for a way to disable end user access to a Windows 10 workstation during a given period, say, from 8pm to 8am.
It doesn't need to be superuser-proof.
It doesn't need to be reboot-proof.
...
- 185
1
vote
1
answer
838
views
Implement CIS Microsoft Windows Server 2019 but found conflict?
I am asked to implement CIS benchmark for Windows Server 2019
What I have in "CIS Microsoft Windows Server 2019 benchmark v1.2.1"
and I found rule 2.2.9 says Ensure 'Allow log on through ...
- 11
0
votes
2
answers
38
views
Unable to login to Outlook after adding log on to on MacBook
I am trying to add log on to host to users who are using MacBook. In windows it is working without problem because I am adding specific servers to their log on. But whenever I am trying to login to ...
0
votes
1
answer
253
views
Windows Network Load Balancing Timer Starvation Messages
I have a two node web cluster setup that uses Microsoft NLB to distribute web requests on Windows Server 2019 (IIS 10). On and off, both servers recently have the following message in their system ...
- 171
1
vote
0
answers
399
views
Export Local Group Policy Settings to Another Computer
I have a problem that can solve, a client of mine have access free laptop for young people to research job or do paperwork. Those laptop cannot be on the domain. The administration of those computer ...
- 11
3
votes
1
answer
2k
views
Why does a MS GPO option break SMB shares that use a hosts file for the machine name?
We've set "Microsoft network server: Server SPN target name validation level" to "Required from client" on our test GPO.
Our test systems have some custom machine aliases in their ...
- 133
0
votes
0
answers
142
views
Check computers on network for core isolation
Trying to find best method for checking all domain computers for core isolation being enabled. We have been slowly enabling this as new machines are deployed, but I would like to expedite the ...
- 21
0
votes
1
answer
667
views
Windows doesn't create assign "Key Container" when adding cert tied to Cavium (AWS CloudHSMv2)
I've got two windows systems tied to the AWS CloudHSM v2 (the cavium HSM). On one, I generated the CSR, and accepts/added the cert purchased with that CSR. I can sign and the private key is pulled ...
- 207
0
votes
1
answer
469
views
Access to Administrator account from unknown computer names
For a few weeks all our DCs has received thousands of failed logins for "Administrator".
Event viewer logs below messages, NOTE we have no computers or servers on the network with the names, ...
- 85
0
votes
1
answer
114
views
Server log on service best practice
I've seen many best practice articles about running application with a domain service account. I've tried it on my labs by set GPO to allow specific domain user to log on as a service
However, when I ...
- 3
1
vote
2
answers
588
views
Prevent users from uploading files when they are on external networks
Is there a way to prevent users from uploading files when they are on external networks? The reason for this is internal security and protection of company confidential documents. They should be able ...
- 243
0
votes
0
answers
28
views
Through what mechanism(s) do cloud applications allow me to sign in with my organisation's AD credentials?
So for years, I've been able to go into my company office, sign in to my computer, and access "on-premises" company resources such as network fileshares and internal web applications using ...
- 101
-2
votes
1
answer
199
views
You don't currently have permission to access this folder. Windows 10 User Authentication Error Dialog Box [closed]
I recently was given Admin rights on my machine at work.
Unfortunately, when I am going through the directory structure I kept getting this message box:
If I hit continue, I need to change the ...
3
votes
2
answers
370
views
Is there a real point to using "Run as" local admin accounts instead of logging in as a local administrator?
Let's start by setting the scene -- I'm a junior systems administrator tasked with conducting a transition of the company towards a "Least-Privilege" model. This includes removing admin ...
- 33
1
vote
2
answers
200
views
Are Windows GPOs encrypted?
We have a piece of COTS software that has a command line tool for server credential rotation. Instead of going to each machine to rotate the credentials with the tool, I would like to use GPO to run a ...
- 111
0
votes
1
answer
143
views
Windows Server: VPN Access [closed]
Currently I am running a Windows Server in a local network which is not accessible from Internet.
But I need to expand my business and need to move the server to a more powerful one which will be ...
- 103
0
votes
1
answer
1k
views
How to fix Weak TLS 1.2 Encryption
I have a requirement to disable below weak TLS ciphers in Windows Server 2016. I tried to reasearch and it says "The Microsoft SCHANNEL team does not support directly manipulating the Group ...
- 11
1
vote
1
answer
144
views
Granular Windows Event Log Control - Log but don't retain certain event IDs
I'm messing around in VM lab and using the graylog sidecar (a process which watches the Windows event log and forwards events to a central log collector) and I have a situation where I want to send a ...
- 1,239
0
votes
1
answer
52
views
Network Mapped Drives sensitive information leakage when changing LAN networks on Windows
Assuming the following or similar setup of network drives/locations on a Windows 7+ system originally connected to a TrustedLAN:
TrustedLAN Gateway: 192.168.1.1 /24
TrustedLAN Windows System IP: 192....
- 127
0
votes
2
answers
336
views
Security implications of directly connecting a Windows PC to ISP via Network Adapter with Ethernet cable bypassing the Router
When diagnosing Internet connection issues (slow speed for example), an ISP technician may ask a user to connect their ISP-provided Ethernet cable directly to a device (typically a Windows PC) to run ...
- 127
0
votes
1
answer
40
views
Cloned Server's or Systems
Is it possible to run the clone of a system in the same network, having same ip and mac? We have a linux based server and on testing, we felt as if the connections arent going to the same server all ...
1
vote
1
answer
3k
views
LocalAccountTokenFilterPolicy being reset to 0 at boot
I am trying to use the Windows 2016 STIG AMI from Amazon with Packer. I am able to get WinRM to successfully work by setting the LocalAccountTokenFilterPolicy setting to 1 (disabled), but as soon as I ...
- 21
1
vote
1
answer
53
views
Hiring a contractor to migrate databases and websites. What kind of security plan should I put in place to mitigate risks?
We have a physical machine serving databases and websites. We want to contract a consultant for this planned migration from the older physical Windows machine to an up to date brand new Virtual ...
- 407
1
vote
1
answer
922
views
Application that requires admin rights
We have AD and Windows 10, we have some applications that for unknown reasons requires admin rights. Is there any other option that giving local admin to user? Good practices? I cannot change software....
- 23
-1
votes
1
answer
1k
views
Strange Virus/Spyware blocked notification on frequently used vendor site
See screen shot above.
This Virus warning appears when a user attempts to download an .exe from a frequently used Vendor website. This just started a few days ago. As far as I'm aware we don't have ...
- 218
0
votes
1
answer
49
views
Windows cannot set folder security by user group
I have create a new user group [Group A] in Windows Server, create a new user [User 1] as member of [Group A].
If I set a folder security to [Allow] by user [User 1], the setting will work, [User 1] ...
- 3
-1
votes
1
answer
99
views
How to tell if a software was installed on the system or not?
Someone installed a software on a system using DHCP IP. We would like to audit the systems but How to trace if the software was installed on the particular system or not after it has been uninstalled? ...
0
votes
1
answer
192
views
Server shutdown when stress [closed]
Today I have a little problem. I have a local server in my house, for testing and virtualization. It has a Supermicro X8DT3-LN4F board and two Intel Xeon x5680 processors.
The problem is that when it ...
- 3
1
vote
1
answer
2k
views
How to secure a certificate private key in Windows?
I'm trying to secure a certificate's private key in Windows 10, but it looks like I'm misunderstanding what "Manage Private Keys" does.
This is the process I followed:
Edit - I tried ...
- 121
0
votes
1
answer
224
views
EVENTID 4648. Mismatch ,Subject (Standard User), CredentialsUsed (Admin), Target(Localhost)
In the Event ID 4648, The subject's Account Name is the "Standard user". But under the credentials used section, the account name is of the "Administrator" and the Target Server is ...
1
vote
0
answers
1k
views
How to disable RDP bitmap caching system wide
I'm trying to find a way to completely disable bitmap caching for RDP clients (In Windows 10 the setting is called "Persistent bitmap caching") on a Windows system, either through GPO or ...
- 11
-1
votes
1
answer
82
views
After cyberattack, a new Administrator account has popped up, what, how and for what? [duplicate]
After what seems a human-directed ransomware attack, I am analyzing the system. It is a Windows Server 2016 and I had created the usual Administrator account. Now I see that during the attack, a new "...
- 487
0
votes
2
answers
360
views
Where is the audit policy stored on a Windows Server?
I'm trying to understand how Windows stores policies. As I understand it, local workstation policies can either be governed via Group Policy if in a domain, or local on the server if it isn't in a ...
user575543
-1
votes
1
answer
4k
views
Windows 10 - Shell commands for CTRL+Alt+Del not working
We have an icon with a target path of "explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}" which pulls up Windows Security window in order for users to select change password from ...
- 179
0
votes
0
answers
57
views
Manage service account password policy
I recently inherited a system with over 40 VMs, each may contains applications such as web server, database server, 3rd party application ect...
The authentication for these use domain authentication ...
- 143
1
vote
3
answers
181
views
AD ESAE/Red Forest primary responsibilities and critical restrictions
In Microsoft’s Securing Privileged Access Reference material it states:
Tier 0 administrator - manage the identity store and a small number of systems that are in effective control of it, and:
Can ...
- 11