Archive for 'Uncategorized' Category
PXE protocol details
Just did a quick PXE troubleshooting this week and I thought to share some good PXE document that explains the logic built into the protocol: http://www.pix.net/software/pxeboot/archive/pxespec.pdf It’s really old stuff, but it still helps to get an insight into the protocol. Also some stuff from Broadcom was also very helpful: https://knowledge.broadcom.com/external/article/181525/using-a-wireshark-network-trace-to-troub.html PS: Be careful with […]
About NT SERVICE\ALL SERVICES group
So what is with this group? I saw it on fresh OS install, GPOs, some random forum discussion. But not a lot explained on the MS docs. There is something but it’s kind of useless and confusing: https://docs.microsoft.com/en-US/windows/security/identity-protection/access-control/security-identifiers It says S-1-5-80-0 All Services A group that includes all service processes configured on the system. Membership […]
More about on how Network Location Awareness Works
Because on some recent issues I had with NLA I’ve started to dig a bit on this subject and since there isn’t a lot of information about NLA available I though to share some of my findings: – For everyone having issues with Domain detection please apply this workaround – The domain profile isn’t set […]
Network Location Awareness (NLA) issues on Windows Server 2019
Lately I have encountered an issue where NLA wrongly identifies the network location as Public instead of Domain. This triggers the Windows Firewall to use the Public profile and from here an avalanche of issues. What I have observed was that this happened on computers with a teamed network adapter that was also used to […]
SMB security stuff
Just leaving here a couple of SMB security related stuff for anyone interested: How to Defend Users from Interception Attacks via SMB Client Defense Beyond the Edge: How to Secure SMB Traffic in Windows Always use SMB signing (and encryption if possible; on SMBv3 it’s better to use encryption). Do not be afraid to test […]
Best Active Directory Docs Collection
If you’re looking for Active Directory documentation here’s a concentrated shot: http://download.microsoft.com/download/2/2/C/22CBAF24-CDBD-46E8-BD90-909265EBECBA/MCSM_Directory_Reading_List_June_2013.docx
Time to return
Cautand ceva prin vechile mele postari am realizat ca au trecut fix doi ani de cand nu am mai postat nimic. Si dupa tot ce am vazut in ultimii ani incep sa realizez din ce in ce mai mult ca lumea inca are nevoie de sysadmini. Asa ca o sa incep sa mai scriu din […]
SID Filtering and Well Known Groups over PIM Trust
Looks like the update that allows the use of built in groups (Domain Admins, Administrators, etc) over the PIM trust has finally arrived: https://support.microsoft.com/en-us/kb/3155495 For those that don’t know, the well known accounts are always filtered over forest trusts. But in case you implement the new bastion forest model you’ll need that security feature disabled.
Temporary Group Membership in Windows Server 2016
Microsoft nu a uitat complet de Active Directory si in versiunea ce vine cu Windows Server 2016 sunt cateva imbunatatiri subtile. Oricum am fost obisnuiti ca pe partea de AD, schimbarile sa fie foarte subtile si greu de observat pentru adminul neexperimentat. Una din noutati se numeste Temporary Group Membership si vine cumva mai mult […]
Let’s Encrypt Free SSL certificates
Am aflat cam tarziu de proiectul Let’s Encrypt www.letsencrypt.org si recunosc ca nu vad cu ochi buni acest proiect pentru moment. Cu toate ca permite oricui sa obtina un certificat ce va fi validat de majoritatea browserelor si automat securizarea traficului intre client si server, aduce o problema foarte mare in opinia mea. Si anume […]