Network Administrator Knowledgebase » Windows Security

SecTor Conference is looking for speakers.

Michael Khanin — Wed, 13 Aug 2008 13:16:27 +0000

SecTor 2008 is currently open to speaking proposals. Visit http://www.sector.ca/ to learn more about the event. SecTor is all about the meat — The content that matters to Canadian IT Security Professionals today. The key to SecTor’s success, and thus the primary objective of the Management Committee and Advisory Committee, is quality content and presentation for attendees.

CoreConfigurator – Graphic Management Tool for Windows Server 2008 Core

Michael Khanin — Sun, 20 Apr 2008 19:31:22 +0000

The default management for Windows Server 2008 Core is the command line. Yes, the main powerful of Windows Server Core becomes available when using such an approach, but sometimes it’s not so user friendly. This is why I’ve been asking so many times if exist anything more graphic . Yes, one of the first recommendations to work and manage Windows 2008 Server Core is to use MMC from a remote machine, but MMC cannot do everything. Of course to allow work with remote tools this tool should be allowed passage through the firewall packages Server Core. In addition, this is for many more difficult than editing the registry. Therefore, I would like to have a simple graphical tool for configuring local system. The task of developing such an interface is complicated by that the Server Core has a limited set of graphics API, this is a reason why so beautiful MMC doesn’t work on it.

So, if Microsoft has not established such utilities anybody else did this. Look at the utility CoreConfigurator developed by Guy Teverovsky, MVP from Israel.

This is what it can:

Product Activation Product Activation
Configuration of display resolution Configuration of display resolution
Clock and time zone configuration Clock and time zone configuration
Remote Desktop configuration Remote Desktop configuration
Management of local user accounts (creation, deletion, group membership, passwords) Management of local user accounts (creation, deletion, group membership, passwords)
Firewall configuration Firewall configuration
WinRM configuration WinRM configuration
IP configuration IP configuration
Computer name and domain/workgroup membership Computer name and domain / workgroup membership
Installation of Server Core features/roles Installation of Server Core features / roles

To setup this utility use MSI package and then run the CoreConfigurator. exe file. The following interface will appear.

Just in case, it’s not necessary to install CoreConfigurator, we can simply copy its files into the system. The result will be the same. The video settings look like this:

Setting “Show window content while dragging” may very markedly improve display window objects, if you work with the server via terminal connection. Please note that the setting affects only the current user. According to the picture, to change the time zone, the developer did not reinvent the wheel, and just call to standard timedate.cpl

Remote Desktop Options look like this:

All would be good, but in this version you still have to allow RDP connections in the firewall manually using netsh. Hopefully, in the next version this will be fixed. Management of local users and groups is done through the following windows.

Installation of Roles and Features became a more visual :

Instantly, functionality of firewall management is very limited, but at least he had already to incorporate all necessary rules for the remote control.

Configuring your network interfaces habitually looks fairly.

To set the activation key and Activate the OS is also very simple and all this done via GUI

In addition, let me show winrm interface, interface to rename computer and join it to domain:

It is understandable that CoreConfigurator is not officially supported by Microsoft. Many IT professionals probably have any doubts, whether to trust manufacturer of the software. As usual choice, set its server utility or not is up to you.

Microsoft Security Bulletin Summary for March, 2008

Michael Khanin — Mon, 31 Mar 2008 23:42:13 +0000

http://www.microsoft.com/technet/security/bulletin/ms08-mar.mspx

The Windows Server 2008 Security Guide

Michael Khanin — Mon, 31 Mar 2008 23:41:03 +0000

Protect your organization from attacks with the Windows Server 2008 Security Guide. You’ll get comprehensive security guidance, preconfigured security settings, and automated tools that reduce security policy deployment times by up to 80 percent.

http://go.microsoft.com/?linkid=8514046

What NAP is and how it works?

Michael Khanin — Thu, 28 Feb 2008 23:14:44 +0000

Yesterday was the first Windows 2008 event in Canada. The first event was in Toronto and had almost 3000 attendees. Twenty MVPs participated in Ask-The-Expert and I was one of them . One of the commonly asked questions was question about “What NAP is and how it works?“

So, I’d like to show what posted on TheLazyAdmin.com about NAP:
With the recent launch of Windows Server 2008 you are no doubt spending all your free time playing around with everything new. One thing you might be playing around with is Network Access Protection. There is a great document on getting a DHCP based NAP lab set up but one thing the document is missing is how to configure the NAP client in XP SP3. In Windows Vista you simply start the service then enable the client through the NAP Client Configuration MMC (napclcfg.msc) but XP SP3 does not include the MMC. So how does one configure the NAP Client without a Nap Client configuration tool? Netsh, that is how!

To enable the NAP Client on XP SP3 you need to do the following:

Start –> Run –> Services.msc
Change the Network Access Protection Agent service to start automatically
Start the Network Access Protection Agent service
Start –> Run –> CMD.exe
Type netsh nap client set enforcement ID = ##### Admin = “Enable”
Start –> Run –> GPEdit.msc
Drill down to Computer Configuration | Administrative Templates | Windows Components | Security Center
Enable the Security Center
Start –> Run –> Services.msc
Start the Security Center service

You will need to replace the ##### with the ID based on whichever enforcement method you are using. You can use the following IDs for the various enforcement methods:

DHCP = 79617
RAS = 79618
IPSec = 79619
TS Gateway = 79621
EAP = 79623

For more labs and information see:

Step-by-Step Guide: Demonstrate IPsec NAP Enforcement in a Test Lab

Step-by-Step Guide: Demonstrate 802.1X NAP Enforcement in a Test Lab

Step-by-Step Guide: Demonstrate VPN NAP Enforcement in a Test Lab

January 2008 Security updates

Michael Khanin — Wed, 09 Jan 2008 17:58:34 +0000

Windows Malicious Software Removal Tool

This tool checks your computer for infection by specific, prevalent malicious software (including Blaster, Sasser, and Mydoom) and helps to remove the infection if it is found. Microsoft will release an updated version of this tool on the second Tuesday of each month.

Windows Malicious Software Removal Tool x64

Security Update for Windows XP (KB943485)

A security issue has been identified in LSASS that could allow an attacker to compromise your Windows-based system and gain control over it.

Security Update for Windows XP x64 Edition (KB943485)

A security issue has been identified in LSASS that could allow an attacker to compromise your Windows-based system and gain control over it.

Security Update for Windows Server 2003 x64 Edition (KB943485)

A security issue has been identified in LSASS that could allow an attacker to compromise your Windows-based system and gain control over it.

Security Update for Windows Server 2003 for Itanium-based Systems (KB943485)

A security issue has been identified in LSASS that could allow an attacker to compromise your Windows-based system and gain control over it.

Security Update for Windows Server 2003 (KB943485)

A security issue has been identified in LSASS that could allow an attacker to compromise your Windows-based system and gain control over it.

Security Update for Windows XP x64 Edition (KB941644)