Hi,
I install a Hyper-V Server and leave the default setting of DisableAutoExclusionsto false
I run a Get-MPPreference and I don't see the auto exclusions listed - this is expected.
I then add a custom exclusion through the Defender GUI e.g. C:\VMs
I re-run a Get-MPPreference and I now see my single custom exclusionexclusionpath: C:\VMs
QUESTION:
Has this overwritten my auto-exclusions or can I be assured that they are still in place in addition to my new custom exclusion?
I am not as familiar with IIS so but how can I restrict access through IIS for Web Enrollment Certificate Services for AD CS. On one of subordinate CA it is configured as the web enrollment servers. From reading other articles I have restricted access by denying "Domain Users" and allowing specific test AD group with allow access but I am not able to get the web enrollment site at https://hostname/certsrv if my account is in the test group or not. But I am able to get to the site https://hostname/certsrv/Default.asp no matter if what .net Authorization Rules I set, such as only deny "All Users".
Used the follow site:
https://serverfault.com/questions/352647/restrict-access-to-iis-site-to-an-ad-group
Greetings,
The scenario is the following: 1 Windows Server 2008 R2 SP1 (patched up to date).
There are two errors that shows every 10 seconds:
Log Name: System
Source: Schannel
Date: 19/07/2012 14:59:58
Event ID: 36874
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: Server.Mydomain.com
Description:
An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36874</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-07-19T19:59:58.511146300Z" />
<EventRecordID>5908</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="524" />
<Channel>System</Channel>
<Computer>Server.Mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="Protocol">SSL 3.0</Data>
</EventData>
</Event>
Log Name: System
Source: Schannel
Date: 19/07/2012 14:59:58
Event ID: 36888
Task Category: None
Level: Error
Keywords:
User: SYSTEM
Computer: Server.Mydomain.com
Description:
The following fatal alert was generated: 40. The internal error state is 107.
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Schannel" Guid="{1F678132-5938-4686-9FDC-C8FF68F15C85}" />
<EventID>36888</EventID>
<Version>0</Version>
<Level>2</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8000000000000000</Keywords>
<TimeCreated SystemTime="2012-07-19T19:59:58.511146300Z" />
<EventRecordID>5909</EventRecordID>
<Correlation />
<Execution ProcessID="484" ThreadID="524" />
<Channel>System</Channel>
<Computer>Server.Mydomain.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="AlertDesc">40</Data>
<Data Name="ErrorState">107</Data>
</EventData>
</Event>
Note: This server has IIS installed (requirement for web console of System Center Operations Manager 2012)
The questions are:
Is this behavior normal?
if no
How to fix this problem?
Thanks in advance!
Hi,
I have an internal CA server on Windows server 2012 R2. A certificate signed by it will be expired on 1/1/2019. How can I extend it?
Please help!
Thanks in advance!
Grace
Hello,
we noticed that every night, there is a large amount of failed audits due to failed login attempts on our domain controller (Windows Server 2012 R2). It is a system account which logs in successfully all the time, but fails multiple times around 0:30.
Last night it started at 0:32:14, to be exact. I checked the task scheduler for any executed task for that time, failed or successful, but could not find any.
I noticed there are a few random failed logins throughout the day (not more than 1 or 2 at a time), but but they always heap up around 0:30 with dozens, sometimes hundreds of login fails in a row.
This is what the logged event (Security) has logged - they're all the same (for simplicity, let's say the server's name is "SERVER"), the event ID is 4625:
An account failed to log on.
Request:
Security-ID: SYSTEM
Account name: SERVER$
Account domain: OUR-DOMAIN
Login-ID: 0x3E7
Login Type: 3
Account for which the login failed:
Security-ID: NULL SID
Account name:
Account domain:
Error information:
Reason: Unknown username or invalid password.
Status: 0xC000006D
Substatus: 0xC0000064
Process information:
Call process ID: 0x29c
Call process name: C:\Windows\System32\lsass.exe
Network information:
Workstation name: SERVER
Source network address:
Source port:
Detailed authentification information:
Login process: Schannel
Authentification packet: Kerberos
Relayed services: -
Packet name (NTLM only): -
Key length: 0
Does anyone have an idea what might be going on?
Hi All,
Kindly advise how to delete/remove invalid entries from PKI.
Regards
Afsar
Hi All.
Kindly advise how to delete the CRL from LDAP and HTTP location followed by cache.
Thanks
Regards
Afsar
Hi Everyone,
Please let me know how to delete the CRL from LDAP and HTTP location
Just to clarify, I am not looking to delete the CDP and AIA configured links.
I want to know how to delte the CRL from LDAP and HTTP location.
Regards
Afsar
Hi All,
If I delete LDAP CRL of issuing CA from CDP container through manage container using PKI View or through ADSIedit,
Once I delete will i be able to reissue the CRL using GUI, By right clicking the revoke certificates using publish.
Regards
Afsar
Hello,
I am trying to setup bitlocker Network unlock and I am having no luck. I am running WDS, DHCP, and network unlock on our Windows Server 2016 DC. I have the certs created with a self signed cert. Imported it into Personal store, then exported a public and
private Cert. We are testing with a hp prodesk 400 g3 with secureboot turned on.
I followed the guide below.. and the other one that is sometimes listed.
https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock
I don't see anything in the wds debug log? I can network boot to the wds server for images? Where is the best place to troubleshoot this?
I have been asked by a user to give access to a file to another user. This file is down two folder levels. She does not want this user to even see any of the other files while navigating down the two folders. Granting access to the file beneath these two folders is easy, figuring out how to give this user the ability to navigate down two folder to reach the file without letting them see any other files on the way is what I am struggling with.
For Share permissions, I gave the user Read. For both the folders, the shared one and the sub folder, I gave the user Traverse folder /execute file and List folder / read data.
When I do this, the user can see the Share but when they click on it, it says the folder is empty so they are not seeing the subfolder under the shared folder. I need help with the Windows permissions to get this to work the way they want it
Hello World !
I have this message which appears every day on all my servers. I know than a particulary application scans all servers in order to centralize informations about: versions, patches level, software installed, ....
Event Type: Error
Event Source: LsaSrv
Event Category: None
Event ID: 6033
Date: 15/10/2009
Time: 09:50:31
User: N/A
Computer: xxxxxxx
Description:
An anonymous session connected from www.xxx.yyy.zzz has attempted to open an LSA policy handle on this machine.
The attempt was rejected with STATUS_ACCESS_DENIED to prevent leaking security sensitive information to
the anonymous caller.
The application that made this attempt needs to be fixed. Please contact the application vendor.
As a temporary workaround, this security measure can be disabled by setting
the \HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\TurnOffAnonymousBlock DWORD value to 1.
This message will be logged at most once a day.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
What are the risk if this registry key is modified ?
Thanks for your help / ideas
Regards,
Have a nice day
Rhum2
Hi Experts,
we seem to have issues renewing our subordinate CA, it is running on windows 2012 R2, the cert still have 8 months validity, logged in as enterprise admin, but still when we dont see the option to choose root CA just start and restart
the cert service.
i have looked at this:
https://social.technet.microsoft.com/Forums/sqlserver/en-US/93e5d756-f9f4-49f7-9d26-570c7200940e/steps-to-renew-root-subordinate-and-issuing-ca-certificate-authority-in-windows-2008-r2-pki?forum=winserversecurity&forum=winserversecurity
the Request File registry entry exists and it is valid.
thansk
Can anyone recommend a program / utility that I can point to a folder and it generates a SHA-1 hash of all contents?
I'm familiar with using Hashcalc which works very well with single files... a fallback option I have is to take a zip archive the aforementioned folder and then hash the archive... but I'm hoping to not have to do that.
Kind regards, Dave
We have migrated NPS from Windows 2008 to Windows 2012.
I exported the configuration (nps.xml) from the old server and imported to new.
Strange, only one server is authenticating the users, the second server deny access.
We imported the same nps.xml file on both new server.
I have a client with a Windows Server 2012 r2 file server that I have been trying to update for the last few weeks. I have been seeing the following updates fail. I have tried the recommended fixes which have not worked. I uninstalled the .NET security rollup for June 2018, rebooted and tried to install the updates and have been unsuccessful. The newest version of the .NET didn't install either. I am not seeing any substantive responses from Microsoft regarding these errors and wanted to see if A) anyone else was experiencing this, and B) had anyone else developed or found a resolution.
Thanks,
Joseph
Joseph Rapoport
PKI is not my strength, i have take over the admin of a root CA. root CA is issuing certificates for DCs and PCs.
I requested a renewal of certificate for a PC then i noticed that multiple certificate in the store. That is, pc.mydomain.local twice.
Both have same expires date and same templates.
Is it something I have to concern about?
Hi Support,
Will below mentioned MS Patch applicable for the windows server 2012 R2 standard edition,
Apply Security Only update KB4022718 or Cumulative update KB4022724.
Apply Security Only update KB4022718 or Cumulative update KB4022724.
Apply Security Only update KB4022718 or Cumulative update KB4022724.
Regards
Suresh