Archive for March, 2022
About NT SERVICE\ALL SERVICES group
So what is with this group? I saw it on fresh OS install, GPOs, some random forum discussion. But not a lot explained on the MS docs. There is something but it’s kind of useless and confusing: https://docs.microsoft.com/en-US/windows/security/identity-protection/access-control/security-identifiers It says S-1-5-80-0 All Services A group that includes all service processes configured on the system. Membership […]
More about on how Network Location Awareness Works
Because on some recent issues I had with NLA I’ve started to dig a bit on this subject and since there isn’t a lot of information about NLA available I though to share some of my findings: – For everyone having issues with Domain detection please apply this workaround – The domain profile isn’t set […]
Windows Server SMB Authentication Rate Limiter
A small but cool feature is available in the new insider version of Windows Server (soon to be available on Windows 11 too) called SMB Authentication Rate Limiter. This will slow down NTLM brute force attacks against SMB servers and will be a good protection for those small environments where advanced analytics and monitoring are […]
Network Location Awareness (NLA) issues on Windows Server 2019
Lately I have encountered an issue where NLA wrongly identifies the network location as Public instead of Domain. This triggers the Windows Firewall to use the Public profile and from here an avalanche of issues. What I have observed was that this happened on computers with a teamed network adapter that was also used to […]
SMB security stuff
Just leaving here a couple of SMB security related stuff for anyone interested: How to Defend Users from Interception Attacks via SMB Client Defense Beyond the Edge: How to Secure SMB Traffic in Windows Always use SMB signing (and encryption if possible; on SMBv3 it’s better to use encryption). Do not be afraid to test […]