Author Archive

PXE protocol details

By Andrei Ungureanu - Last updated: Saturday, April 23, 2022

Just did a quick PXE troubleshooting this week and I thought to share some good PXE document that explains the logic built into the protocol: It’s really old stuff, but it still helps to get an insight into the protocol. Also some stuff from Broadcom was also very helpful: PS: Be careful with […]


By Andrei Ungureanu - Last updated: Thursday, March 31, 2022

So what is with this group? I saw it on fresh OS install, GPOs, some random forum discussion. But not a lot explained on the MS docs. There is something but it’s kind of useless and confusing: It says S-1-5-80-0 All Services A group that includes all service processes configured on the system. Membership […]

More about on how Network Location Awareness Works

By Andrei Ungureanu - Last updated: Sunday, March 20, 2022

Because on some recent issues I had with NLA I’ve started to dig a bit on this subject and since there isn’t a lot of information about NLA available I though to share some of my findings: – For everyone having issues with Domain detection please apply this workaround – The domain profile isn’t set […]

Windows Server SMB Authentication Rate Limiter

By Andrei Ungureanu - Last updated: Sunday, March 20, 2022

A small but cool feature is available in the new insider version of Windows Server (soon to be available on Windows 11 too) called SMB Authentication Rate Limiter. This will slow down NTLM brute force attacks against SMB servers and will be a good protection for those small environments where advanced analytics and monitoring are […]

Network Location Awareness (NLA) issues on Windows Server 2019

By Andrei Ungureanu - Last updated: Wednesday, March 16, 2022

Lately I have encountered an issue where NLA wrongly identifies the network location as Public instead of Domain. This triggers the Windows Firewall to use the Public profile and from here an avalanche of issues. What I have observed was that this happened on computers with a teamed network adapter that was also used to […]

SMB security stuff

By Andrei Ungureanu - Last updated: Monday, March 14, 2022

Just leaving here a couple of SMB security related stuff for anyone interested: How to Defend Users from Interception Attacks via SMB Client Defense Beyond the Edge: How to Secure SMB Traffic in Windows Always use SMB signing (and encryption if possible; on SMBv3 it’s better to use encryption). Do not be afraid to test […]

Best Active Directory Docs Collection

By Andrei Ungureanu - Last updated: Sunday, February 13, 2022

If you’re looking for Active Directory documentation here’s a concentrated shot:

Time to return

By Andrei Ungureanu - Last updated: Friday, May 8, 2020

Cautand ceva prin vechile mele postari am realizat ca au trecut fix doi ani de cand nu am mai postat nimic. Si dupa tot ce am vazut in ultimii ani incep sa realizez din ce in ce mai mult ca lumea inca are nevoie de sysadmini. Asa ca o sa incep sa mai scriu din […]

Extract the filename from a path in Powershell

By Andrei Ungureanu - Last updated: Tuesday, May 8, 2018

Lucrul cu string-uri e dificil cateodata iar unul din task-urile intalnite recent a fost sa extrag numele unui fisier dintr-un path. De exemplu se da urmatorul string “C:\Data\reports1.csv”. Si task-ul este de a obtine numai numele fisierului din acest string. Bineinteles ca se poate face impartind tot stringul pe baza caracterului \ si citind doar […]

Vmware Workstation Shared Folders issue & Windows 10

By Andrei Ungureanu - Last updated: Monday, May 7, 2018

Seems like after every Windows 10 upgrade, the shared folders inside Vmware Workstation VMs stop working. Reinstalling Vmware Tools and rebooting the VM or host will not fix this issue. The problem seem to be related to this registry key:HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder The value should contain also vmhgfs and seems to be rewritten after each Windows […]