Author Archive
PXE protocol details
Just did a quick PXE troubleshooting this week and I thought to share some good PXE document that explains the logic built into the protocol: http://www.pix.net/software/pxeboot/archive/pxespec.pdf It’s really old stuff, but it still helps to get an insight into the protocol. Also some stuff from Broadcom was also very helpful: https://knowledge.broadcom.com/external/article/181525/using-a-wireshark-network-trace-to-troub.html PS: Be careful with […]
About NT SERVICE\ALL SERVICES group
So what is with this group? I saw it on fresh OS install, GPOs, some random forum discussion. But not a lot explained on the MS docs. There is something but it’s kind of useless and confusing: https://docs.microsoft.com/en-US/windows/security/identity-protection/access-control/security-identifiers It says S-1-5-80-0 All Services A group that includes all service processes configured on the system. Membership […]
More about on how Network Location Awareness Works
Because on some recent issues I had with NLA I’ve started to dig a bit on this subject and since there isn’t a lot of information about NLA available I though to share some of my findings: – For everyone having issues with Domain detection please apply this workaround – The domain profile isn’t set […]
Windows Server SMB Authentication Rate Limiter
A small but cool feature is available in the new insider version of Windows Server (soon to be available on Windows 11 too) called SMB Authentication Rate Limiter. This will slow down NTLM brute force attacks against SMB servers and will be a good protection for those small environments where advanced analytics and monitoring are […]
Network Location Awareness (NLA) issues on Windows Server 2019
Lately I have encountered an issue where NLA wrongly identifies the network location as Public instead of Domain. This triggers the Windows Firewall to use the Public profile and from here an avalanche of issues. What I have observed was that this happened on computers with a teamed network adapter that was also used to […]
SMB security stuff
Just leaving here a couple of SMB security related stuff for anyone interested: How to Defend Users from Interception Attacks via SMB Client Defense Beyond the Edge: How to Secure SMB Traffic in Windows Always use SMB signing (and encryption if possible; on SMBv3 it’s better to use encryption). Do not be afraid to test […]
Best Active Directory Docs Collection
If you’re looking for Active Directory documentation here’s a concentrated shot: http://download.microsoft.com/download/2/2/C/22CBAF24-CDBD-46E8-BD90-909265EBECBA/MCSM_Directory_Reading_List_June_2013.docx
Time to return
Cautand ceva prin vechile mele postari am realizat ca au trecut fix doi ani de cand nu am mai postat nimic. Si dupa tot ce am vazut in ultimii ani incep sa realizez din ce in ce mai mult ca lumea inca are nevoie de sysadmini. Asa ca o sa incep sa mai scriu din […]
Extract the filename from a path in Powershell
Lucrul cu string-uri e dificil cateodata iar unul din task-urile intalnite recent a fost sa extrag numele unui fisier dintr-un path. De exemplu se da urmatorul string “C:\Data\reports1.csv”. Si task-ul este de a obtine numai numele fisierului din acest string. Bineinteles ca se poate face impartind tot stringul pe baza caracterului \ si citind doar […]
Vmware Workstation Shared Folders issue & Windows 10
Seems like after every Windows 10 upgrade, the shared folders inside Vmware Workstation VMs stop working. Reinstalling Vmware Tools and rebooting the VM or host will not fix this issue. The problem seem to be related to this registry key:HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder The value should contain also vmhgfs and seems to be rewritten after each Windows […]