Go Premium for a chance to win a PS4. Enter to Win


OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Does some sort of it security baseline / hardening / security best practice document/check list for Jetty already exist?

If so where can it be found?
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Hello Experts,

We are working on remediating some security vulnerabilities.  One of the low hanging fruit that I thought I would remediate is the requirement to allow RDP connections from computers running Remote Desktop with Network Level Authentication.  Below is a screenshot from one of our workstations showing the current setting:

Current settings on workstations
As you can see, we currently allow connections from any version of Remote Desktop.

The setting to require Network Level Authentication had been configured in our default domain policy.  It was set to “disabled”.  I have changed the setting to “enabled” and applied the change.  

NLA required set to enabled
I have saved the GPO and let domain replication take place.  When I do a gpupate /force /sync and restart the RDP settings are the same as they were in the first screenshot.  What am I missing here?

Thanks in advanced.
When the domain network portion of the Exchange server's firewall is on none of the Outlook clients can connect to the server. It will ask to rety, work offline, or cancel. After choosing to retry a few times it will go through.

We are using Exchange 2010. Server is 2008 R2 Standard.  I have searched through the event logs and can find nothing that would help identify the culprit. I have also searched through the firewall rules and everything looks correct.
I'm dealing with some 50 workstations of Windows 10 Pro in a peer-to-peer network.  The practice has been for the machines to be inspected manually on a weekly basis for update status.  It doesn't take too long really but it would be better no doubt to automate the process.

I've not found anything that really does the job.
Nessus doesn't seem to offer a template that does this particular scan.
PRTG may do it but I'm going to have to get the target machines to respond using the right security protocol.
MBSA seems to "work" but not very well for scanning Windows 10 machines - lots of loose ends.

Other than changing our ways, which isn't even part of this question, what might you suggest?
Our ambitions are quite limited - so you might keep that in mind.

I'll need to revisit the above EE post : I've just implemented the simplest solution by Lee W ie  
ID: 42292327  by removing "Domain Users"  from the local "Users" group on 2 of the PCs, rebooted them but using one of the 'unauthorized' AD Id, could still logon to the 2 critical PCs, so this solution did not work.  Why is it not working as Lee W   suggested?

Under the local  "Users" group, there are 2 more members (after removing "Domain Users"):  could these 2 groups be the reason why the unauthorized AD Ids could still login?
  1. NT AUTHORITY\Authenticated Users (S-1-5-11)
I guess it's not safe to remove the above 2 from local "Users" group, right?

I'm looking for the next simplest solution, so which among them are easiest
considering there are 30 PCs with 40 authorized staff?

Currently if we issue  "Net user /domain   any_AD_Id" , output will show
a line "Could logon to any workstations" : guess this is (one of) the problem
After setting up AD authentication on Centos 7 x64, when the user first logs in having never logged in before a password is asked for rickybobby@racecar.net  Ricky is able to login and perform his tasks.

If Ricky logs in at a different day from the same of different console via ssh or whatever he types in his username then is able to login without a password.

I'm guessing its something to do with passwd or shadow settings but am not sure where to look?
I have a Veracrypt volume that was mounted on my PC. My PC rebooted while the volume was still mounted and now the volume won't mount. I get this message when attempting to mount the volume. I've tried mounting with the backup header option with no luck. Is there anything that I can do to get the volume mounted/
Are there any specific best practices you follow when documenting security groups in AD, e.g. what membership of such a group actually permits? Without having to dig through file servers etc a group name on its own is not of much use. So I wondered what type of information you record about each security group, and where you store that information.
How do ireset my qth81admin account??
We have a team of Wintel sysadmins & there has been cases where critical files / folders were
accidentally deleted & we need to trace who/what deleted it : not logins to all server are
video-recorded (by tools like Privilege Access Manager or Cyberark).

Not too conversant with setting up Tripwire to monitor as it ended up thousands of lines were
logged daily : too many irrelevant or false positives.

I know in Unix ACL, we can set ACLs on certain files/folder to log to audit trail if files got deleted.
Can provide step by step instructions on how this can be done in Windows 2008 R2 ?  Using
Tripwire is too unwieldy.

Will be good to provide the option of configuring locally (if I plan to do it only for a few servers)
as well as via GPO (if I plan to do it on a big number of servers)
WatchGuard Case Study: NCR
WatchGuard Case Study: NCR

With business operations for thousands of customers largely depending on the internal systems they support, NCR can’t afford to waste time or money on security products that are anything less than exceptional. That’s why they chose WatchGuard.

We're getting more and more requests from clients for recommendations and implementation of two security related systems: vulnerability assessments and file/folder encryption software. Our clients are:

1.  Law firms.
2.  Small (10 to 75 users).
3.  Networked; servers are virtualized.
4.  Windows OS (2008/2012/2016 on servers, 7/8/10 on workstations).
5.  Have perimeter firewalls suited to the size of the firm (mostly WatchGuard).

These requests for vulnerability assessments and encryption are prompted by requirements of certain clients of these firms, such as banks and insurance companies.  We're looking for tools that we can use/recommend to our clients for assessing vulnerabilities and providing encryption for files/folders.  Generally they don't require full disk encryption, as only a portion of their work product is affected by these outside requirements.  Full disk encryption, however, may be required for laptops.

We have a product for email encryption in place in some cases, but any thoughts or specific recommendations in that area would also be welcomed.
Which is considered stronger security?
We have a request to put the highest possible security on a folder.  We've been asked to put 2 FA on access, but only to those who need to access that folder and preferably only when they have to access that folder.

We can't see how this is directly possible using Duo or RSA, but if there is we'd love to know how.  If it is not, what kind of "out of the box" ways can we have a very high security folder within an environment?

We considered moving it to the cloud to secure it with 2FA, but this also then exposes a cloud/Internet component and they are looking for the tightest security possible.

Thanks to everyone who contributes!
How to disable cortana searching in certain directories.  I am trying to keep users out of the windows dir and running certain files.  right now I have hidden the c: but if they search using contra for ie..."shutdown -" and open file location they have access to the windows dir.  

Is there a way to remove windows dir from the search or
disable the open file location for contra.
Completely disable Cortana
disabling allowcortana in the GPO does no longer work with build 1703

I have found ways to do this with file explorer but they do not translate to contra.
I heard NTP server sync using a protocol to its NTP clients / endpoints so
no credentials (or authenticators) is involved.

What about MS SCCM & MS Dsktop Central?  Do they contain authenticators
of the endpoints they manage?  Can point me to some authoritative/MS
links that state this?  

If they contain them, when the authenticators are being sent to the endpoints,
are they encrypted?

It's a query raised by our Audit.  By authenticators, I assume it refers to
login id & password?
Looking for Patch Management Cloud service. I have found a few on the Internet but not sure who is good. Looking to patch OS and 3rd party Apps
I am the IT person for a small company and we have a large group of engineers that need to install a wide range of software and updates on a frequent basis. I want to keep things secure but also make it so that I do not have to be present all the time.

My solution was to create a domain account named Software and I put Software into the Administrators group on each computer. When a user needs to do an upgrade or install, they send me a request, and I can give them the current credentials for Software. When they are done installing I change the password for Software. This has worked fine.

Now the problem. Users can use a previous password I have given them for the user Software. There is a laptop we use for PLC programming. About a month ago I allowed a user to install software using the Software. Yesterday I got a request for an upgrade and before I could reply I was told they got the upgrade done. I inquired how and was told they used the password I had given previously. Since the initial use of the account Software, I have changed the password for Software at least 6 times. Why was the old password still accepted?

Now I am thinking that I could create a local account for each computer and change that password, but that means keeping track of the password for that local account for 75 different computers. And will an old password still work in this scenario also?
I got the task of researching the Glasswall solutions.  has anyone have any experienced with this product?  how does this product compare with Barracuda email spam/filter product?  Thanks.
New install of server 2012 64bit,  not a OS upgrade, but old server data such as program files still on the 'c' drive.
no problems during the install, no yellow flag warnings except for "AD Rights Management" needs post configuration.
Rolls installed are AD, DNS, DHCP, as a full secondary domain controller,  application server, and file server.   I did not ask for IIS,  but got it anyway.   A pop up window keeps asking to install .NET 3.5.   NO changes to group policy.  
A funny thing about the folder share security;   the double head icon does not show up on C drive but does on the 'D' drive.
Configuring share security on 'D' is normal,  I get the groups I want.   On 'C' it configures the way I want,  but is erased by the next logon.  
When ransomware hits your clients, what do you do?
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

We are still using Tomcat 6.0 and plan to move to latest version by next year. Problem with current version is to set the access deny to our web-application.

I tried adding valve with webapps/META-INF/context.xml file as below but nothing works. Can you please provide a fix.

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="{IP_address}" />


<Context antiResourceLocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>

Open in new window

Do you guys have any another solution as I want to restrict outside users from accessing Manager view and it will be accessible only from localhost?

Best Regards
Hi Guys,

We have a domain-joined PC (Win8.1) pops out the message "Your system administrator has blocked this program. For more information, contact your system administrator." whenever i try to install any program or launch any program as administrator.

This is the only pc having the issue, the pc and user is in the same AD object containers as others, there is no such rules set on domain level.

When i logged in as another standard user, it had the same problem, but if i login as any admin account, it acts normal.
i suspected UAC setting as the UAC was set to the lowest level, but nothing happened after i changed UAC back to default.

Can anyone shed light on this problem pls?
On a slave KDC server running MIT Kerberos, I get the below error message when trying to access kadmin.local.  The master server works fine.  

I think this is because I created the Kerberos DB on the slave KDC with a different password, but when I updated the stashed password, it still doesn't work.

# kadmin.local
Authenticating as principal root/admin@KERBEROS.REALM.NET with password.
kadmin.local: Unable to decrypt latest master key with the provided master key
 while initializing kadmin.local interface

The servers are RHEL 6.5.
I need to know if there is a way to track how many files users download/copies from our file server. I know I can turn on Auditing using group policies but is there a better way to do this. also, will the auditing tell me who and how much was downloaded/copied?
this is what i have.
user teacher1
teacher shared folder
              teacher1 folder

teachers group share folder    
                sharing shared
                       with advanced permissions of
                                      authenticated users full control
                                      domain admin full control
                                      local file server admin full control
                 security permissions
                                        domain admin owner
                                       creator owner full control subfolders and files only
                                        authenticated users read/execute this folder only
                                        system full control this folder, subfolders and files
                                        local admin full control this folder, subfolders and files
                                        domain admin full control this folder, subfolders and files
                                        domain group teachers read/execute this folder, subfolders and files
                   teacher1 folder
                                                administrator owner
                                                admiistrator read/write
                                                teachers read
                                   advanced sharing none
I am trying to deploy the latest security patch through Ninjarmm for several clients. I think it has to be applied through the command line. Is there a way to deploy it to multiple clients at one time remotely using Ninja?

OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.