OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

Can't remember username and password
Comprehensive Backup Solutions for Microsoft
Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Attached are outputs from some of the commands (obtained from vSphere hardening gde 6.0):
I have some questions which I've highlighted in green text in the attached: appreciate
clarifications on the green text question in the attached
My colleague has managed to configure one of the PC as Super-Agent ie
other PCs could get the McaFee AV signature updates from it or

is this a 'push' update ie from Super Agent, it pushes to the slave PCs
or it's a pull ie Slave PCs pull signature updates from it?

How do we configure the slave PC portion (screen by screen will be good)?
we have a number of internal applications which rely on IIS for the web server. These are only internal servers but we have noticed the 3rd parties whose apps we use have within the web root  some web.config12.bak type files. These do have hard coded DB and admin credentials within them so we would not want them exposed to any internal officers.

All servers are internal and not internet facing so the risk is limited to internal employees, and it is a small workforce with limited web server skills I would presume. The web root is hosted on the servers D:\, and the actual permissions on  the web root folders themselves only grant IIS_USERS group read on read & execute permissions. I typed the full path into a browser, e.g. \\server\app\live\admin\web.config12.bak and it returns a "404 - File or directory not found" error, even though I know it exists in that path. If I try a sample of other files in that directory such as styles.css, or a log txt file I know exists, my browser loads them up fine. So I am wondering if its something to do with the extension that causes the 404 error rather than ACL permissions preventing their download. As the ACL seems to be the same for all files in that directory, so it must be an IIS additional security control, perhaps.

I just need to be sure this would be consistent for all internal employees, that nobody could download a copy of these web config backup files, or if its the behavior of the browser preventing the …
I'm not Wintel-trained but UNIX.

We have about 30 PCs which are used by about 35  users who perform high-value
payments processing & audit find that any of the 3000 odd  AD IDs currently could
login to these workstations (& any other workstations).

So I plan to create separate AD IDs for these 35 users for them to use to login to
only these 30 PCs & deny all the rest of the 3000+ IDs from login to these 30 PCs
(which do not have Internet access nor email clients).

I was told by Wintel support team this is an extremely enormous task involving
a lot of efforts on the AD administrator & Wintel team.  Is this true?

Can someone give me step by step instructions (with screen shots if possible)
on how this can be done so that I can assess if it's truly a "non-feasible" task.

C:\>net user /domain my_ADId
The request will be processed at a domain controller for domain mbb.com.sg.

User name                  xxx
Full Name                    xxx
Comment                      Technology Compliance
. . . . .

Workstations allowed         All  <== this is the problem
Logon script                 default_proxy.bat
 . . .

Local Group Memberships
Global Group memberships     *CGN            *INTERNET
Need more best practices & governance on mobile codes (eg: Flash player,
Pdf reader, JavaScript, Java Applets, ActiveX) as we have a few cases of
malicious codes being run when opening Pdf & 1 case of ransomware:

a) attachmt 1 is a screen of IE setting: mostly what to set in IE to stop ActiveX
    & to set to  Med-High (guess this is also to mitigate against ActiveX ?)

b) I wud say patch the various Adobe products (we use Adobe Flash &
     Shockwave) within 1 week upon release of patches ?

c) attachmt 2 has some suggestions on ActiveX & Java only: not much

d) Does AV mitigate against mobile codes vulnerabilities?  If so, keep
    AV signatures updated   is another mitigation

e) I'm sure IPS (NIDS & HIPS) have signatures for mobile codes but in
    McAfee's case, by default, they are rolled out in Detect & not Block
    mode?  Should they be in Block mode?

f) any other best practices & governances for mobile code?
In an audit finding, critical PCs (used to transfer large funds n these PCs do not hv Internet
access Nor email clients in them)  were found to be pingable n could map drives to normal
PCs ( to hv internet access n drive sharing can propagate ransomwares/malware) in same

We were told these 2 different categories of PCs she'd be logically segregated.  As we don't want
To create separate Vlans n do major network restructuring, Can we do
1. Super sub netting n use Cisco ACLs to segregate the 2 groups of PCs?  Is this ACLs
     using MAC address?
2. Create Windows firewall rules on the critical PCs
3. What else?
'screentime screensaver engine' popup comes up after the machine is idle. how to get rid of this?
I am the IT person for a small company and we have a large group of engineers that need to install a wide range of software and updates on a frequent basis. I want to keep things secure but also make it so that I do not have to be present all the time.

My solution was to create a domain account named Software and I put Software into the Administrators group on each computer. When a user needs to do an upgrade or install, they send me a request, and I can give them the current credentials for Software. When they are done installing I change the password for Software. This has worked fine.

Now the problem. Users can use a previous password I have given them for the user Software. There is a laptop we use for PLC programming. About a month ago I allowed a user to install software using the Software. Yesterday I got a request for an upgrade and before I could reply I was told they got the upgrade done. I inquired how and was told they used the password I had given previously. Since the initial use of the account Software, I have changed the password for Software at least 6 times. Why was the old password still accepted?

Now I am thinking that I could create a local account for each computer and change that password, but that means keeping track of the password for that local account for 75 different computers. And will an old password still work in this scenario also?
Windows Server 2012 R2 Standard.
The HD is less than 2/3 full.
I've tried changing ownership of the entire drive, modifying the virtual memory, and granting myself full permissions from the root downward.  I get ownership error messages on a few files, like pagefile.sys.  I click "continue" and the permission granting continues until the end.
I've rebooted several times, checked for errors on the drive and defrag.
I've Googled and Googled for answers, but am now turning you you experts for help.
Independent Software Vendors: We Want Your Opinion
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Evening all, we have a self service portal, which allows customers to reset their own passwords.

The generic questions that come with the product aren't good enough in my mind.

Does anyone have a suggested top 5 list of secure, yet memorable questions which would be suitable

New install of server 2012 64bit,  not a OS upgrade, but old server data such as program files still on the 'c' drive.
no problems during the install, no yellow flag warnings except for "AD Rights Management" needs post configuration.
Rolls installed are AD, DNS, DHCP, as a full secondary domain controller,  application server, and file server.   I did not ask for IIS,  but got it anyway.   A pop up window keeps asking to install .NET 3.5.   NO changes to group policy.  
A funny thing about the folder share security;   the double head icon does not show up on C drive but does on the 'D' drive.
Configuring share security on 'D' is normal,  I get the groups I want.   On 'C' it configures the way I want,  but is erased by the next logon.  
In auditing our server event logs we have several users generating Event 4625, which are basically bad password/user name.  We are a multi-domain environment.  Users systems are in my domain 'A', but their user accounts are in domain 'B'.  We have login scripts that map drives to our server (also in domain 'A'), but the 4625 event error shows that their system is attempting to connect to the share using the wrong domain for the user name (i.e. A\username instead of B\username).  The time stamp on the users workstation seems to confirm that the System thread (process PID 4 ntoskrnl.exe) is the process at the root of the call to the server.

e.g. B\username is logging into A\computer,   GPO set login script has B\username attempt to map several shares on A\server.  For some reason windows attempts to use A\username instead of B\username

Now, the drives do end up mapping, so its almost like Windows by default is applying the computers domain to the current logged user ID then continues to try moving to the actual domain of the user.

I've cleared the mapped drives, tried setting the map command to work with the /PERSISTENT:NO to make sure there isn't a 'stored credential', but it doesn't change the symptoms.

May not be a fix and this is just the default method for windows, but its a bit annoying to dig through all the false positives.  We will not be able to change either the computer's or user's domain so that is not an option.

Looking for potential ideas.
I have had a disk failure on my DC, so need to recover.
However a while ago I had the brilliant idea of backing up to an iscsii volume on a netgear NAS.
Now I need to recover , I can mount the iscsii on another system, but cannot read. All I get access is denied.
When I try take ownership  with a local admin, it will not allow me.....

I don't want to be to adventurous with attacking the prob as it is the only backup . Any suggestions  .....
We are still using Tomcat 6.0 and plan to move to latest version by next year. Problem with current version is to set the access deny to our web-application.

I tried adding valve with webapps/META-INF/context.xml file as below but nothing works. Can you please provide a fix.

<Context antiJARLocking="true" path="/">
<Valve className="org.apache.catalina.valves.RemoteIpValve" />
<Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="{IP_address}" />


<Context antiResourceLocking="false" privileged="true">
    <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="127\.0\.0\.1,8\.8\.4\..*"/>

Open in new window

Do you guys have any another solution as I want to restrict outside users from accessing Manager view and it will be accessible only from localhost?

Best Regards
Hi Guys,

We have a domain-joined PC (Win8.1) pops out the message "Your system administrator has blocked this program. For more information, contact your system administrator." whenever i try to install any program or launch any program as administrator.

This is the only pc having the issue, the pc and user is in the same AD object containers as others, there is no such rules set on domain level.

When i logged in as another standard user, it had the same problem, but if i login as any admin account, it acts normal.
i suspected UAC setting as the UAC was set to the lowest level, but nothing happened after i changed UAC back to default.

Can anyone shed light on this problem pls?
On a slave KDC server running MIT Kerberos, I get the below error message when trying to access kadmin.local.  The master server works fine.  

I think this is because I created the Kerberos DB on the slave KDC with a different password, but when I updated the stashed password, it still doesn't work.

# kadmin.local
Authenticating as principal root/admin@KERBEROS.REALM.NET with password.
kadmin.local: Unable to decrypt latest master key with the provided master key
 while initializing kadmin.local interface

The servers are RHEL 6.5.
I need to know if there is a way to track how many files users download/copies from our file server. I know I can turn on Auditing using group policies but is there a better way to do this. also, will the auditing tell me who and how much was downloaded/copied?
this is what i have.
user teacher1
teacher shared folder
              teacher1 folder

teachers group share folder    
                sharing shared
                       with advanced permissions of
                                      authenticated users full control
                                      domain admin full control
                                      local file server admin full control
                 security permissions
                                        domain admin owner
                                       creator owner full control subfolders and files only
                                        authenticated users read/execute this folder only
                                        system full control this folder, subfolders and files
                                        local admin full control this folder, subfolders and files
                                        domain admin full control this folder, subfolders and files
                                        domain group teachers read/execute this folder, subfolders and files
                   teacher1 folder
                                                administrator owner
                                                admiistrator read/write
                                                teachers read
                                   advanced sharing none
How Blockchain Is Impacting Every Industry
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

I am trying to deploy the latest security patch through Ninjarmm for several clients. I think it has to be applied through the command line. Is there a way to deploy it to multiple clients at one time remotely using Ninja?
I wish to change my password!
I need to find a way to patch my servers by function.  I want to patch the dev/test server, wait a week, patch the QA /staging servers, wait a week then patch the production servers.  This will allow the application support teams to verify  the patching didnt break their applications before being rolled out to the next level.   Same for the workstations.  Patch the Beta group of users, wait a week and then patch the rest.

Waiting to approve the patches doesnt fix my issue and the GPO only allows for a specific date.  Any ideas?  Btw:  Servers are 2012 R2 and desktops are Windows 10 pro.


I want that when my application starts it checks for Application Folder's  priviledges and change them to
inherit permissions from up Folder down to Sub Folders and Files it contains.

I tried the following code but for C:\Program Folder\MyFolder but got error assigning permissions to MyFolder failed.

intRunError = WshShell.Run("%COMSPEC% /c Echo Y| cacls " _
& strHomeFolder & " /e /c /g Domain\User:F ", 2, True)
Hi ,

I want to create an administrator account for our helpdesk technican lets say for expamle (helpdesk admin)

this user account should be able to pass the authtntication security wizard (which asks for administrator password for computers joined to the domain) when installing new software or application .. in additon to this to be able join users to domian ...

but this accoutn should not be able to log to the servers or have any other privileges

Please advise Step-by-Step
Looking for help on login into windows xp with a Magnetic Stripe Card.

OS Security





Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.