OS Security




Articles & Videos



Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have a client that has forgotten his BitLocker key on his Surface Pro 3 and his Surface Pro
asks for it before he can even get to the log in screen.
I have done some research and it seems as it is a tough nut to crack.
I was thinking a bootable program on a flash drive that can tell me what the password
for the BitLocker is.
Any ideas would be appreciated.
Free NetCrunch network monitor licenses!
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.


for any SQL server install SSL security , under what situation your customer will do it ? usually company I work with install SSL only in web server login page.

to protect DB backup from getting restore to other DB ? so using TDE ?  but TDE must use SSL cerification from a known provider like symantec ?
I'm writing a doc to list out the circumstances / criteria when we need to engage a
professional forensic IT service or when engaging our HQ's forensic team (which
we don't have locally).

Blocking a malicious IP or source of a spam & phishing sites (that resemble ours),
recovering from a malware using our AV & backup is something we have
competencies to do.

We don't know how to use Windows sysinternals tool & possibly most forensic tools

What are the criteria people out there resort to when engaging professional IT
forensics ?
I view the blocking of USB for 2 reasons:

a) data leakage/loss prevention (so that sensitive data is not copied out):
     but copying data from thumb drives into the laptop is Ok, right?
     No data loss/leakage concern right?  
     So does anyone know if there are tools out there that allows the
     USB port to permit data to be copied into laptops but not out?
     Our McAfee tool doesn't appear to have this feature

b) the concern of malwares (including scripts) being executed from
     thumb drives : well for this, we'll have on-access AV in place so in
     a way this is mitigated.  Win 10 with is AV Defender also prevents
     execution of Java, VB scripts etc

Now, between item a & b, my much bigger concern is item a because
for item b, a good AV will mitigate quite well while I've not heard of
any tools that permit one-way data copying into laptop via USB.

Or does anyone know of any tools such as wireless HDD that has
such feature such that users can't reconfigure the "firewall rules"
so that data can only be copied into laptops & not out ?

To provide another intermediate laptop with sftp etc is out of the
question as this solution is too unwieldy
Hello Experts,

Is the following Local Policies/Security Options group policy as listed below need to be only set/must be set at the "Default Domain Policy" GPO and not in any other GPO? I am curious because we have this in our Default Domain Policy gpo as 'disabled' and 'enabled' in a GPO that is linked to our Domain Controllers OU. When I run secpol.msc on the domain controller itself, it is showing this option as 'disabled' (same setting as the default domain policy) AND 'not configured' when I run an RSOP on the domain controller.

Computer Configuration -> Window Settings -> Security Settings -> Local Policies - Security Options -> Network security: Force logoff when logon hours expire

Can someone please shed some light?

Thank you!
Pretty regularly - 1 or 2x a day, I get a popup on 1 computer (win 7 SP1, fully patched) about 'your computer is infected', we're from microsoft call us, etc.

I realize it's a scam.  But curious how it's getting on there.  I've run malwarebytes, superantispyware, hitmanpro and they don't find anything.

I am streaming a radio station based in NY.

Am I mistaken that the people running the malware buy ad space on legit websites and thats how they get on the machine?

these have been easy to get rid of - just close the browser by clikcing on the x in the top right corner (it takes over the tab the radio station was on, another indication that's where the malware is getting in from?).  I've seen other versions where you have to kill browsers through task manager or reboot the computer.
We have quite a number of special Win 7 workstation PCs that have local
administrator accounts : the password never expire as each time changing
the password will involve quite some efforts of application changes.

What's the best practices to manage such accounts & any special mitigations?

a) make the passwords of such accounts dual control : ie different teams
     hold the passwords?
b) I'm not sure if we can make it "cant logon interactively" : I'll do it if it wont
     break the app.  Besides this what else can we harden?  No Local Logon?
c) noLMhash needs to be enabled so that the password cant be cracked
    easily;  what other hardenings?
d) any other mitigations such as enabling Windows Firewall?
e) pls add on any other best practices ...

when we try to create an ODBC connection to SQL server 2000 we see this:

ODBC error
any idea on why is it ?

I read this one:


but it don't say what registry user fixed, any idea?

the box connect to that SQL server 2000 also windows 2003 standard edition.

there are more than one server box has this problem and some serve connect to the SQL 2000 box is upgrade from Windows 2000 to Windows 2003 by in-place upgrade, VM clone.
The Chubb contact person I liaise with told me all their customers are recommended
not to install AV on Chubb's custom Windows CCTV recording server as it will cause
severe perf issue & will conflict with some sort of built-in security feature.

Anyone know what is this feature?  is it apps whitelisting, AV or ??   The person I
liaise appears uncertain
What are the gaps / items in my outsourcing vendor (for hosting & Datacentre) that I ought to
look out for?  I'm sort of auditing them
Transaction Monitoring Vs. Real User Monitoring
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.


i have a problem, i have many servers where the KB cannot installed, system tell this UPDATE is not applicable to your system.

i use this KB for our Windows 2008R2 server: windows6.1-kb4012212-x64_2decefaa02e2058dcd965702509a992d8c4e92b3

what i have see, is this KB i can install without problem on Window 2008 R2 SP1, but not on WINDOWS 2008 R2 SP0:

OS Version
Microsoft Windows Server 2008 R2 Standard  6.1.7601 (SP1) [x64-based PC] ==> KB is installed OK
OS Version
Microsoft Windows Server 2008 R2 Standard  6.1.7600 (SP0) [x64-based PC] ==> KB is not installed

any help plz?


We are seeing some potentially odd behaviour which I'd like some suggestions for if possible please?  We have two audit tools which are showing that the local administrator (and sometimes guest) accounts are having their badpwdcount increased.  The common experience appears to be:

Workstation XYZ seems to have a burst of attempts against server ABC (all within the same minute)
ABC local admin account is unlocked by the workstation, the badpwdcount is then incremented until the account is locked, the account is unlocked again by the workstation and it tries again until the account is locked.  The attempts are ceased.

We have seen badpwdcount rising to 56 or so for some attempts.
The source workstation or target server are not always the same (I've not found any link yet)
The admin account is enabled on the servers and workstations.
Local Guest is disabled.

We have seen servers lock out their own local admin accounts (e.g. ABC$ against ABC$)
The domain admin account is the same name as the local admin account.
No malware has been seen and both workstation and server have different AV vendors (for what AV is worth nowadays at least).

I open up Internet Explorer or Edge on a WIN10 computer but I am not able to go to any website.

However, I am able to ping the default gateway of my home router,  ping the public DNS IP and get the DHCP address.  

What could be the reason?

anyone use Manage Engine Desktop Central to deploy MS security patchs ? can it rollback patch which is failed and how can it knows the patches is failed ?
Someone I work with has a Windows 10 PC that they have been using a local account, no domain and has never been setup with a Windows Live account or anything. It has been working fine and then all of a sudden their password stopped working.

They checked caplock, numlock, tried a new key board and let it sit over night in case the system locked them out after a few failed attempts.

I have never heard of a password just stop working on a system without something malicious or user related going on. Are there any known issues with Windows 10 that would just make their password stop working?

Is there a way to recover or reset the password? There are no other accounts on this system that can be used.

My suggestion for them is to have it rebuilt but if there is a way to recover/reset the password that would be a better option.

Refer to above link.
Is this a legit vulnerability & which versions of Windows are affected (as the link did not say)
& that "Microsoft has yet to release a patch for it" ie MS ack it's a vulnerability ?

Can cite any authoritative & MS links that support the legitimacy of the above claims of vulnerability
& specifically NetBT protocol could be exploited by the above NSA exploit ?
is there any way in powershell or any other tool which can query AD, to supply a security group as a parameter, and it give you a number of users/members count, including any sub groups within the parent group and their subsequent user count. Our structure on some older servers is groups within groups within groups and it makes it difficult to see immediately how many unique users can access files within a folder.
is there any technique/command/tool that can be used to remotely report the system centre endpoint protection status from a remote PC (definitions created on, definitions last updated, virus definition version, spyware definition version).
Hi, just looking for a better way of managing WSUS v 6.3.9600.18228
We automatically approve Critical, Definition and Security updates
We sync Critical, Definition, Feature Packs, Security Updates, Service Packs, Updates roll ups, and Updates.

We get an email notification once a week of the synchronised updates, we have 3 different sites each running its own WSUS server, and its a constant struggle trying to wade through the print outs, as the print outs (synchronised report) contain all the updates that are automatically approved as well as ones which need checking to see if we want them or not.

This wastes time as we are checking updates unnecessarily. Is there a report that could be run instead that prints out just the items that aren't automatically approved and require attention?
We also find updates on the printout that are only a few days old, have already been superseded, again wasting time.

There must be a better way of doing this?
Turn Insights Into Action
Turn Insights Into Action

You’ve already invested in ITSM tools, chat applications, automation utilities, and more. Fortify these solutions with intelligent communications so you can drive business processes forward.

With xMatters, you'll never miss a beat.

Please provide me with the URL address to download the SMB1 update for Server 2012 R2.
I don't want to load enhancements or improvements.  Just security patches to avoid any malware, etc.
I was told that https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
is the one that's most currently important.
How can I selectively install these and not the other stuff?
Is there such a list of IP or smtp domains (doesn't have to be up to the hour up-to-date) list so
that we can block at our smtp?

Blocking by firewalls is not good as the emails will still come in
I have a client with a Windows 2008 R2 Remote Desktop Services Server (Terminal Server). It has commend to my attention that a user account was compromised allowing an unknown person to gain access the network.

What utility can I use to view hidden accounts, view what accounts that have been given domain admin and or local admin access and discover any root kits or other hidden remote access accounts?

And, what utility can I use to notify and log each time someone logs into the Desktop Services Server or an administrators logs into one of the other servers?
Hello ,

Please clarify few doubt about Microsoft Security patch model as monthly rollup for  windows server .
As this update is released that contains all Security, non-security fixes and bug fixes, including all updates from previous monthly rollups.

Here are few queries based on the above definition.

1. What are updates comes under non-security fixes ?
2. Lets say my server last patched on Nov 2016 now I need to update with least patches for May 2017 month , If i will apply only one Monthy rollup patches for May month , will this cover all the all Security, non-security fixes and bug fixes since Dec to May month ?

I need to configure server to host my web site.
It's E-coomerce web site.
01. I need to know what is the upload /and download speed minimum. for example 1000 users access simulaniously.
02. do i need to buy Static IP address
03.i have search from Google typing ipaddress,then it will showing my Your public IP address IPaddress is xxx.xxx....
is it Static or Dynamic Address
04. I have domain name , how to connect IP address and Domain name
05.How to secure my server

OS Security




Articles & Videos



Operating system security (OS security) is the process of ensuring OS integrity, confidentiality and availability. OS security refers to specified steps or measures used to protect the OS from threats, viruses, worms, malware or remote hacker intrusions. OS security encompasses all preventive-control techniques, which safeguard any computer assets capable of being stolen, edited or deleted if OS security is compromised, including authentication, passwords and threats to systems and programs.