We help IT Professionals succeed at work.






Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

When you have a business that has say 5 Access Points in a building is all you really need to do is set the SSID and Security the same on all of them so anyone in the building can Roam at which point they will transparently move from AP to AP?

   That is more in the Client's ability isn't it?
We get an audit finding from one of the Big Four audit firms as follows:
"A study should be conducted to determine the granularity of the segmentation of end-users. Minimally,
  IT administrators should be in a separate network segment from the rest of the end-users."
"Inadequate network segmentation increases the ease and risk of lateral movement by cyber-
  attacks, if a server or device in the segment is compromised."

As sysadmins have "privileged" access to servers & compromise of their PCs will risk compromising
the servers in a 'privileged' way, we'll adopt the recommendation.

I'll need some good points/arguments to support our stand of not further segmenting each
departments from each other:

a) the main exposures are from "Internet surfing" & emails access (lots of malicious attachments,
    phishing, spam emails seen in email gateways) besides USB ports

b) all other users belong to same trust domain as they read emails & surf internet (yes, the
     sysadmins are encouraged to surf internet on PCs not used to surf Net & read emails)

c) for workstations used for Industrial Control Systems/Operations Tech, they don't have email
    access & Internet surfing &  have been rightfully segregated as per existing set-up

d) To prevent lateral attacks, EDR, AV & email security (forwarding of malicious emails to
     other colleagues) are in place with SIEM for detecting such events in the pipeline

e) if we were to segregate every departments (eg:…
Hi All,

I would like to create a "Dynamic" security group in Active Directory. So basically my need is as following:

I need a security group which will contain 3 computer objects. These computers will be reimaged ever now and then, but they will always have the same hostname. I need those objects in the same Security Group after they rejoined the domain. A colleague of mine attended me on "Dynamic" Security Groups, yet i cant find any usable information. Does this exist? Maybe you guys have more information

Thanks in advance!
Hi, I'm using the Quarantine feature from Watchguard and this creates a Quarantine website users can log onto. But the problem is that it's an intranet server and as such doesn't have an 'official' SSL certificate. I tried to create a self-signed one etc but I keep on failing ... could someone please give me step-by-step instructions on how to create a self-signed certificate and attach it to that website so that the browsers won't throw their security warnings anymore? Thanks!
I've searched the internet and I still don't understand what it means when NCA\ANONYMOUS LOGON locks and/or unlocks the domain administrator account.
Below is an extract from the event viewer in an easy to read format. Can anyone explain the best way to determine if it is an intrusion attempt or a process, application or service causing this?

An event has occurred in which you are on the notification list.
Time Stamp: 10/23/2019 11:56:45 PM
Perpetrator: CN=Anonymous Logon,CN=WellKnown Security Principals,CN=Configuration,DC=***,DC=local
Perpetrator Name: ***\ANONYMOUS LOGON
Event Source Type: Active Directory
Domain Name: ***
Policy Name: AD: User Account Lockouts
Event Name: Object Modified
Event Name Translated: Account unlocked
Originating Server: ***\***-DC01
Originating Server IP:   *.*.*.10
Target Host: n/a
Target Host IP: n/a
Class Name: user
DN: CN=Administrator,CN=Users,DC=***,DC=local
Affected Object SID: S-1-5-21-3359379490-2354048252-4260778802-500
Affected Object Account Name: ***\administrator
Operation Successful: True
Operation Status: Success
Blocked Event: False
Perpetrator Sid: S-1-5-7
Originating Client: AUTH:***-DC01
Originating Client Host: ***-DC01.****.LOCAL
Originating Client IP: x.x.x.10
Originating Client Protocol: AUTH
Originating Client MAC: **:**:**:**:**:FF
Events Count: 1

Open in new window

Thanks in advance.

Hi Experts,

I have a question regarding AD scurity groups.
Lets say I have two security groups.
One group is filled with users (modify rights).
The other group is filled with FullAccess Users.

Lets say one teamleader is in both groups, which group counts ?
The group with the highest right or lowest ?
I recently took away users local admin privileges from all the end users computers.  The people who seem to be affected by this the most are the programmers. They have issues with running docker which needs to be run with elevated privileges (Just one example so far ).  I would be interested in hearing what other sys admins are doing with the more technical end users to let them work properly?

Thank you.
Within splunk enterprise, when I am running a search and see the matching term suggestion pop up, is there a keystroke I can hit to select the matching term?  Currently I have to click it with my mouse.
 See picture.
Script to audit memory on a remote machine.

Does anyone know of or have a Powershell script that will loop through a text file (where i add computer names) and check the memory on each of these and write back to a CSV file with the headers - COMPUTERNAME | MEMORY

I have found scripts but I am unable to use Get-WmiObject for security reasons will not allow on any machine (Get-WmiObject : The RPC server is unavailable)

Any help would be appreciated

Thank you
Android 9, Oreo.

New phone.

Samsung A7.

Got a notification from...Find My Mobile.

Don't have this app.

Clicking the notification it says "These notifications can't be turned off."

What can I do?  Need notifications from Apps I use.  Don't want ads.


How can I lower the Java Security Rules for internal networks only?

Currently our users are needing to manually enter an internal web address in their Java Exception list.  I have been charged with trying to make the process more automatic for our users.  Specifically to allow all URL's for internal web addresses to allow the Java Applet.

I did find a way to create an Exception list for the computer:  https://community.spiceworks.com/how_to/123766-java-site-exceptions-list-and-certificates-for-all-users

but, this option takes away the user's ability to have their own list or to add the web sites that they want and the list will be managed by the local administrator.  Equally important, if I used the above mentioned web page documentation then it will overwrite any Java exception list that the user already created.  We do not want to go that route.

Is there a way to allow internal web addresses to have a lower Java Security level then external web addresses?  TO actually allow Java to be run on those internal web url's.
I would like to find a way to see which security protocols/ciphers are being used with IIS 6 on our windows 2008r2 server.
Where is the right place in the registry, or IIS to look for these settings?

I have a domain network that needs to have a security warning appear just before the user logs onto their computer account.   I have never done this nor have any idea where to start.  It is on a Windows 7 computer, soon to be a Windows 10.  Any directions on how to do this?
Have a new Samsung A7, Android 8.0.0 OS.

Can't see the option for encrypting the PHONE.  

Have encrypted the SD card.

Have set up a PIN & fingerprint sensor unlock.

I recall there was an option to encrypt the phone - had one with my Sasumg J5.

But, can't find the option to encrypt anything beyond the SD card on this phone.

What am I doing wrong?

Many thanks!


Our users are having issues with sending emails with zip file attachments. I have looked at our exchange server setting and I can seem to find anything that pops out. I also verified our email security gateway and did not find anything. I have not changed anything in our server or Barracuda email security gateway. Below is the error I get. Any help would be greatly appreciated.

Delivery has failed to these recipients or groups:
The email system had a problem processing this message. It won't try to deliver this message again.

Diagnostic information for administrators:
Generating server: xxx.amormeus.org
Remote Server returned '554 5.6.0 Invalid content'
Original message headers:
Received: from xxx.amormeus.org ([::1]) by xxx.amormeus.org
 ([::1]) with mapi id 15.00.1473.005; Mon, 21 Oct 2019 07:48:36 -0500
MIME-Version: 1.0
Content-Type: text/plain
Date: Mon, 21 Oct 2019 07:48:36 -0500
X-MS-Exchange-Transport-FromEntityHeader: Hosted
Message-ID: <c444d4072b8544aaafe8cf98e980babb@xxx.amormeus.org>
Subject: this is a test
FileZilla-Server-Connection-Issues-.docxFileZilla Server SFTP connection issue from outside network. I need help resolving issues with sftp connection to filezilla server from outside network. Please see attachment for details for my current Router, FileZilla Server, and FileZilla Client configurations.
Only allow domain users to use a simple user interface and the least needed settings for their daily work.
For security, privacy concerns. Administrators are not affected.
1.  Standard taskbar system icons and notification icons by Group Policy. For example, hide Windows Ink Workspace, show Input Indicator, etc...
2. Only show specific apps on the start layout by Group Policy. For example, show Photos app icon, hide MS store, games, xbox, etc...

Could I have some advice or guidelines on which Group Policies can do that? I already imported the Windows 10 GPO templates into the Domain Controller, but do not know which policies can meet my missions. Thank you.

Server 2012 R2 AD, Windows 10 professional
Self-signed certificate vs ca signed certificate,

I have done some reading online about this topic but I get this : "The primary operational difference between a self-signed certificate and a CA certificate is that with self-signed, a browser will generally give some type of error, warning that the certificate is not issued by a CA"

I believe self signed certificate is free and the CA certificate is not.
if so, then why would not everyone use the self signed?

any explanation on this topic will be very much appreciated.

thank you
We have an old version of barcode printing software that has a parallel port security key.  The desktop that the software is running on is dying so we were able to find (amazingly) the installation file for the same version of the software and we were able to successfully install it on a Win 10 Laptop using compatability mode.  Of course the laptop does not have a parallel port so we bought a USB > Parallel port from Amazon.  Unfortunately, the software still does not see the key when it is plugged into the USB adaptor.  We are about to give up but thought I would post this just to see if maybe there was a windows setting or something that someone could suggest that might make this work?  Crazier things have happened!!!   Thanks for any suggestions!
Hello experts,
Just curious in your company how do you determine your endpoints (machines - Windows/MACs and Android/iOs mobile) are trusted (owned by your company) to allow user to accesss Office 365?

Just looking for options...
How does 2 Factor Authentication work, exactly, for Office 365?  We are interested in possibly implementing it - but we don't want users to have to CONSTANTLY re-authenticate, either.  And are there control options for how it works - or is it Microsoft-controlled?

Thank you
The user was visiting the web page for thinkwellgroup.com (which looks to be a pretty amazing company).  They were using a recent model iPhone and were browsing in Safari for the iPhone. They wanted to call for information on behalf of their company, and saw a phone number on the bottom of the home page.

They then had some sort of message from switch.com appear on their Safari screen.  Switch.com is a colocation company.

Should they be worried about iPhone security?  Could there be an issue with a colocated website?

Phone number link on homepage
We have started giving users the option to work off of a Mac instead of PC but an annoying issue has come up.

Unlike in the PC world where users can install Windows Updates, admin credentials are needed for Mac users to install updates.  Is there a way for standard users to install Mac updates other that entering admin credentials or having their accounts changed to admin accounts?

Before the last few days we had a setting that would go back to the login screen and require the password. I could be sitting here doing nothing and maybe every 10 minutes this event would happen. Now today I left at 4pm and back at 6pm and the system was still on. Who changed the setting and how to prevent it from failing. The computer was not secure today during those 2 hours. I think the setting I had was 10 minutes.

I went into these settings and not seeing it. Windows 10 desktop.
We have numerous instances of MS SQL Standard 2012 in our environment. MS's product lifecycle page shows SQL 2012 Service Pack 4 as supported until July 2022.

I'm seeing different information regarding MS support for Critical and Security WSUS updates. Am i reading it right that if we install SP4 on those we will continue to get WSUS critical and security updates but may have to pay a fee if we call MS as they are in extended support and no longer mainstream?

Do i have that correct?






Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.