[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More







Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Which tools do you use for security auditing of windows servers (by which I mean checking the configuration aligns with best practice and is free from administrative/configuration based vulnerabilities). Microsoft baseline security analyser seems to of been retjred and not supported on newer OS. So gauging what tools / scripts etc are common in 2018 would be interesting. I would have thought powershell scripts could replace what MBSA used to check for but couldnt find much out there.
Exploring SQL Server 2016: Fundamentals
LVL 12
Exploring SQL Server 2016: Fundamentals

Learn the fundamentals of Microsoft SQL Server, a relational database management system that stores and retrieves data when requested by other software applications.

After i run a check disk (after a corruption) then i found a problem with comodo antivirus .  i tried to install ITSM communication  (so to install comodo antivirus). The problem is that at the comodo console i receive the error:comodo client security connection error code:0X80070002

Is anyone who know how to solve this issue?
We use LogMeIn Rescue and configure hosts on our servers and other devices. Is there an option to disable or turn off the hosted device monitor?

The concern is someone closes the host while we're logged in as admin. We understand it's unlikely with the location of the servers and who's onsite (the majority of the time it's our clients trusted staff). There are times cleaning and phone techs, etc are standing next to the server. We looking at this as a precaution. What would be great is something similar to RDP how the remote connection is locked from public viewing. Note, not looking for another solution because we have a contract with LogMeIn.

LogMeIn hasn't really been any help discussing with them and their forums are nothing like this...not that helpful.

We turn off the monitors but they get turned back on and this doesn't help with security. We prefer to have the ability to block the monitor on the host from being seen by end users.

If there isn't a solution to this we'll just disconnect the monitors and view other options when our LMI contract ends.

Thank you.

We use Seagate STDR5000200 external hard drives for backing up our data on our systems each month.

These systems we backup data for would include Windows 10 Pro, Windows 7 and Windows Server 2003, all systems are using BIOS.

The Seagate STDR5000200 external hard drive we have contains every piece of data for our business such as databases and Microsoft office files.

We prefer to keep our external backup drive portable so that we can bring our external drives offsite.

This drive is replaced each month at a time by another drive which contains backup data where we switch between two drives each month backing up our systems.

These external hard drives are formatted as NTFS.

These drives are recognised by all our PCs.

We have had a problem with these Seagate external hard drives where, if we have a backup running and the power of our PC goes off, the drive becomes corrupt and we lose our data.

This has happened with our Seagate drives more than once.

What would be the best external hard drive to use for backup of our system's data that is fail safe and portable?

I have a Win10 (x86) 1803 PC that has the Microsoft Root Authority Certificate revoked.  Any ideas on how to un-revoke or repair that?
advice on configuring and using 365 MFA
We are currently testing MFA
We have an issue where when a user changes their password or when they are getting prompted for MFA
Multiple Applications are popping up asking for MFA
sometimes the user gets so many prompts they are entering the wrong code
so when a password is changed or the policy is changed
outlook pops up looking MFA
Skype pops up looking MFA
SharePoint Online Pops up looking MFA
We are also using ADFS and sometimes the federated login can get in a loop asking users to sign in repeatedly
I seen an article about caching but i think this may be only related to MFA on prm server
Im just looking advice and best practice on getting MFA rolled out to all users with as little pain as possible
Evening experts,

We have a number of instances of Event ID 5723 Source: NETLOGON on one of our DC's with Win Svr 2008 installed (see below). Although the pc in the event does not belong to our network and never did. I work for a financial organisation and security is as tight as it can be regarding physical access to our main office so I'm assuming this access attempt was made remotely. Please, can you help me out here on how this could have happened? We don't have wifi on our network so I'm a little baffled here. Please advise.  

event id
Hi Experts,

Is it possible to output a report into a csv file that shows the log on and log off timestamp history information of a Windows Active Directory user?

The report is only needed to be filtered for 1 specific AD user and the key information I would like in the output is:
•      Username
•      Login date/ time
•      Logout date / time,
•      successful/failed logon status

I believe this information would need to be extracted from the security event logs on each domain controller and had in mind a script such as a PowerShell script (ideally a script that looks at all the DC’s in the domain would be good)

Oh My Days, I'm missing the blatantly obvious somewhere, NTFS Permissions and Shared Permissions.

Centralised File Server (2016) in Azure - EMEA Share
Users across Europe have access to a EMEA Share via a DFS namespace, delivered to users via drive map GPO

All users receive the mapped drive, and all can see the EMEA Share presented by DFS.

Shared Permissions are set for Everyone Full Control, and Administrators Full Control allowing permission restrictions to be governed by NTFS Perms.

However, we want users to only have either 'Read' or 'Modify' NTFS access so security groups have been created accordingly, users added as members and Security Groups added to a target folder under EMEA.

As well as the normal Domain Admins, SYSTEM, CREATOR OWNER Groups under the folder permissions I add the RO and/or MOD security group and users cannot see any contents in the folder. But, If I add either the Authenticated Users, Domain Users, or Local (Server) Users Groups then the users can see contents.

By adding one of the user groups above I'm allowing all users to see the contents which is not what I want, how do I only present the folder, subfolders, files to users in the RO and/or MOD security groups?
Hi Experts,

since yesterday we have some strange issues with WIN10 machines.
When the user logs in, the screen is black and you cannot click anything.
We have checked the monitors and cables, all ok.
Do you have any infos about this ?

When I check the services from this machine, I can see a lot of services are in starting modus.
See the screenshot.

starting services
Powerful Yet Easy-to-Use Network Monitoring
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Kindly help with the short term as well as long term solution for the following.

Company A (XYZ.com)has Exchange 2010 setup and has got an O365 tenant, however, the mailboxes are not migrated yet. The external gateway is EOP.
Company B has Exchange 2010 setup (LMN.com) and has a different O365 tenant. The emails are not yet migrated to cloud. The Email security gateway provider connecting to internet is different for both.

The requirement is that company B employees should be able to send emails using the SMTP @XYZ.com available to company A.

Please help with a short-term solution as the end goal is to merge both the organisations.
I have a T70 device I'd like connect up via BOVPN with a XTM2 device (with wireless) at a home office location.  In front of the XTM2 I will have an AT&T uverse router in bridged mode.

I'd like all of the data from one port on the xtm2 to go back and forth over the BOVPN.  I'd like all of the wireless traffic to travel out to the internet.  

Can someone please tell me if this is possible and point me in the right direction for accomplishing this?   I've setup BOVPN's between two devices before but it was moving all traffic between both devices and I need to keep the wireless (home users) traffic off the VPN.
I'll be going to a security position in-person interview soon and wanted to hear what I should expect as far as technical questions?  Before you smart aleck know-it-alls chime in stating that you shouldn't worry, because if you have enough experience you should be fine.  I do have some years in the security realm, but wanted to get your insights.   I'm assuming that some networking questions will also come my way, so throw those in as well.
Windows 7 Pro x64 SP1; found numerous entries for the following in the Security log:

Cryptographic operation.Subject:Security ID:S-1-5-20Account Name:CARMEL-LT-PC$Account Domain:WORKGROUPLogon ID:0x3e4Cryptographic Parameters:Provider Name:Microsoft Software Key Storage ProviderAlgorithm Name:Not Available.Key Name:{F4A50D80-D19A-4DD7-A13C-ECB5788EBBA1}Key Type:Machine key.Cryptographic Operation:Operation:Open Key.Return Code:0x80090010

This computer is being managed with ConnectWise Automate v12.

Can anyone spread some light on this error?

Thanks in advance.
Cannot install the NDIS Capture Service on my NIC.
It states: "Could not add the requested feature.  The error is: This program is blocked by group policy.  For more info, contact your system adminstrator"

I am the system administrator.  There is not a GPO configured to block this installation.
I've looked for parameters in:
Computer Configuration | Administrative Templates | System | Removable Storage Access
Computer Configuration | Administrative Templates | System | Device Installation | Device Installation Restriction
I've run RSOP and there are no settings to this effect.

There are no settings inside either of these.

I've also checked local security and local group policy - there is also nothing defined there.

Anyone have any ideas?

Windows 10 pro, 17134.285

I've uninstalled Webroot Secure Anywhere thinking that might be the problem - no change
how can  I create a immediate report when a virus ist found in Kaspersky security center 10
Need feedback installing Windows Defender (known as Microsoft Security Essentials) on Server 2012 R2. Have a host running 2016 Standard Server with 2 VM's. One VM is 2016 Server and the other downgraded to 2012 R2 Standard Server by Microsoft. Had a licensing issue and the best option was downgrading to save on downtime. 2nd VM is an exchange server and doesn't have Windows Defender / Msft Sec Essentials) installed.

1. What sucess and procedures have others followed to install Windows Defender (known as Microsoft Security Essentials) on Server 2012 R2?
2. Any concerns running on an exchange server?

This article  explains the unsupported steps to install Msft Sec Essentials. Anyone try this procedure and how did it go?

Microsoft Tech Net explains turn on the feature located 'User Interface and Infrastructure / Desktop Experience' which I confrirmed is installed. Can't locate Defender/MSFT Essential anywhere.
Desktop Experience
I had an interview and was asked a couple of questions which I'm not 100% I asked correctly or might have been what the interviewer was looking for and I wanted to know how you experts would have answered them?

1.  What is broadcast/unicast and I forget the other option?

2.  How do you secure a switch?

3.  From a security point of view, what occurs at layers 4-7?

I've created a TS to make a clean installation of Windows 10 pro 1803.
Everything goes fine, until the TS rises the "Setup Windows and Configuration Manager" step. As you know, at this step the computer reboots. In my case, the TS doesn't continue, the system restart but SCCM client it's not installed, and either the applications.

I've tried to find out any solution to this issue in internet, but no results.

Can anyone help me with this issue???

I have:
SCCM version 1806
SCCM Client 5.00.8692.1008

Here are the last lines of my smsts.log.

Successfully completed the action (Setup Windows and Configuration Manager) with the exit win32 code 0            
"MP server http://siteserver.mydom.com. Ports 80,443. CRL=false."            
Setting authenticator            
Sending StatusMessage            
Setting the authenticator.            
CLibSMSMessageWinHttpTransport::Send: WinHttpOpenRequest - URL: siteserver.mydom.com:80  CCM_POST /ccm_system/request            
Not in SSL            
Request was successful.            
Set a global environment variable _SMSTSLastActionRetCode=0            
Set a global environment variable _SMSTSLastActionSucceeded=true            
Expand a string: %_SMSTSMDataPath%\Logs            
Clear local default environment            
The action (Setup Windows and Configuration Manager) requested a retry            
Reboot to local harddisk            
_OSDGinaIsConfigured variable set to TRUE            
_SMSTSServiceStartType variable set to …
Redefine Your Security with AI & Machine Learning
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

Has anyone had any luck with removing/recovering from nozelesn ransomware?
I have a wildcard security certificate i.e. *.domainame.com which is currently on a server.
i am moving my website on Azure platfrom. when i ran the PCI scan on a test.domainname.com site on Azure, the PCI scan reported failuer saying

Title: SSL Certificate with Wrong Hostname

Synopsis: The SSL certificate for this service is for a different host.

Impact: The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.

Resolution: Purchase or generate a proper certificate for this service.

Data Received: The identities known by SecurityMetrics are : waws-prod-XXX-XXX.api.azurewebsites.windows.net

The Common Name in the certificate is : waws-prod-XXX-XXX.publish.azurewebsites.windows.net

The Subject Alternate Names in the certificate are : waws-prod-cw1-005.ftp.azurewebsites.windows.net

Can any one help there. The certificate i have is a wildcard certificate and the test.domainname.com runs ok on browser
Accessing C$ on the network:

I have various reasons for needing to do this.  
One has to do with testing / confirming / troubleshooting access from monitoring "server workstations" using things like EventLog Analyzer and GFI Languard.

Here is the situation:
Each computer is on a peer-to-peer network and has a common Admin1 User/Password.  The server workstation is logged in with that User.
Using UAC \\[target_ipaddress]\C$ from the server workstation generally works.
But, on some target workstations it does not.
So, the task is to resolve the failures and turn them into successes.

Since all of these workstations have been treated fairly equally regarding file sharing, firewall settings, services, etc. it's surprising when failures occur. and I'm hard pressed to find a solution.  
I keep asking myself "what's different?"  and, while willing,  end up searching rather involved descriptions of things that I probably don't need to investigate in such detail.  

There are other aspects but to be fair to the Experts, I'll ask them separately.
But, in this case I'll add that the workstations are in 3 subnets each in workgroups named identically WORKGROUP - routed together with no NetBIOS traffic allowed; there is no inter-subnet name service.
Yet, the services I'm trying to troubleshoot DO work across all 3 subnets - just not in every target computer.
(In some cases I'm sure that the checklist of things to "fix" to get the monitoring to work is bigger than it …
are there any tools that can run on windows 7 which will capture which specific event logs or files such as log files / files in general , are updated as a result of certain user actions (e.g. opening certain file types, running applications, plugging in devices etc).
MBAM premium and ESET nod32  real time  protection clash .
We  currently  have  ESET nod 32  in our  computers and we plan on adding Malwarebytes Anti-malware Premium for additional protection , aside from performance does turning  on real time protection on both of them a good idea ?

I'm setting Netwrix Auditor for track mailbox access events.
I did launch data collection but always received the Status completed with warning or errors "The user name or password is incorrect"
[img]http://imageshack.com/a/img921/6075/7wRWWe.jpg[/img]- With the same way i could get data collection for others object as like AD, Group Policy, Inactive User Tracking.
- Default Data Processing Account is Domain Administrator.

My Enviroment:
Windows 2012 std, Exchange srv 2016, Netwrix 6.5

Anyone can guide me ?
Thank you !






Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.