Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi All,

I have around 100 servers in my test environment. I would like to create 2 Active Directory domain local security groups for each server. 1 for local admin rights and 1 for remote desktop users. Groups can look like:

DLG-LocalAdministrator-SERVERNAME
DLG-RemoteDesktopUsers-SERVERNAME

I have an active directory export of these servers in a CSV file. How can i automate to create those groups with each servername in them?

Thanks in advance.
0
Hi,

I need to:
-connect to a server via powershell (execute invoke commands and enter pssessions)
-execute sql queries to another server

Both work on one w10 pc, not on another.
Which ports on the firewall I need to open
-for Powershell
-for sql queries?

Please advise
J
0
Is there a script that I can run that will query all my AD Users and Computers and spit out a csv with the created date and the user that created the account?

Say User A created a User B, then User B created a Ucer C and Computer C.

(preferably not using a third party tool that needs to be purchased)

Thank you Team
0
Hi team,

[Server00]: PS C:\Users\dperezb\Documents> Install-WindowsUpdate

Confirm
Are you sure you want to perform this action?
Performing the operation "(13/02/2020 8:59:39) Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.281.594.0)[197MB]" on target
"MDMVFS01".
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [?] Help (default is "Y"): A

X ComputerName Result     KB          Size Title
- ------------ ------     --          ---- -----
1 Server00     Accepted   KB2267602  197MB Definition Update for Windows Defender Antivirus - KB2267602 (Definition 1.281.594.0)
1 Server00     Accepted   KB4524244   67KB Security Update for Windows Server 2016 for x64-based Systems (KB4524244)
1 Server00     Accepted   KB4537764    1GB 2020-02 Cumulative Update for Windows Server 2016 for x64-based Systems (KB4537764)
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
    + CategoryInfo          : NotSpecified: (:) [Get-WindowsUpdate], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,PSWindowsUpdate.GetWindowsUpdate

I connect with a administrator user.

Regards.
0
Hi all,

I have a vulnerability that is preventing my frontend's automated build.

I did a npm update and bower update, this caused new versions of dependencies to be included in my package.json and bower.json, all fine.

If I try the build the dependency error is still showing in two different locations:
node_modules/polymer-cli/node_modules/handlebars/dist/handlebars.js - v4.1.2

and

node_modules/bower/lib/node_modules/handlebars/dist/handlebars.js - v4.0.10

I don't understand why those versions were not updated even if I specifically requested the latest version for polymer-cli and bower.
I've searched everywhere in the codebase but I couldn't find any reference to those versions to update them.

Can you please help?
0
I am trying to delete a file off a network. I have admin rights and even switch over to use the admin account to try and delete it.

I keep getting the Folder Access denied.

If I go under the folder properties and under the security tab and click advance. I try to change the Owner. It will allow the change until you hit apply. This error message states "unable to set new owner ....access is denied.
0
Hi,
There are File Servers:
FS#1 is bad.
FS#2 is the replacement.

Here is the hierarchy of the folder:
FS#2> Marketing > Proposal > many folders here
The permitted users to Read, write or modify every folders under the “proposal” folder are
User#1
User#2

I want to give permission to User#1 to be able to modify any folders under the “proposal” folder.
The things that I do:
I go to the Proposal folder > right-click, select properties > go to the Security tab > click Edit > then, I add the “user#1” and give him “Full Control” permission > then, click OK or Apply

My question: Is there anything else that I have to do?

tjie
0
I have Office365 locally installed on a PC with the email account setup as IMAP.  All was working ok but now have a few issues:
1) When opening Outlook frequently (not always) getting a send/receive error - usually a reboot will correct
2) Yesterday - started getting the following message:  "Internet Security Warning" - The server you are connected to is using a security certificate that cannot be verified..... do you want to continue using this server.

I have two different email accounts setup in Outlook (one goes through Yahoo servers and the other through Total Server Solutions (previously Hands On Webhosting) - both accounts are setup as IMAP.

Any help is appreciated!  Thank you.
0
In view of the pandemic, 300-500 staff are to work from home
using VPN.

I'll need an assessment if GPO update (push down to those
remote PCs that are company-owned PCs) should be disabled
or enforced  so need assessments from experts here.

a) if we don't push down the latest policies, NAC requirements
    like AV signatures & patches may not be up-to-date & this
    work-from-home arrangement can last 1-2 months (subject
    to how long the health authority retain the alert level)

b) however, if we enforce &  critical PCs are blocked from
    accessing due to outdated signatures/patches, it will be a
    service disruption to those critical users.  Or if it's blocked,
    feasible for the support guys to exempt those PCs to
    enable them to temporarily connect (to get AV updates
    from our internal AV server) & WSUS?

c) is the GPO update going to consume a lot of bandwidth?
    we have 50Mbps dedicated for VPN users

d) for some reason (I don't know why), we permit split
    tunnelling on our VPN  though the PCs'  browsers are
    locked (greyed out & users can't change) to go thru
    our company proxy so they can't browse public Internet
    using IE/Chrome/FFox but an ultra-secure browser (that
    disallows upload/downloads): only for trusted sites like
    our Intranet, zoom.us (for remote conferencing) & O365
    URLs, we whitelist in the GPO (ie the 'exclusion' URLs/
    IP section in IE/Chrome) & proxy to enable IE/Chrome to
   …
0
Hi there,

I have a connection string in my Console Application which has the special char in it. It is the single quota   at the end of the password. Here is the entire connection string.

<add key="ConnStr"
         value="Data Source=servernName;Persist Security Info=True;
         User ID=sqlLogin;Password=5XAc*@Z+d'X0bs&quot;TyE&quot;U]&gt;[.';
         Pooling=False;
         MultipleActiveResultSets=False;Connect Timeout=60;Encrypt=False;TrustServerCertificate=False" />

There are lots of special characters in the password but the very last one creates a problem.

I received the following error:

System.ArgumentException: 'Format of the initialization string does not conform to specification starting at index 117.'

When I get ride of the last special single quota char (') then it works but then complain about the password being wrong :)

thank you and I hope I explained my problem correctly.
0
Our corporate have a batch of Samsung tablets designated
for specific use only.

It's going to take a while to identify a free MDM to control
these tablets so for time being, I'll need a checklist in terms
of cybersecurity & usage control (ie restrict to that app only).

The checklist will be used by our IT support when the
tablets are brought to them for installation/support &
the IT Support maydo quarterly checks manually by
referencing this checklist:

Offhand I can only think of the following, pls add on :

1. updates/patches are up-to-date
2. PlayStore app is not present (ie disabled/deinstalled)
     so that users can't install unnecessary apps
3. Only designated browser ie Chrome & one other
    & the app that we required for that designated use
    is present
4.   ...   ?


Also help recommend any free MDM that could
enforce the above checklist of items.
0
I've been asked to source the below for a small / medium business.  Any help with this would be great... Templates and or explanation on what is required.

  • A written information security program to protect the confidentiality, integrity and availability of our information.  Professional certification such as ISO27001, PCI-DSS AOC, SOC Type II

  • Not sure what they are asking for here...... Do you have established controls for assessing and ongoing oversight of the adequacy of your own partners / suppliers IT Security postures?

  • Corporate incident response policy and a formalized breach notification process

Thanks!
0
My IT team installed the Trend Micro antivirus software couple of months ago. Since then, our in-house built .NET program that deployed via ClickOnce technology got this message prompting out every time we launch the program.

Untitled.jpg
We know that this is relating to Trend Micro's feature of Newly Encountered Program Detection

Understanding Behavior Monitoring detections in OfficeScan
https://success.trendmicro.com/solution/1121152-behavior-monitoring-detections-officescan#collapse4

But how can we bypass this configuration so that the prompt of Newly Encountered Program Detection can be disabled for our in-house built .NET program?

We tried to include the installation path of .NET program (such as C:\Users\xxxxxx\AppData\Local\Apps\2.0) into the Trend Micro's Exclude List in local machine, but it doesn't help and the message is still keep prompting.

Any help is greatly appreciated, thanks.
0
I'm developing a number of GPO's and am surely still learning.  I feel OK about simple ones but have to consider testing, and expanding the deployments in time.
One question that I'm sure others have dealt with is this:

I have a fairly typical environment where the people change a bit more often than the computers.  And, if a computer changes, it can reemerge with the same name I guess.
So, assuming a GPO that will apply to Users:
A small Group of Users will be exempt by design - and won't change that often.
Otherwise, the GPO will apply to everyone else.

My question is this:
As new Users are introduced, how to best include them without having to explicitly add them to a special-purpose Group?
That is, if they get into a rather broad group anyway, to not have to add them to others.
Otherwise, I might imagine including ALL Users and then excluding the small Group as above.
I'm not sure how to do the latter unless it's in Security Filtering perhaps?

I'm trying to avoid manually generating a 98% of everyone Group and then having to maintain it thereafter.
0
Windows 7 with SP1 continued from prior question on Gateway

Back again with confirmation that SP1 and MS Security Essentials did install successfully on January 27, 2020 but Malicious Software components fail consistently from Windows Update.  When installing IE11 from the above link, BSOD and after second reboot and attempt, the update to IE11 began and then was stopped stating other items must be installed first.  No Clue which they could be.  Sigh.  Valiant efforts all around.  

When attempting to install the two items that pop up as important prerequisites (but undefined), error 8024605 blocks the installation efforts.  sfc /scannow finds no problems.  Event log full of consistent errors that Microsoft Antimalware cannot update signatures.  That's event code 2001.

Does this merit a new Question?  Or is it a lost cause.

Previous Q is this:  https://www.experts-exchange.com/questions/29170641/Vista-to-Windows-10-on-Gateway.html
0
If someone has compromised as in gained unauthorised access) to an Office365 email account, for the purposes of data access, is there anyway they could lead emails out to an external address without it leaving a trace in the tracking logs? With such an attack how is it likely the attacker would make use of the access they have achieved through whatever compromise, to read/use the data? It seems a bit simplistic to me to just start forwarding them outwards, but I am not sure how these attacks happen and what exactly it is they would do with their access once achieved (and how to determine what if anything they did do once access was achieved).
1
We're having issues sending email to any addresses ending in .mil.

In Outlook we receive bounce backs saying similar things to:

Remote Server at navy.mil (205.85.41.166) returned '400 4.4.7 Message delayed'
1/27/2020 9:37:19 PM - Remote Server at navy.mil (205.85.41.166) returned '451 4.4.0 Primary target IP address responded with: "421 4.4.1 Connection timed out." Attempted failover to alternate host, but that did not succeed. Either there are no alternate hosts, or delivery failed to all alternate hosts. The last endpoint attempted was 205.85.41.166:25'


Using Exchange 2013, I'm able to pull up the Queue Viewer and see emails sitting in queues going to navy.mil, usmc.mil, uscg.mil, army.mil, etc but they never transfer... unless I click on Retry and then it seems to be a 50/50 shot as to whether the emails will go through.

Considering they go through, sometimes, I'm assuming it's not a security issue - TLS 1.x, SPF, DMARC, rDNS, etc...

I'm stumped.

I have a ticket open with NMCI but it seems to be taking quite a while to make its way through their system so I'm turning to EE to see if you guys have any ideas.

Anyone?
0
We use Azure Cloud backup to backup our in house servers.  If we were hit by ransomware and server files were encrypted, would it affect our backups that are stored in Azure?   I'm thinking the backups are protected and we should be able to restore from them.  Any ideas on this?

Thanks,
cja
0
Hi,

Some users are seeing a Not secure flag in Chrome when viewing a site I host that has a secure cert on it.  The warning is 'This site uses an outdated security configuration, which may expose your information...'

The platform is Windows Server 2008 with IIS 7.  We are moving to a Windows 2016 server but I don't have direct control over when that move will occur.  Is there something I can modify in the interim to bring it up to standards?

Thanks!

--Ben
0
I am having some issues applying a GPO to my workstations.   I am currently in the process trying to setup a GPO to push a security group with 2 domain logins associated with that group to apply local administrator access to any machine on this current domain.   Below is the link I am using.

https://richardstk.com/2013/11/26/adding-domain-users-to-the-local-administrators-group-using-group-policy/

I am attempting to use option 2 to ensure any local admins that are current on the workstation machine are not removed.  

I created the policy and applied the policy to the workstations group in GPM and enforced the policy.   (GPO Setup.jpg) Attached.  

However after running a gpupdate /force I am experiencing the following error on the workstation.


C:\Users\testgpo>gpupdate /force
Updating policy...

Computer policy could not be updated successfully. The following errors were encountered:

The processing of Group Policy failed. Windows attempted to read the file \\ecva2.local\SysVol\ecva2.local\Policies\{56134950-09B3-4597-950F-26CF3ED660BA}\gpt.ini from a domain controller and was not successful. Group Policy settings may not be applied until this event is resolved. This issue may be transient and could be caused by one or more of the following:
a) Name Resolution/Network Connectivity to the current domain controller.
b) File Replication Service Latency (a file created on another domain controller has not replicated to the current domain controller).
c) …
0
I've created a new domain environment and would like to automatically assign users to a security group based on their OU and also have this apply to child OUs. I don't use powershell alot so I was hoping to get some help as the online guides seem to be giving me errors.

The OU structure looks similar to this:
RSR-OU.png

So for each OU I would have a security group that should be applied for the users in that group and any child OUs.

When I try using:
Get-ADUser -SearchBase 'OU=Property_A,DC=domian,DC=org' -Filter *

Open in new window


It gives me a list of all users in Property_A

If I try running:
Get-ADUser -SearchBase 'OU=Property_A/User Accounts,DC=domian,DC=org' -Filter *

Open in new window


or any other child OU I get an syntax error:

Get-ADUser : Directory object not found
At line:1 char:1

I'm assuming I can't get the users within child OUs using the OU/ChildOU.

Can someone tell me the correct syntax that would work for this use case?

I found the following online that is suppose to do what I want but in order to test I need to get the correct syntax.

Get-ADUser -SearchBase 'OU=OUname,DC=contoso,DC=local' -Filter * | % { Add-ADGroupMember 'groupname' -Members $_ -WhatIf 

Open in new window


If the following works what would be the correct way to automate this? Setting the script to run in task every hour?

Thanks for your time.
0
Is EVC Required to be enabled on HP Gen 9 and Gen 10 Server ?

Both are Intel then why it is required if yes can we enable without any outage .downtime to running infra
0
The user's Windows 10 computer has run out of free space, and WinDirStat reports 91% of the drive space is taken up by <Unknown>
MalwareBytes ran last night, scanned 455,380 files, with no threats found.  This scan took 4 hours and 10 minutes
I installed the latest MalwareBytes update this AM, and I assume that I have another 3 hours for that to finish.

The only major change that the user recalls is that a Cloud 9 connection to what appears to be a virtual desktop was installed around the time they noticed the computer slowing down.

How should I proceed?   Thanks.



91percent of drive used up by unknown
0
Hi everyone,

I just did a dependency check in my code and I get:
https://nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Anetty%3Anetty%3A3.10.5

I've searched in my dependencies (POM.xml and the whole project too) but I could not find netty.
For this reason I think that it is some child dependency.
So I did a maven dependency tree but also searching there didn't get any netty hit.

What am I missing?

Thanks for your help.
0
if you suspect someones office365 email account may have been compromised via imap protocol (now disabled on the account and pwd updated), where specifically could you look to see if any specific data from their account has been breached/leaked/viewed? would there be any traces within the mailbox itself, or other administrative features/logs of office365?
0

Security

26K

Solutions

25K

Contributors

Security is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Computer systems now include a very wide variety of "smart" devices, including smartphones, televisions and tiny devices as part of the Internet of Things -– and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other wireless networks.