Microsoft Security compliance toolkit / Windows hardening / GPO settings

Microsoft security compliance toolkit: Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporteContinue reading “Microsoft Security compliance toolkit / Windows hardening / GPO settings”

AD – Securing Domain Controllers / hardening Windows domain and computers

Reference articles to secure a Windows domain: Les 4 piliers de la sécurité Active Directory https://www.cert.ssi.gouv.fr/uploads/guide-ad.html https://github.com/PaulSec/awesome-windows-domain-hardening Pingcastle: to audit an AD domain https://www.pingcastle.com/ AD explorer (sysinternals): https://www.blackhillsinfosec.com/domain-goodness-learned-love-ad-explorer Microsoft audit Policy settings and recommendations: https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-policy-recommendations Sysinternals sysmon: to audit and control changes https://onedrive.live.com/view.aspx?resid=D026B4699190F1E6!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow On ADsecurity.org: Beyond domain admins: https://adsecurity.org/?p=3700 Gathering AD data with PowerShell: https://adsecurity.org/?p=3719Continue reading “AD – Securing Domain Controllers / hardening Windows domain and computers”

Microsoft Message Analyzer resources

Basic network capture methods: https://blogs.technet.microsoft.com/askpfeplat/2016/12/27/basic-network-capture-methods/ Network Monitor 3.4 (Netmon) – https://www.microsoft.com/en-us/download/details.aspx?id=4865 (NOTE: Network Monitor is no longer under active development) Wireshark (v 2.2.2 as of 11/16/16) – https://wireshark.org/#download Netsh Trace – built-in to operating system Microsoft Message Analyzer (MMA) (v 1.4 as of 6/13/16) – https://www.microsoft.com/en-us/download/details.aspx?id=44226 Message analyzer operating guide: http://technet.microsoft.com/en-us/library/jj649776.aspx How to message analyzerContinue reading “Microsoft Message Analyzer resources”

Windows – Windows Admin Center

Windows Admin Center: https://docs.microsoft.com/en-us/windows-server/manage/windows-admin-center/understand/windows-admin-center Installation: You can install Windows Admin Center on the following Windows operating systems: Version Installation mode Windows 10, version 1709 or newer Desktop mode Windows Server Semi-Annual Channel Gateway mode Windows Server 2016 Gateway mode Windows Server 2019 Gateway mode Desktop mode: Launch from the Start Menu and connect to theContinue reading “Windows – Windows Admin Center”

How to test SSL/TLS status ?

To test SSL/TLS and much more you can use the free online tool from Qualys: https://www.ssllabs.com/ssltest/index.html Third-party Tool: https://www.nartac.com/Products/IISCrypto/Download   Links related to TLS which I have consulted: Solving the TLS problem ==> https://www.microsoft.com/en-us/download/details.aspx?id=55266 How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==> https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc TLS/SSL Settings ==> https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS10 Managing SSL/TLSContinue reading “How to test SSL/TLS status ?”

How to determine which version of .net framework is installed?

Reference: http://support.microsoft.com/kb/318785 Microsoft .net Framework is a software package that is used by many applications, it runs in a software environment as opposed to hardware environment. Free program called .NET Version Detector ( download here ). PowerShell: how to get version of .net framework on a remote computer: https://gallery.technet.microsoft.com/scriptcenter/Detect-NET-Framework-120ec923 To query the local Registry usingContinue reading “How to determine which version of .net framework is installed?”

Windows – How to repair WMI ?

Run the script below on the client machine that’s generating the WMI corruption errors. It recompiles all .mof WMI files found in the %windir%\System32\Wbem\Repository folder. @ECHO OFFsc config winmgmt start= auto reg add HKLM\SOFTWARE\Microsoft\Ole /v EnableDCOM /t REG_SZ /d “Y” /f reg add HKLM\SOFTWARE\Microsoft\Ole /v LegacyAuthenticationLevel /t REG_DWORD /d “2” /f reg add HKLM\SOFTWARE\Microsoft\Ole /vContinue reading “Windows – How to repair WMI ?”

ADFS 2016

Understanding ADFS and Federation by a example: https://blogs.technet.microsoft.com/askpfeplat/2018/01/29/adfs-monitoring-a-relying-party-for-certificate-changes/ Comparing SAML, WS-FED and OAuth: https://blogs.technet.microsoft.com/askpfeplat/2014/11/02/adfs-deep-dive-comparing-ws-fed-saml-and-oauth/ What’s new in ADFS 2016? https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server Eliminate Passwords from the Extranet Sign in with Azure Multi-factor Authentication Password-less Access from Compliant Devices Sign in with Microsoft Passport Secure Access to Applications Better Sign in experience Manageability and Operational Enhancements You canContinue reading “ADFS 2016”