Microsoft Security compliance toolkit / Windows hardening / GPO settings

Microsoft security compliance toolkit: Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporteContinue reading “Microsoft Security compliance toolkit / Windows hardening / GPO settings”

AD – Securing Domain Controllers / hardening Windows domain and computers

Reference articles to secure a Windows domain: Les 4 piliers de la sécurité Active Directory Pingcastle: to audit an AD domain AD explorer (sysinternals): Microsoft audit Policy settings and recommendations: Sysinternals sysmon: to audit and control changes!2843&ithint=file%2cpptx&app=PowerPoint&authkey=!AMvCRTKB_V1J5ow On Beyond domain admins: Gathering AD data with PowerShell: reading “AD – Securing Domain Controllers / hardening Windows domain and computers”

Microsoft Message Analyzer resources

Basic network capture methods: Network Monitor 3.4 (Netmon) – (NOTE: Network Monitor is no longer under active development) Wireshark (v 2.2.2 as of 11/16/16) – Netsh Trace – built-in to operating system Microsoft Message Analyzer (MMA) (v 1.4 as of 6/13/16) – Message analyzer operating guide: How to message analyzerContinue reading “Microsoft Message Analyzer resources”

Windows – Windows Admin Center

Windows Admin Center: Installation: You can install Windows Admin Center on the following Windows operating systems: Version Installation mode Windows 10, version 1709 or newer Desktop mode Windows Server Semi-Annual Channel Gateway mode Windows Server 2016 Gateway mode Windows Server 2019 Gateway mode Desktop mode: Launch from the Start Menu and connect to theContinue reading “Windows – Windows Admin Center”

How to test SSL/TLS status ?

To test SSL/TLS and much more you can use the free online tool from Qualys: Third-party Tool:   Links related to TLS which I have consulted: Solving the TLS problem ==> How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==> TLS/SSL Settings ==> Managing SSL/TLSContinue reading “How to test SSL/TLS status ?”

How to determine which version of .net framework is installed?

Reference: Microsoft .net Framework is a software package that is used by many applications, it runs in a software environment as opposed to hardware environment. Free program called .NET Version Detector ( download here ). PowerShell: how to get version of .net framework on a remote computer: To query the local Registry usingContinue reading “How to determine which version of .net framework is installed?”

Windows – How to repair WMI ?

Run the script below on the client machine that’s generating the WMI corruption errors. It recompiles all .mof WMI files found in the %windir%\System32\Wbem\Repository folder. @ECHO OFFsc config winmgmt start= auto reg add HKLM\SOFTWARE\Microsoft\Ole /v EnableDCOM /t REG_SZ /d “Y” /f reg add HKLM\SOFTWARE\Microsoft\Ole /v LegacyAuthenticationLevel /t REG_DWORD /d “2” /f reg add HKLM\SOFTWARE\Microsoft\Ole /vContinue reading “Windows – How to repair WMI ?”

ADFS 2016

Understanding ADFS and Federation by a example: Comparing SAML, WS-FED and OAuth: What’s new in ADFS 2016? Eliminate Passwords from the Extranet Sign in with Azure Multi-factor Authentication Password-less Access from Compliant Devices Sign in with Microsoft Passport Secure Access to Applications Better Sign in experience Manageability and Operational Enhancements You canContinue reading “ADFS 2016”