Category: Windows Server/Client


ADFS 2019

ADFS 2019 what’s new:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/overview/whats-new-active-directory-federation-services-windows-server

ADFS 2019 on Windows server 2019 has just been release recently, but I do not recommend to put in production because you can discover some side effects with AADConnect, Office 365, MFA onprem server service running on the ADFS servers and your current federated-based applications not yet compatible (ie Cisco Webex, Cisco Jabber …)

 

Advertisements

https://blogs.technet.microsoft.com/askpfeplat/2018/10/29/ssh-on-windows-server-2019/

Recently I am facing remote desktop login problem in on Windows 2003 Server.
While I am enter user name and password server give me logon error.

“The system cannot log you on due to the following error:
The RPC server is unavailable.
Please try again or consult your system administrator.

 

From another member server with admin rights,

open the eventvwr and connect remotely to the faulty server (application log): errors on UserEnv

then to solve this issue:

open the remote registry using regedit and connect to the faulty server remotely

then create this registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

Create a new Value selecting Dword and name it as IgnoreRegUserConfigErrors and give a value as 1

Reboot is not required.

Now try doing an RDP – it should work!

 

How to repair servermanager.exe on 2012 R2 ?

if servermanager crash and if there is an event on application event log:

Event ID: 1000
Faulting application path: C:\Windows\system32\ServerManager.exe
Faulting module path: C:\Windows\system32\wmidcom.dll

Solution:

Rename the registry key HKLM\SOFTWARE\Microsoft\ServerManager\ServicingStorage\ServerComponentCache
to
HKLM\SOFTWARE\Microsoft\ServerManager\ServicingStorage\ServerComponentCache.old
Reboot to take effect then if KO remove the .old registry keys

 

# Try without doing anything bad

Stop-Computer -WhatIf

# Stop the local computer

Stop-Computer

# Try without doing anything bad on multiple systems

Stop-computer -ComputerName ‘computer1′,’computer2′,’computer3’ -whatif

# Stop multiple systems

Stop-computer -ComputerName ‘computer1′,’computer2′,’computer3’

https://dnschecker.org

 

https://www.whois.net/

 

https://mxtoolbox.com/

 

https://whatismyipaddress.com/

 

http://ping-test.org/

 

https://www.portcheckers.com/

 

 

Microsoft security compliance toolkit:

Il remplace Security Compliance Manager. Cet outil permet de planifier, créer, et monitorer des baselines de sécurité pour vos postes clients. Le remplacement a été choisi par Microsoft du fait de la complexité de SCM et de la difficulté à maintenir l’outil pour chaque version de Windows. Aujourd’hui, SCT ne supporte pas Desired Configuration Management de System Center Configuration Manager ou SCAP.

https://www.microsoft.com/en-us/download/details.aspx?id=55319

Other references:

2012 R2 hardening (CIS):

https://www.cisecurity.org/wp-content/uploads/2017/04/CIS_Microsoft_Windows_Server_2012_R2_Benchmark_v2.2.0.pdf

Windows 10 hardening:

https://www.asd.gov.au/publications/protect/Hardening_Win10.pdf

 

 

 

How to change Users folder from default location to the D: drive ?

Computer\HKEY_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\ProfileList

Note: You Change All Users Profile Path. For That You Have To Change “ProfileDirectory” Path From ProfileList key (see above). Its Applicable For New User Login !

Article:

https://www.quora.com/How-could-I-change-my-user-folder-default-location-from-C-to-D-in-Windows-10

 

 

 

To test SSL/TLS and much more you can use the free online tool from Qualys: https://www.ssllabs.com/ssltest/index.html

Third-party Tool: https://www.nartac.com/Products/IISCrypto/Download

 

Links related to TLS which I have consulted: Solving the TLS problem ==> https://www.microsoft.com/en-us/download/details.aspx?id=55266

How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll ==> https://support.microsoft.com/en-us/help/245030/how-to-restrict-the-use-of-certain-cryptographic-algorithms-and-protoc

TLS/SSL Settings ==> https://technet.microsoft.com/en-us/library/dn786418(v=ws.11).aspx#BKMK_SchannelTR_TLS10

Managing SSL/TLS Protocols and Cipher Suites for ADFS:

https://docs.microsoft.com/en-us/windows-server/identity/ad-fs/operations/manage-ssl-protocols-in-ad-fs

https://jorgequestforknowledge.wordpress.com/2017/03/01/hardening-disabling-weak-ciphers-hashes-and-protocols-on-adfs-wap-aad-connect/

 

SSSD principle:

SSSD for SuSE (sles):

https://www.suse.com/support/kb/doc/?id=7022002

http://www.novell.com/support/kb/doc.php?id=7014572

RHEL:

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/windows_integration_guide/index

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Introduction.html

Troubleshooting SSSD:

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/SSSD-Troubleshooting.html

Resolution:   id  <userid> ; getent passwd <userid>

Authentication: ssh <userid>@localhost

 

In addition to redhat guide, there are tones of interesting links:

http://thornelabs.net/2014/01/30/authenticate-rhel-5-and-6-against-active-directory-on-windows-server-2008-r2-with-sssd-using-kerberos-and-ldap.html

http://www.chriscowley.me.uk/blog/2013/12/16/integrating-rhel-with-active-directory/