DavidOverton.com
This site is my way to share my views and general business and IT information with you about Microsoft, IT solutions for ISVs, technologists and businesses, large and small.  
David Overton's Blog » All Tags » Vista » Security (RSS)

Browse by Tags

  • Invalid certificate issued to localhost.localdomain when remotely access SBS 2008 from a Windows PC

    This is another question I was recently asked. One particular user noticed that the certificate they saw when accessing their server from the internet did not match that when accessing from the LAN. The certificate looked something like this: This was a little strange as when the system was accessed from the intranet, all things appeared fine. The culprit for them was the SBS 2003 self signed certificate on the same machine. By removing the certificate and then installing the correct new one things got better. To remove the old certificate, start MMC.exe and accept the UAC prompt. Now press Ctrl+M to add a new snap-in and select Certificates and when asked, add for the user account . The do the same again, but select Certificates and Computer Account and hit OK to accept the current computer. Now expand out Personal Certificates and remove any SBS 2003 self signed certificates. To load the new certificates open a browser inside your SBS 2008 network and point to http://companyweb/Lists/Announcements/DispForm.aspx...

  • Windows is now getting too difficult to hack, so the hackers sights are moving elsewhere, but that does not mean security is now easier.

    I have heard many times how Windows is the big target for virus and phishing nasty people in general, but more and more people are showing that Windows is just too hard to hack when applications and other platforms offer so much more opportunity. From the article at eBay: Phishers getting better organized, attacking Linux Dave Cullinane, eBay's chief information and security officer said that in his previous job protecting a bank from phishers "The vast majority of the threats we saw were rootkitted Linux boxes, which was rather startling. We expected Microsoft boxes. Rootkit software covers the tracks of the attackers and can be extremely difficult to detect. According to Cullinane, none of the Linux operators whose machines had been compromised were even aware they'd been infected. Although Linux has long been considered more secure than Windows, many of the programs that run on top of Linux have known security vulnerabilities, and if an attacker were to exploit an unpatched bug on a misconfigured...

  • Tool to modify UAC behaviour in Vista using Group Policy - BeyondTrust Privilege Manager

    I am one of those people who always leaves UAC enabled - I like to see when something (*cough* - Adobe Update - *cough*) wants to execute with admin privilege on my system and then get the choice as to whether to allow it or not. However, not everyone likes the choices that are presented by default with the GPOs ( Group Policy Objects ). Coming to the rescue are tools to help enhance these offerings, such as the Privilege Manager from BeyondTrust. Sometimes people forget that Microsoft is a platform for others to build on and this is no different. Their product enables pre-defining the responses to UAC based on a number of variables. While I have NOT tried the product, it is getting good reviews. You can however download an eval copy for free if you so desire. One thing to bear in mind is that when a tool like this is used, you weaken security - why, well, even if you use a SHA1 hash to work out if an application is safe or not, a clever hacker will use plugins, dll's etc to attack that product - it does not...

  • Windows Client (Vista and XP) - Active X installer service, Volume Activation Tool, Diagnosing XP crashes, modifying the boot configuration parameters

    If you use volume licensing with Windows Vista then you need to be aware of the tools to manage them - it is not as simple as it used to be as you now need a management tool inside the business. VAMT answers this as does Desktop Management. Then we have some webcasts on slow networks, diagnosing crashes in Windows XP (although many of the techniques work for Vista too), backup and restore in Vista, using the ActiveX installer Service and Boot config parameters VAMT 1.0 (x86) The Volume Activation Management Tool enables IT professionals to automate and centrally manage the volume activation process using a Multiple Activation Key (MAK). VAMT v1.0 is only available as a US-EN (x86) release. Best Practices on Managing Windows Vista Desktops Get best practice guidance for managing Windows Vista desktop operations. Windows Vista Service Life-Cycle Management (WVSLM) provides concise guidance to help minimise the total cost of ownership of desktop infrastructure. Process guidance and document templates help make service...

  • Security for Windows Vista (understanding more about UAC), Networks, plus advice and guidance

    Security is always a big subject area. Over the last two months Technet have published the following items that will help understanding and delivery of secure systems base do Microsoft technology. Windows Vista TechNet Magazine: Inside Windows Vista User Account Control Mark Russinovich explains that User Account Control (UAC) is one of the most misunderstood new features in Windows Vista. But its goal -- to enable users to run with standard user rights -- can solve many security issues. Get an inside look at the problems UAC addresses and see exactly how this new feature works. http://go.microsoft.com/?linkid=6803653 Network Security Internet Protocol Security Enforcement in the Network Access Protection Platform This white paper describes the Network Access Protection (NAP) platform, how IPsec protects traffic, and how IPsec Enforcement in NAP provides system health policy enforcement for IPsec-secured communication. http://www.microsoft.com/downloads/details.aspx?FamilyID=144cc69f-790f-4f52-8846-3f3b8584d7cd&DisplayLang...

  • How to configure SQL Server 2005 to allow remote connections on Windows Server 2008 (Longhorn) / Windows Vista

    Just a quick one - I was playing around with SQL2005 on my Longhorn server and I could not connect from a remote machine - Ahh I thought, the firewall is in the way, but it turned out I had to do 3 or 4 things to get things working. The Microsoft KB article that pointed to the light was How to configure SQL Server 2005 to allow remote connections which covers how to enable the firewall for the 2 programs you need and so on. When you try to connect to an instance of Microsoft SQL Server 2005 from a remote computer, you may receive an error message. This problem may occur when you use any program to connect to SQL Server. For example, you receive the following error message when you use the SQLCMD utility to connect to SQL Server: Sqlcmd: Error: Microsoft SQL Native Client: An error has occurred while establishing a connection to the server. When connecting to SQL Server 2005, this failure may be caused by the fact that under the default settings SQL Server does not allow remote connections. This problem may occur...

  • Changing the way that Vista User Access Control (UAC) works in Vista by group policy

    James gave me some hassle the other day for not referencing his blog (which is a valid thing to do), so I thought I would point out this post as it will end some of the gripes of people out there. Using Group Policy you can change the following: User Account Control: Behavior of the elevation prompt for administrators User Account Control: Behavior of the elevation prompt for standard users User Account Control: Elevate on application installs User Account Control: Run all users, including administrators, as standard users User Account Control: Validate signatures of executables that require elevation User Account Control: Virtualize file and registry write failures to per-user locations More information from James Blog at Views on Windows Vista : Can I customise UAC? . ttfn David Technorati Tags: Vista , Group Policy , UAC , Security

  • Changing Vista boot screens and opening yourself up to rootkits (or not)

    I love people who want to customise WIndows Vista and some of my previous posts have covered this, however you can go too far - you can hack the OS. While I understand the desire to "hack" the OS to get customisations, there are better ways. This particular example is where people want to change the boot screen in Vista. The ability to do this will be coming from StarDock soon, but until then people have taken to modifying the existing OS files. THERE IS ALWAYS a change that by downloading someones customised file to your PC and it being loaded so early on in the boot process that it could do nasty things, especially since these files are in now way certified by Microsoft. A classic example of this can be found here when people want to change the boot logo - this could easily be a social engineering attack. The instructions tell someone to remove the access and security permissions from a core system file, overwrite it with one that might make the system look prettier during boot, but who knows what else will...

  • Symantec "Microsoft Listed as Most Secure OS"

    Wow, you have to wonder whether this hurt them to say this :-) Now I am a believer that any security vulnerability is bad and that the longer it is out there then the more likely it is to exploit it. If "people" only have one way to crack into your system, then they can still get in and the longer it is out there then the more likely it is that it will be used, however always nice to see that MS is trying hard and while not perfect, is doing better than other people who throw stones at MS. Of course, Windows also has more in it, so being better with more features in the box is even nicer and this is across all versions of Windows, not just the latest (Vista) for example. I think it shows that the IT industry has more work to do in this area - as Ed the Fed said - "this is a journey." Surprise, Microsoft Listed as Most Secure OS By Andy Patrizio UPDATED: Microsoft is frequently dinged for having insecure products, with security holes and vulnerabilities. But Symantec ( Quote ), no friend of Microsoft, said in its...

  • How to start an administrative (or elevated) command prompt and tell if you got it right (in Vista)

    I have had a few people tell me that they have had problems getting an administrative command prompt up and running in Vista. If you have done it correctly then a windows will open just like the one to the left. Notice that it has opened into the X:\windows\system32 directory and that it has the title "Administrator: X:\windows\system32\cmd.exe. Anything else and I would be suspicious. The process is simple - do either of these Click Start , click All Programs , and then click Accessories . Right-click Command Prompt , click Run as administrator or Click Start Type cmd into the search box and wait for Command Prompt or cmd.exe to appear in the list Press CTRL-Shift-Enter Either way, you should get an User Account Control (UAC) prompt appear with a BLUE banner on the top - press Continue here. For more information on User Account Control go to here ttfn David Technorati tags: Windows Vista , Elevate , run as Administrator , Vista Ultimate , Security

  • Windows Vista Security "Guide", why Jim Allchin doesn't use Anti-Virus software for his son and why some people just don't want to have improved security unless you pay them for it.

    OK, so I saw that the Vista Security Guide ( http://blogs.msdn.com/windowsvistasecurity/archive/2007/01/05/windows-vista-security-guide-1-2-released.aspx ) had been updated - it is worth knowing more about the security model in Vista, how we protect against some threats and how it might impact your applications (eg if a non-admin application wants to send UI information to an admin one), Group Policy, Settings etc. Now, while security is important, so are the basics, like turning on the auto-updates, firewalls and anti-malware software. Well, MS now supplies a great anti-spyware product built into Windows in the form of Defender and the firewall can now be configured on outbound comms as well as inbound if you want, but no AV in the product. So, you need a 3rd party AV product (or Windows OneCare)... well, Jill Allchin, who delivered the Vista project for all of us does not use one for his son's machine.... http://windowsvistablog.com/blogs/windowsvista/archive/2006/12/19/windows-vista-and-protection-from-malware...

(c)David Overton 2006-23