Finally the help of IT is here

Blog of computer solutions.

Excel List all domain policies.

Posted by Xaus Xavier Nadal 16th on November 2011

Today I show you a very useful link for anyone who works daily with domain policies (GPO) and goes crazy to find anything.

Several excel that summarize all possible policies in different systems (Windows Server and Windows 2003 2008) that can apply to your domain.

Using column filters can filter information from the excel by operating system, components, computers or users.

The most useful is that you can search for "keyword" (keyword) and find the policy that best suits your needs.

The excel include different categories such as Account Policies (Password Policy, Account Lockout Policy, and Kerberos Policy) Local Policies (Audit Policy, User Rights Assignment, and Security Options), Event Log, Restricted Groups, System Services, Registry, and File System policy settings.

Well, without further delay the links on the Group Policy Settings (Configuring security policies)

SP2003 2 Windows Server Group Policy Settings, Windows Server and Windows Vista 2008 SP1 Group Policy Settings, Windows Server and Windows 2008 2 R7 Group Policy Settings, and finally Windows Vista Group Policy Settings

http://www.microsoft.com/download/en/details.aspx?id=25250

I hope you like it as much as me ..

tags: , , , , ,
Posted by Active Directory, Policies, Policies, security | No Comments »

A system is not safe until proven otherwise.

Posted by Xaus Xavier Nadal 12th on November 2011

How long it will be until employers realize that the system security is vital for business?

That is fighting against the security measures imposed by technical security systems?

Why not invest in a technical team to prevent security problems before they occur?

That only an antivirus believe the company is protected?

I have been saying for years that the meaning of a virus is not "protect against infection" but take a step to clean an infected system.

I have been saying for years that a perimeter firewall is not enough to protect our infrastructure.

When a manager sees that the system denied access to certain websites, why you not think it is to prevent infection rather than "and are cursing me?".

We are in a bad time to invest in security personnel, but it should be understood as necessary is that a website is secure, someone coming with home laptops should be scanned, which access from a smartphone is not always completely free , you can not surf the internet for a free form .... We do not want "bitching" to our customers (users), we are simply protecting them from malicious techniques that attack the team / teams within our organization.

"A secure system is one that can not be accessed remotely and locally available security measures to validate the person who will be working on the computer in question"

Formula to maintain a healthy and "safe" infrastructure.

Keep the server farm and equipment to the latest security patches.

Have an installed antivirus scanning in real time any threat.

Having an anti-malware system in real time.

Have measures against external connection to the network. (Even that is not checked / scan and with the approval should not have connectivity).

Having a firewall on each computer with only open the ports that the IT department deems necessary.

suspuesto perimeter firewall (did not need to comment on it).

Sniffers qualified traffic and safety personnel.

Continuous training.

R & D in security.

In short money for the technical and tranquility for the entrepreneur. (Although it seems a joke). Keep reading I think is interesting.

These 3 points are essential in any organization but because I put in bold the anti-malware system ?. Well actually this is where the danger lies for about 5 years and antivirus companies not if interest or ignorance that I do not think they are not able to develop good detection and prevention systems.

If there is someone to show me that a company of more than 100 workers with internet access there is a computer with malware unknowingly installed to tell us that the system is using for this we will take.

Currently the Trojans pose 3 4 of each new malware samples created during the past quarter. During the months of July, August and September 2011 has broken the record of Trojans. He had never reached such a high figure for creating Trojans a 76.76% in the fourth quarter far from 12,08% virus creation.

And no system is saved. Now it is no longer news that has come out a virus for Mac as they are on the agenda.

What is yet to come and gradually going to grow is the infection of smartphones and tablet pc's.

These teams are increasingly widespread and are not given enough attention to open a security project in them, Mcafee for example is giving security conferences "No warning" but selling a product to control devices with Android, IOS system, etc, but why not buy ?, why not invest in business R + D + i to be prepared for new threats that will exist soon ?.

Any technical person computer or not, you already have a laptop in your pocket or bag with direct internet connection, and do not tell me not to connect to work if only to charge by USB ?, Vulnerability in the system USB will cause the infection of millions of computers in minutes and from there to other smartphones. At this point it will be when someone, for example the govierno invest in ICT security, until now we are "sold" to the developers of Trojans, viruses, etc ...

Businessmen Hired to good hackers and continuous training Provide for them in your company that will become the best security auditors and protect your systems against other hackers. This is the future, cybercrime, cyberwar, the only barrier passable as could be and that traficará with money, documents, ultimately with "information".

Well, I'll leave these issues can me ... I could be talking for hours, and not have them I have to be-me security at home and in the gigs will not let me ... haha ​​just kidding but sure many of you it is happening…

Comentad, which is the engine of a good blog ...

tags: , , , , , , , , , ,
Posted by antivirus, malware, security, Virus | No Comments »

Protect all at once against OU from accidental deletion.

Posted by Xaus Xavier Nadal 12th on November 2011

Good,

As you know in Active Directory there is a default setting since it appeared RSAT for Windows Vista I remember and is active when you create a new Organizational Unit. This functionality is to protect the OU that we create against accidental deletion causing the coach you want to delete the OU must first unlock the restriction to delete the OU.

This I am going to explain is a bit tricky because if you are unsure or do not have enough knowledge of Active Directory + some command line it will be a bit odd and perhaps difficult to understand (But we'll try that for this we are).

The procedure we follow is a command from a cmd that will block the user (all or everyone) as against deleting objects language and children so that when a technician mistakenly go to delete an OU, it will be protected from deletion .

1. - The first thing is to differentiate between the language of the operating system where we will perform the command as in the case that the user is in English that we will remove the privilege is "everyone"And if it's in Spanish is"all". Known this going to slaughter.

Create a test OU unmarked skewer "Protect object from accidental deletion".

 

From a command line and the Active Directory tools installed run the following command:

for / F "tokens = *"% i in ('dsquery ou "ou = test, dc = domain, dc = com" -limit 0') do dsacls% i / D "all", "SDDT ;;"

 

When you are done we go to the properties of the OU in ADUC and found that the spike "Protect object from accidental deletion"Back to be marked in the image below.

ProtegerOU

2. - The command you'll use to modify the permissions of all Active Directory OU's to protect against accidental deletion are as follows:

For / F "tokens = *"% i in ('dsquery ou-limit 0') do dsacls% i / D "everyone": "SDDT;;"

With this command we searched for all OU's in AD ('dsquery ou-limit 0') and for each result is made a dsacls for user everyone can neither delete objects (SD) or delete the children of the objects (DT).

Remember to change the name "everyone" with "all" if the operating system language is Castilian.

It will show on screen all the permissions of all OU's (Do not be alarmed, it is normal). Do not close WINDOW.

The process will take longer depending on the organization of AD (If very large it may take some time).

Greetings and see you soon.

If you have any doubt about it you know that comments are always welcome.

tags: , , , , , ,
Posted by Active Directory | No Comments »

Seal 3.0 Available

Posted by Xaus Xavier Nadal 29th on October 2011

Good.

Friends of the Seal you are in luck.

Just months after almost a new FOCA 6 that you can download from the link below:

http://www.informatica64.com/descargas/Foca_Free_3_0_20111027.zip

Launches new interface and new features.

For the presentation or to get the pro version on November 8 Chema Alonso "The devil" will delight us with an online seminar from the following link:

http://www.informatica64.com/foca.aspx?page=pro

Now the little seal also includes features focused on the discovery of web vulnerabilities. One pass.

Greetings and see you soon.

tags: , , , , , , ,
Posted by Uncategorized | No Comments »

How to detect your computer that blocks a user in Active Directory

Posted by Xaus Xavier Nadal 22nd on November 2010

Good.

Today a case that seldom you see, but it's okay you know like resolve.

The fact is that if a company in a group policy that blocks users after several failed attempts at validation configured incorrect passwords have a number of users that are constantly blocking after changing your password one last time.

This happens because there are applications such as skype or java or even work programs such that you will have to set up a user name and password to poderte validate through a proxy or a network location and changing the Windows password and not remember to change these programs, retried and retried to block the user without realizing it and not get to know as a domain administrator because it is happening or at least since the computer is blocking this user.

Well, the method I am going to explain is quite simple and greatly facilitates the work to detect the cause of the problem computer user lock AD.

First of all we should know the domain controller from which the user is being blocked. We do this by unlocking the user and entering that time in session, we made a Start -> Run -> cmd and we write the following command: echo% logonserver%

With this we have the domain controller to which the user is connecting.

We connect to domain controller and enter Start -> Run -> eventvwr.msc su events viewer.

Megacrack read »

tags: , , , ,
Posted by how to | 4 Comments »

GTranslate Your license is inactive or expired, please subscribe again!