Microsoft
Keith Smith - My Blog - Twitter @_KeithIT > MicrosoftAugust Cumulative updates for Windows 10 (1607 and 1703) Dell machinesFriday, August 18, 2017 - Posted by Keith A. Smith, in Microsoft
Just wanted to leave a little note that the August Cumulative updates for Windows 10 (1607 and 1703) caused us to experience BSOD on our Dell AIO 9030 machines.
Using WinDbg I was able to identify that the Intel Wireless 7260 driver was responsible for the crashes. The only thing I can think is that there were some security updates to the KMDF included in the August updates. Pair that with the fact that the Driver Catalog CAB provided by Dell included a really old wireless driver (from 2015) and the result was BSOD reporting: BAD_POOL_HEADER (19) Upgrading to the latest wireless driver directly from Intel version: 18.33.7.2 https://www.intel.com/content/www/us/en/support/network-and-i-o/wireless-networking/000006024.html Resolved the issues. Hope this saves someone some time. -End |
|
![]() Tweet |
|
Applying a “Defense-in-Depth” StrategyMonday, May 22, 2017 - Posted by Keith A. Smith, in Network, VMware, Microsoft, Linux, SecurityIT Teams and Staff can effectively maintain physical and information security with a “defense-in-depth” approach that addresses both internal and external threats. Defense-in-depth is based on the idea that any one point of protection may, and probably will, be defeated. This approach uses three different types of layers (physical, electronic, and procedural) and applies appropriate controls to address different risks that might arise in each. The same concept works for both physical and network security. Multiple layers of network security can protect networked assets, data and end points, just as multiple layers of physical security can protect high-value physical assets. With a defense-in-depth approach: • System security is purposely designed into the infrastructure from the beginning. Attackers are faced with multiple hurdles to overcome if they want to successfully break through or bypass the entire system. • A weakness or flaw in one layer can be protected by strength, capabilities or new variable introduced through other security layers. Typical defense-in-depth approaches involve six areas: physical, network, computer, application, device and staff education. 1. Physical Security – It seems obvious that physical security would be an important layer in a defense-in-depth strategy, but don’t take it for granted. Guards, gates, locks, port block-outs, and key cards all help keep people away from systems that shouldn’t touch or alter. In addition, the lines between the physical security systems and information systems are blurring as physical access can be tied to information access. 2. Network Security – An essential part of information fabric is network security and should be equipped with firewalls, intrusion detection and prevention systems (IDS/IPS), and general networking equipment such as switches and routers configured with their security features enabled. Zones establish domains of trust for security access and smaller virtual local area networks (VLANs) to shape and manage network traffic. A demilitarized zone between public resources and the internal or trusted resources allows data and services to be shared securely. 3. Computer Hardening – Well known (and published) software vulnerabilities are the number one way that intruders gain access to automation systems. Examples of Computer Hardening include the use of: • Antivirus software • Application whitelisting • Host intrusion-detection systems (HIDS) and other endpoint security solutions • Removal of unused applications, protocols and services • Closing unnecessary ports Software patching practices can work in concert with these hardening techniques to help further address computer risks that are susceptible to malware cyber risks including viruses and Trojans etc. Follow these guidelines to help reduce risk: • Disable software automatic updating services on PCs • Inventory target computers for applications, and software versions and revisions • Subscribe to and monitor vendor patch qualification services for patch compatibility • Obtain product patches and software upgrades directly from the vendor • Pre-test all patches on non-operational, non-mission critical systems • Schedule the application of patches and upgrades and plan for contingencies 4. Application Security – This refers infusing system applications with good security practices, such as a Role Based Access Control System,Multi-factor authentication (MFA) also known as (also known as 2FA) where ever possible which locks down access to critical process functions, force username/password logins, combinations, Multi-factor authentication (MFA) also known as (also known as 2FA) where ever possible and etc. 5. Device Hardening – Changing the default configuration of an embedded device out-of-the-box can make it more secure. The default security settings of PLCs, PACs, routers, switches, firewalls and other embedded devices will differ based on class and type, which subsequently changes the amount of work required to harden a particular device. But remember, a chain is only as strong as its weakest link. 6. Staff Education - Last but not least it’s important to talk to staff about keeping clean machine, the organization should have clear rules for what employees can install and keep on their work computers. Make sure they understand and abide by these rules. Following good password practices is important a strong password is a phrase that is at least 12 characters long. Employees should be encouraged to keep an eye out and say something if they notice strange happenings on their computer. Educating Employees at least once a year is important Training employees is a critical element of security. They need to understand the value of protecting customer and colleague information and their role in keeping it safe. They also need a basic grounding in other risks and how to make good judgments online. Most importantly, they need to know the policies and practices you expect them to follow in the workplace regarding Internet safety.
-End |
|
![]() Tweet |
|
Windows Update MiniTool is a free alternative to windows updateTuesday, November 1, 2016 - Posted by Keith A. Smith, in MicrosoftWindows Update MiniTool is a free alternative to the standard Windows Update, it puts you in control of updates by allowing you to search, install and block Windows updates as you please. Windows Update MiniTool Will provide the follow options: ◦ Check for updates ◦ Download updates ◦ Installing Updates ◦ Deleting installed updates ◦ Hiding unwanted updates ◦ Get direct links to the *.cab / *.Exe / *.Psf update files ◦ View update history ◦ Configure Automatic Updates This tool is like the external powershell module PSWindowsUpdate, but much more advanced and user-friendly features The tool relies and use same WU infrastructure, all downloading are through WU -- it's not a downloader! I have tested this on server 2016 along with windows 10 and it works great. ![]() |
|
![]() Tweet |
|
Must have GPOs for Windows 10Tuesday, September 27, 2016 - Posted by Keith A. Smith, in MicrosoftI started testing Windows 10 Enterprise in my environment. I know there are a number of new features in Windows 10 that aren't great for domains (PIN codes, Microsoft Accounts, etc.). After digging through all the GPO settings, I decided on the on the following. Once the modification was made and applied to the test machines, I brought in a few non-IT staff for UAT testing of the images. Everything went well, so I decided to share the settings I used in the GPO
And last but not least is setting explorer's default to This PC instead of Quick Access by doing the following: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced Value Name: LaunchTo Type: DWORD Value: 1
|
|
![]() Tweet |
|
vSphere 6.0 vCenter Windows 2012 R2 with SQL Server Install GuideTuesday, September 29, 2015 - Posted by Keith A. Smith, in VMware, Microsoft
VMware vSphere 6.0 has brought a simplified deployment model where the dependency on Microsoft SQL server has been reduced. You now have the option of using the built-in vPostgre SQL provided by VMware, vPostgres on windows is limited to 20 hosts and 200 virtual machines.
vCenter System requirements
Supported Windows Operation System for vCenter 6.0 Installation:
Supported Databases for vCenter 6.0 Installation:
1. Make sure that you using static IP for your VM and you create forward and reverse DNS records on your DNS server. Also make sure that the machine is part of Windows domain. 2. Create an account in your Active Directory, this will be used on the SQL server for the vCenter database 3. Now you need to create a blank SQL database on an SQL server. 4. Once your blank database is created, you need to add the account you created in your Active Directory. Make sure to give it sysadmin for the server role.
Before you start the installer make sure your Windows Server VM is fully patched, otherwise you might get a prompt to patch the server. The two patches that are needed are below ![]() 5. During the vCenter installation process you might get a prompt asking to give the administrator’s account the right to Log On as a service on the server that run vCenter. You need to grant the domain account you created earlier the right to Log On as a service. The steps:
![]()
6. Important - The SQL server native client is necessary to create the system DSN. To download the SQL Server Native Client, click on the link below This ODBC Driver for SQL Server supports x86 and x64 connections to SQL Azure Database, SQL Server 2012, SQL Server 2008 R2, SQL Server 2008, and SQL Server 2005.
http://www.microsoft.com/en-us/download/confirmation.aspx?id=36434
7. Now that the SQL Server Native Client is installed, create system DSN through ODBC data source administrator (64-bit).
Proceed through the wizard ![]() 8. Once you have fill out all the SQL server information, make sure you test the data source ![]() If you everything is setup correctly then you should see this ![]() 9. Mount the vCenter server ISO and double click the autorun.exe
10. Proceed through the vCenter install
11. Once you get to the database settings, you will need to choose use an external database. If you DSN is blank then click the refresh button and it should appear ![]() Continue the setup wizard and leave the default values… You should see the setup complete screen. At this point you can open up a browser and visit the vCenter interface which uses adobe flash.
-End |
|
![]() Tweet |