Hi folks, Ned here again and today’s topic is short and sweet: Stop using SMB1. Stop using SMB1. STOP USING SMB1! Earlier this week we released MS16-114, a security update that prevents denial of service and remote code execution. If you need this security patch, you already have a much bigger problem: you are still…
Microsoft antimalware support for Windows XP
Microsoft has announced the Windows XP end of support date of April 8, 2014. After this date, Windows XP will no longer be a supported operating system*. To help organizations complete their migrations, Microsoft will continue to provide updates to our antimalware signatures and engine for Windows XP users through July 14, 2015. This does…
The Innovate IT camps are back... Ready, get tech, go!
The #Innovate IT camps are back and better than ever. Join Ed Baker, Technical Evangelist and his expertise to learn all about Windows Server 2016, Azure and the hybrid IT management.
WannaCrypt ransomware worm targets out-of-date systems
On May 12, 2017 we detected a new ransomware that spreads like a worm by leveraging vulnerabilities that have been previously fixed. While security updates are automatically applied in most computers, some users and enterprises may delay deployment of patches. Unfortunately, the ransomware, known as WannaCrypt, appears to have affected computers that have not applied…
How To Install AD FS 2012 R2 For Office 365
When discussing and reviewing Office 365 with customers, I wanted to have a series of posts to illustrate the steps involved when deploying Office 365. In the burgeoning drafts folder Active Directory Federation Services (AD FS) was at the top, so that got finished first! The act of deploying and configuring AD FS 2012 R2…
Tech support scams persist with increasingly crafty techniques
Millions of users continue to encounter technical support scams. Data from Windows Defender SmartScreen (which is used by both Microsoft Edge and Internet Explorer to block malicious sites) and Windows Defender Antivirus show that some three million users are subjected to these threats every month. In addition to being rampant, technical support scams continue to…
SQL MP Run As Accounts – NO LONGER REQUIRED
Over the years I have written many articles dealing with RunAs accounts. Specifically, the most common need is for monitoring with the SQL MP. I have explained the issues and configurations in detail here: Configuring Run As Accounts and Profiles in OpsMgr – A SQL Management Pack Example Later, I wrote…
LGPO.exe - Local Group Policy Object Utility, v1.0
LGPO.exe is a new command-line utility to automate the management of local group policy. It replaces the no-longer-maintained LocalGPO tool that shipped with the Security Compliance Manager (SCM), and the Apply_LGPO_Delta and ImportRegPol tools. Features: Import settings into local group policy from GPO backups or from individual policy component files, including Registry Policy (registry.pol), security templates, and advanced…
New ransomware, old techniques: Petya adds worm capabilities
(Note: We have published a follow-up blog entry on this ransomware attack. We have new findings from our continued investigation, as well as platform mitigation and protection information: Windows 10 platform resilience against the Petya ransomware attack.) On June 27, 2017 reports of a ransomware infection began spreading across Europe. We saw the first infections in…
Adding custom information to alert description (s) and notifications
Alert Description Variables: The following section contains variables for the Alert Description only. For event Rules (Alert Description): EventDisplayNumber (Event ID): $Data/EventDisplayNumber$ EventDescription (Description): $Data/EventDescription$ Publisher Name (Event Source): $Data/PublisherName$ EventCategory: $Data/EventCategory$ LoggingComputer: $Data/LoggingComputer$ EventLevel: $Data/EventLevel$ Channel: $Data/Channel$ UserName: $Data/UserName$ EventNumber: $Data/EventNumber$ Event Time: $Data/@time$ For event Monitors (Alert Description): EventDisplayNumber (Event ID): $Data/Context/EventDisplayNumber$…