Monthly Archives: July 2012

Windows Logon Types in Security logs

event IDs 528 and 540 for successful logons, and 529-537 and 539 for failed logons.

2: Interactive logon—This is used for a logon at the console of a computer. A type 2 logon
is logged when you attempt to log on at a Windows computer’s local keyboard and screen.
3: Network logon—This logon occurs when you access remote file shares or printers. Also, most logons to Internet Information Services (IIS) are classified as network logons, other than IIS logons that use the basic authentication protocol (those are logged as logon type 8).
4: Batch logon—This is used for scheduled tasks. When the Windows Scheduler service starts a scheduled task, it first creates a new logon session for the task, so that it can run in the security context of the account that was specified when the task was created.
5: Service logon—This is used for services and service accounts that log on to start a
service. When a service starts, Windows first creates a logon session for the user account that is specified in the service configuration.
7: Unlock—This is used whenever you unlock your Windows machine.
8: Network clear text logon—This is used when you log on over a network and the password is sent in clear text. This happens, for example, when you use basic authentication to authenticate to an IIS server.
9: New credentials-based logon—This is used when you run an application using the RunAs command and specify the /netonly switch. When you start a program with RunAs using /netonly, the program starts in a new logon session that has the same local identity (this is the identity of the user you are currently logged on with), but uses different credentials (the ones specified in the runas command) for other network connections. Without /netonly, Windows runs the program on the local computer and on the network as the user specified in the runas command, and logs the logon event with type 2.
10: Remote Interactive logon—This is used for RDP-based applications like Terminal
Services, Remote Desktop or Remote Assistance.
11: Cached Interactive logon—This is logged when users log on using cached credentials,
which basically means that in the absence of a domain controller, you can still log on to your
local machine using your domain credentials. Windows supports logon using cached credentials to ease the life of mobile users and users who are often disconnected.


Rsync for windows

cwRsync is a yet another packaging of Rsync and Cygwin for Windows with a client GUI.
Supported platforms: Client – NT/2000/XP/2003/2008/Vista/7,
Server – NT/2000/XP/2003/2008/Vista/7.

cwRsync comes as a zip archive containing a Nullsoft Installer package(download from Unzip downloaded file and run cwRsync_x.x.x_Installer.exe or cwRsync_Server_x.x.x_Installer.exe (server version) :

Click Next at Welcome-page
View license agreement.
Select components that varies depending on package type: Client package has an optional component (Secure Channel Wrapper & Wizard). It makes creation of secure channels to cwrsync servers an easy task.
Specify an installation location.
(cwRsyncServer only) Specify a service account.
Installation starts. By clicking ‘Details’ button, you can get more detailed information about installation.


Disable weak secure channel protocols

Microsoft Windows NT Server stores information about different security-enhanced channel protocols that Windows NT Server supports. This information is stored in the following registry key:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols

Typically, this key contains the following subkeys:

PCT 1.0
SSL 2.0
SSL 3.0
TLS 1.0
Each key holds information about the protocol for the key. Any one of these protocols can be disabled at the server. To do this, you create a new
value in the server subkey of the protocol. You set the
value to “00 00 00 00.”
Secure Socket Layer Protocol version 2 (SSL v2) has a serious vulnerability. Successful exploitation of this vulnerability would allow an attacker to execute arbitrary code in the context of the affected server. No authentication is required to reach the vulnerable code. No user interaction is required.Common Vulnerabilities and Exposures (CVE) classified the vulnerability under CVE-2004-0120. Microsoft identified such vulnerabilities in its security bulletin MS04-011, however, until today the default configuration for Windows 2000 and Windows 2003 has SSL v2.0 protocol enabled.

To disable SSL V2 protocol
1. Click Start, click Run, type regedt32 or type regedit, and then click OK.
2. In Registry Editor, locate the following registry key:
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 2.0\Server
3. On the Edit menu, click Add Value.
4. In the Data Type list, click DWORD.
5. In the Value Name box, type Enabled, and then click OK.

Note If this value is present, double-click the value to edit its current value.
6. Type 00000000 in Binary Editor to set the value of the new key equal to “0”.
7. Click OK.
And restart the computer for the changes to take effect.

How to Disable SSLv2 on a Windows Server 2008 and Windows Server 2008 R2

1.Open the registry and create a key named Server under the following entry :

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0

2.Under the registry key Server, create a DWORD value named “DisabledByDefault” and change the value data to “00000001”

3.Reboot the server

Note:For multiple systems ,export the reg key and import it on other systems.

Configure Microsoft IIS to not accept weak SSL ciphers

You will need to modify the system’s registry.

Merge the following keys to the Windows registry:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES 56/56]




[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 40/128]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC2 56/128]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 40/128]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 56/128]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC4 64/128]


Restart the system and ensure that the server is functional. Also retest using OpenSSL to confirm that weak SSL ciphers are no longer accepted..

Multi booting

Multi-booting is the installing multiple operating systems(Multi-boot allows more than one operating system to reside on one computer.) on a computer, and being able to choose which one to boot when starting the computer.

A multi-boot configuration allows a user to choose a operating system using by a boot loader such as NTLDR, LILO,Apple boot camp or GRUB which can boot more than one operating system.

Free MultiBoot Loaders

XOSL (Extended Operating System Loader) Boot Manager
XOSL installs itself into a dedicated partition (which you have to create yourself). The initial installation has to be done from real mode MS-DOS (not a DOS prompt window running in Windows). Operating systems that it can boot include MS-DOS, FreeDOS, Linux (with LILO), Windows 95/98/NT/2000, Solaris, BeOS, etc. You can password protect certain boot items, set a automatic boot timeout, install up to 24 operating systems, swap drives, etc.

GAG The Graphical Boot Manager
GAG boots up to 9 operating systems from either the primary or extended partitions. It installs itself into the boot track, has support for a timer to boot a default operating system, includes password-protection for the configuration menu as well as for individual operating systems, has a SafeBoot system where your hard disk is booted even if GAG is overwritten, and supports hard disks of up to 4 terabytes. It is licensed under the GNU General Public License.

Smart Boot Manager
Smart Boot Manager is an OS independent boot manager that searches for drives and paritions, and automatically includes bootable partitions into its boot menu. It includes a scheduler that allows you to boot a particular system at a preset time. It has the ability to boot from CD-ROMs, boot the default boot record after a delay if no keys are pressed within a specified time, place keystrokes into the operating system’s key buffer prior to booting it, etc. It also supports the password-protecting of partitions, drive and the administrative screens.

GNU GRUB – Grand Unified Bootloader
This boot loader, used in some Linux distributions by default. It is distributed here in source form; you probably already have the binary version if you are running Linux. It is able to boot multiple operating systems, including Linux, Windows, MS-DOS, etc.

LILO – Linux Loader
LILO is a boot loader used in some Linux distributions. It is distributed here in source form; if you are running Linux, it is possible that you already have the precompiled version on your system. This multi-boot loader can handle Linux, Windows, MS-DOS, etc.

Read more

Win sXs folder size issues

Users who using windows server 2k8 , vista and windows7 may have asked why the size of the folder increased from a few Megabytes to Gigabytes(5 to 16GB) and want to know is it safe to delete the Winsxs folder?.

What is win sxs?,it is Windows Side by Side(Side-by-side technology is a standard for executable files in Microsoft Windows XP and later versions that attempts to reduce DLL
complication.),is really the entirety of the whole OS referring to the concept of hosting the same files in different versions in the operating system (Hard linked ).

The only option to reduce the file size of that folder safely is to remove software from the
operating system that is not needed anymore.

Read Jeff Hughes blog

other refferences

Windows8-A modernized platform from Microsoft

According to the Windows Design Team, Windows 8 has been “reimagined from the chipset to the user experience,” whereas Windows 7 was intended to be a more focused, incremental upgrade to the Windows line. Windows 8 features a new user interface based on Microsoft’s Metro design language, similar to that in Windows Phone. The new interface is designed to better suit touchscreen input, along with traditional mouse and keyboard input.

Windows8 adds support for the ARM processor architecture
ARM is a reduced instruction set computer (RISC) instruction set architecture (ISA) developed by ARM Holdings. It was named the Advanced RISC Machine and, before that, the Acorn RISC Machine. The ARM architecture is the most widely used 32-bit instruction set architecture in numbers produced.This is give more battery life and lower power consumption.

New features
The traditional desktop environment for running desktop applications is treated as a Metro app. The Start button has been removed from the taskbar in favor of a Start button on the new charm bar, as well as a hotspot in the bottom-left corner. Both open the new Start screen, which replaces the Start menu.

The boot manager, which is used at startup to select the operating system now uses a graphical interface that allows touch and mouse input. It can also be expanded via the settings menu.

Internet Explorer 10 will be included as a Metro-style app, which will not support plugins or ActiveX components, but includes a version of Adobe Flash Player that is optimized for touch and low power usage and works only on sites included on a whitelist. The desktop version includes the full version of Flash Player, as well as support for plugins.

It is now possible to log into Windows using a Microsoft account. This will allow the user’s profile and settings to be synchronized over the Internet and accessible from other computers running Windows 8, as well as integration with SkyDrive.

Windows Store has been added for purchasing and downloading Metro apps as well as advertising desktop apps. Windows Store will be the only way to acquire software for Windows RT.

Two new authentication methods have been added: picture password, which allows users to log in by drawing three gestures in different places on a picture,and PIN log in, which allows users to authenticate using a four digit pin.

File Explorer will include a ribbon toolbar, and have its file operation progress dialog updated to provide more detailed statistics, the ability to pause file transfers, and improvements in the ability to manage conflicts when copying files.

Hybrid Boot will use hibernation technology to allow faster startup times by saving the Windows core’s memory to the hard disk and reloading it upon boot.

Windows To Go will allow Windows 8 Enterprise to boot and run from a bootable USB device (such as a flash drive).

Two new recovery functions are included, Refresh and Reset. Refresh restores all Windows files to their original state while keeping settings, files, and Metro-style apps, while reset takes the computer back to factory default condition.

USB 3.0 is now supported natively.

A new lock screen displays a clock and notifications while the computer is locked.

Task Manager has been redesigned.

Xbox Live integration (including Xbox Live Arcade, Xbox Companion and Xbox Music)

Storage Spaces will allow users to combine different sized hard disks into virtual drives and specify mirroring, parity, or no redundancy on a folder-by-folder basis.

Family Safety will allow parents to protect their children on the Internet, as well as monitor and control their PC and Internet activities and usage.

Windows Defender now has anti-virus capabilities, similar to those of Microsoft Security Essentials. It is intended to replace the Security Essentials package and function as the default anti-virus program.

system requirements
Minimum 1 GHz CPU(32/64 Bit),1GB RAM for 32bit and 2GB for 64bit and a Storage of 16 GB for 32bit and 20 GB for 64bit

Windows 8 Release Preview

Windows Digital store

Windows Store is an upcoming digital distribution platform developed by Microsoft Corporation as part of Windows 8 for Metro style applications.
The Windows Store will also allow developers to advertise their desktop applications. It will support both free and paid applications.

According to the feature list, Windows 8 will also feature an App Store of some sort. That could directly counter Apple’s Mac App Store, which lets users download applications to their desktop instead of having to purchase boxed software. The presence of a Microsoft-branded App Store would also let Windows on tablets compete on equal footing against rivals such as the iPad (which offers access to Apple’s App Store) and Android devices (which include Android Marketplace).  

Windows Store comes with market-friendly perks for developers, according to Microsoft. Searching for apps will be optimized, both through a direct Store link in Windows 8 and index optimization for search engines. Direct links to apps in the Windows Store also will be supported. Some flexibility is available for developers in how they want to sell their apps.

Windows 8 Metro-style apps are largely based on HTML 5. Consequently, there may be greater opportunity for developers to port their apps between the two operating system platforms and between the two store platforms.

Cerificate import-export using other browsers

Importing Certificates to the Firefox Certificate Manager
Open the Firefox browser >  Tools menu > select Options > Advanced > and select the Encryption tab.
Click the View Certificates button and select the Your Certificates tab.
Click the Import button.
Browse to locate the P12 file that contains your certificates and click OK

Exporting your certificate from Firefox
Open the Firefox browser >  Tools menu > select Options > Advanced > and select the Encryption tab.
click on View Certificates. When the certificate store is opened, click on the “Your Certificates” tab to view certificates that belong to you. Your PGP TrustCenter certificates will be listed under the TC TrustCenter name. Highlight your certificate that is to be exported, and click on the “Backup” button.
Select a location to save your certificate and give it a name, then click on Save.

Importing and Exporting Certificates using Chrome
Open chrome > options > Under the Hood tab > Security > Manage certificates button
Click on the import/export button and use the Certificate

Importing and Exporting Certificates using Opera
From the main menu, choose Tools and then Preferences.
Click on the Advanced tab at the top, and then click on Security on the left.
Click on the Mange Certificates button.
Click on the Personal tab And import/export

How to assign the Imported Certificate to the Web Site

Assign the Imported Certificate to the Web Site

1.Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
2.In the left pane, click your server.
3.In the right pane, double-click Web Sites.
4.In the right pane, right-click the Web site you want to assign the certificate to, and then click Properties.
5.Click Directory Security, and then click Server Certificate.
6.On the Welcome to the Web Certificate Wizard page, click Next.
7.On the Server Certificate page, click Assign an existing certificate, and then click Next.
8.On the Available Certificates page, click the installed certificate you want to assign to this Web site, and then click Next.
9.On the SSL Port page, configure the SSL port number. The default port of 443 is appropriate for most situations.
10.Click Next.
11.On the Certificate Summary page, review the information about the certificate, and then click Next.
12.On the Completing the Web Server Certificate Wizard page, click Finish, and then click OK.

Import the Certificate into the Local Computer Store

Import the Certificate into the Local Computer Store

To import the certificate into the local computer store, follow these steps:
1.On the IIS 6.0 Web server, click Start, and then click Run.
2.In the Open box, type mmc, and then click OK.
3.On the File menu click Add/Remove snap-in.
4.In the Add/Remove Snap-in dialog box, click Add.
5.In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.
6.In the Certificates snap-in dialog box, click Computer account, and then click Next.
7.In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
8.In the Add Standalone Snap-in dialog box, click Close.
9.In the Add/Remove Snap-in dialog box, click OK.
10.In the left pane of the console, double-click Certificates (Local Computer).
11.Right-click Personal, point to All Tasks, and then click Import.
12.On the Welcome to the Certificate Import Wizard page, click Next.
13.On the File to Import page, click Browse, locate your certificate file, and then click Next.
14.If the certificate has a password, type the password on the Password page, and then click Next.
15.On the Certificate Store page, click Place all certificates in the following store, and then click Next.
16.Click Finish, and then click OK to confirm that the import was successful.

%d bloggers like this: