Disclaimer: The opinions expressed on this blog is a personal opinion and and do not express the opinion of my employer, Microsoft, Winsec or any other party.

Note-to-self: Microsoft announced the final release of security baseline settings for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11

Thu 14 Aug 2014 Leave a comment

Source: http://blogs.technet.com/b/secguide/archive/2014/08/13/security-baselines-for-windows-8-1-windows-server-2012-r2-and-internet-explorer-11-final.aspx

Microsoft is pleased to announce the final release of security baseline settings for Windows 8.1, Windows Server 2012 R2 and Internet Explorer 11.

There are a few changes between these recommendations and the beta version we released in April. They discuss those changes in more detail in two other blog posts: one about most of the changes, and another detailed post about the issues around account lockout recommendations.

Categories: Note-to-self, Security

AAD Sync Beta 3 is now available for download through MS connect #FIM2010

Tue 12 Aug 2014 Leave a comment

The Azure Active Directory Synchronzation services team has announced that the AAD Sync Beta 3 is now available for download through the Identity and Access Management program on Microsoft Connect.

You’ll find the download at https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=54059

In this release they made a lot of investments in our Hybrid Exchange and Multi-forest configuratrions and added the experience for multi-forest password write-back.

Make sure to read the documentation at  http://go.microsoft.com/fwlink/?LinkID=393942 before installing the product and visit it again for updates.

Provide feedback using “Feedback” on Connect. This will get you direct access to the PG and support.

#AADSync Beta2 available on Connect #FIM2010

Wed 16 Jul 2014 1 comment

Source: MS Connect announcement by the AADSync product group


Microsoft announced the the availability of AADSync Beta2 on Connect.

You can download it here : AAD Sync Beta2 (https://connect.microsoft.com/site433/Downloads/DownloadDetails.aspx?DownloadID=53831)


With Beta 2 there are some new features frequently requested:

-       Select only required services/attributes to synchronize to AAD

-       Exchange hybrid deployments

-       Password write-back for multiple-forests (AAD Premium preview feature)


Good news: the AADSync product group is looking for customers who are interested in using Beta2 in production. If you are interested, then do the following:

-       Download the updated build from Connect and read the documentation on http://go.microsoft.com/fwlink/?LinkID=393942 for the latest information.

-       Install and verify the scenarios you plan for production use. You do not need permissions from Microsoft to start evaluating AADSync.

-       If you find any issues or need help, submit feedback through Connect. This is also the fastest way to get access to our beta support team.

-       When you have completed the verification and all issues have been resolved, send an email to “Azure AD Sync Service Feedback”AADSyncFB@microsoft.com with information which scenarios you plan to use and have verified are working. Also provide contact information. The team will respond back with information on how to get call-in support during the preview phase.

Thank you for helping us make AADSync a better product,


Find more information on AADSync on TechNet Wiki: http://aka.ms/AADSYnc.

Note-to-self: Update – New Strategies and Features to Help Organizations Better Protect Against Pass-the-Hash Attacks

Wed 9 Jul 2014 Leave a comment

Source: http://microsoft.com/pth

New blog post at : http://blogs.technet.com/b/security/archive/2014/07/08/new-strategies-and-features-to-help-organizations-better-protect-against-pass-the-hash-attacks.aspx

Posted by Matt Thomlinson, Vice President, Microsoft Security

Microsoft released new guidance to help our customers address credential theft, called Mitigating Pass-the-Hash and Other Credential Theft, version 2.

“The paper encourages IT professionals to “assume breach” to highlight the need for the use of holistic planning strategies and features in Microsoft Windows to become more resilient against credential theft attacks. This paper builds on our previously released guidance and mitigations for Pass-the-Hash (PtH) attacks. 

Given that organizations must continue to operate after a breach, it is critical for them to have a plan to minimize the impact of successful attacks on their ongoing operations. Adopting an approach that assumes a breach will occur, ensures that organizations have a holistic plan in place before an attack occurs. A planned approach enables defenders to close the seams that attackers are aiming to exploit.

The guidance also underscores another important point – that technical features alone may not prevent lateral movement and privilege escalation. In order to substantially reduce credential theft attacks, organizations should consider the attacker mindset and use strategies such as identifying key assets, implementing detection mechanisms, and having a breach recovery plan. These strategies can be implemented in combination with Windows features to provide a more effective defensive approach, and are aligned to the well-known National Institute of Standards and Technology (NIST) Cybersecurity Framework.

Note-to-self: GPO Search tool

Thu 19 Jun 2014 Leave a comment

You need quickly some info on a specific GPO… Check this out, an online GPO search tool: http://gpsearch.azurewebsites.net.


It also has a Windows Phone application you can find here: http://aka.ms/GPSWP7[/embed].


Of course it’s an excellent companion when you’re securing your AD (Security Mitigation Guidance for Active Directory), with Security Compliance manager. (both FREE to download!)



A hotfix rollup (build 4.1.3559.0) is available for #FIM2010 R2

Thu 19 Jun 2014 Leave a comment

Source: http://support.microsoft.com/kb/2969673/en-us

A hotfix rollup (build 4.1.3559.0) is available for Forefront Identity Manager 2010 R2

Issues that are fixed or features that are added in this update

This update fixes the following issues or adds the following features that were not previously documented in the Microsoft Knowledge Base.

FIM add-ins and extensions

Issue 1

After the FIM Password Reset add-in is installed in Windows 7, the “Create a Password Reset Disk” feature is available when you press Ctrl+Alt+Del and then you click Change a Password.

FIM Certificate Management

Issue 1

When you try to remove a certification authority (CA) that is bound to Certificate Management (CM) by using the CLMutil -removeca command, you experience the following symptoms:

  • Actions such as enroll, renew or revoke that are performed on certificates that are bound to the removed CA cause an exception to be returned.
  • When you try to edit or remove a certificate template that was related to the removed CA, an exception is displayed on the CM portal.

Note These same symptoms occur when the CA is stopped or unavailable.

Changes to the symptoms after you apply this update

  • Actions such as enroll, renew or revoke that are performed on certificates that are bound to the removed CA cause a well-defined error message to be displayed.
  • Removing a certificate template is possible. Removing the template for any removed CA is also possible.
  • Changing a certificate template that is related to the removed CA causes a well-defined error message to be displayed.

Changes to the clmutil.exe tool after you apply this update

The following commands are added:


      • Syntax: [-force] -decomissionca CA_ID
      • Example 1: clmutil -force -decommissionca 1
      • Example 2: clmutil -decommissionca 1Note You may receive the following warning message when you run the clmutil command:
        There are outstanding certificates for CA 1, cannot decommission. Please use -force flag if you still want to decommission CA


      • Syntax: -recommissionca CA_ID
      • Example: clmutil -recommissionca 1Note CA_ID can be obtained by using the following command:
        clmutil -listca


Changes in the Web Portal user interface after you apply this update

When you change a profile template that references a certificate template that was originally hosted by a CA and that is marked as decommissioned, the following conditions are true:

  • The CA is unavailable in the Add Certificate Template dialog box.
  • Users who enroll in the profile template receive the following warning message that is displayed at the top of the enrollment screen:
    The Certification Authority CA2.proseware.com\FIM CM CA cannot be contacted as it is marked as decommissioned.

    Note If the profile template includes certificate templates from a disabled or re-enabled CA, users will be unable to enroll in that profile template. This causes this same warning message to be displayed.

  • In the profile template properties, clicking a certificate template that was originally associated with a now-decommissioned CA displays all registered CAs that expose this certificate template. This lets the administrator select the appropriate CA.Note If no registered CAs expose the certificate template, the list of CAs on the screen is blank.

FIM Synchronization Service

Feature 1

This update includes ECMA 2.3. In this version, it is now possible to add custom schema pages that will be listed in the Synchronization Service Manager user interface. An example of how this feature is used can be seen in the Generic SQL connector.

Please be aware that the Microsoft.MetadirectoryServicesEx.dll is updated in this update. See the “Known issues in this update” section for information about how to update the configuration files to reflect this change.


Categories: Security

Note-to-self: New Guidance for Securing Public Key Infrastructure

Fri 13 Jun 2014 Leave a comment

Source: TechNet Blogs » Microsoft Security Blog » New Guidance for Securing Public Key Infrastructure


“Public Key Infrastructure (PKI) is used as a building block to provide key security controls, such as data protection and authentication for organizations. Many organizations operate their own PKI to support things like remote access, network authentication and securing communications.

The threat of compromise to IT infrastructures from attacks is evolving. The motivations behind these attacks are varied, and compromising an organization’s PKI can significantly help an attacker gain access to the sensitive data and systems they are after.

 To help enterprises design PKI and protect it from emerging threats, Microsoft IT has released a detailed technical reference document – “Securing Public Key Infrastructure.”


Get every new post delivered to your Inbox.

Join 51 other followers