Enterprise Certificate Pinning in Windows 10 Creators Update

Now more than ever, organizations are becoming increasingly more concern with man-in-the-middle attacks.  The Windows 10 Creators Update introduces Enterprise Certificate Pinning that enables IT Professionals to create their own key-pinning rules for their internal (enterprise) domain names.  With this technology, you can create and deploy pinning rules for your internal Active Directory domain names…

0

Null and Empty Discretionary Access Controls

This is a past investigation I shared on another blog years ago.  Security descriptors seem like a simple concept; yet they can be quite confusing.  IT professionals learn about security descriptors differently from developers.  For a developers, its fairly straightforward– they’re only interested in the permission they need to perform an action.  Developers need not…

0

Hello world!

It only seems fitting to begin anything in IT with the ever familiar “Hello world”.   The birth and desire of CryptGenRandom was not to just “borrow” an old crypto API function for its name, but to provide a broad range of IT topics.  That said, most of the topics will focus on security (that is…

2

Deploying Legal Notices to domain computers using Group Policy

Every so often, I’ll talk with a customer wanting to deploy a legal notice to their workstations using Group Policy. Sounds simple, right? Well, it is actually a little tricky to make the legal notice work correctly. Here is a solution that I share with customers that want to do this and have it look…

0

Security Policy Settings and User Account Control

User Account Control in Windows Server 2008 and Windows Vista requires all users run in a standard user mode; its purpose: to limit the user’s ability from changing critical operating system files or expose their computer and network to viruses and malware. Windows displays an authorization dialog box when a task requires administrative privileges, such…

0