Digest Authentication

Hello again. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I will focus on Digest Authentication. Digest Authentication is a challenge-response authentication protocol used to authenticate users over the network. Challenge/response protocols require an authenticating server to generate a challenge containing some amount of unpredictable data. A client then uses a key derived…

0

Impersonation Level for MBAM

Hello everyone. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today, I am going to solve one of the rare errors that can occur while implementing MBAM infrastructure. My customer had a problem while accessing both MBAM websites: helpdesk portal and self-service portal. Opening any of them resulted in displaying only text version of…

1

EFS – “Element not found” error

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I will troubleshoot with you one error related to EFS (Encrypting File System). EFS (Encrypting File System) is a component of the NTFS file system present in Windows starting from Windows 2000. EFS enables transparent encryption and decryption of files by using advanced, standard…

0

TPM Lockout

Hello everyone. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today, I am going to talk about TPM Lockout state. TPM (Trusted Platform Module) is a small chip on the motherboard (discrete TPM) or part of the CPU implementation (firmware TPM) which can be used to securely store small amount of information (certificates, private…

7

MBAM version chart

Hello Its Rafal Sosnowski from Microsoft Dubai Security PFE Team. Some time ago I put together all versions of MBAM (Microsoft Bitlocker Administration and Monitoring) tool into one table. Small disclaimer: It is based on what I have seen in the wild and is not official information from Product Group.   Version Product 1.0.1237.1 MBAM…

9

ELAM Driver

Hello again. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team and today I will be explaining what is the ELAM driver. ELAM – Early Launch Anti-Malware is a piece of code that is loaded in the pre-boot environment and is responsible for verification of other drivers before they are loaded into memory. ELAM driver…

6

Special Groups Audit

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I want to talk about Special Groups – feature added back in Windows 2008/Vista but not rarely used by administrators. Special Groups feature lets you audit all logons of the user that belongs to certain group so called “Special Group”. This is quite useful…

0

Bitlocker: Network Unlock

Hello everyone. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Recently I have been requested by my customers to explain Bitlocker Network Unlock. So here you go. Network Unlock is a relatively new Bitlocker protector (added in Windows 8) that can be used to unlock computers after the reboot without need of entering Bitlocker…

11

Secure Boot on Virtual Machines

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I will explain how to configure Secure Boot on VMs. Note: To better understand subjects presented in this article I strongly recommend to read my post about Secure Boot: https://blogs.technet.microsoft.com/dubaisec/2016/03/14/diving-into-secure-boot/ Support for Secure boot in virtual machines has been added in Hyper-V for Windows…

0

Diving into Secure Boot

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today we will dive into Secure Boot technology. Secure Boot is a feature of UEFI (Unified Extensible Firmware Interface) that ensures that each component loaded during the boot process is digitally signed and validated. Secure boot makes sure that your PC boots using only software…

2

Bitlocker: AES-XTS (new encryption type)

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I want to talk about new Bitlocker algorithm introduced in Windows 10 (build 1511). Bitlocker uses AES (Advanced Encryption Standard) to encrypt data on the drives. AES is a block cipher (as opposed to stream cipher) which divides plain text into blocks with the…

3

You do not have sufficient permission to enroll with SCEP

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I want to talk about common error that can appear when browsing NDES webpage in order to obtain OTP (One Time Password).   NDES (Network Device Enrollment Service) is an implementation of Simple Certificate Enrollment Protocol (SCEP) used to enroll certificates to the network…

0

MBAM Database configuration – minimum permissions

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. For some of my customers it is unclear what are required minimum permissions to install MBAM Database components. Some time ago I have done some analysis of this and want to share with you my findings. Microsoft BitLocker Administration and Monitoring (MBAM) provides enterprise management…

2

Who can add workstation to the domain

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. During my numerous Security Audits and Assessments I deliver to customers, I usually discover too wide permissions and user rights configured in Active Directory. One of them is “Add Workstation to the Domain”. There are 3 items that might influence who can add computer to…

3

Windows Update categories

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. I want to talk about different types of our Windows Updates. Microsoft has following categories of updates: Critical Update Security Update Definition Update Update Rollup Service Pack Tool Feature Pack Update   Critical Update – is an update which fixes specific, non-security related, critical bug….

1

Certification Authority Enhanced RPC security

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I want to talk about CA Enhanced RPC security causing failing certificate requests on Windows XP. Of course Windows XP has been end of life since April 8th, 2014 however we can still find this OS in the field. When trying to issue certificate on Windows…

1