Patch Your DNS Servers! SigRed
Jul15

Patch Your DNS Servers! SigRed

KB ID 0001687 Problem WARNING: This is rated 10 on the CVSS scale. Affected Server OS: Windows 2003, Windows 2008, Windows 2008 R2, Windows 2012, Windows 2012 R2, Windows 2016, Windows 2019 Yesterday Microsoft released a critical notice (KB4569509) to address vulnerabilities identified in (CVE-2020-1350). Basically it allows a remote attacker to perform remote code execution on your DNS servers (unless you patch them!) The reason its...

Read More
Remove and Reinstall Microsoft WSUS
Jun17

Remove and Reinstall Microsoft WSUS

KB ID 0001679 Problem I don’t like WSUS, the product is OK (ish) the problem with it is, every time it’s deployed, typically the person it was deployed for never looks after it, or manages it properly, and months/years later it becomes a massive ‘bag of spanners’, which is never the client’s fault, it’s always the poor guy who built it, or the support company’s fault. If you run WSUS, log into...

Read More
Windows Server: Disabling SSL 3.0,  TLS 1.0, and TLS 1.1
May17

Windows Server: Disabling SSL 3.0, TLS 1.0, and TLS 1.1

KB ID 0001675 What are these protocols? Both SSL and TLS are cryptographic protocols designed to secure communications over a network (remember the internet is just a network). Originally we had SSL version 1 and version 2. But they were, (to be honest) ‘a bit bobbins’ and full of security holes, so never really took off. Version 3 however did and was widely supported. The problem with version 3 was, (again) that was also ‘bobbins’....

Read More
Windows Server – Schedule a Reboot
Mar02

Windows Server – Schedule a Reboot

KB ID 0001321  Problem Back in the day we just used the ‘At’ command to schedule a reboot, but starting with Server 2012 that was stopped! If you try it now you will see the following; The AT command has been depreciated. Please use schtasks.exe instead Solution (The Quick Way) Execute the following command (change time and data accordingly); schtasks /create /tn “Scheduled Reboot” /tr “shutdown /r /t 0” /sc once /st...

Read More
Group Policy: Item-Level Targeting
Feb08

Group Policy: Item-Level Targeting

KB ID 0001654 Problem Yesterday I wrote a post about Deploying a ‘Mapped’ Drive to a couple of users using Group Policy. This received a comment that was basically ‘Why not simply use Client Targeting?’ To be fair that’s a good point, I was using a Group Policy Preference and they can be specifically targeted. So here’s how to do that. Solution If you do not already have one, create a group for your...

Read More
Apply Group Policy To a Security Group
Feb07

Apply Group Policy To a Security Group

KB ID 0001653 Problem On EE this morning someone asked how to map a drive to only two users, so that wherever they logged in, they got their mapped drive. Seemed like a good Idea for a post so here you go; Solution If you do not already have one, create a group for your users. Add the users, (as appropriate). On a Domain Controller > Administrative Groups > Locate the OU that contains your users (Note: if your users are in...

Read More