Category Archives: Security

User Rights in Server 2012


Rights are authorized action a user can perform on the system. They are tightly coupled with permissions which are applied at object level. These user rights can be applied through local policies or centralized group Continue reading

File Screen Policies in Server 2012 – FSRM

File Screens icoFile Screens are used to filter certain types of files from saving on your storage drive. It is not uncommon to see users saving huge pst or MP3  files on a shared storage which they are not suppose to do. File screens are used to block users from saving specific types of files as well as generate notifications when anyone attempts to save a blocked file resource on the server. File screens can be created for entire volume or specific folders. Lets quickly walk through the Continue reading

Kernel Patch Protection (AKA Patch Guard)

kppIn order to preserve the stability of window OS, Microsoft came up with an idea of protecting critical kernel structures from being modified outside of the context of approved modifications (example windows patching). The intention here was to prevent both malicious software and third party vendors from modifying certain critical operating system structures. Continue reading

Introduction to NAP in Server 2008

NAP (Network Access Protocol) is a new security feature that comes with Windows Server 2008 server technology, wherein an administrator can limit network access to client computers based on various health checks like Service Pack Levels, Antivirus definition, updated patches and other security options.The Access be limited by denying VPN access, by allowing DHCP lease to compliant systems only or by using techniques like VLAN or IPSEC
NAP can be implemented or enforced in the below mentioned ways. Continue reading

Winlogon and its function

Understanding Winlogon and its functions.

We usually come across the term Winlogon in windows world and the first perception that we get is that this process might be used for handling interactive logons. This is partially correct but there’s a lot more in it that winlogon does.A legitimate winlogon process runs from “%Systemroot%\System32\Winlogon.exe” so make sure that you don’t get fooled by a virus or a Trojan running a process as winlogon from some other location.Let’s understand its role in different scenarios. Continue reading

An Introduction to NTLM (NT Lan Manager) and its Overview.

An Introduction to NTLM (NT Lan Manager) and its Overview.
LM\NTLM has been used as an authentication protocol in windows family since beginning. Lets walk back to get a clear picture about its evolution.
1.LM (Lan Manager)
This was the first form of secured versions of authentication protocols used by windows family since windows 95 and 98. However this version is rarely used and is now considered as one of the least secured in its type.
2. NTLM Version 1 – A better version of LM available with Windows NT and above. An authentication protocol considered as more improved and secured than LM, since it closed up a major security flaws present in LM.
3. NTLM Version 2 – The Most secured version in its family which is currently supported by Windows NT with SP4 and all above version of Windows Operating Systems. Continue reading

Kerberos in Windows – An Overview

Kerberos is used since a long time as an authentication protocol in the UNIX world. It entered the Windows family with Windows 2000 and is used with all the OS releases till date. Windows Active Directory uses Kerberos as a default authentication protocol. Its major advantage over other authentication schemes is its interoperability with Unix systems. When coupled with a strong password, Kerberos is considered to be the toughest to break through. Kerberos V5 is the current version used in the Windows Family. Continue reading