Rights are authorized action a user can perform on the system. They are tightly coupled with permissions which are applied at object level. These user rights can be applied through local policies or centralized group Continue reading
File Screens are used to filter certain types of files from saving on your storage drive. It is not uncommon to see users saving huge pst or MP3 files on a shared storage which they are not suppose to do. File screens are used to block users from saving specific types of files as well as generate notifications when anyone attempts to save a blocked file resource on the server. File screens can be created for entire volume or specific folders. Lets quickly walk through the Continue reading
By Default in Windows Active Directory environment, the Default Domain Policy is used to establish the account policy settings for all user accounts in the domain, You will find this under Computer Configuration/Policies/Windows Settings/Security Settings. I have already explained the Kerberos GPO policy in my previous article. Lets go through the Password and Account lockout policy in details. Continue reading
In order to preserve the stability of window OS, Microsoft came up with an idea of protecting critical kernel structures from being modified outside of the context of approved modifications (example windows patching). The intention here was to prevent both malicious software and third party vendors from modifying certain critical operating system structures. Continue reading
NAP (Network Access Protocol) is a new security feature that comes with Windows Server 2008 server technology, wherein an administrator can limit network access to client computers based on various health checks like Service Pack Levels, Antivirus definition, updated patches and other security options.The Access be limited by denying VPN access, by allowing DHCP lease to compliant systems only or by using techniques like VLAN or IPSEC
NAP can be implemented or enforced in the below mentioned ways. Continue reading
Understanding Winlogon and its functions.
We usually come across the term Winlogon in windows world and the first perception that we get is that this process might be used for handling interactive logons. This is partially correct but there’s a lot more in it that winlogon does.A legitimate winlogon process runs from “%Systemroot%\System32\Winlogon.exe” so make sure that you don’t get fooled by a virus or a Trojan running a process as winlogon from some other location.Let’s understand its role in different scenarios. Continue reading
An Introduction to NTLM (NT Lan Manager) and its Overview.
LM\NTLM has been used as an authentication protocol in windows family since beginning. Lets walk back to get a clear picture about its evolution.
1.LM (Lan Manager)
This was the first form of secured versions of authentication protocols used by windows family since windows 95 and 98. However this version is rarely used and is now considered as one of the least secured in its type.
2. NTLM Version 1 – A better version of LM available with Windows NT and above. An authentication protocol considered as more improved and secured than LM, since it closed up a major security flaws present in LM.
3. NTLM Version 2 – The Most secured version in its family which is currently supported by Windows NT with SP4 and all above version of Windows Operating Systems. Continue reading
Kerberos is used since a long time as an authentication protocol in the UNIX world. It entered the Windows family with Windows 2000 and is used with all the OS releases till date. Windows Active Directory uses Kerberos as a default authentication protocol. Its major advantage over other authentication schemes is its interoperability with Unix systems. When coupled with a strong password, Kerberos is considered to be the toughest to break through. Kerberos V5 is the current version used in the Windows Family. Continue reading
Wintel Geeks 