Follow:

Latest articles in ‘Microsoft’

  1. 'Windows' topic logo

    How to configure Windows as a NTP server & enable IOS NTP client

    Published: Fri 06 October 2017 in Cookbook.
    A step-by-step guide to setup and troubleshoot NTP on Windows and Cisco IOS-based devices.

    NTP allows to synchronize the clock of various devices to a common reference.

    In this how-to, we will configure a Windows Server as a NTP server and a Cisco IOS-based router to act as a NTP client. We will also see how to configure the router so it can itself serve as server to other devices, thus acting as an NTP relay.

    NTP how-to topology

    Windows (NTP server)

    Windows does not ship with any NTP server by default. In fact, Windows’ W32Time service implements SNTP instead, which is not compatible with NTP clients (see here).

    Meinberg NTP is a commonly used alternative to get a proper NTP server on Windows, and is the one we will use in this how-to.

    Before installing it, check that the following settings are correct:

    • The IP configuration (192.168.0.100 in my case)
    • Check the current time (08h15 in my case, but who cares?)

    Once …

    Continue
  2. 'Windows' topic logo

    How to configure Windows as a SCEP server & Cisco ASA enrollment

    Published: Thu 05 October 2017 in Cookbook.
    A step-by-step guide to configure SCEP on Windows and Cisco ASA appliances.

    SCEP is a protocol supported by several manufacturers, including Microsoft and Cisco, and designed to make certificate issuance easier in particular in large-scale environments.

    It proceeds in a few steps:

    1. The SCEP server issues a one-time password (the “challenge password”), transmitted out-of-band to the client.
    2. The client generates a key pair, and sends the certificate signing request to the SCEP server along with the one-time password.
    3. The SCEP server validates the client certificate data (in this how-to the validation will be manual), signs it and makes the signed certificate available to the client.
    4. The client regularly pull the SCEP server until its signed certificate becomes available. The client can then fetch the signed certificate and install it.

    Here we will setup a Windows Server as SCEP server, and use a Cisco ASA as SCEP client.

    SCEP how-to topology

    The topology above mentions Windows 2016, but any other Windows server will do. This how-to …

    Continue
  3. 'Windows' topic logo

    How to create an Active Directory domain

    Published: Tue 26 September 2017 in Cookbook.
    A step-by-step guide to setup a Windows Active Directory domain.

    Setting-up a basic Windows Active Directory Domains allowing to centrally manage users account can be done painlessly. This guide is mainly based on Peter Kim’s guide written for his book The Hacker Playbook

    In this guide I use a minimal topology, with on one side a Windows server acting as the domain controller and on the other Windows client systems. This guide should work the same no matter the exact versions of the Windows server and clients you are using or if you are using a more complex and realistic topology.

    Windows domain lab topology

    Note

    The Domain Controller must be a Windows Server edition, and for the clients to be able to join the domain they must be at least Windows Professional editions.

    See how to choose a Windows edition.

    Configure the network

    Set IP addresses

    First you need to set static IP addresses to each host.

    The quickest way to access …

    Continue
  4. 'Windows' topic logo

    Which Windows edition should I choose?

    Published: Tue 26 September 2017 in Cookbook.
    Updated: Thu 05 October 2017 (Added information on older Windows Server versions.)
    For those who may find the difference between core, standard, essentials, enterprise, professional, datacenter & others a bit hard to grasp.

    Windows editions follow a naming convention which may not be the clearest and, to make things worse, change with Windows versions and cover both technical and non-technical differences (meaning that two different editions may actually be the same with just a different EULA).

    Here is a short post on main Windows editions with a focus on the version you may prefer for your lab.

    Windows client editions

    • Windows Home or Core edition is the low-budget, consumer grade version of Windows. It is enough for home uses, but is missing features necessary for corporate environments such as the ability to join an Active Directory domain.

    • Windows Professional or Business edition adds more functionalities, such as the ability to join an Active Directory domain and disk encryption (limited to the Enterprise edition and above until Windows 7 included).

    • Windows Enterprise, Education and Ultimate editions are the most complete editions. There is little …

    Continue
  5. 'Virtualization' topic logo

    Where to find virtual machines and ISO files?

    Published: Mon 14 August 2017 in Cookbook.
    Updated: Thu 23 November 2017 (Add atrick for older Microsoft download URLs)
    The best places to find ISO images and ready-made virtual machines to feed your virtual lab.

    Free software

    Virtual machines

    Several websites offer a large selection of freely downloadable virtual machines with pre-configured free software, for instance:

    You can also check the marketplaces maintained by virtualization-related software, such as VMware and GNS3.

    ISO files

    Obviously the main place to get free software ISO files is from the projects website.

    However, FrozenCow maintains a centralized list of direct links to a fair number of Linux and BSD installation ISO files.

    Some projects host all previous versions of their system, but sometimes they are not easy to find. Search in priority on the master repository as these older versions may not be copied onto mirrors. Sometimes they are stored in a separate “archive” area. At last, WinWorld does a great job in collecting old systems installation medias, including discontinued Linux distributions.

    If you are not sure which Linux or BSD system to choose, DistroWatch might …

    Continue
  6. 'Privacy' topic logo

    NSA and Microsoft, toward a tighter “collaborative teamwork”?

    Published: Tue 16 May 2017 in Opinions.
    An history of forced love and denial between the National "Security" Agency and large corporations.

    This article is somewhat a sequel of my thoughts about the Wannacry case.

    The NSA relies on a large database of undisclosed and unfixed software vulnerabilities database to allow them to hack their way into any system either deemed hostile or useful for their intelligence gathering. As explained by explained by the former NSA director Michael Hayden:

    If the agency thinks that no one else will be able to exploit a vulnerability, it leaves the problem unfixed to aid in its own spying efforts.

    It is only if the NSA estimates that the exploit may be known to someone else, and therefore represents a potential risk to the US safety, that they will inform the vendor for the vulnerability to get fixed.

    It may happen that sometime this process gets a hiccup, with a vendor interfering with NSA activity like it most probably happened to Microsoft with the MS08-067 …

    Continue

Popular tags see all

Website

Author

Follow