The Microsoft Enhanced Mitigation Experience Toolkit 4.1 has been released. If you are using Windows OS you should be running EMET. Even if you use the default setup, you will gain additional protection against malware. Read the information in the link and install EMET. Highly recommended.
Did you accidentally set you home network to connection profile to “Public”? Windows 8 has a real easy way to change it to Private using PowerShell:
Get-netConnectionProfile | set-NetConnectionProfile -NetworkCategory Private
If you are currently “Private” and want to change to “Public”:
Get-netConnectionProfile | set-NetConnectionProfile -NetworkCategory Public
I never did figure out how to do this from the Windows 8 GUI.
PKI is something I deal with daily. But even I was a bit fuzzy on some of the bits until I read this: https://www.hammerofgod.com/wiki/pages/i4_604w/Thors_PKI_Encryption_Primer.html.
We love our users, yes we do! Especially the ones who walk out the door with a laptop that they refuse to return. Having a computer off the corporate network for an extended period of time can create problems with Active Directory, some management software and some encryption software. MakeLaptopWarning.vbs is a script which the admin runs before the laptop goes out the door. It creates a reminder script on the laptop in the StartUp folder. The user gets a countdown in days for when the laptop needs to be returned.
The SysInternals ShareEnum.exe program relies on the NETBIOS browser list and chokes in very large domains. I wanted a program which let me to audit share permissions with greater flexiblity.
ShareEnum.wsf is an alternative to ShareEnum.exe. It relies on WMI to enumerate share permissions. The WMI share security decoding was written by Chris Wolf and found in a 2006 article at redmondmag.com.
The script can read your list from Active Directory, and it can also process a list of files. It ignores admin shares, and optionally ingnores print$ shares. I recommend that you run it with elevated rights from an administrator’s workstation with Excel installed. If Excel is installed, it will write the report to an XLS file. If Excel is not installed, it will write to a tab delimited text file. If you choose a single computer, the information will be written to an IE based display window.
The WSF file is an interesting format, as it permits you to have multiple “job” files. I use it here to separate the front end from the working code. Rename the file from ShareEnum_wsf.txt to ShareEnum.wsf.
In a very large environment, getting a list and keeping track of SQL installs may be come problematic. I wanted a way to track down all SQL installs, for licensing, management and security. When you install SQL, it creates a Service Principal Name (SPN) in Active Directory.
I took a script which created a list of SQL installations by looking at SPNs, and then added the information I wanted to collect. DomainSQLServerReport.vbs does the following: 1) Gets list of SQL SPN servers from AD. 2) Ping the list. 3) If there is a reply then try to connect to the SQL server using integrated authentication to query version and SQL instances.
If you are a Domain Admin, and if integrated authentication is enabled, you will get a lot of data this way. You will also find your AD to be littered by unused SPNs, which you can delete (see, for example instructions here).
If you run this from a desktop with Excel installed, you will have a nicely formatted log file. If no Excel is installed, you will have a tab delimited log.
Getting a list of the local administrators is a routine security task. A popular way to do this is with EnumLocalGroup.vbs, a script written by Richard Mueller. I found that this has some error handling issues, especially where you have the problem of a nested group which creates a recursion loop.
EnumAdmins.vbs is my version of this file. Enumeration failures are logged. It only runs locally.