Securing zone levels in Internet Explorer

Managing and configuring Internet Explorer can be complicated. This is especially true when users meddle with the numerous settings it houses. Users may even unknowingly enable the execution of malicious codes. This highlights the importance of securing Internet Explorer.

In this blog, we’ll talk about restricting users from changing security settings, setting trusted sites, preventing them from changing security zone policies, adding or deleting sites from security zones, and removing the Security tab altogether to ensure that users have a secure environment when using their browser.

Restricting users from changing security settings

A security zone is a list of websites at the same security level. These zones can be thought of as invisible boundaries that prevent certain web-based applications from performing unauthorized actions. These zones easily provide the appropriate level of security for the various types of web content that users are likely to encounter. Usually, sites are added or removed from a zone depending on the functionality available to users on that particular site.

Continue reading “Securing zone levels in Internet Explorer” →

PowerShell: Export Active Directory Group Members

To accomplish this we can use PowerShell.

In this tutorial, I will walk through the steps for exporting group members to a csv file.

Let’s get started.

Step 1: Load the Active Directory Module

To connect and query an AD group with PowerShell the Active Directory module needs to be loaded.

The Active Directory module can be installed with the following methods:

• Having RSAT tools installed
• Windows Server 208 R2 and above with the AD DS or AD LDS server roles

You can run the following command to see if you have installed

Get-Module -Listavailable

Continue reading “PowerShell: Export Active Directory Group Members” →

Add Local intranet site via GPO

Add Local intranet via GPO

1. Prepare

– DC : Domain Controller (testdc.com)

– WINClient : Domain Member

 

2. Step by step guide :

Add Local intranet site via GPO

+ DC : Add the Website URL or IP https://testsite.com to Local intranet via GPO

– Server manager > Group Policy Management > Right click “Default Domain policy” : Edit

– User configuration > Policies > Administrative templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page > Site to Zone assignment list : Enable

Continue reading “Add Local intranet site via GPO” →

[PowerShell] Delete all files and folders but exclude a sub-folder

The -recurse switch does not work properly on Remove-Item. Better to use Get-Childitem.

Get-ChildItem -Path C:\TestFolder -Exclude SubFolder1,SubFolder2 | Remove-Item -Recurse -Force

5 Must-Have Features in a Data Loss Prevention (DLP) Solution

In today’s ever-emerging era of cyber-attacks and with the advent of potent hackers a good DLP solution is a must for every organization — big or small.

A Data Loss Prevention (DLP) solution is a security platform that prevents organization’s sensitive data destruction by continuous monitoring and security policy implementation to protect sensitive data at all times.

However, there are numerous solutions out in the market, creating a problem: how to pick the best solution per requirements? The best “DLP Solution” is the one that fits the company’s requirements and offers a set of industry-standard features as well.

That said, what are those features?

---

Let’s check them out.

Continue reading “5 Must-Have Features in a Data Loss Prevention (DLP) Solution” →

How to Configure sources.list on Linux Debian 9

This is a brief guide on how to configure sources.list file on Debian 9, codenamed stretch. Debian is one of the, most popular Linux distributions and much of its strength comes from the core of Debian package management – apt. Everything in Debian, be it an application or any other component – is built into a package, and then that package is installed onto your system (either by the Installer or by you).

Continue reading “How to Configure sources.list on Linux Debian 9” →

Patch Tuesday

Details on Microsoft’s security updates.

 

Patch Tuesday is the name given to the day each month that Microsoft releases security and other patches for their operating systems and other software.

Patch Tuesday is always the second Tuesday of each month and more recently is being referred to as Update Tuesday.

Non-security updates to Microsoft Office tend to occur on the first Tuesday of each month and firmware updates for Microsoft’s Surface devices on the third Tuesday of every month.

 

NOTE : Most Windows users will experience more of a Patch Wednesday because they’re prompted to install, or notice the installation of, the updates downloaded via Windows Update on Tuesday night or Wednesday morning.

Continue reading “Patch Tuesday” →

How to disable IP auto-configuration in server

If you add a static IP in a core server, you may see that the auto-configuration is on and giving a 169.0.0.0 number as the preferred address and the new static IP as the duplicate address. This will not work. When using a Core server, use the following steps to fix the issue.

 

Step 1: Run > cmd > ipconfig /all

Continue reading “How to disable IP auto-configuration in server” →

How to enable ‘Windows Sandbox’ on Windows 10

ISOLATION FOR UNTRUSTED APPS

You can now run untrusted apps in isolation with Windows Sandbox, and here’s how to use enable the feature.

On Windows 10, “Windows Sandbox” is a lightweight isolated environment available starting with the May 2019 Update to test untrusted applications without affecting your device.

Sandbox works just like a virtual machine using Microsoft’s hypervisor and hardware virtualization to run a separate kernel that isolates a Windows Sandbox session from the host. Basically, it’s a tiny installation of Windows 10 (around 100MB in size) enough to install and run untrusted classic applications isolated from the main installation.

According to the company, Windows Sandbox is also very efficient as it uses integrated kernel scheduler, smart memory management, and virtual graphics, and it’s disposable. Once you finish using the app, the sandbox gets deleted, which means that every time you start the feature, you’ll start with a clean install of Windows 10.

In this guide, you’ll learn the steps to enable Windows Sandbox available with the Windows 10 May 2019 Update.

How to enable Windows Sandbox on Windows 10

To enable “Windows Sandbox” to run untrusted applications, use these steps:

• Open Start
• Search for Turn Windows features on or off and click the top result to open the experience.

Check the Windows Sandbox option.

Continue reading “How to enable ‘Windows Sandbox’ on Windows 10” →

IIS: Disappearing SSL Certificate Problem Resolved

I followed the many different articles outlining how to import SSL certificates into IIS exactly and everything worked great except for the fact that when I navigated away from the Server Certificates window, the certificate would disappear. I could see the certificate in the server’s Personal Certificate Store using MMC (Microsoft Management Console) but it wouldn’t show up in IIS.

My problem was that the certificate that I was trying to import only contained the public key and not the private. For decryption to work correctly, the server obviously needs to have both the public and the private key. To resolve the problem I created the needed PKCS #12 Certificate File following the steps outlined here, and then clicked on the Import link (not the Complete Certificate Request… link) in the Server Certificates window in IIS.

Continue reading “IIS: Disappearing SSL Certificate Problem Resolved” →