Following the WannaCry Ransomeware attack in 2017, Windows stopped supporting the SMB1 protocol – and along with it Windows hosts’ previous primary broadcast discovery mechanism. Since then, Linux hosts have mostly gone dark when it comes to sharing discoverable network shares with Windows network clients. However, Windows supports the Web Service Discovery (WSD) protocol. Ubuntu has added support for WSDD – and now you can easily do the same for any Linux distribution that supports Python.
Recently I’ve been updating the configuration of a bunch of personal servers to match the 2016 PCI requirements. One of the 2016 PCI requirements requires you to disable TLS 1.0 as it is now considered insecure. One of the problems with doing this of course is the fact that WebDeploy uses SSL and by default won’t allow connections and deployments to occur with TLS disabled. Luckily the fix is rather simple.
Today marks the official start to Microsoft’s TechEd Australia Conference on the sunny Queensland Gold Coast. With over 4 days of talks, product launch education, hands-on labs along with device and software manufacturers spruiking their wares, it is sure to be a great week – if you are around shoot me a tweet so that we can try and cross paths during the week.
When it comes to reviewing visitor site usage, server bandwidth usage, or forensic security investigations; IIS log files often hold the answers. Although as I'm sure you’re more than aware, gigantic text files can be hard to view let alone pull intelligence from. Investigating a website attack can be really daunting when looking at log files as an information source. In my previous post I covered a tool to help with Windows Security Logs. Lucky for us it’s just as awesome when dealing with huge IIS logs.
When bad things happen to either your website or your server you’re usually faced with a situation that either makes or breaks you. Much like having a good backup and restore plan, being able to filter and scan log files for what you need to help draw conclusions on how a situation occurred or by whom it was conducted, is an important part of your security plan. However if you have a heavily traffic’d website, network share or part of your file system and you’re doing a lot of logging, you probably have files the size of the moon to wade through, so making sense of them can be a nightmare.
Running Apache and IIS on the same web server might seem like sacrilege to some folks, but like a lot of things in life there is a time and a place for everything. I’ve overseen some quite successful deployments that have had the two running side by side on the same machine, and the flexibility that Apache can bring to an application as a value add can be really exciting. For both future keepsake and to share with all of you folk, here is a quick how-to guide so that all you have to do is follow the bouncing ball.
Jetbrains’ build server software TeamCity is an awesome product to get up and running with continuous integration and deployment, however with its ease of operation it leaves a few nice to have business features aside. One of these is Scheduled backup – and if there is anything that your career has probably taught you to date, it’s that when things break, having a backup is priceless.
These days IIS has so many bells and whistles installed that it can be hard to find the settings panel that does what you want it to do (or if you’re an IIS 5/6 guy like me you may just get lost in general some times). The one thing that is lacking as a feature in IIS is log file recycling. If you manage an IIS installation of any decent size, you’ll know first hand how quickly log files can fill up a server’s hard disk, and bring it to its knees if not managed properly – how do i take care of this?
By default Windows 2008 only allows a user one single session over RDP. While in some instances this can be quite handy, if like me, you have multiple developers working on a single server, your frustration from being randomly logged out by a colleague can come to the boil. Quick and easy solution.
A very quick one for today – There are times when you need to run alternative services on port 80 other than IIS. In instances like this it would seem logical that it simply requires two separate IP addresses and you’re done. IIS thinks your plans are shit, and says in it’s best Soup Nazi voice “No port 80 for you!”.
Microsoft was good to the people of interwebs land when they released IIS 7.5; The added functionality that allows you to map wildcard SSL certificates to multiple websites on a single IP really helps keep the need for IP address wastage down when running multiple SSL sites on multiple child sub domains. There a slight road block you need to look out for and that is the GUI itself.
Over the last few days I've had the pleasure (2… 3… noot) of installing Blackberry Enterprise Server on our new (6 months old) Exchange 2010 setup at work. Setting up the permissions using the Exchange Command Shell lead me to a problem that drove me absolutely insane. When applying Send-As permissions using the exchange command shell commands that RIM themselves have in their documentation, i hit a brick wall.
Microsoft’s Hyper V has really shaken the virtual machine industry up with it’s free virtualisation technology. The Hyper V/Virtual Server/Virtual PC product line is many things to many people, but as it is a growing technology, there are some things that the product can not do: Downsizing a VHD is one of those things – But there is an easy solution.
Another quick fix post for the day: In Windows 2008 R2 running IIS 7.5 an odd issue occurs when trying to view a PDF in Adobe Acrobat’s browser add-on. There appears to be a bug in Acrobat’s adherence to the RFC conventions, stopping your users from viewing PDFs in their browsers, and both sides’ responses are vague as hell. I’ll help you wade through the crap and get a working solution.
While recently setting up a new Exchange 2010 box is came across an issue where some users that had active synch enabled for their user account still couldn’t synch using their iPhones or Blackberries.
After my recent service roll-up for Exchange 2010 users who were homed on one of my servers where unable to set their out-of-office replies on. After some quick troubleshooting it would appear that the service roll-up had reset some of the permissions on some of my Exchange IIS virtual directories.
Under certain conditions there are times when you have a machine in your domain that you don’t want to update its DNS A records. These are usually edge cases however the need is still there. I needed to do this recently, so as they say on Law and Order in a robotic Stephen Hawking voice - “These are their stories”