Oct 06
In today’s digital landscape, securing remote access to systems is paramount. One effective method to enhance security is by configuring Remote Desktop Services (RDS) to limit the number of connections, thereby blocking access to the console session via Remote Desktop Protocol (RDP). Here’s a step-by-step guide on how to achieve this using Group Policy. Step-by-Step …
Jan 14
Yesterday, January 13th an unintentional impact was triggered by a pattern update (1.381.2140.0) to users that had the ASR rule “Block Win32 API calls from Office macro” set to block mode. The impact was hard to miss, shortcuts pinned to taskbar & in the start menu went missing. The best thing to do was change …
Oct 14
On Windows 10/11 when memory integrity cannot be switched on due to incompatible drivers, you can use pnputil.exe to remove the affected OEM drivers Open Windows Security Select Device Security Select the Core isolation details Set the slider to ON to enable core isolation If any incompatible (old) drivers are on the system, you will …
May 03
In part 1 I wrote about the use of multiple engines at once for 1 file, now let’s see how to quickly check a device for malware using the same technology. The VirusTotal service has an api interface & can be used scripted. Sysinternals a must have toolset for every ITPro has integrated the service …
May 01
Most IT-Pro’s I talk to on this topic have the same answer when it comes to catching a possible virus on a machine. Important steps to take: Remove the device from the corp network Scan the device with the ‘favorite’ antivirus product If the step above fails to find it, use another antivirus/antimalware product ….. …
Oct 17
Example: Outlook Auth => Needs Password over & over again or, very fast auth screen pop-up disappears without successful authentication In settings /Accounts /Email & Accounts/Accounts used by other apps/ adding a work or school account does not work In settings / System /Shared experiences the fix button doesn’t work C:\Users\%username%\AppData\Local\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Is empty or corrupted FIX …
May 31
Microsoft released a patch for XP/2003 to 7/2008R2 two weeks ago, patching a vulnerability in the RDP protocol, leaving this one unpatched has the potential of becoming an issue of Wannacry proportions. https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/
