DOCSLIB.ORG

How NOT to Piss Off an Itpro Aka How to Build Better Software for Windows

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
How NOT to Piss Off an Itpro Aka How to Build Better Software for Windows How NOT to piss off an ITPro aka How to Build Better Software for Windows Sami Laiho Senior Technical Fellow, MVP @samilaiho [email protected] #DevSum19 Sami Laiho Senior Technical Fellow adminize.com / Sulava • IT Admin since 1996 • MCT since 2001 • MVP in Windows OS since 2011 • Specializes in and trains: • Troubleshooting • Windows Internals • Security, Social Engineering, Auditing • Centralized Management, Active Directory • Trophies: • Ignite 2018 – Session #1 and #2 (out of 1708) ! • Best Speaker at NIC, Oslo 2016, 2017 and 2019 • Best External Speaker at Ignite 2017 • TechDays Sweden 2016, 2018 – Best Speaker • TechEd Europe and North America 2014 - Best session, Best speaker • TechEd Australia 2013 - Best session, Best speaker • TechEd Europe 2013 - Best Session by an external speaker I got Certs 1,2 kg of them @samilaiho If you are not on Twitter – get on Twitter! 70 Best hackers in the world invited (#36) • Super proud to be included in this book • All profits go to charity! • https://www.amazon.com/Tribe- Hackers-Cybersecurity-Advice- World/dp/1793464189 10 Deadly Sins of App Design By the Book - RTFM https://docs.microsoft.com/fi-fi/windows/desktop/win_cert/certification- requirements-for-windows-desktop-apps #1 Wrong use of Filesystem Executable Code and User Data should not be in the same location Mandatory Integrity Control WRITE-OPERATIONS S H MIC PROCESS A NTFS RESOURCE R SYSTEM E SYSTEM HIGH HIGH MEDIUM MEDIUM LOW LOW Location for code and data • Binary goes to • 64bit app → C:\Program Files • 32bit app → C:\Program Files (x86) • Data goes to: • All Users (Shared) → C:\ProgramData • Single user • Roaming data → C:\Users\”UserName”\AppData\Roaming • Not roaming, Medium integrity data → C:\Users\”UserName”\AppData\Local • Not roaming, Low integrity data → C:\Users\”UserName”\AppData\Local\Low Case of Windows Defender #2 Wrong use of Registry Registry • Computer wide: HKLM\Software • User specific: HKCU\Software • NOT HKLM\System ! #3 Wrong use of Services Service accounts and user rights • He/She can use three built in accounts 20 Avoid Custom Service Account Services have SIDs as well #4 Software Requires Admin Rights – NO IT DOES NOT! No excuses! NT 3.1 Security Guide • States that local admins have full access to computer. • It also says: ”in Windows there is no security if you run as admin” • Analysis of Microsoft “Patch Tuesday” Security Bulletins from 2015 • 85% of Critical Microsoft vulnerabilities would be mitigated by removing admin rights • 52% increase in the total volume of vulnerabilities compared to 2014 • Windows Server vulnerabilities • 429 vulnerabilities (304 in 2014) • 85% were found to be mitigated by the removal of admin rights 2016 Microsoft Vulnerabilities Study Key findings could be mitigated • Of the 189 vulnerabilities in 2016 • 100% of vulnerabilities in IE and with a Critical rating, 94% were Chrome could be mitigated by concluded to be mitigated by removing admin rights removing administrator rights • 99% of vulnerabilities affecting • 66% of all Microsoft vulnerabilities Microsoft Office could be mitigated reported in 2016 could be mitigated by removing admin rights by removing admin rights • 93% Critical vulnerabilities affecting • 100% of vulnerabilities impacting Windows 10 could be mitigated by Microsoft’s latest browser Edge removing admin rights Microsoft Vulnerabilities Report 2017 The 2017 report highlights the following key findings: • Removing admin rights would mitigate 80% of all Critical Microsoft vulnerabilities in 2017. • 95% of Critical vulnerabilities in Microsoft browsers can be mitigated by removing administrator rights. • Almost two thirds of all Critical vulnerabilities in Microsoft Office products are mitigated by removing admin rights. • Removing admin rights would mitigate almost 80% of Critical vulnerabilities in Windows 10 in 2017. • 88% of all Critical vulnerabilities reported by Microsoft over the last five years would have been mitigated by removing admin rights. Case of Shit-O-Meter #5 Not having an MSI We don’t care about anything but MSI or MSIX #6 Bad Uninstaller Not cleaning up properly Visual Studio 2015 adds 110000 registry entries #7 Incorrect use of Multimedia Processes For maximum battery life the current timer interval (which can be changed with timeBeginPeriod, or NtSetTimerResolution) should be 15.6 ms Case of PDF Creator / Google #8 Hating APPX / MSIX Application Isolation • Starting from Windows 8 the modern (later in Windows 10 called universal) apps are packaged in APPX-packages that allow the use of AppContainers LOW INTEGRITY C A A APP APP APP C CONTAINER P CONTAINER CONTAINER L A A C B L I L I T I E S Quote from Microsoft • “As you folks know my team owns *all* the deployment technologies at Microsoft. We are being quite clear – all investments are going into MSIX. This is why you saw MSIX AppAttach announced this week to enable WVD/RDP/VDI scenarios. AppAttach is there to make app distribution in a VDI environment significantly better but it is also there to be the replacement for App-V streaming in a VDI environment. Our goal is for there to be no reason not to move to MSIX from your current deployment tech. Of course Rome wasn’t built in a day so it’s a journey but it’s very important to let your customers know that MSIX is the future of app deployment and while App-V provides them tremendous value today there is no roadmap for App-V that doesn’t end up in MSIX. #9 Management Tools misunderstood https://cloudblogs.microsoft.com/windowsserver/2019/04/ 29/its-time-to-update-your-windows-management- strategy/ 39 Future of Management • Windows Admin Center https://docs.microsoft.com/en-us/windows- server/manage/windows-admin-center/overview • No MMC • No GUI on the server • Server 1809 → • Nano server • PowerShell is the only required management interface • But it’s nice to have a GUI as well as long as it’s remote ☺ • Admins need to manage from Privileged Access Workstations (PAW) • RDP is for “emergency use only” • https://blog.win-fu.com/2014/07/why-you-need-to-manage-your-gpos-from.html #10 Not Ready For Whitelisting Whitelisting • Do not change ACL’s on Program Files and Windows – DO NOT! • Don’t install in • the root of C:\ • C:\Users • C:\ProgramData • Anywhere outside of Program Files and Program Files (x86) • All binary needs to be signed, including DLLs • If you use scripts, those as well • Even more if you update your own binaries • Signing with a trusted cert! Whitelisting • Case of Teams or Slack • It is not an excuse to say that the provider of the platform hasn’t signed – You are responsible! • Don’t create binaries to Temp-folders – especially if they are not signed! Case of TeamViewer or Slack/Teams KIITOS JA ANTEEKSI! Thank you and I’m Sorry And…. Last but not least – don’t forget to evaluate this session in the DevSum app! #DevSum19 WANT MORE? • Come to my courses https://win-fu.com/ilt/! • Check out my videos at PluralSight! • Send me an email for a free pass! • Check out my personal video library at https://win-fu.com/dojo • Follow me on Twitter: @samilaiho • Blog, Slack: https://win-fu.com/ • Consulting? Email me at [email protected].
Load more

Recommended publications
  • Windows Server 2019 –The Big Change Has Come
    Windows Server 2019 – the big change has come Dr. Mike Jankowski - Lorek CQURE: Cloud Solutions & Security Expert CQURE Academy: Trainer [email protected] www.cqureacademy.com www.cqure.pl @MJL_PL @CQUREAcademy CONSULTING About CQURE • CQURE is a well-established company present on the market for 10 years! • Each CQURE Team Member has over 10 years of experience in the field of cybersecurity, some even more than 20. • Our Experts were granted access to Source Code of Windows – privilege given to just a few entities in the world. • We work all over the world and cooperate with small, medium and enterprise level companies, including governmental organizations. About CQURE Warsaw Zug New York Dubai About CQURE – Areas of Expertise Knowledge Sharing CQURE Cyber Lab Security Services and Consulting (Trainings and Conferences) Research & Development About CQURE – Consulting Penetration Testing Vulnerability Assessment Security Consulting Social Engineering Tests Personal Data Protection Audits Hardening Reverse Engineering Red Teaming GDPR Audits Implementations Security Code Review Migrations Optimalization Configuration Review Forensics and Incident Handling Services About CQURE – CQURE Academy Custom cybersecurity trainings for companies and teams Delivered on-site all over the world Pre-recorded or live webinars Open trainings hosted by our Partners in 13 countries About CQURE – Appearances About Me System, Software and Database Architect • Systems – AD, ADFS, PKI • Databases – MS SQL, Oracle • .Net Developer • Messaging and Communications – Exchange • Secure Software Development and Integration Deep backgroud in designing, merging, integrating processes for Core Microsoft Infrastructure Great experience in heterogeneous environment integrations Datamining, Machine Learning and Artificial Intelligence enthusiast Presentation . Please, say something about yourselves: . What do you do, and how it is related to attending this course .
    [Show full text]
  • Running SQL Server with High Availability on Thinkagile MX with Azure Stack HCI Stretched Cluster Feature
    Running SQL Server with High Availability on ThinkAgile MX with Azure Stack HCI Stretched Cluster Feature Last update: 06 April 2021 Version 1.0 Highlights benefits of Azure Presents a use case for Stack HCI stretched cluster for Lenovo ThinkAgile MX SQL Server high availability offerings configurations Includes deployment Contains detailed bill of information and best practices materials for servers Laurentiu Petre David West Vinay Kulkarni Table of Contents 1 Introduction ............................................................................................... 1 2 Busines value ............................................................................................ 2 3 Architectural overview Stretched Clusters ............................................ 4 4 Prerequisites for Azure Stack HCI Stretched cluster ............................ 6 5 Cluster creation and configuration with Windows Admin Center ........ 7 5.1 Cluster creation ........................................................................................................ 7 5.2 Cluster configuration ................................................................................................ 7 6 Architectural overview SQL Server high availability ............................. 8 7 Prerequisites for SQL Server high availability ....................................... 9 8 Appendix: Bill of Materials ..................................................................... 10 8.1 Server BOM ..........................................................................................................
    [Show full text]
  • Configure Microsoft Hyper-V Instances Using Windows Admin Center on Dell EMC Vxflex Integrated Rack and Appliance
    Technical Solution Brief Configure Microsoft Hyper-V instances using Windows Admin Center on Dell EMC VxFlex integrated rack and appliance Abstract Use of Windows Admin Center to configure Hyper-V instances on Dell EMC VxFlex integrated rack and appliance. February 2020 000065 Revisions Revisions Date Description February 2020 Initial release Acknowledgements This paper was produced by the following: Author: Swathi Nagaram Support: Kent Stevens The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license. Copyright © 2020 Dell Inc. or its subsidiaries. All Rights Reserved. Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners. [2/17/2020] [Techical Solution Brief] [000065] 2 Configure Microsoft Hyper-V instances using Windows Admin Center on Dell EMC VxFlex integrated rack and appliance | 000065 Table of contents Table of contents Revisions............................................................................................................................................................................. 2 Acknowledgements ............................................................................................................................................................
    [Show full text]
  • Lenovo Xclarity Integrator for Microsoft Windows Admin Center Release Notes
    Lenovo XClarity Integrator for Microsoft Windows Admin Center Release Notes Version 1.2.0 Note: Before using this information and the product it supports, read the information in Appendix A “Notices” on page 5. Fourth Edition (August 2019) © Copyright Lenovo 2018, 2019. Portions © Copyright IBM Corporation 1999,2014 LIMITED AND RESTRICTED RIGHTS NOTICE: If data or software is delivered pursuant to a General Services Administration (GSA) contract, use, reproduction, or disclosure is subject to restrictions set forth in Contract No. GS-35F- 05925. Contents About this publication . iii Chapter 2. Known limitations and Conventions and terminology . iii workarounds . 3 Web resources . iv Appendix A. Notices. 5 Chapter 1. What’s new in version Trademarks . 6 1.2.0 . 1 Important notes . 6 © Copyright Lenovo 2018, 2019 i ii Lenovo XClarity Integrator for Microsoft Windows Admin Center Release Notes About this publication These release notes provide the latest information about Lenovo® XClarity Integrator for Microsoft® Windows Admin Center. Conventions and terminology Paragraphs that start with a bold Note are notices with specific meanings that highlight key information. Note: These notices provide important tips, guidance, or advice. The following table describes some of the terms, acronyms, and abbreviations used in this document. Term, acronym, or abbreviation Definition Baseboard Management Controller (BMC) A specialized service processor that monitors the physical state of a computer, network server or other hardware device by using sensors, and by communicating with the system administrator. The BMC is a part of the Intelligent Platform Management Interface (IPMI), and is contained in the system board or the main circuit board of the device to be monitored.
    [Show full text]
  • Windows Admin Center System Requirements
    Windows Admin Center System Requirements Untypical Oleg scowl very responsibly while Anson remains unwatchful and trifocal. Paddie itinerating illegitimately? Tabor restaff improvingly while neurasthenic Halvard denuclearize aggravatingly or rile penally. Select use two. You will buy microsoft? Dvd media will be managed endpoints, which has limited access data has seen in some issues on an extended rights? In just wish lists? At any of windows admin job that the job titles seem relatively complex pricing structure can enter a strapped down to have? Guibased and require the requirements. It will be for desktop experience secured with, make an exhaustive information about chocolatey configuration can do with you install. Mfa is system admin center in its growing our blog is not be moved to help you stopped following two one you do that there, assuming you have? Ad related capabilities preinstalled on their view in intelligent solutions with windows admin center work against browser specific known server core or apart in. Windows Admin Center Preview 1909 Download Howtoedge. Was on ubuntu. Windows admin center navigation bar and windows system. Instead of hosting provider provides two one base language of memory for windows admin system center requirements and remove applications. This site below or more senior technical resources utilizing monitoring, add your needs as azure monitor servers are not apply, volume license it security? Manage windows admin center has less to develop, providing a service. Server insider program manager button, product that are available in the nominal fee upfront but are not done when switching, and use as a system admin center? Please enter your local user.
    [Show full text]
  • White Paper: Dell EMC Unity Storage with Microsoft Hyper-V
    Best Practices Dell EMC Unity Storage with Microsoft Hyper-V Hybrid and All-flash arrays Abstract This white paper provides best practices guidance for configuring Microsoft Hyper-V to perform optimally with Dell EMC Unity Hybrid and All-flash arrays. June 2021 Dell EMC Best Practices Revisions Revisions Date Description July 2017 Initial release for Dell EMC Unity OE version 4.2 October 2020 Remove reference to Dell EMC Storage Integrator (ESI) as it is end-of-life June 2021 Update for Dell EMC Unity OE version 5.1 Acknowledgments Author: Marty Glaser The information in this publication is provided “as is.” Dell Inc. makes no representations or warranties of any kind with respect to the information in this publication, and specifically disclaims implied warranties of merchantability or fitness for a particular purpose. Use, copying, and distribution of any software described in this publication requires an applicable software license. This document may contain certain words that are not consistent with Dell's current language guidelines. Dell plans to update the document over subsequent future releases to revise these words accordingly. This document may contain language from third party content that is not under Dell's control and is not consistent with Dell's current guidelines for Dell's own content. When such third party content is updated by the relevant third parties, this document will be revised accordingly. Copyright © 2017–2021 Dell Inc. or its subsidiaries. All Rights Reserved. Dell Technologies, Dell, EMC, Dell EMC and other trademarks are trademarks of Dell Inc. or its subsidiaries. Other trademarks may be trademarks of their respective owners.
    [Show full text]
  • Microsoft Software Solution Product Guide Product Guide
    Microsoft Software Solution Product Guide Product Guide Microsoft and Lenovo have been partners for over 25 years. Together we ensure that the latest Microsoft technologies work perfectly with Lenovo ThinkSystem infrastructure and ThinkAgile solutions to provide the most reliable, secure and high-performing datacenters for our customers. Built with proven Lenovo innovation, Lenovo ThinkSystem servers and ThinkAgile solutions extend Microsoft's operating systems, virtualization technologies, and infrastructure platforms so you can build a highly productive IT environment that can help your business achieve true innovation. Lenovo has proven experience in developing and delivering Microsoft-based solutions that help customers modernize and simplify their IT infrastructure to dramatically drive down operating costs and open the door to cutting-edge innovations. Built around the latest Lenovo ThinkSystem servers and networking hardware, the Lenovo solution with Microsoft provides businesses with an affordable, interoperable, and reliable industry-leading solution to manage their virtualized workloads. Did you know? Lenovo XClarity Integrator integrates Lenovo XClarity Administrator into Microsoft software, providing the functionality you need to manage Lenovo infrastructure right in the console of Microsoft software. Lenovo XClarity Administrator is a centralized resource management solution that reduces complexity, speeds up response, and enhances the availability of Lenovo ThinkSystem infrastructure and ThinkAgile solutions. Lenovo offers
    [Show full text]
  • Printer Friendly Version
    Documentation - Web Password Filler - 2.0.0 Table of Contents Web Password Filler 6 Getting Started 7 Enable Web Services in Secret Server 7 Installing Browser Extensions 8 Connecting with Secret Server 9 Login to Secret Server 11 Manually Logging into Secret Server with WPF 11 Logging into Secret Server via the WPF Secret Server Button 12 Settings Menu 13 Terminology 14 Secret Server Web Password Filler 14 Secret Server Login Assist 15 Secret Server Clipboard Utility 17 Native Messaging Host 18 Installing the Native Messaging Host 18 Download Location 18 Requirements 18 Supported Browsers 18 Installation 18 Registration 18 Uninstalling the Thycotic Native Messaging Host 19 Configuration Options 19 Establishing Default Settings and Browser-Specific Overrides 19 Settings.json Format 20 Site Exclusions and Exceptions 22 UI Behavior Based on Settings 23 Error Messages 23 Using WPF 25 Log in to a Website 25 Creating a Secret for a Website 26 Session Recording 28 Session Recording Limits 28 RegEx 28 Using RegEx in WPF 28 Setup in Secret Server 29 Incognito Support 33 Port Numbers 34 List of Primary and Secondary Domains 35 Logout of Secret Server 37 http://www.thycotic.com 3 Windows Admin Center Support 38 Using Web Password Filler with Microsoft Online Services 39 The Problem 39 What Is Going on? 39 Fixing the Issue When Creating the WPF Secret 40 Fixing the Issue After Having Saved the WPF Secret 41 Troubleshooting 42 Investigating WPF Issues 43 Confirm WPF Version 43 Identify the Browser 43 Site Information 43 Access to Site 43 What version
    [Show full text]
  • WAC Infographic 190816-02
    Reimagine server management with Windows Admin Center Now you can remotely manage Windows Server running anywhere—physical, virtual, on-premises, in Azure, or in a hosted environment. The tool, available with your Windows Server license at no additional charge, consolidates and reimagines Windows OS tools in a single, browser-based, graphical user interface. Streamline management tasks Visualize server Predict capacity needs performance Keep systems running Check server and cluster efficiently and plan for status and health in real capacity needs using the time, and perform System Insights feature. management tasks remotely. Apply updates Administer updates and patches across multiple servers. Windows Server 2019 Manage systems Windows Server 2016 Windows Server 2012 R2 Manage Windows Server Windows Server 2012 and Server Core instances, Resolve server issues Windows Server 2008 R2 Server Core failover clusters, hyper- Troubleshoot and configure servers and converged infrastructure, clusters, and migrate storage easily to a and Windows 10 PCs. newer version of Windows Server. Extend your on-premises environment with Azure integrations Back up servers Protect servers intelligently Back up data and virtual machines to 4 the most secure cloud in a few clicks. Use Azure Security Center to identify security issues Recommendations and vulnerabilities across Keep local files in sync your environment and with cloud view recommendations Centralize local files in Azure Files, 4 for improvements. then use Azure File Sync to sync local files to the cloud. Security alerts Maximize performance, availability Add network Configure disaster Collect, analyze, and act on security recovery logs and events from your Easily deploy a Azure and on-premises Easily replicate workloads point-to-site VPN environments with to protect your business- with Azure Network Azure Monitor.
    [Show full text]
  • QCT Deplyment Guide
    Build Scale out storage system by Windows Server 2019 Azure Stack HCI and QuantaPlex T21P-4U Deployment Guide Written by Bono Hsueh Last Update: 3/23/2020 Version: 1.3 Abstract Azure Stack HCI and Windows Server Software Defined (WSSD) Program are both invitation-only program by Microsoft in which solution providers design hyper- converged infrastructures with Windows Server technologies. After going through Microsoft’s validation and requirements, all the systems are pre- configured with certified components, tested and certified by QCT. Microsoft Cloud Ready Appliances integrate all of Microsoft Windows Server 2019 SDDC technologies—software-defined compute, storage and networking virtualization and security—into a hyper converged appliances and disaggregated appliances. This optimized modular appliance is easy to use, agile, scalable and cloud-ready platform from four nodes to sixteen nodes in the same cluster to handle a variety of virtualization workloads and to address current needs while preparing for future requirements. REVISIONS Version Date Description Authors 1.0 10/08/2019 First Publish Bono Hsueh 1.1 10/17/2019 Add Materials Bono Hsueh 1.2 10/24/2019 Add Materials Bono Hsueh 1.3 10/30/2019 Add Materials Bono Hsueh ~ 2 ~ CONTENTS Abstract ....................................................................................................... 1 REVISIONS ................................................................................................... 2 CONTENTS ..................................................................................................
    [Show full text]
  • Windows-Admin-Center
    aka.ms/WindowsAdminCenter Windows Admin Center Designed for you. Designed WITH YOU. To get a sneek peak of new features and help design the future of WAC, join our insiders group at: aka.ms/CloudInsiders​ Server management reimagined Complements existing management tools in your environment Drill-down to manage a single server or cluster for troubleshooting, configuration and maintenance Lighting up the platform Lightweight Management UI for new Windows Server 2019 features Small (~60MB) download, install in minutes, no agent Azure management services RSAT are available only through Windows Admin Center. installation required on target connections. Access Complements the born-in-the-cloud Continue to use Remote Server Administration Storage Migration Services, System Insights, from a modern browser. monitoring and management capabilities Tools for managing server roles and features. Software-Defined Networking and more. with per-server/per-cluster granular You can use Windows Admin Center instead of troubleshooting and configuration. RSAT to manage clusters, Hyper-V, Active Cloud/hybrid Directory, DNS, DHCP, IIS and more. Environments of any size Modern. Simple. Integrated The tools you know from Server Manager and MMC One consistent interface across tools, and different (Certificate Manager, Task Manager and more) are connection types including Windows Server, Azure System Center Remote Desktop refreshed and streamlined for your core tasks. Stack HCI clusters and more. Complements the large-scale monitoring Instead of remoting into a server via RDP and and management capabilities of System using traditional in-box tools like Server Center by providing an easy way to do Manager, you can manage servers remotely granular troubleshooting and configuration from a browser using Windows Admin Center.
    [Show full text]
  • Read the Brief
    OpenManage Integrations for Microsoft A family of integrations for greater visibility and control inEdge Microsoft Solutions environments – From the Edge to Everywhere Dell EMC provides a family of integrations for full-stack management in Microsoft environments. When installed and configured, OpenManage Integrations for Microsoft System Center and OpenMange Integration with Windows Admin Center enable native management of Dell EMC systems and solutions. These integrations provide visibility and control of hardware infrastructure, operating systems and virtual machines. OpenManage Integrations for Microsoft System Center OpenManage Integrations for Microsoft System Center support native management of PowerEdge servers and Dell EMC Solutions for Microsoft Azure Stack HCI. Console-based offerings are available for integration with Microsoft System Center Operations Manager, System Center Configuration Manager and System Center Virtual Machine Manager. Microsoft System Center Microsoft System Center Microsoft System Center Operations Manager Configuration Manager Virtual Machine Manager Discover, monitor - health and alert based to Auto discovery of PowerEdge servers - Dashboard, Auto-discovery, Dashboard view of PowerEdge server hosts predict and remediate failures Configuration, Deployment, Inventory, maintenance and Clusters - Dell EMC Solutions for Microsoft Azure Stack & updates HCI management Monitor PowerEdge servers, PowerEdge MX Automate server deployment and configuration with Automated server, cluster deployment and configuration
    [Show full text]