DOCSLIB.ORG

12 Microsoft Hot Spots to Watch in 2012

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Foley: 12 Microsoft Hot Spots to Watch in 2012 JANUARY 2012 VOL. 18 NO. 1 REDMONDMAG.COM Steve Ballmer’s potential replacement, best exec fi ghts, products that changed tech forever: Redmond editors lay out lists that IT pros shouldn’t miss. + A Look at BeyondTrust PowerBroker Desktops DLP Solve Active Directory Disasters BETTER BUSINESS INTELLIGENCE AT A BETTER PRICE UP TO 72% LESS Untitled-8 2 6/15/10 3:19 PM S Turn your raw data into a powerful strategic advantage with Business Intelligence solutions from DellTM and Microsoft®—and do it for up to 72% less per terabyte than the competition.* Built on industry standards, Microsoft® SQL Server® 2008 R2 systems from Dell are designed to speed implementations, lower risk, and reduce complexity—all while delivering the best price-for-performance in the industry. SIMPLIFY YOUR IT AT DELL.COM/SQLBI * 72% claim based upon a comparison of list prices of typical Business Intelligence off erings from leading hardware manufacturers versus Dell/Microsoft combined off erings. Benchmarked systems confi gured with 4-5 TB of data storage, database application software, and Business Intelligence analytic software. Dell is a trademark of Dell Inc. ©2010 Dell Inc. All rights reserved. Untitled-8 3 6/15/10 3:20 PM Redmond The Independent Voice of the Microsoft IT CommunityContentsJANUARY 2012 COVER STORY REDMOND REPORT 9 IT Awaits Release of SQL Server 2012 Microsoft changed how its upcoming database management system will be packaged, while also rolling out release candidate software. COLUMNS 6 Barney’s Rubble: Doug Barney The Privacy Is Dead List Issue To start 2012, we’re offering numbered thoughts from our cleverest minds on where Microsoft and IT have been and are going. Page 16 FEATURES 24 How To Fix 29 Decision Maker: AD Disasters Don Jones Spotting Active Directory Space to Watch: problems isn’t necessarily Runbook Automation simple, but it can help avoid a 30 Windows Insider: catastrophe. These tales of AD Greg Shields disasters come from real-life situations and should serve as 12 New Year’s Resolutions instruction—and perhaps a for 2012 warning—to IT pros. REVIEWS 32 Foley on Microsoft: Product Review Mary Jo Foley 12 PowerBroker Desktops DLP 12 Microsoft Hot Buttons Safeguards Sensitive Information for 2012 The BeyondTrust application is great for putting fi les on lockdown and preventing data leakage. ALSO IN THIS ISSUE 4 Redmondmag.com | 8 [email protected] COVER IMAGE BY RYAN ETTER Web Content Management Software Put your website at the center of your digital marketing strategy. www.sitecore.net Untitled-2 1 10/28/11 1:07 PM Redmondmag.com JANUARY 2012 VisualStudioMagazine.com Posey’s Book Review: Code First EF Tips & Tricks ohn Papa takes a sneak preview at Julie Lerman and Rowan JMiller’s new book, “Programming Entity Framework Code Be sure to check out seven- First” (O’Reilly), which was released in December. time Microsoft MVP and Brien M. Posey Noting that Lerman’s fi rst book was just too robust (800 pages) regular Redmond contributor for him and how busy he is, this second book is just the ticket: Brien M. Posey’s online-only column. “I work on a number of things at a time and with the depth Twice monthly he share’s his best-kept of Lerman’s fi rst book, it just wasn’t targeted for a guy like me. secrets on how to keep your network However, her new book is a nearly perfect fi t for me. It’s fewer in top-notch shape. You can access all than 200 pages, eight chapters and has zero fl uff . I read this book in an after- of his columns at Redmondmag.com/ noon and found it fast-moving yet very informative.” PoseyTips. But if you’re just getting your feet wet with Entity Framework, Papa points out that this isn’t the book for you; Lerman’s fi rst book (that 800 pound Getting Ready to Test-Drive Windows 8 behemoth) should be your fi rst stop. VisualStudioMagazine.com/EFBook After covering Windows Server 8, Posey installs his Developer Preview MCPmag.com (pre-beta) version of the client OS to take a look at what’s to come in the Alternate Alternate next Microsoft OS release. Credentials in PowerShell Redmondmag.com/PoseyA0112 eff ery Hicks, aka Professor PowerShell, takes a look at how Merging Contacts in Outlook Jyou can use PowerShell to specify a set of alternate Jeff ery Hicks credentials when you don’t want to use the GUI. However, he Finding mulitple entries for the same does provide one last bit of advice to readers: contact? Tired of sifting through all “I hope it goes without saying that you should never hardcode user names the duplicates? Follow Posey’s step- and passwords in your scripts. I might bend a bit on a username, but never a by-step instructions and merge your password. Security issues aside, when you change the account password you Outlook contacts in a snap. Redmondmag.com/PoseyB0112 need to remember to revise your script. The better approach is to let the user specify a username and password via parameters or command-line prompts.” MCPmag.com/Hicks0112 ID STATEMENT Redmond (ISSN 1553-7560) is published monthly by 1105 Media, Inc., 9201 Oakdale Avenue, Ste. 101, Chatsworth, CA 91311. Periodicals postage paid at Chatsworth, CA 91311-9998, and at additional mailing offi ces. What Are Complimentary subscriptions are sent to qualifying subscribers. Annual subscription rates payable in U.S. funds for non- qualifi ed subscribers are: U.S. $39.95, International $64.95. Subscription inquiries, back issue requests, and address FindIT Codes? changes: Mail to: Redmond, P.O. Box 2166, Skokie, IL 60076-7866, email [email protected] or call (866) 293- 3194 for U.S. & Canada; (847) 763-9560 for International, fax (847) 763-9564. POSTMASTER: Send address changes What we once called FindIT to Redmond, P.O. Box 2166, Skokie, IL 60076-7866. Canada Publications Mail Agreement No: 40612608. Return Unde- codes are now easy URLs. You’ll liverable Canadian Addresses to Circulation Dept. or XPO Returns: P.O. Box 201, Richmond Hill, ON L4B 4R5, Canada. COPYRIGHT STATEMENT © Copyright 2012 by 1105 Media, Inc. All rights reserved. Printed in the U.S.A. Reproductions see these embedded throughout in whole or part prohibited except by written permission. Mail requests to “Permissions Editor,” c/o Redmond, 4 Venture, Redmond so you can access any Suite 150, Irvine, CA 92618. LEGAL DISCLAIMER The information in this magazine has not undergone any formal testing by 1105 Media, Inc. and is distributed without any warranty expressed or implied. Implementation or use of any additional information quickly. information contained herein is the reader’s sole responsibility. While the information has been reviewed for accuracy, Simply type in Redmondmag.com/ there is no guarantee that the same or similar results may be achieved in all environments. Technical inaccuracies may result from printing errors and/or new developments in the industry. CORPORATE ADDRESS 1105 Media, 9201 Oakdale followed by the FindIT code into Ave. Ste 101, Chatsworth, CA 91311 www.1105media.com MEDIA KITS Direct your Media Kit requests to Matt Morollo, VP your URL address fi eld. (Note that Publishing, 508-532-1418 (phone), 508-875-6622 (fax), [email protected] REPRINTS For single article reprints all URLs do not have any spaces, (in minimum quantities of 250-500), e-prints, plaques and posters contact: PARS International Phone: 212-221-9595. E- mail: [email protected]. www.magreprints.com/QuickQuote.asp LIST RENTAL This publication’s subscriber list, and they are not case-sensitive.) as well as other lists from 1105 Media, Inc., is available for rental. For more information, please contact our list manager, Merit Direct. Phone: 914-368-1000; E-mail: [email protected]; Web: www.meritdirect.com/1105 4 | January 2012 | Redmond | Redmondmag.com | DPM’s Missing Piece Now available for DPM 2012! DeduplicaƟ on & Compression The BridgeSTOR DeduplicaƟ on Technology for MicrosoŌ DPM combines industry-proven advanced data reducƟ on technology with high performance to reduce DPM data 35% to 60%, producing eī ecƟ ve virtual capacity that is 1.5:1 to 2.5:1 Ɵ mes the physical capacity. BridgeSTOR Appliances BridgeSTOR AOS Appliances for MicrosoŌ DPM combine hardware accelerated data deduplicaƟ on, compression and opƟ onal encrypƟ on to deliver in-line capacity opƟ mizaƟ on with an impercepƟ ble eī ect on performance, responsiveness and the user experience. BridgeSTOR ReducƟ on Cards DeduplicaƟ on Cards for DPM extend BridgeSTOR’s strategy by oī ering transparent data deduplicaƟ on, compression and opƟ onal encrypƟ on as card-and-soŌ ware soluƟ ons for new and exisƟ ng MicrosoŌ Windows Server 2008 R2, 64-bit systems. Sign up for a free webinar to learn more: www.bridgestor.com/signup www.bridgestor.com 1.800.280.8204 Untitled-1 1 12/5/11 11:12 AM Barney’sRubble by Doug Barney Redmond THE INDEPENDENT VOICE OF THE MICROSOFT IT COMMUNITY REDMONDMAG.COM JANUARY 2012 ■ VOL. 18 ■ NO. 1 Editorial Staff Editor in Chief Doug Barney Executive Editor, Features Lee Pender Editor at Large Jeff rey Schwartz Privacy Is Dead Managing Editor Wendy Gonchar Associate Managing Editor Katrina Carrasco Contributing Editors Mary Jo Foley don’t look in my kids’ dressers, go on their Facebook Don Jones Greg Shields accounts, and I have to be forced to look in my gal’s pock- Art Staff Creative Director Scott Shultz Art Director Brad Zerbel etbook to get the car keys. Technology companies are less Senior Graphic Designer Alan Tao I Production Staff Director, Print Production Jenny Hernandez-Asandas reticent.
Recommended publications
  • (12) Patent Application Publication (10) Pub. No.: US 2008/0103921 A1 CELLA Et Al

    (12) Patent Application Publication (10) Pub. No.: US 2008/0103921 A1 CELLA Et Al

    US 20080 103921A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2008/0103921 A1 CELLA et al. (43) Pub. Date: May 1, 2008 (54) CONTINGENCY-BASED OPTIONS AND (60) Provisional application No. 60/137,310, filed on Jun. FUTURES FOR CONTINGENT TRAVEL 3, 1999. ACCOMMODATIONS Publication Classification (76) Inventors: Charles H. CELLA, Pembroke, MA (US); Edward J. KELLY, Wellesley, (51) Int. Cl. MA (US); Matthew P. VINCENT, G06Q 30/00 (2006.01) Georgetown, MA (US) (52) U.S. Cl. ................................................................ 705/26 Correspondence Address: STRATEGIC PATENTS P.C.. (57) ABSTRACT CFO PORTFOLIOP P.O. BOX S2OSO MINNEAPOLIS, MN 55402 (US) Disclosed herein is a system for allowing a remote user to purchase, over a distributed computer network (e.g., the (21) Appl. No.: 11/875,368 Internet), an option for a ticket and/or accommodations for a contingent event', e.g., an event which is certain to occur (22) Filed: Oct. 19, 2007 but for which the participants, content and/or location(s) are Related U.S. Application Data not predetermined. For instance, the Subject system can be used to sell options for the purchase of tickets to such (63) Continuation of application No. 09/586,723, filed on contingent events such as playoff games on the basis of what Jun. 5, 2000. teams qualify, or all-star game. 282 Y 294 292 HOTEL DINING 290 TRANSPORTATION 288 284 3O4 TICKET OTHER GOODS RENTAL LOCAL CAR ATTRACTIONS OTHER SERVICES Patent Application Publication May 1, 2008 Sheet 1 of 10 US 2008/O103921 A1 to 1 O2 1 O2 1 O2 BUYER BUYER BUYER N7 10 HOST PROVIDER > 104 108 Fig.
  • Page 1 of 2 KB296944

    Page 1 of 2 KB296944

    KB296944 - HOW TO: Use File Replication Service File and Folder Filters in Windows 2000 Page 1 of 2 Knowledge Base HOW TO: Use File Replication Service File and Folder Filters in Windows 2000 PSS ID Number: 296944 Article Last Modified on 10/28/2003 The information in this article applies to: l Microsoft Windows 2000 Server l Microsoft Windows 2000 Advanced Server This article was previously published under Q296944 IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base: 256986 Description of the Microsoft Windows Registry IN THIS TASK l SUMMARY l ¡ Overview ¡ Using Dfs File and Folder Filters ¡ Setting the File and Folder Filters on an FRS Replica in Active Directory ¡ n Setting Filters for Sysvol n Setting Filters for Dfs Replicas ¡ Using Registry Entries SUMMARY This article describes how to use file and folder filters for content that is replicated by the File Replication service (FRS). FRS is a multithreaded, multiple-master replication engine that replaces the LAN Manager Replication (LMREPL) service in Microsoft Windows NT versions 3.x and 4.0. Windows 2000-based domain controllers and servers use FRS to replicate system policies and logon scripts for Windows 2000-based and earlier clients. FRS can also replicate content between Windows 2000-based servers that host the same fault-tolerant distributed file system (Dfs) roots or child node replicas.
  • Windows Poster 20-12-2013 V3

    Windows Poster 20-12-2013 V3

    Microsoft® Discover the Open Specifications technical documents you need for your interoperability solutions. To obtain these technical documents, go to the Open Specifications Interactive Tiles: open specifications poster © 2012-2014 Microsoft Corporation. All rights reserved. http://msdn.microsoft.com/openspecifications/jj128107 Component Object Model (COM+) Technical Documentation Technical Documentation Presentation Layer Services Technical Documentation Component Object Model Plus (COM+) Event System Protocol Active Directory Protocols Overview Open Data Protocol (OData) Transport Layer Security (TLS) Profile Windows System Overview Component Object Model Plus (COM+) Protocol Active Directory Lightweight Directory Services Schema WCF-Based Encrypted Server Administration and Notification Protocol Session Layer Services Windows Protocols Overview Component Object Model Plus (COM+) Queued Components Protocol Active Directory Schema Attributes A-L Distributed Component Object Model (DCOM) Remote Protocol Windows Overview Application Component Object Model Plus (COM+) Remote Administration Protocol Directory Active Directory Schema Attributes M General HomeGroup Protocol Supplemental Shared Abstract Data Model Elements Component Object Model Plus (COM+) Tracker Service Protocol Active Directory Schema Attributes N-Z Peer Name Resolution Protocol (PNRP) Version 4.0 Windows Data Types Services General Application Services Services Active Directory Schema Classes Services Peer-to-Peer Graphing Protocol Documents Windows Error Codes ASP.NET
  • Windows Server 2008 and Windows Vista Ebook

    Windows Server 2008 and Windows Vista Ebook

    ● ● ● ● ● ● ● ● ● ● ● How to access your CD files The print edition of this book includes a CD. To access the CD files, go to http://aka.ms/625143/files, and look for the Downloads tab. Note: Use a desktop web browser, as files may not be accessible from all ereader devices. Questions? Please contact: [email protected] Microsoft Press PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2008 by Derek Melber All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Control Number: 2008920568 Printed and bound in the United States of America. 1 2 3 4 5 6 7 8 9 QWT 3 2 1 0 9 8 Distributed in Canada by H.B. Fenn and Company Ltd. A CIP catalogue record for this book is available from the British Library. Microsoft Press books are available through booksellers and distributors worldwide. For further infor- mation about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to [email protected]. Microsoft, Microsoft Press, Active Desktop, Active Directory, ActiveX, BitLocker, Excel, FrontPage, HotStart, InfoPath, Internet Explorer, NetMeeting, OneNote, Outlook, PowerPoint, SideShow, Visio, Visual Basic, Visual Studio, Windows, Windows Live, Windows Media, Windows NT, Windows PowerShell, Windows Server, and Windows Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
  • The Linux Kernel Hidden Inside Windows 10

    The Linux Kernel Hidden Inside Windows 10

    GAINING VISIBILITY INTO LINUX BINARIES ON WINDOWS: DEFEND AND UNDERSTAND WSL BLUEHAT 2016 ALEX IONESCU @AIONESCU BIO Vice President of EDR Strategy at CrowdStrike, a security startup Previously worked at Apple on iOS Core Platform Team Co-author of Windows Internals 5th, 6th and now 7th Edition Reverse engineering NT since 2000 – lead kernel developer on ReactOS Project Instructor of worldwide Windows Internals classes Conference speaking: • BlueHat 2016, Infiltrate 2015 • Blackhat 2016, 2015, 2013, 2008 • SyScan 2015-2012, NoSuchCon 2014-2013, Breakpoint 2012 • Recon 2016-2010, 2006 For more info, see www.alex-ionescu.com and www.windows-internals.com INTRODUCTION • I have been analyzing WSL since its first inception as “Astoria” and “Arcadia” • Based on Microsoft Research “DrawBridge” Project • Achieved arbitrary ELF binary execution in January 2016 – no WSL installed (Redstone 1 Preview) • Discovered multiple design issues that would allow malicious users to abuse/exploit the subsystem • Presented at BlackHat 2016 after most of the issues had been fixed in Anniversary Update • “Optionality” of subsystem was now enforced (driver no longer present by default at boot) • Protected Process boundary added to driver/subsystem, and Pico processes are isolated too • Some visibility issues addressed (SeLocateProcessImageName no longer returns NULL, for example) • Many more visibility issues exist • New challenges and features which can negatively impact security are coming in Redstone 2 • Aka RS2 aka “Creator’s Update” aka 1703 DESIGN ISSUES
  • The OS/2 Warp 4 CID Software Distribution Guide

    The OS/2 Warp 4 CID Software Distribution Guide

    SG24-2010-00 International Technical Support Organization The OS/2 Warp 4 CID Software Distribution Guide January 1998 Take Note! Before using this information and the product it supports, be sure to read the general information in Appendix D, “Special Notices” on page 513. First Edition (January 1998) This edition applies to OS/2 Warp 4 in a software distribution environment and to NetView Distribution Manager/2 (NVDM/2) with Database 2 (DB2) Version 2.11 for OS/2 and Tivoli TME 10 Software Distribution 3.1.3 for OS/2 (SD4OS2) software distribution managers. This edition also applies to OS/2 Warp 4 subcomponents, such as TCP/IP 4.0, MPTS, NetFinity 4.0, Peer Services, and LAN Distance, and to OS/2- related products, such as eNetwork Personal Communications for OS/2 Warp, eNetwork Communications Server for OS/2 Warp, Transaction Server, Lotus Notes, and Lotus SmartStuite 96 for OS/2 Warp. Comments may be addressed to: IBM Corporation, International Technical Support Organization Dept. DHHB Building 045 Internal Zip 2834 11400 Burnet Road Austin, Texas 78758-3493 When you send information to IBM, you grant IBM a non-exclusive right to use or distribute the information in any way it believes appropriate without incurring any obligation to you. © Copyright International Business Machines Corporation 1998. All rights reserved Note to U.S Government Users – Documentation related to restricted rights – Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp. Contents Figures. .xiii Tables. xvii Preface. .xix How This Redbook in Organized .
  • Windows Server Firewall Configuration

    Windows Server Firewall Configuration

    Windows Server Firewall Configuration • Windows Server Firewall, page 1 • Cisco Firewall Configuration Utility Prerequisites, page 2 • Run Cisco Firewall Configuration Utility, page 2 • Verify New Windows Firewall Settings, page 3 • Windows Server Firewall Communication with Active Directory, page 4 • CiscoICMfwConfig_exc.xml File, page 7 • Windows Firewall Troubleshooting, page 8 Windows Server Firewall Windows Server 2008 R2 includes Windows Firewall. Windows Firewall is a stateful host firewall that drops all unsolicited incoming traffic. This behavior of Windows Firewall provides some protection from malicious users and programs that use unsolicited incoming traffic to attack computers. More information can be found in the Microsoft Windows Firewall Operations Guide at http:// technet.microsoft.com/en-us/library/cc739696(WS.10).aspx. If you are using IPsec, consult the Microsoft TechNet article, Managing IPSec and Multicast Settings, at http:/ /technet.microsoft.com/en-us/library/cc779589(WS.10).aspx. Note Windows Firewall is disabled by default on systems that have been upgraded to SP1. Systems that have a new installation of Windows Server 2008 R2 have Windows Firewall enabled by default. When you enable Windows Firewall on your servers, open all ports that the Unified ICM/Unified CCE components require. Cisco provides a utility to automatically allow all traffic from Unified ICM/Unified CCE applications on a Windows Server 2008 R2. Additionally, the utility can open ports for common third-party applications used in the Unified ICM/Unified CCE environment. The script reads the list of ports in the file %SYSTEMDRIVE%\CiscoUtils\FirewallConfig\CiscoICMfwConfig_exc.xml and uses the directive contained therein to modify the firewall settings.
  • RSA Envision™ Windows Agentless Collection Troubleshooting

    RSA Envision™ Windows Agentless Collection Troubleshooting

    RSA enVision™ Windows Agentless Collection Troubleshooting Copyright © 1996 - 2007 RSA Security Inc. enVision, Enterprise Dashboard, and Internet Protocol Database (IPDB) are trademarks of RSA Security Inc. LogSmart is a registered trademark of RSA Security Inc. All other trademarks, service marks, registered trademarks, registered service marks mentioned in this document are the property of their respective owners. Information in this document is subject to change without notice. The software described in this document is furnished under a license agreement or nondisclosure agreement. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of RSA Security Inc. RSA Security Inc. 200 Lowder Brook Drive, Suite 2000 Westwood, MA 02090 U.S.A. 781.375.9000 Windows Agentless Collection Troubleshooting Overview of Windows Collection Process The NIC Windows Service allows the envision system to retrieve Windows logs from remote Windows systems without installing any third-party software (agentless Windows). You can also use third-party Windows collection applications to collect the Windows events. See Envision Help for third-party windows collection The NIC Windows Service converts these messages into syslog events and sends them via shared memory to the NIC Collector Service. The NIC Windows Service tracks which events were read by event log type and by system so that old log information is not re-polled. By default, the NIC Windows Service polls 3 NIC log files types (Application, System, Security,) (Directory Service, DNS Server, File Replication Service are available but not set as a default).
  • Offline Assessment for Active Directory Services

    Offline Assessment for Active Directory Services

    Offline Assessment for Active Directory Prerequisites How to prepare for your Offline Assessment for Active Directory. The Tools machine is used to connect to each of your Domain Controllers (DCs) and retrieve information from them, communicating over Remote Procedure Call (RPC), Server Message Block (SMB), Lightweight Directory Access Protocol (LDAP) and Distributed Component Object Model (DCOM). All data collection and analysis is done locally Once the data is collected and the survey answered, the Offline Assessment tool will analyze on the tools machine. the data locally. At a high level, your steps to success are: No data is transported 1. Install prerequisites on your Tools machine and configure your environment outside your 2. Run discovery and prerequisites checks Active Directory 3. Collect data from your DCs environment to help 4. Complete the survey protect your A checklist of prerequisite actions follows. Each item links to any additional software required data. Your data is for the Tools machine, and detailed steps included later in this document. analyzed using our RAP expert system that is part of the Offline Checklist Assessment client. Please ensure the following items have been completed before starting your engagement. 1. General Use Internet connectivity is needed to: A Microsoft Account is required to activate and sign in to the portal to download the toolset. Activate your account If you don’t have one already, you can create one at http://login.live.com To learn more about Microsoft Accounts, see: http://windows.microsoft.com/en-US/ Download the windows-live/sign-in-what-is-microsoft-account toolset Ensure access to https://services.premier.microsoft.com This document was last updated October 04, 2016.
  • A Records, 244–245, 279 -A Switch in Nbtstat, 190 in Netstat, 186 AAS Deployment Package, 710 .Aas Extension, 712 Abstract

    A Records, 244–245, 279 -A Switch in Nbtstat, 190 in Netstat, 186 AAS Deployment Package, 710 .Aas Extension, 712 Abstract

    22_InsideWin_Index 13/3/03 9:50 AM Page 1269 Index A A records, 244–245, 279 ACEs (Access Control Entries) -a switch access masks in, 568–570 in Nbtstat, 190 command-line tools for, 572–576 in Netstat, 186 for cumulative permissions, 577 AAS deployment package, 710 for deny permissions, 578 .aas extension, 712 inheritance in, 579–580, 725–728 Abstract classes, 299–300 object ownership in, 572 Accelerated Graphics Port (AGP) adapters, 164 viewing and modifying, 570–571 Access Control Entries. See ACEs (Access ACKs in DHCP, 101–102 Control Entries) ACL Editor, 570, 723 Access control lists (ACLs) Advanced view in Active Directory security, 732–734 for inheritance, 578, 581 objects in, 339 for ownership, 572 in security descriptors, 559 for special permissions, 723–724 Access Control Settings window, 728 Edit view, 725–726 Access masks for permissions inheritance, 578 in ACEs, 568–570 blocking, 579 in DSOs, 733 settings for, 581 Access requests in Kerberos, 621 viewings, 582 Access rights. See also Permissions ACLs (access control lists) in Active Directory security in Active Directory security, 732–734 delegation, 729–732 objects in, 339 types of, 724–725 in security descriptors, 559 for group policies, 682 ACPI (Advanced Configuration and Power Access tokens Interface) contents of, 560–561 compatibility of, 23–28, 148–149 local, 559 kernel version for, 135 SIDs in, 559, 561, 581 for PnP,17, 147–149 ACCM (Asynchronous-Control- ACPIEnable option, 149 Character-Map), 1124 Activation Account domain upgrades, 496–498 in IA64, 130 BDC, 494–496 in installation, 49–50 PDC, 490–493 unattended setup scripts for, 95 Account lockout policies Active Directory, 238 in domain design, 429 bulk imports and exports in, 353–356 in password security, 593–594 DNS deployment in, 242–243 Account logons, auditing, 647 DNS integration in, 238–239 Account management, auditing, 511, 648 dynamic updates, 244–245 Accounts in domain migration.
  • Basics of Windows OS for Reverse Engineering Malware

    Basics of Windows OS for Reverse Engineering Malware

    Basics of Windows OS for Reverse Engineering Malware Protecting the irreplaceable | f-secure.com Copyright F-Secure 2010. All rights reserved. Applications on Windows 2 February 18, 2013 Copyright F-Secure 2010. All rights reserved. Executable Format • Object files and executables follow the PE (Portable Executable) file format • Full specification available online • http://www.microsoft.com/whdc/system/platform/ firmware/PECOFF.mspx • Best viewed with your hex editor (HT) or specialized PE viewer (PEBrowsePro ->) 3 February 18, 2013 Copyright F-Secure 2010. All rights reserved. Windows Executables • Filename extension hints to the executable type • EXE = executable application, anything from a DOS executable to 64-bit Windows applications • DLL = Dynamic link library, a set of callable routines compiled together as a loadable file • SYS = Driver • OBJ = Object file, input to the linker • Note that Windows does not really care much about the file extension • You can execute application.jpg just fine • All of these follow the PE/COFF specification • APPX is used for Windows 8 Windows Store apps • Not a PE, but a ZIP archive with all application contents inside 4 February 18, 2013 Copyright F-Secure 2010. All rights reserved. Windows API • Windows API (aka. Win32 API) is the interface to the operating system for applications • Exposed by a set of system libraries: kernel32.dll, user32.dll, … • Windows 7 refactored the system libraries (“MinWin”) so you will see e.g. kernelbase.dll • On 64-bit, because of 32-bit compatibilty, c:\windows\syswow64 contains another set of libraries • Several subcategories • Administration and management (WMI, …) • Diagnostics (event logging, …) • Networking • Security • System services (processes, threads, registry…) • MSDN is the reverse engineers best friend for Windows binaries • http://msdn2.microsoft.com/en-us/library/default.aspx 5 February 18, 2013 Copyright F-Secure 2010.
  • Microsoft Windows Common Criteria Evaluation Security Target

    Microsoft Windows Common Criteria Evaluation Security Target

    Microsoft Common Criteria Security Target Microsoft Windows Common Criteria Evaluation Microsoft Windows 10 (Fall Creators Update) Microsoft Windows Server (Fall Creators Update) Security Target Document Information Version Number 0.04 Updated On March 23, 2018 Microsoft © 2018 Page 1 of 104 Microsoft Common Criteria Security Target Version History Version Date Summary of changes 0.01 January 27, 2018 Initial draft 0.02 February 24, 2018 Updates from security target evaluation 0.03 March 23, 2018 Updates from assurance activity evaluation 0.04 April 19, 2018 Prepared copy for publication Microsoft © 2018 Page 2 of 104 Microsoft Common Criteria Security Target This is a preliminary document and may be changed substantially prior to final commercial release of the software described herein. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. This work is licensed under the Creative Commons Attribution-NoDerivs- NonCommercial License (which allows redistribution of the work). To view a copy of this license, visit http://creativecommons.org/licenses/by-nd-nc/1.0/ or send a letter to Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.