Posts

Oct 31
Security Breach at Lewisburg Area School District

Lewisburg Area School District officials discovered this week that someone got into a data file with all that private information about students.

Buffalo Valley Regional Police say there is a suspect and he is a student in the Lewisburg Area School District. District officials would not confirm if the student has been suspended. But the superintendent says the suspect no longer has access to school computers or to the school network.

Parents with children in the Lewisburg Area School District learned this week there was a significant computer security breach within the district. School officials say an internal file was accessed earlier this month, and students' addresses, phone numbers and social security numbers were accessed.

"Well it was alarming to see that there was a security breach," Trey Casimir said.

The superintendent said there are close to 2,000 students in the Lewisburg Area School District and 2/3 of those students had their information compromised. That's more than 1,300 students.​

The Buffalo Valley Regional Police, along with the FBI are investigating. They say that so far there's no evidence that any of the social security numbers have been used illegally. Authorities say they have a suspect and they say he is a student in the Lewisburg Area School District. School officials say the suspect no longer has access to the school's network or computers.

http://wnep.com/2014/10/30/security-breach-at-lewisburg-area-school-district/​​​

Sep 17
Installing New SCCM CA on IIS 7

IIS7.jpg

1.Open the IIS manager console

2. Click on the server name

3. Click Server Certificates

4. Right Click and select Create Domain Certificate

5. Complete all the needed information and select your certificate store server. Make sure you use the FQDN for the server in the Common Name section.

6. Right Click on Default Web Site

7. Click edit Bindings

8. click on edit for https then select your newly issued certificate

9. You do not need to reboot the server or restart IIS.​


Sep 16
How to Fix Temporary Profile Issue in Windows 7

windows-7.jpg

1. Log in with temp profile.

2. Start registry editor by typing regedit in find box of Windows 7.

3. Navigate the following location.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

4. You will see similar keys under profile list, but one with .bak

5. The key with .bak is for the correct old profile. Currently your Windows 7 computer logged in with fresh (temporary) profile with same key. So, rename the new profile key ( which is not having.bak) and remove .bak from correct profile key.

6. Log off and log in (or restart) with your user name and password. You must get your correct profile with icons and profile settings back in Windows 7


Sep 15
Could not start the Automatic Updates Error 0×80004015

windowsupdate-150x150.jpg

Fix: Could not start the Automatic Updates service on Local Computer. Error 0×80004015: The class is configured to run as a security id different from the caller

Issue: Automatic Updates (AU) service will not start attempting to start the service manually results in the following error on a Windows XP SP3 machine:

Could not start the Automatic Updates service on Local Computer.  Error 0×80004015: The class is configured to run as a security id different from the caller

Solution

From a command prompt re-register the Automatic Updates dll by running:

regsvr32 /u wuaueng.dll

regsvr32 wuaueng.dll

Change the Automatic Updates service startup from to Automatic if this is not done already.  The Automatic Updates service should now start on its own on reboot.  Make sure Background Intelligent Transfer Service (BITS) and Windows Management Instrumentation (WMI) are both set to Automatic as well before reboot.  Sometimes if this happens as a result of a virus you will need to adjust those settings.​


Sep 14
Using Task Scheduler to schedule the computer to shut down and restart at a specific time

task-sedqualer-264x300.png

  1. Click Start, Run and type control schedtasks
  2. Double-click Add Scheduled Task. The Scheduled Task Wizard starts.
  3. Click Next.
  4. Under Click the program you want Windows to run, click Browse.
  5. In the Select Program to Schedule dialog box, locate the %SystemRoot%System32 folder, locate and click the Shutdown.exe file, and then click Open.
  6. Under Perform this task, specify a name for the task and how frequently you want this task to run, and then click Next.
  7. Under Select the time and day you want this task to start, specify a start time and date for the task, and then click Next.
  8. Type the user name and password to run this task under, and then click Next.
  9. Click to select the Open advanced properties for this task when I click Finish check box, and then click Finish.
  10. Click the Task tab. In the Run box, specify any additional parameters that you want to use with Shutdown.exe. Click OK.

Important: In the 10th step, you need to add the parameters for the Shutdown.exe command.

To immediately shutdown the system (0 second timeout), the command-line would be:
shutdown.exe -s -t 00

To reboot the system immediately, this command:
shutdown.exe -r -t 00

For additional help, type Shutdown /? at the Command Prompt. Scheduling the Shutdown.exe without any parameters will not help. It will just execute with a exit code 0 (success)​


Sep 10
Home Depot Confirms Security Breach

home-depot.jpg

On Monday Home Depot confirmed they had a breach in security and that customer payment data that occur at its stores puts millions of its customers could be at risk of fraud.

Customers who shopped at the home improvement chain in the U.S. and Canada since April may be affected. The retailer said they are working to determine the full scope of the breach but as of now there is no evidence that PIN numbers for debit cards were compromised.

“We want you to know that we have now confirmed that those systems have in fact been breached, which could potentially impact any customer that has used their payment card at our U.S. and Canadian stores, from April forward,” the company said in a statement posted to its website. “We do not have any evidence that the breach has impacted stores in Mexico or customers who shopped online at HomeDepot.com.”

Over the past few months, arts and crafts retail chain Michaels Stores, department store Neiman Marcus, Sally Beauty Supply, and restaurant chain P.F. Chang’s and Dairy Queen revealed they were victims of security breaches aimed at stealing customers’ credit card information.​


Sep 10
Enable Remote Desktop on UAG Server

ForefrontUAG2010.png

1. Open the TMG MMC

2. right click on the <Firewall Policy> in the left nav.

3. In the drop down click “All tasks”

4. Then click “System Policy”

5. Click “Edit system policy”

6. In the system policy Click “Remote Management”, “Terminal Server”

7. On the “General” tab check the check box to enable that group. Click OK, Apply, and OK again.

8. You will need to add your client machine to the Remote Management Computers or Enterprise Remote Management Computers group.

9. You should take out the access policy you added.

10. Now hit the Apply settings so UAG can add the settings


Sep 10
Install .NET Framework 1.1 on X64 Systems

dot-net-framework.png

This works on Vista and Windows 7.

 To install .Net 1.1 and SP1 into Vista or Win7 (32 or 64 bit).

Create a new folder named DotNet in C: drive (C:DotNet is used in this guide, you can change to any folder you prefer, but ensure that you use correct path in the following steps).
Download Microsoft .NET Framework 1.1 Redistributable Package(dotnetfx.exe ). Make sure the setup file is saved as dotnetfx.exe .
Download Microsoft .NET Framework 1.1 Service Pack 1 (NDP1.1sp1-KB867460-X86.exe ). Make sure that the file is renamed and saved asdotnetfxsp1.exe , so that the rest of the steps can be followed easily.
Move both installation files into the same directory (i.e. C:DotNet), if you’re not saving them together.
Open command prompt as Administrator .
Change to the directory where the two installation setup files for .NET 1.1 are saved (i.e. C:DotNet).
Run the following commands one by one, press Enter after each one.
dotnetfx.exe /c:”msiexec.exe /a netfx.msi TARGETDIR=C:DotNet”
Then click on “Yes” when prompted to answer “would you like to install Microsoft .NET Framework 1.1. Package?”
dotnetfxsp1.exe /Xp:C:DotNetnetfxsp.msp
msiexec.exe /a c:DotNetnetfx.msi /p c:DotNetnetfxsp.msp
Install Microsoft .Net Framework 1.1 with slipstreamed/integrated Service Pack 1 by running netfx.msi created in the working folder.​



Sep 10
Repair Windows WMI

wmiimage.jpg

There are a few different methods to try when it comes to repairing a corrupt WMI (Windows Management Interface)

1. Open Up a Command Prompt

If running Windows Vista or Windows 7 you need to Run The Command Prompt As Administrator.  Right click the Command Prompt and then click Run as administrator.

2. Type this command and press Enter net stop winmgmt

3. Using Windows Explorer rename the folder C:WindowsSystem32WbemRepository to C:WindowsSystem32WbemRepository.old

4. Type this command and press Enter net start winmgmt

5. Restart the computer

The second method to try is

1. Open Up a Command Prompt

If running Windows Vista or Windows 7 you need to Run The Command Prompt As Administrator.  Right click the Command Prompt and then click Run as administrator.

2. Type this command and press Enter

rundll32 wbemupgd, UpgradeRepository

This command is used to detect and repair a corrupted WMI Repository. The results are stored in the setup.log

C:Windowssystem32wbemlogssetup.log

3. Restart the computer

The second method to try is

1. Type this command and press Enter

winmgmt /salvagerepository

2. Restart the computer​



Sep 10
Add File and Folder Exclusions to Forefront Endpoint Protection 2012

forefront-logo-300x83.jpg

To exclude files and folders from malware scans

In the Client Security console, create or edit a policy. For details about how to create or edit a policy, see Creating, editing, copying, and deleting policies.
In the New Policy or Edit Policy dialog box, click the Advanced tab.
Under Exclusions from malware scans and immediately to the right of the File and folder paths box, click Add. The Exclude Path dialog box appears.
Enter the full path to a file or folder you want to exclude. Note the following:
File and folder exclusions are enforced only at the exact locations you specify in the policy. If the file or folder you specify exists in a different location on a client computer than the location you specified in the policy, the file or folder is not excluded from scans on the client computer.
You can use environment variables, such as %SYSTEMDRIVE%, to specify paths. For example:%SYSTEMDRIVE%\cdb.exeIf the variable does not exist on a client computer, Client Security cannot correctly enforce the exclusion.
Client Security does not scan the subfolders of an excluded folder.
Click OK, and then click OK to close the Exclude Path dialog box.

Continue adding exclusions, as needed.
After you finish creating or editing the policy, click OK.
To apply the policy to client computers, you must deploy the policy. For information about deploying a policy, see Deploying and undeploying policies.
To exclude file types from malware scans

In the Client Security console, create or edit a policy. For details about how to create or edit a policy, see Creating, editing, copying, and deleting policies.
In the New Policy or Edit Policy dialog box, click the Advanced tab.
Under Exclusions from malware scans and immediately to the right of the Extensions box, click Add. The Exclude Extension dialog box appears.
Type the extension of the file type you want to exclude, and then click OK.
Continue adding file type exclusions, as needed.
After you finish creating or editing the policy, click OK.
To apply the policy to client computers, you must deploy the policy. For information about deploying a policy, see Deploying and undeploying policies.
To remove exclusions from malware scans

In the Client Security console, create or edit a policy. For details about how to create or edit a policy, see Creating, editing, copying, and deleting policies.
In the New Policy or Edit Policy dialog box, click the Advanced tab.
Under Exclusions from malware scans, in either the File and folder paths box or the Extensions box, select the exclusion you want to remove.
Immediately to the right of the box containing the selected exclusion, click Remove.
Continue removing file type exclusions, as needed.
After you finish creating or editing the policy, click OK.
To apply the policy to client computers, you must deploy the policy. For information about deploying a policy, see Deploying and undeploying policies.​


1 - 10Next