December 15, 2014

Another two annoying admin quests

   Today I will share problem decisions connected with Visio Viewer and WinDjvu.

   Let's start with Visio. I had to install Visio Viewer on client computers, and one of them while opening visio schemes showed blank IE tab with red cross. After googling I found that register key (HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{279D6C9A-652E-4833-BEFC-312CA8887857}) removal gave sufficient result.

   Another problem happened while right-click on file took place. First of all I thought that AV check took a long time, but after using procmon I understood that there was no check after first time. Some time I spent on russian forums and found out a good piece of advice. If you know russian you can check this.
In brief I made several steps to achieve my goal:
1. I found register key HKEY_CLASSES_ROOT\ Applications.
2. I opened each key with "name_programm.dll" and "name_programm.exe".
3. If nothing was encapsulated in these keys I searched for empty string parameter "NoOpenWith". If parameter was absent, I created it manually.
4.  If something was encapsulated, I went down till "command" subkey was found. I checked the path which was written in default key.
5. I found that WinDjvu tried to find something on server, which was replaced a year ago. I deleted this key from the beginning "WinDjvu.exe".
6. Happy users - calm admin!

December 9, 2014

Ntfrs failure

   Three days ago I found a warning in Ntfrs log of domain controller based on Windows Server 2008 R2 SP1. I had two domain controllers - one virtual and one physical. Event ID was 13508 and its' description was:
"The File Replication Service is having trouble enabling replication from <server 1 name> to <server 2 name> for c:\winnt\sysvol\domain; retrying".
   I found several decisions here. Editing register from the most popular advice gave no result, because BurFlags Value Name after restarting became 0 again. I read this on Microsoft web site in knowledge base. So I created on DC with PDC in c:\sysvol\domain folder a file NTFRS_CMD_FILE_MOVE_ROOT without extension. Then restarted ntfrs. After that I restarted ntfrs on another DC.
   Everything became fine in frs replication, but on PDC I found NETLOGON error 5706 with description: "The Netlogon service could not create server share. The following error occurred: The filename, directory name, or volume label syntax is incorrect". I went to eventid and found a link to MS knowledge base. I stopped netlogon service and added 2 register keys, one was already created (SysVol), after creation another (DBFlag) I started netlogon and error went away.

October 26, 2014

Microsoft Word "problematic feature".

   Today I'm going to tell some words about interesting bug, which I found in MS Word. After googling I found a post in social technet which described my situation and explanation that this was a feature not a bug since Office 2003.

   Situation is quite simple, I tried to open a document which was created using a template from a folder on server. Opening took about 30 seconds. So it was not good. I found out that if I switched off a network connection, this document had opened immediately.

   Well, I started a search and found a path to template in a folder on old server. I marked this field by red oval.



   I changed it on a current template in actual folder on new server and got rid of this problem for this particular file. Luckly, this problem was on one computer and unfortunately there were a lot of files to change.

   I decided to follow MS advice and created a full path on this computer with every folder as it was on old server. But the problem with server name left unresolved. First, I decided to create an entry in hosts file but it didn't work. Then I understood that I need to create a CNAME in DNS with association between old server name and name of this machine. Finally, the problem has gone!

June 27, 2014

NIST 800-188

   Today I'm going to say some words about NIST 800-188 "Guide to enterprise password management". Before this I read about Firewall and secure virtualization.  Well, I found these standards quite useful, because of their ability to systematize information connected with specific information security theme. Unfortunately, in these standards I didn't find any new information. Maybe, the reason is  that a lot of corporate security instruments use in their methodology NIST basics.
   Let's come back to NIST about password management. Shortly, this standard consists of intro, chapter about threats against passwords and password management. As always in intro you can find all necessary definitions and brief description of further chapters.
   Threats centered around capturing, transmission and cracking. Speaking about capturing I would like to mention interesting thing about caching passwords in swap and while hibernation. I don't hear about special utilities which can clean memory swap and hibernation file. Also there were a lot of researches connected with recovering passwords from such places (eForensics magazine, for example). 
   Transmission attacks are divided in two groups: sniffing and replay attacks. From my point of view, nowadays only one authentication protocol can be widely used in corporate networks "ou-of-box" - Kerberos. It has a lot of advantages, such as ticket granting system, strong crypto protocols. Authors of NIST also give their preferencesto this authentication protocol, because you can use it in your Windows environment, also with Heimdal Kerberos. Thank you, MIT))
   Cracking part is devoted to different well-known techniques, such as brute force, dictionary attack and rainbow tables. Nowadays, from my point of view, password cracking fully depends on computing power. Good salted passwords can make this type of attack ineffective. 
   As far as passwords are mentioned, we can find in NIST information about, what a good password is. From my point of view, you should find happy medium between strength and employee's ability to remember such passwords. The main rule is that length is much more vital than complexity. That's why password phrases are quite useful.
   Management recommendations give a piece of advice about using SSO (Single Sign On) where it is possible. Using of master passwords also has disadvantages, but it is transparent to user and easy to remember.
   In conclusion, I can advice to read this standard only to check your corporate password policy or if you are new to password protection theme.