Archive for the ‘Windows 8’ Category

Microsoft’s Private Cloud

June 12, 2013

1010186_10151466636803803_2132385697_n

Just attended a conference; Microsoft’s Private Cloud which was an extension in regards to the TechEd 2013 event; the  Microsoft’s Premiere Event for IT Professionals & Enterprise Developers held from 3- 6 June 2013 at LA USA based on the new developments in Microsoft’s Private Cloud. So whats new? Well these are the new developments.

– R2 releases for Windows Server 2012 and System Center 2012 instead of going towards service packs.

– Azure comming to SQL as SQL Azure.

– SQL Server 2014 release.

– Concept of Hybrid Cloud was much emphasized. Utilization of services from a private cloud plus reservations in the Public Cloud as well. But then why would I let my datacenter invest in a 2-tier solution; didn’t understood that.

– Windows Intune now avaliable for Pakistan region.

– Full focus in integrating other virtualization platforms rather than sticking to Microsoft centric approach.

– Windows 8.1 release.

 

 

Advertisements

HTTPS sites not loading in Windows 8

December 17, 2012

While I am still in the process of tweaking my Windows 8 workstation; apparently Microsoft has decided to block websites that have SSL certificates with keys that are less than 1024 bits.

Untitled

Evidently this not only an issue with Windows 8 (which I presumed) but rather a development with IE 8 and beyond. For the Windows 7; Microsoft did released a patch. While in Windows 8 (thanks to the forums) I did the following work around to get the sites load in the default IE10 provided with Windows 8.

  • Run command prompt with administrator privileges.
  • Execute the following commands

certutil -setreg chain\minRSAPubKeyBitLength 512

–          This will set the minimum allowed key length to 512 bits rather than 1024 bits.

certutil -setreg chain\EnableWeakSignatureFlags 8

–          This flag will not enforce blocking of keys with length less than 1024 bits.

certutil -setreg chain\WeakSignatureLogDir “c:\Under1024KeyLog”

–          This is required when you set the flag described in the previous command to 8. All the keys with length less than 1024 bits will be written to this folder. (Though I have to admit I haven’t found this folder physically :\)

CertUtil

  • After giving my Windows a restart; things started working for me!

Microsoft Knowledge Bases: 2661254, 813444 .

Remote Server Administration Tools for Windows 8

December 16, 2012

Windows-8-Logo

I remember that installing the Remote Server Administration Tools (RSAT) on Windows 7 was installing a simple patch. But doing the same for my Windows 8; nothing happened! There were no tools available; no DSA.MSC, no DHCPMGMT.MSC. And I was getting fed up of taking RDP’s of the servers.

After googling around I did found the solution. The problem was with my language pack. I dont know why Windows 8 media are only released with English-Great Britain pack while the generic tools are dependent on the English-United Stated language pack. So here is how I came around those problems.

1. Download the language pack for Windows 8. You can download it from MSDN but that not free. So get yourself a subscription or find any other way 😉

2. Once downloaded;  Open the RUN prompt and type lpksetup.exe

Lpk

 

3. Click Install display languages.

01

4. Browse to your language pack media and select the EN-US LP (language pack) and click OK. Click Install then.

02

5. Once done; download the RSAT for Windows 8 from their download center;  yes this is free :p

6. Extract the .MSU using WinRar or any other tool you prefer. You will need the .CAB file which will appear after you extract the .MSU contents.

7. Open the Windows Power Shell with administrator privileges.

8. Execute the following command.

Add-WindowsPackage -PackagePath 'C:\Windows6.2-KB2693643-x84.cab' -Online -LogPath RSAT.log 

I placed the .CAB file on my C Root for easy access. Just use the TAB key and find your way to it. In my case I had a 32-Bit OS. Once done you will have a nice set of icons like these in your start menu.

RSAT

Hopefully this time you will get your RSA tools 😉 Not more RDP’s for me!

Thanks to IT Pro Powershell for a reference blog on this issue 🙂

Dot Net Framework 3.5 on Windows 8

December 16, 2012

Windows Power ShellAfter migrating to Windows 8; Some of my old applications were not able to execute due to non-availability of Dot Net Framework 3.5. Dot Net Framework 4.0 is provided with Windows 8 but downloading the standalone installer version of 3.5 was not possible (Even the standalone version tries to connect to the Internet; And in many cases that failed too which I came to know of some blogs online.)

But did you knew that Framework 3.5 can be directly installed on Windows 8 provided you have the DVD\ISO of Windows 8. If you have that then its just a command from the power shell and you are done. Here is it how it can be done.

 

1. Mount the Windows 8 DVD\ISO.

2. Open the Windows Power Shell with Administrator privileges.

3. Execute the following command (You DVD Driver letter as X):

Enable-WindowsOptionalFeature -Online -FeatureName 'NetFx3' -Source 'X:\sources\sxs'

And voila; you are done.

Recovering a stolen USB Drive

October 4, 2012

Am feeling all CSI at the moment! Yesterday; I got involved in an investigation of a USB mass storage device theft. The clue I had at start was the Windows 7 machine from which the device was stolen and a CCTV camera. The video from the CCTV wasn’t much helpful without any supporting evidence from the machine hence my only resort was to dig deep into the machine’s OS and get to some conclusion.

I did what anyone would have done; checking out the event viewer. Unfortunately no such logs about USB devices are recorded there. So I resorted to some Googling.  Once again I owe one to the immense help available out there online on forums and blogs; you can just find any solution these days!  What I did found was that a USB device when plugged into a machine; leaves all kind of traces. These traces includes time stamps, vendor & product ID’s, serial numbers, product make\model etc. Of all these what more internal to forensics is the time stamps! and getting them accurate is the key to get some productivity out of the homework.

I found two really great utilities that helped me in ending the case. USBDeview by Nirsoft and Windows USB Storage Parser by TZWorks LLC. Of these two USBDeview is simple and more efficient and I will tell you here why.

So getting to homework! First get to know your machines and devices well.

Get to know which USB devices are used on a machine

You can get to know by going into the Registry Editor and checking out  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\USBSTOR. This is what you will get.

As from the snap shot you can see; there are a total of three devices used on this machine with the serial numbers mentioned under the product names. Serial numbers are unique and will give you a head start.

USBDeview

So now I know the device, and mapped the serial number as well. I then used a simple utility USBDeview to get the information I required.  The great thing this utility is that It also shows you the details\time stamps etc from the previous dates.

This very efficiently shows the complete details in nicely sorted columns. The important entry that helped me a lot here is the  Last Plus\Unplug time stamp.

Windows USB Storage Parser

This is another great command line tool. This tool will tell you about the different USB devices used on a machine, their vendor\product ID’s along with serial numbers and time stamps. But most important of all this will also tell you the “account name” that mounted the USB device which can really help in forensics.

As you can see in the snap shot above, its pretty well self explanatory. What missing from there is the unmounts event time stamp. That why I mentioned earlier in this blog that the USBDeview holds its ground pretty well and gives us a combined plus\unplug time stamp. This is what helped me in nailing the case.

So to complete the investigating, and to further cement my findings; I used these tools on the suspect’s machine as well and bingo!!! It was all filled up with familiar traces! I rested my case 🙂 !!!


%d bloggers like this: