Dalle & DXter » security

The TPM Status tool

Dalle — Mon, 02 Jan 2012 18:59:27 +0000

I wrote this tool for my friend DXter a year ago or so.
He did an presentation on bitlocker and wanted a tool that shows
TPM Information from inside Windows and with an GUI.

Now It’s a new year and I have been playing around with it and did some changes:

Bugfixes
Added my function Get-PingStatus

You need to run the script as Administrator!

You can download the tool here.

The tool is provided “as is”.

No related posts.

MBSA 2.1.1

Dalle — Mon, 09 Nov 2009 09:06:34 +0000

Microsoft released
Microsoft Baseline Security Analyzer 2.1.1 last week.

It can be downloaded here.

Technorati Tags: MBSA,Security

No related posts.

Stureplan hack

Dalle — Wed, 21 Oct 2009 08:28:04 +0000

Cool commercial for an event or a real hack?
You will never know

Technorati Tags: Security,Stureplan,Hack

No related posts.

Security levels

Dalle — Mon, 19 Oct 2009 11:26:22 +0000

Security levels for users PowerShell scripts?

Question
Wish options do I have If I want to be able to give my
Active Directory users the rights to run PowerShell scripts?

Answer
Built into PowerShell you have 4 different security levels
that you can apply on your users:

Unrestricted
If you chose unrestricted, you let your users run all PowerShell scripts.
This is the easiest way and the least safe way. In this case you will not
have any control of wish PowerShell scripts your users will run.

RemoteSigned
With the option RemoteSigned must all scripts that have been
downloaded from the internet been signed by a “trusted publisher”.
This will let your users create and run own scripts without sign all of them.

AllSigned
With the option AllSigned must all scripts be signed by a “trusted publisher”.
Users need to sign all of there own scripts with the companies certificate or another
certificate trusted by the company. This require a CA (Certificate Authority).

Restricted
This is the “default” or “Out of the box” setting.
No scripts can be run.

If you want to use these settings on your Active Directory you need to have your users
as users on there computers. On a user account with administrator privileges you only
need to open run and write “powershell.exe set-executionpolicy unrestricted” to be able to
run PowerShell scripts again.

You will find the same question and answer on the Swedish Microsoft TechNet – Experternas Arena.
I have an question/answer section about PowerShell there in Swedish.
http://technet.microsoft.com/sv-se/dd776332.aspx

Technorati Tags: Security,PowerShell,set-restrictionpolicy

No related posts.

Look at remote event log

Dalle — Tue, 29 Sep 2009 13:00:00 +0000

This script will look in the Security EventLog at machinenamefor EventId 680 and display the last 5.

$logs=[System.Diagnostics.EventLog]::GetEventlogs("machinename")
$app = $logs |? {$_.log -eq 'security'}
$myError = $app.entries | ? {$_.eventid -eq '680'}
$myError | Select-Object -Last 5

To look at the whole security log you can do like this:

$logs=[System.Diagnostics.EventLog]::GetEventlogs("machinename")
$app = $logs |? {$_.log -eq 'security'}
$app.entries

Last 10 events from the security log

$logs=[System.Diagnostics.EventLog]::GetEventlogs("machinename")$app = $logs |? {$_.log -eq 'security'}$app.entries | Select-Object –Last 10

Technorati Tags: PowerShell,Eventlog,Security

No related posts.

Updated FireFox 3.5 to 3.5.1

Dalle — Fri, 17 Jul 2009 07:25:35 +0000

Take the time to upgrade your FireFox 3.5 to 3.5.1 if you haven’t done it already.

Help –> Check for Updates…

http://www.mozilla.com/en-US/firefox/3.5.1/releasenotes/

No related posts.

Vulnerability in Microsoft Office PowerPoint

Dalle — Fri, 03 Apr 2009 21:37:22 +0000

Microsoft Security Advisory (969136)
Vulnerability in Microsoft Office PowerPoint Could Allow Remote Code Execution

The advisory can be found here.

Information about this from Microsoft Security Research & Defense can be found here.
Microsoft Security Response Center have posted information about it here.

More information can be found here:

Technorati-taggar: PowerPoint,Security,Vulnerability

No related posts.

Some weekend reading

Dalle — Fri, 03 Apr 2009 16:08:09 +0000

I have found two great articles about the MSHTM Host Security on
Microsoft Security & Research Blog.

They can be found here:
The MSHTML Host Security FAQ: Part I of II
The MSHTML Host Security FAQ: Part II of II

Technorati-taggar: Security,MSHTML Host

No related posts.

Hyper-V Security Guide

Dalle — Tue, 31 Mar 2009 07:44:45 +0000

Microsoft just released the Hyper-V security guide.
You can download it here, or read about it online here.

Chapter 1: Hardening Hyper-V This chapter provides prescriptive guidance
for hardening the Hyper-V role. It discusses several best practices for installing
and configuring Hyper-V on Windows Server 2008 server with a focus on security.
These best practices include measures for reducing the attack surface of a server
running Hyper-V and recommendations for properly configuring secure network
and storage devices.

Chapter 2: Delegating Virtual Machine Management This chapter discusses several
available methods for delegating virtual machine management so that virtual
machine administrators only have the minimum permissions they require.
It describes common delegation scenarios, and includes detailed steps to guide
you through using Authorization Manager (AzMan) and System Center Virtual Machine
Manager 2008 (VMM 2008) to separate virtual machine administrators from
virtualization host administrators.

Chapter 3: Protecting Virtual Machines This chapter provides prescriptive guidance
for securing virtual machine resources. It discusses best practices and includes
detailed steps for protecting virtual machines by using a combination of file
system permissions, encryption, and auditing. Also included are resources for
hardening and updating the operating system instances running within you
virtual machines.

Technorati-taggar: Hyper-V,security,guide

No related posts.