We have gone over the GPO settings for BitLocker recently and now we are going to cover the actual configuration of BitLocker on the computer itself.  There are two ways, the GUI way, or the CLI way.  Today we will focus on the CLI method.  There is one command that allows you to manage BitLocker via the CLI and that is ...

We posted an article earlier about configuration settings in BitLocker. We covered most of the tabs from the GPO configuration settings. If you investigated the BitLocker Administrative Template you may noticed a final configuration you can adjust. This is the ''Configure TPM Platform validation profiles''   This GPO ...

TLA reader Drew Dressler saw the instructions posted on this site on  using a Windows CA to generate and SSL certificate for an Apache webserver.  He has another method he wanted to share that he uses to do the same thing.  These instructions assume you have apache 2.x running on a linux box with 2.6 kernel or later with ...

One of the security features within Windows Vista that is not evident is file system virtualization.  This type of virtualization allows an application a silo'd virtual store where it can read and write to without compromising the system.  Let's say you have an appication that attempts to write to System32.  Instead ...

So you are out late, had a few pints, get home and the next day you realize you lost your Windows Mobile 5 device.  Well you can call your mobile carrier and have them freeze the account but that won't get rid of your contacts, email messages and other information on the device.  Luckily you can perform a remote wipe via Outlook Web ...

There are quite a few organizations that have their infrastrucutre running on Windows yet the web presence runs on Apache.  This site once ran on Apache as well but I used my Windows CA to create an SSL certificate for the server.  Someone asked me how to do this and here is how! On the Linux server open up a terminal and run the ...

BitLocker is one of the hot new security features in Windows Vista Enterprise and Ultimate editions.  It allows you to enable full volume encryption on the system drive (C:\) to protect your data in case you lose your notebook.  In order to use BitLocker you need a TPM 1.2 chip on the motherboard of the system.  This is because the ...

Every once in a while Microsoft does something that causes admins all over to sigh FINALLY, Access Based Enumeration (ABE) is one such feature. New to Windows Server 2003 is the ability to install a small add-on that delivers what Novell and *Nix admins have had forever; the ability to hide files or folders that the user has no rights to access. ...

Part of securing your Windows network environment is securing your desktops. Part of securing your desktops, is securing the local administrator account on said desktops. Best practice for this, is to assign the local admin account a strong password, rename the account, and disable it, however doing this by hand on a dozen desktops is cumbersome, ...

Virtual Server 2005 is a powerful virtualization tool. One of my favourite features is the web based administration of the server and the virtual machines. As with any web facing application SSL encryption is important, and with Virtual Server 2005, it is a snap to configure. There are two different SSL configurations required for Virtual Server ...

Encrypted File System (EFS) is a feature built into Windows 2000, XP and 2003 that allows users to securely encrypt files and folders. You can increase this level of security in Windows XP and 2003 by implementing a more secure encryption algorithm. By default, Windows 2000, XP and Server 2003 use the DESX algorithm to encrypt data in EFS. Windows ...

Encrypted File System (EFS) is a secure way to encrypt files and folders on your workstation (or server). EFS is pretty much uncrackable due to the way files are encrypted. EFS encryption keys are generated on the fly to encrypt the file. The File Encryption Key (FEK) is encrypted along with the EFS public key and is combined with the file adding ...

In Securing Wifi with IAS Pt.1 - Server Configuration we configured a Windows Server 2003 with RADIUS in an effort to secure a wireless LAN (WLAN). This part will cover the client configuration. The first part is dependant on your Wireless Access Point (WAP). You will need to edit the security settings and configure it to use RADIUS, select the ...

Wireless network connectivity is everywhere from the local coffee shop to larger corporate enviroments. It is easy to use, easy to configure and the convenience makes it a wanted item. Security isn't something that Wifi is famous for, but with the use of Internet Authentication Services (IAS) and the Extensible Authentication Protocol (EAP) we can ...

Windows Server 2003 Service Pack 1 includes a new feature called the Security Configuration Wizard. With this wizard you can reduce the attack surface of Microsoft Windows 2003 SP1 servers. The wizard probes the user for information to determine the functional requirements of a server based on the roles it is performing. Anything that is not ...