Typically hotfixes are released on the second Tuesday of each month as you are all well aware.  Occasionally, I can personally only remember three including this one, there are out of band hotfixes released.  While we don’t normally post hotfix release notifications considering this is an out of band release I wanted to let you all know ...

The other day I posted the first half of this video with the server side setup of NAP.  This video will cover the client side setup and testing on both Windows Vista and Windows XP SP3. Note: Double-click on the video to go full screen. If you want to give these demos a try yourself be sure to grab the lab build guide and demo scripts ...

The other day I posted a tip on how to enable the Network Access Protection client on XP SP3.  The client is also built into Vista (RTM and SP1) and is a little easier to configure.  Although the same command line from the XP SP3 config can be used, there is a MMC console as well. Again before we configure the client we must set the ...

With the recent launch of Windows Server 2008 you are no doubt spending all your free time playing around with everything new.  One thing you might be playing around with is Network Access Protection.  There is a great document on getting a DHCP based NAP lab set up but one thing the document is missing is how to configure the NAP client ...

As you may know, BitLocker Drive Encryption only encrypts the C:\ drive.  If you have additional drives in your PC, or use an external USB hard drive with your notebook, you can't encrypt that drive with BDE.  Officially that is :) While Vista SP1 will bring support for encrypting the other volumes in your system you can do it today ...

We've done a few post on BitLocker around some of the more advanced features and controls.  The one thing we haven't touched yet is just how easy it is to encrypt your drive with BitLocker.  Before we get started on the procedure a little review of the options you can choose is in order. TPM Only - This is the easiest to deploy and ...

We have gone over the GPO settings for BitLocker recently and now we are going to cover the actual configuration of BitLocker on the computer itself.  There are two ways, the GUI way, or the CLI way.  Today we will focus on the CLI method.  There is one command that allows you to manage BitLocker via the CLI and that is ...

We posted an article earlier about configuration settings in BitLocker. We covered most of the tabs from the GPO configuration settings. If you investigated the BitLocker Administrative Template you may noticed a final configuration you can adjust. This is the ''Configure TPM Platform validation profiles''   This GPO ...

One of the security features within Windows Vista that is not evident is file system virtualization.  This type of virtualization allows an application a silo'd virtual store where it can read and write to without compromising the system.  Let's say you have an appication that attempts to write to System32.  Instead ...

BitLocker is one of the hot new security features in Windows Vista Enterprise and Ultimate editions.  It allows you to enable full volume encryption on the system drive (C:\) to protect your data in case you lose your notebook.  In order to use BitLocker you need a TPM 1.2 chip on the motherboard of the system.  This is because the ...

Encrypted File System (EFS) is a feature built into Windows 2000, XP and 2003 that allows users to securely encrypt files and folders. You can increase this level of security in Windows XP and 2003 by implementing a more secure encryption algorithm. By default, Windows 2000, XP and Server 2003 use the DESX algorithm to encrypt data in EFS. Windows ...

Encrypted File System (EFS) is a secure way to encrypt files and folders on your workstation (or server). EFS is pretty much uncrackable due to the way files are encrypted. EFS encryption keys are generated on the fly to encrypt the file. The File Encryption Key (FEK) is encrypted along with the EFS public key and is combined with the file adding ...

There is a flaw in Windows that allows the ever famous malicous hacker to view the contents of your Clipboard by directing you to a specially crafted website. To clear your Clipboard when IE launches create a webpage with the following code.You can upload it to a website and use it as your home page, or you can save it to your C:\ drive and point ...

Most admins I talk to run DNS on their Domain Controllers, and most also run DHCP on one or more of them as well. The benefits of AD-Integrated Zones and the small footprint of DHCP allow you to run these services on your DC's with minimal impact on performance. The risk lies in the way DNS registrations are handled. If the DC's computer account ...

Event ID 680 is a Security log event that has a number of different, but closely related causes. This event ID logs the success or failure to logon with a local or remote process or user account. There are a number of codes that are associated with this event and they are very helpful in determining what happend. When you open up one of these ...