Disabling SMB1 via ConfigMgr Desired State Configuration (DSC)


Hi all,

If you want to disable smbv1, through SCCM;

Source: Disabling SMB1 via ConfigMgr Desired State Configuration (DSC)

Advertisements

Using Windows PowerShell to fix a broken Secure Channel and reset the computer account


When a computer joins a domain, a computer account is created in AD. The computer account gets its own password that will expire after 30 days (default). When the password expires, the computer itself will initiate a password change with a DC in its domain.

When the computer starts up, it uses this password to create a secure channel (SC) with a DC. The computer will request to sign all traffic that passes the SC. If a DC says “go ahead”, all traffic that is signed passes through this channel.

Traffic like NTLM pass through authentication is typically signed traffic.

So what happens if there is a mismatch between the computer account password? The computer tries to authenticate, but the DC says this is not the correct password.

The SC is down.

To reset the SC between a computer and a DC:

Open PowerShell on the local computer with the broken SC and run the cmdlet:

Test-ComputerSecureChannel -repair -credential (Get-credential)

Source: Using Windows PowerShell to fix a broken Secure Channel and reset the computer account

Sysinternals autologon and securely encrypting passwords???


Hi all,

Nowadays I’m trying create a Auto Logon but with an encrypted password.

I discover the SysInternals AutoLogon, which can do that, but is not entirely true. There is a way to unencrypt this password.

This is not completely secure.

Please read the bellow article.

https://keithga.wordpress.com/2013/12/19/sysinternals-autologon-and-securely-encrypting-passwords/?blogsub=confirming#subscribe-blog

Hack to Force new Skype for Business UI over Lync


Microsoft recently released an update that rebrands Lync as Skype for Business. Many got the update automatically through Windows Update, but not everyone gets the new user interface (UI). There is a Lync Server setting that tells the client to use the either the old Lync or the new Skype for Business UI. If the server doesn’t have this setting, such as older Lync servers that haven’t been updated yet, then the default is to show the old Lync UI. One frustrating part of this update/change from a user perspective is that you have no real choice of which UI version you want to see/use everyday; or is there? Fortunately, I figured out a hack to allow you to use the new Skype for Business UI even if your organizations Lync server hasn’t been updated, or the admins just want you to use the Lync UI instead. The hack involves making a small edit to the Windows Registry for the app.

Steps to Enable Skype UI

Follow these simple steps to enable the new Skype UI:

  1. Make sure the Skype for Business client application is closed
  2. Make sure your user account on the local computer is an “Administrator”
  3. Run “regedit.exe”
  4. Navigate to the registry key
  5. Change the value to “00 00 00 01”
  6. Run Skype for Business client application
  7. When prompted to restart, click “Restart Later”

Note: Modify the Windows Registry at your own risk. If you modify the wrong setting it could have bad, unintended consequences. It is always a good idea to backup the registry before modifying it.

Registry Key to Change

To force the Skype for Business UI you need to update the following registry key to be a value that equivalent to “True.” HKEY_CURRENT_USER\Software\Microsoft\Office\Lync\EnableSkypeUI The “False” value is “00 00 00 00”. So updating this to “00 00 00 01” will set it to “True”. Here’s a screenshot of the Registry Editor:

 reg

Requirements and Pitfalls

There are a few things to keep in mind for this hack:

  1. “Administrator” access to your local computer is required in order to use the Registry Editor (regedit.exe)
  2. You need to make this registry edit before you launch the app each time. Every time the app is closed, the value will be forced back to the setting sent from the Lync server.
  3. Some of the new Skype for Business features may not work since they require the new Skype for Business Server Update. If the server is an old Lync server, then the new features will not be supported even though the Skype for Business client application may show them available.
  4. If your admins are forcing the Lync UI, then they will not be happy with any support calls regarding the new Skype for Business UI. So, implement this hack at your own risk.

And to mantain the same look every time you reboot; Goto to your username and select the Deny tick mark and Save

and you are good to go Source: http://pietschsoft.com/post