Sunday, May 27, 2018

"CredSSP encryption oracle remediation” error when connect via RDP

Updates

Updates which switches a flag to protect against the CredSSP attack.

Operating system, RollUp, Update
Windows 7 Service Pack 1 / Windows Server 2008 R2 Service Pack 1, KB4103718 (Monthly Rollup) KB4103712 (Security-only update)
Windows Server 2012, KB4103730 (Monthly Rollup), KB4103726 (Security-only update)
Windows 8.1 / Windows Sever 2012 R2, KB4103725 (Monthly Rollup), KB4103715 (Security-only update)
Windows 10 Version 1607 / Windows Server 2016, KB4103723
Windows 10 Version 1703, KB4103731
Windows 10 1709, KB4103727

Solution:

To resolve this issue, the May updates including this patch have to be installed on all Servers and Clients!

Workaround:

If you can´t do this you can apply the following workaround.
Note: After you change the following setting, an unsecure connection is allowed that will expose the remote server to attacks.

Updated clients cannot communicate with non-updated servers
If you installed the May Updates on your DC you can apply a GPO to set these settings.
GPO Path
Computer Configuration > Policies > Administrative Templates > System > Credentials Delegation > Encryption Oracle Remediation
Setting
Change the Encryption Oracle Remediation policy to Enabled, and then change Protection Level to Vulnerable.

or apply the following Regkey
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] "AllowEncryptionOracle"=dword:00000002


Non-updated clients cannot communicate with patched servers
GPO Path
Computer Configuration > Policies > Administrative Templates > System > Credentials Delegation > Encryption Oracle Remediation
Setting
Change the Encryption Oracle Remediation policy to Enabled, and then change Protection Level to Vulnerable.

or apply the following Regkey
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters] "AllowEncryptionOracle"=dword:00000002

Monday, May 14, 2018

How to find largest files using Powershell


If your hard drive is running out of space, you need to know which files causing this issue!
To establish this we will use Get-ChildItem.
Use the following command to get the top three files.
Get-ChildItem -r| sort -descending -property length | select -first 3 name, Length



The Length will be displayed in Bytes, if you have large files it´s better to display it in Mega Bytes, so let´s calculate the responding property length into MB.
Get-ChildItem -r|sort -descending -property length | select -first 3 name, @{Name="Megabytes";Expression={[Math]::round($_.length / 1MB, 2)}}



Now we get all files, where are these files located? Just select DirectoryName as well, to get it.
Get-ChildItem -r|sort -descending -property length | select -first 3 name, DirectoryName, @{Name="Megabytes";Expression={[Math]::round($_.length / 1MB, 2)}}


Thursday, May 3, 2018

Get and set DFS-R primary member

You can use the following command to get and set the DFSR primary member.

Get which DFSR member is primary member
Dfsradmin Membership List /RGname:<replication group name> /attr:MemName,RFName,IsPrimary

Set the primary member for a replication group
dfsradmin Membership Set /RGName:<replication group name> /RFName:<replication folder name> /MemName:<primary member> /IsPrimary:True

Run "dfsrdiag pollad" to update Active Directory configuration.