Monday, July 19, 2021

Workaround for Windows 10 SeriousSAM vulnerability

This vulnerability can let attackers gain admin rights on vulnerable systems and execute arbitrary code with SYSTEM privileges. Affected Systems are all OS released since October 2018, starting with Windows 10 1809 and Windows Server 2019.


Restrict access to the contents of %windir%\system32\config:

  1. Open Command Prompt or PowerShell as an administrator.
  2. Run this command:
    • Command Prompt: icacls %windir%\system32\config\*.* /inheritance:e
    •  Windows PowerShell: icacls $env:windir\system32\config\*.* /inheritance:en

And deleting Volume Shadow Copies!


Monday, March 1, 2021

Troubleshooting time sync issues on a AD domain computer

Most time there should be warning events in the System event log, with a source called Time-Service. 


To verify network connection and ntp settings you can use w32tm.

show source server:

w32tm /query /source


verify network connectivity to an NTP server:

w32tm /stripchart /computer:ntp01.mydomain.zz


show configuration:

w32tm /query /configuration

(NT5DS using domain hierarchy)











force client to use domain hierarchy:

w32tm /config /syncfromflags:domhier /update