Thursday, December 17, 2015

Usernames you can't use in AD

We had a bunch of new hires this week and one user profile was giving us a bunch of issues. Whenever we logged on to our Terminal Services we would get strange errors that the profile couldn't load and that a temporary profile was being used.

After some digging, one of my co workers found out that you can't use 8 three letter usernames.

CON: — console (input and output)
AUX: — an auxiliary device. In CP/M 1 and 2, PIP used PUN: (paper tape punch) and RDR: (paper tape reader) instead of AUX:
LST: — list output device, usually the printer
PRN: — as LST:, but lines were numbered, tabs expanded and form feeds added every 60 lines
NUL: — null device, akin to /dev/null
EOF: — input device that produced end-of-file characters, ASCII 0x1A
INP: — custom input device, by default the same as EOF:

OUT: — custom output device, by default the same as NUL:




Saturday, May 30, 2015

Windows 2003 Server can't connect to any SSL sites.

Unfortunately we have some programs that require Windows Server 2003. While I hate having old deprecated servers n my environment, sometimes thats the way it has to be.

This particular server is only used for one program and I don't usually have a need to log in or "fiddle" with it. A month ago I have to refresh the server and reinstall the program.

During the install I noticed that I wasn't able to go to any SSL sites. After some research this is because Windows 2003 has no support for SHA2 certs. I eventually found a hotfix.

The hotfix is 315139_ENU_i386_zip.exe.

Unfortunately I can't find the KB article that let's you download this file. I found it from a forum post and I cant find that post anywhere.

The closest site i can find is this: https://support.microsoft.com/en-us/kb/968730.

Unfortunately it only gives the 64 bit version of the fix. The one i went to gave me a choice. Since i have Windows 2003 32 bit I was able to select i386 version.

If i find it i will update this post.

TLS POODLE vulnerability when using SSL LABS to check SSL security

I used a script to secure my SSL connection to remove the old SSL V2 and V3 as well as moving the stronger ciphers to the told and removing the old weak ciphers.

However, SSL LABS kept telling me I was vulnerable to PODDLE. I didn't know why since i removed SSL V3 (which essentially should remove any PODDLE attacks).

After further inspection it was saying that my TLS was vulnerable to POODLE. After much research I found out i needed, Windows6.1-KB2655992-x64. I am running Windows 2008 R2 but this patch fixes some TLS vulnerbilities and it fixed my TLS POODLE issue. I don't think thats what the patch is for, but it does fix it.

The patch also has versions for Windows 7, 32 bit versions of Windows 2008, etc.


Microsoft Bulletin

Saturday, May 2, 2015

ProtonMail

If you go to protonmail.ch they have a service where all your emails are encrypted. If you sign up and get accepted, you will have a password to login and then another password to decrypt your emails.

They are located in Switzerland with their own set of privacy rules.

The thing is, of course if you send to a gmail, bellsouth, yahoo, etc account, its not encrypted on their end. But you do have a choice of sending them an email with encryption and a time limit of the email.

I've been using it for a few weeks and I do enjoy it.

Friday, January 9, 2015

The user 'insert user here' cannot be added. Non-local users cannot be given rights on this server

The user 'insert user here' cannot be added. Non-local users cannot be given rights on this server


If you get the above error when trying to add a user as a delegate in Outlook, it's because the user mailbox is a Shared mailbox. You can easily remedy this by going to EMS and typing:

Set-Mailbox "mailbox user or alias name" -Type Regular

User unable to login to RDP Farm after you re-enable them?

We had a strange issue. We had a user leave and since we knew when she was leaving i set the account to expire at a certain date. A couple d...