Last week/this week

What have I learnt in the last week or so?

Resetting domain admin password
I had an old Exchange 2010 lab environment which I needed to use to test some TLS settings.  I booted it up, typed my password and bam.....not accepted.

I tried a few variations of the password and nothing!  Scratching my head and a Google later I came across this

https://4sysops.com/archives/forgot-the-domain-admin-password/

This blog post describes how you can use the Windows ISO to open command prompt on the DC, replace utilman.exe with cmd.exe.  Boot up the DC again and then click the Accessibility option on the login screen.


Instead of launching utilman.exe it launches cmd.exe.  More crucially, it does this under the SYSTEM context.  So basically you have access to the whole machine.  A net use command later and the admin password is reset.

It worked perfectly, but it is rather unsettling.  If this was being used as a mechanism to attack your network, you can protect yourself in a few ways
  • Alert if machine are rebooted.  Clearly DCs shouldn't be rebooted unless there are planned updates or similar.  This will not stop the attack, but will inform you that something is fishy.
  • Restrict physical access - easier said than done, especially if VMs are involved.  I did this whilst remotely connected to my home lab miles away!
  • Encrypt the local drives - this will stop someone from see the local file system when mounting an ISO.
Google Duo
Google released a simple VC application called Duo.  I guess this is mechanism to compete with FaceTime.  Feature wise it does overlap with Hangouts, but the Duo seems far simpler.

https://duo.google.com/



As you can see above, after opening the application, you have one option "Video Call".  Once you press this, you are presented with a list of people in your phone book who have the application running.  Easy!

FolderMill
I found a piece of software called FolderMill.  This software is designed to sit on a file server, monitor a specific folder for files and then complete a set of actions.

These actions could include, converting to PDF or printing.


This looks like a really useful application for small businesses who want to automate parts of their business processes without having to complete custom development or buy some hefty expensive off the shelf product.



Comments

Popular posts from this blog

Assigning Windows 10/11 Enterprise Subscription Activation Licences to Hybrid Azure AD Joined Devices

Autopilot Hybrid Azure AD Join with Customised First Login Status

Exchange Hybrid Mailbox Move - Corruption Due To Missing Security Principals (ACL issues) - TooManyBadItemsPermanentException