Smart Card device integration into Windows 10

Posted on by
Reply

All the joys of Windows 10….. now on 1709

Last week after upgrading Windows 10, I came a cross this nice new integration for Smart Cards. (tokens)

 

 

 

 

 

 

 

Windows 10 new has support for eTokens (SafeNet Tokens)
I was very pleased with this update, it will save me yet another application to install.
I’ve been using the SafeNet Application from Gemalto and it has served me well for several years. So time for a changes, the integrated Smart Card application in Windows 10 works perfect for me.

I am using the following it with:

and my tokens? I ALWAYS use digicert for codesigning certificates:)

ps. A new version of Access Director Enterprise is on its way, signed and released to web.

Stay tuned!

Bad Rabbit Ransomware

Posted on by
Reply

A new ransomware has seen the light.

Bad Rabbit ransomware is currently roaming Eastern European countries.

Bad Rabbit is mainly delivered using a fake Flash Update.
This means we a looking a regular drive-by-attack and fake updates/malicious software from websites to get it started.

Secure you clients now!
1. Blacklist the hashes
2. Block the files
3. Lock the registry entries.
4. Remove your local administrative privileges, if you can’t? Limit them and monitor using: Access Director Enterprise

Bad Rabbit IOCs:

Hashes:

install_flash_player.exe: 630325cac09ac3fab908f903e3b00d0dadd5fdaa0875ed8496fcbb97a558d0da
infpub.dat: 579fd8a0385482fb4c789561a30b09f25671e86422f40ef5cca2036b28f99648
cscc.dat (dcrypt.sys): 0b2f863f4119dc88a22cc97c0a136c88a0127cb026751303b045f7322a8972f6 
dispci.exe: 8ebc97e05c8e1073bda2efb6f4d00ad7e789260afa2c276f0c72740b838a0a93

Files:

C:\Windows\infpub.dat
C:\Windows\System32\Tasks\drogon
C:\Windows\System32\Tasks\rhaegal
C:\Windows\cscc.dat
C:\Windows\dispci.exe

Registry entries:

HKLM\SYSTEM\CurrentControlSet\services\cscc
HKLM\SYSTEM\CurrentControlSet\services\cscc\Type	1
HKLM\SYSTEM\CurrentControlSet\services\cscc\Start	0
HKLM\SYSTEM\CurrentControlSet\services\cscc\ErrorControl	3
HKLM\SYSTEM\CurrentControlSet\services\cscc\ImagePath	cscc.dat
HKLM\SYSTEM\CurrentControlSet\services\cscc\DisplayName	Windows Client Side Caching DDriver
HKLM\SYSTEM\CurrentControlSet\services\cscc\Group	Filter
HKLM\SYSTEM\CurrentControlSet\services\cscc\DependOnService	FltMgr
HKLM\SYSTEM\CurrentControlSet\services\cscc\WOW64	1

Network Activity:

Local & Remote SMB Traffic on ports 137, 139, 445
caforssztxqzf2nm.onion

Files extensions targeted for encryption:

.3ds .7z .accdb .ai .asm .asp .aspx .avhd .back .bak .bmp .brw .c .cab .cc .cer .cfg .conf .cpp .crt .cs .ctl .cxx .dbf .der .dib .disk .djvu .doc .docx .dwg .eml .fdb .gz .h .hdd .hpp .hxx .iso .java .jfif .jpe .jpeg .jpg .js .kdbx .key .mail .mdb .msg .nrg .odc .odf .odg .odi .odm .odp .ods .odt .ora .ost .ova .ovf .p12 .p7b .p7c .pdf .pem .pfx .php .pmf .png .ppt .pptx .ps1 .pst .pvi .py .pyc .pyw .qcow .qcow2 .rar .rb .rtf .scm .sln .sql .tar .tib .tif .tiff .vb .vbox .vbs .vcb .vdi .vfd .vhd .vhdx .vmc .vmdk .vmsd .vmtm .vmx .vsdx .vsv .work .xls .xlsx .xml .xvd .zip

 

Enrique Lima Community Contribution Award – Submissions open until July 30, 2017

Posted on by
Reply

Submitting Nominations: If you know someone who is deserving of this Award, please send an email to mctaward@microsoft.com and please cover the following criteria in your message:

  • Active MCT or MCT Alumni
  • Is the person actively teaching Microsoft technologies? How often?
  • Active in the MCT community
  • Demonstrates enthusiasm and a positive attitude with regards to the program and the community
  • Demonstrates passion for mentoring new and existing MCTs as well as others in the technical community
  • Willingness to volunteer within and outside of the MCT community. Examples could include the following:
    • Volunteering at a school for Hour of Code
    • Local code camps, user groups
    • Regional events
    • Large events, like Ignite and Build, Envision and WPC
    • Online engagements (blogs, forums, etc.)

About the Award:

The Enrique Lima Award is designed to recognize and celebrate the outstanding work of Microsoft Certified Trainers in the MCT Community, being awarded to only those who show knowledge, passion, and commitment to the Microsoft community as a whole, and specifically to the MCT program. This Award was established in memory of Enrique Lima; a husband, a father of two, a Microsoft Certified Trainer (MCT) and Regional Lead, Microsoft Valued Professional (MVP), Krewe member , SharePoint Community leader, and member of the Learn on Demand Systems (LODS) team.  Enrique always went above and beyond what was expected, building up both local, regional and international communities and everyday showed us all what the spirit of the MCT community was all about

Setting up the lab environment – DNS resolution puzzle

Posted on by
Reply

I would prefer to have access from my local vlan and wireless vlan to the servers.
But didn’t want to all dns traffic into the VM’s (and depend on a testing environment)

Basically I want host resolution, and being able to utilizing the domain services in the testing environment, without interruption of my other services.

This is the solution in went for was using Conditional Forwarders

First the Hyper-V host:

I Installed the DNS Server role within Windows Server 2016.
Setup forwarders to google dns:

 

 

 

 

 

 

 

After that i will add the Conditional Forwards for my testing domain
I  in my previous post I created 2 Domain controllers, both hosting DNS.

 

 

 

 

 

 

 

I will then add my Hyper-V hosts IP to the DNS server of my router/dhcp on the needed vlans.
When clients send requests for the testing domain, they will get forwarded to the Hyper-V guests (DCs) and all other requests will go to the Google DNS (8.8.8.8, 8.8.4.4) – more info: Getting started with Google Public DNS

I did want a backup as well, so I installed Synology DNS on my Synology DS1511+
Synology DNS supports forwarding zones, with up to 2 forwarders per zone.
That’s perfect for my setup, added the 2 Hyper-V guest DC’s.
The Synology DNS would of course also need Resolution services enabled, so we can forward requests to the Google DNS (8.8.8.8, 8.8.4.4)

 

 

 

 

Then I will go ahead an update the DNS servers handed out by my DHCP on my normal client network and wireless clients.
This configuration offers failover/backup, because both the Hyper-V hosts and the Synology will be able to handle DNS requests and forwarding.

Setting up the lab environment – Hyper-V: Virtual Machines

Posted on by
Reply

Now to the good stuff

Usually when working with Hyper-V I use reference disks, mainly to save space on rather expensive disks. But is there much to gain when using deduplication? I was on sure, so asked in Tech Konnect

The response from Tech Konnect confirmed, when using deduplication, it out wages the other issues with reference disks, rather than saving disk space.

Since it’s not possible to create folders or groups within the Hyper-V Management Console, I will be using a naming standard: <Group> – <Generation> – <OS> – <hostname>

The first Virtual Machine will be a Domain Controller, what better way to start?

Virtual Machine Configuration:
Generation: 2
Startup memory: 4096
Dynamic Memory: Enabled
Network Connection: External
Disk size: 60 GB
Boot from the ISO File – Windows Server 2016 Standard (Desktop Experience)

The quick wins for a Generation 2 Virtual Machine

  • PXE Boot by using a standard network adapter
  • Boot from a SCSI virtual hard disk
  • Boot from SCSI virtual DVD
  • Secure Boot (enabled by default
  • UEFI firmware support
  • Shielded Virtual Machines
  • Storage spaces direct
  • Hot add/removal of virtual network adapters

Note: IDE drives and legacy network adapter support has been removed.
For more info: Generation 2 Virtual Machine Overview and Hyper-V feature compatibility by Generation and Guest

The memory assigned might be a bit overkill, but for now it will be OK.
When configuring the second DC i will only assign: 2048.
The complete installation time to logon was 3 minutes and 9 seconds

Both DCs can actually live with 2048 mb ram, so it can always be cut down, but keep in mind we are using Dynamic Memory allocation.

I will of course be setting up MDT and ConfigMgr at a later point, to streamline and gain a bit of speed.

 

Setting up the lab environment – Hyper-V

Posted on by
Reply

The host was installed with Windows Server 2016.
This means Hyper-V is a feature that we just need to enable – yay!

  1. Open a elevated PowerShell prompt
  2. Run the command: Install-WindowsFeature -Name Hyper-v -IncludeManagementTools -Restart

The command will automatically reboot once installed
NOTE: In some cases you will have to enable Intel-VT in BIOS.
You can read more about the system requirements here: Systems Requirements for Hyper-V on Windows Server 2016

For the actual setup of guests machines, I will be running mostly Windows Server 2016, Windows 10 and maybe a Linux guest or two.
Don’t forget to review: Supported Windows guest operating systems

Now to the Hyper-V Switch configuration:

I am going to add an external switch, as my client is already connected to the network on the correct vlan.
Keep in mind I got a seperat USB NIC with 2 Ports (USB 3.0 to Dual Port Gigabit Ethernet Adapter NIC w/ USB Port)
This means i will be able to have my on-board primary NIC only for management and use one of the other free ports only for VMs.

  1. Open Hyper-V Manger
  2. Mark your server
  3. Click Virtual Switch Manager in the actions pane
  4. Mark External
  5. Click Create Virtual Switch
  6. Name your switch – Example: External – 254 (254 indicating the vlan)
  7. Remove the checkbox in Allow management operating system to share this network adapter
  8. Mark: Enable single-root I/O virtualization (SR-IOV)
    Not familiar with SR-IOV? Read this blog post by John Howard: Everything you wanted to know about SR-IOV
  9. Click Ok
    You might get a warning that pending network configuration will prevent remote access to this computer – If your connected to the server using another NIC, you will not be disconnected.

This concludes the basic configuration of the Hyper-V host.
We installed Hyper-V and configured a switch with external access.

The next post will be more detailed with the actual Hyper-V guest installations

Where is my cloud key?

Posted on by
Reply

During vlan configuration for my new lab (see previous post Home Data Center)
I had to change some vlans, for some reason my  Hybrid Cloud Device Management controller got “lost in translation”

The setup:
1 x Mikrotik CCR1036-12G-4S-EM
1 x UniFi switch 16 150w
1 x UniFI Cloud Key

It all starts with the adoption of devices onto the cloud key – no problems there.
But when your Cloud Key is lost in a vlan with no connectivity or access to other devices, then its back to basics.

My problem was that I deleted the valid networks/vlans added on ports – BIG mistake!
So nothing really works and you can’t change anything, but tuning a bit on the vlans on the router seemed to open up a bit.

I was able to SSH into the switch (It’s running BusyBox)

 

 

 

From there we can SSH to localhost on port 2222
Click anykey to get the Warning!: The changes may break controller settings and only be effective until reboot.

It will not give a response and will be awaiting a key stroke before your ready to go

Keep in mind all configurations will be lost, once connected back and provisioned by the cloud key.

To enter user privilege mode type: Enable
To enter Global Config mode type: Configure

And now we can configure the entire switch (also without the controller and more advanced settings.

In this case,
Selecting an interface (port 2): interface 0/2
adding a vlan to the interface (port 2): interface vlan participation include 22
and your lost Cloud Key should now be back on the correct vlan.
If you just need to bring back to management network on the switch, you can use: network mgmt_vlan 1
Note: 1 being the vlan you want to participate in.

NOTE:
If you need multiple vlan on 1 port – maybe with a UniFi AP AC Pro, you will see that the AP doesn’t have a configuration for management vlan, so we need to configure the native LAN for the device. It only requires 3 steps, it can be a bit confusing configuring and adding a bit more complexity.

– Defined Netowrk/VLANs in Controller Settings
– Manage or Create Network Profiles for the switch in the Switch Configuration
– Assign Networks/VLANS or Profiles to the Port(s)

There is a nice explanation here: A-non-expert-Guide-to-VLAN-and-Trunks-in-Unifi-Switches

Setting up the lab environment – Deduplication

Posted on by
Reply

The next step for the lab or so-called home data center: Installing and Configuring Deduplication

I was going to use a USB stick for the Windows Server 2016 OS.
The main reason for this: DEDUPLICATION.

I did start out with a USB stick, but due to performance issues this was changed – read the follow-up post (https://blog.thomasmarcussen.com/follow-up-on-the-home-datacenter-hardware/)

The reason for having the OS on a separate volume: Deduplication is not supported on system or boot volumes. Read more about Deduplication here: About Data Deduplication

Let’s get started

Installing and Configuring Deduplication

  1. Open an elevated PowerShell prompt
  2. Execute: Import-Module ServerManager
  3. Execute: Add-WindowsFeature -Name FS-Data-Deduplication
  4. Execute: Import-Module Deduplication

Installing Deduplication

Now we installed data Deduplication and it’s ready for configuration.

My Raid 0 volume is D:
The volume will primarily hold Virtual Machines (Hyper-V)
I’m going to execute the following command: Enable-DedupVolume D: -UsageType HyperV

Enable Deduplication for volume

You can read more about the different usage types here: Understanding Data Deduplication

Some quick info for the usage type Hyper-V:

  • Background optimization
  • Default optimization policy:
    • Minimum file age = 3 days
    • Optimize in-use files = Yes
    • Optimize partial files = Yes
  • “Under-the-hood” tweaks for Hyper-V interop

You can start the optimization job and limited (if needed) the amount of consumed memory for the process: Start-DedupJob -Volume “D:” -Type Optimization -Memory 50

 

 

 

You can get the deduplication status with the command: Get-DedupStatus

 

 

 

 

The currently saved space on my volume is 46.17 GB
That is for a 2 ISO files and a reference machine for Windows Server 2016 and the reference disks copied to separate folder.

More usefull powershell cmdlets here: Deduplication Cmdlets in Windows PowerShell

I do love deduplication especially for virtual machines, hence most of the basic data is the same.
The disks are also rather expensive so getting the most out of them is preferred.

 

Follow up on the home datacenter hardware

Posted on by
1

It’s time for a small update – the previous post is available here: https://blog.thomasmarcussen.com/new-lab-home-datacenter/

The datacenter has been running for about a week now – quite good…. but…..

I’ve been using the Samsung USB as OS drive – Samsung USB 3.0 Flash Drive FIT 32GB
It does have fast read, and a not that slow write, according to Samsung: Up to 130 MB/s

The week passed with setting up and installing VMs – using the actual VMs etc.
But when installing Windows Updates on the Hyper-V host, installing Features/Roles or anykind of configuration, it seems to slow down to useless/freeze.

Running a full Windows Update took about 2 days to reach fully patched level.
During that time it was useless as in no respondig.

I ran a WinSat drive test on the Samsung USB Flash Drive:

Random 16.0 Read: 8.87 MB/s
Random 16.0 Write: 5.45 MB/S

Random reads and writes seems pretty low.

The sequential seems a bit better:

Sequential 64.0 Read: 76.89 MB/s
Sequential 64.0 Write: 86.95 MB/s

The Commands used with winsat:
Winsat disk -drive C: -ran -write (Random 16.0 Write)
Winsat disk -drive C: -ran -read (Random 16.0 Read)
Winsat disk -drive C: -seq -write (Sequential 64.0 Read)
Winsat disk -drive C: -seq -read (Sequential 64.0 Write)

So I decided to replace to Samsung USB 3.0 Flash Drive FIT as a OS Drive.

The new hardware choosen ended up being:

1 x StarTech.com USB 3.0 to M.2 SATA External SSD Enclosure with UASP
1 x Samsung 850 EVO M.2 2280 SSD – 250GB

SM2NGFFMBU33 - StarTech.com USB 3.0 to M.2 SATA External SSD Enclosure with UASPMZ-N5E250BW - Samsung 850 EVO M.2 2280 SSD - 250GB
NOTE: the StarTech.com enclosure does not support NVMe, so did choose a m.2 SSD.

I know that StarTech also have USB 3.1, but i really do want to keep the USB 3.1 port free for an additional RAID enclosure when/if needed. Properly a StarTech enscloure but not sure yet.. (USB 3.1 (10Gbps) External Enclosure for Dual 2.5″ SATA Drives) still looking for a nice USB 3.1 enclosure that supports m.2 NVMe…

Samsung states the specs for the new disk as:

  • Up to 500MB/s Sequential Write
  • Up to 540/s Sequential Read

The actual performance test on the Samsung 850 EVO M.2 2280 SSD:

Random 16.0 Read: 276.51 MB/s
Random 16.0 Write: 271.37 MB/S

Sequential 64.0 Read: 388.85 MB/s
Sequential 64.0 Write: 383.71 MB/s

So in any case it’s quite a performance boost for the OS disk.