Archives

Site Status

This site is no longer actively maintained. Blog posts (2008-2017) are for historical search purposes. Thanks!

Archive for Servers – Page 6

Testing your CryptoLocker Group Policy

by KW · Comments (0)
Oct 22 2013

I posted previously on using Group Policy to establish rules to prevent executable files (.exe) stored in the Windows AppData directory from running, as a way to minimize or prevent the Cryptolocker-type ransomware from infecting your computers.

Someone asked me: “How do I know if the group policy rules are working?”

Good question … easy answer: drop in a small executable file into your local AppData directory and try to run it. I like to use notepad.exe for this test.

Here are the steps if doing this from a Vista / Win7 / Win8 workstation:

  1. Open up an elevated command prompt window.
    By default, it should put you into the C:\Windows\System32 folder
  2. Enter the following commands, pressing Enter after each:
    copy notepad.exe %localappdata% 
    cd %localappdata%
    notepad.exe

  3. If you receive an error message: “This program is blocked by group policy.” – then your group policy rules are working.
    Congratulations!

image

Comments (0)
Categories : Malware, SBS, Servers, SMB, Windows
Tags : ,

Block Executables from AppData folder

by KW · Comments (0)
Oct 22 2013

The SMB Kitchen team from Third Tier has made available (for free) a CryptoLocker Prevention Kit that includes a 20 page document that includes step by step instructions on how to lock down your servers and workstation using Group Policy settings to minimize future attacks.

The purpose of this post is to summarize those steps down to a single page. These steps are specific to SBS 2008/2011, but should be applicable to Windows 2008/2012 servers.

GOAL: create Software Restriction Policies within Group Policies to block executables (.exe) from running when they are located in the AppData folder or subfolders therein.

CREATE POLICIES FOR XP

  1. Open up Group Policy and drill down to Domain –> Computers –> SBSComputers
  2. Right click on SBSComputers and select ‘Create a GPO in this domain and link…
  3. Title this policy Prevent CryptoLocker XP and click OK
  4. Right click on this policy and select Edit
  5. Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  6. Right click on Software Restriction Policies and click on ‘New Software Restriction Policies
  7. Right click on Additional Rules and click on ‘New Path rule’ and then enter the following information and then click OK
    Path = %AppData%\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData
  8. Repeat Step 7 for AppData subfolders
    Path = %AppData%\*\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData subfolders
  9. Close this policy configuration window
  10. From the Prevent CryptoLocker XP policy locate WMI filtering near the bottom of the middle frame and select ‘Windows SBS Client – Windows XP

CREATE POLICIES FOR VISTA / WIN7 / WIN8

  1. Open up Group Policy and drill down to Domain –> Computers –> SBSComputers
  2. Right click on SBSComputers and select ‘Create a GPO in this domain and link…
  3. Title this policy Prevent CryptoLocker Vista and higher and click OK
  4. Right click on this policy and select Edit
  5. Navigate to Computer Configuration –> Policies –> Windows Settings –> Security Settings –> Software Restriction Policies
  6. Right click on Software Restriction Policies and click on ‘New Software Restriction Policies
  7. Right click on Additional Rules and click on ‘New Path rule’ and then enter the following information and then click OK
    Path = %localAppData%\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData
  8. Repeat Step 7 for AppData subfolders
    Path = %localAppData%\*\*.exe
    Security Level = Disallowed
    Description: Don’t allow executables from AppData subfolders
  9. Close this policy configuration window
  10. From the Prevent CryptoLocker Vista and higher policy locate WMI filtering near the bottom of the middle frame and select ‘Windows SBS Client – Windows Vista
Comments (0)
Categories : Essentials, News, SBS, Security, Servers, SMB, Tools, Windows
Tags : ,

Beware Cryptolocker Malware Madness

by KW · Comments (0)
Oct 02 2013

The past few weeks have been filled with reports of workstations and servers being hacked with the Cryptolocker / Ransomware malware. It is being called one of the worst malware attacks ever seen. And these attacks are occurring even when anti-virus and anti-spam filters are in place.

image

http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/

Please do not treat this lightly!

The result of this attack is that files on your computer will be encrypted with a high-level 128-bit encryption key. And it will quickly spread to any mapped drives or USB drives that are attached. And even worse — there is no known tool to unencrypt these files.

This malware often comes in through rogue emails that appear to be from FedEx, UPS, Amazon or other similar purchasing sites. It may be a link in the email, or an attachment. But clicking on the link or the attachment is all that it takes.

SHUTDOWN YOUR COMPUTER IMMEDIATELY

You will know if you have been infected with the Cryptolocker malware, because you will see a large message on your screen telling you to pay a ransom to get your data files back.

Do not attempt to run any anti-virus or anti-malware utilities. If you see the ransom message, turn off your computer immediately. Power it off and disconnect your network cable.

BACKUP – BACKUP – BACKUP!!!!

The best advice anyone will give you is to make sure you have up-to-date backup of your servers, workstations and your data. Because if you get caught by this malware, you will need to restore your data from backup. It primarily seeks out office files (Word, Excel, etc.), but will also look for database files (Access, FoxPro, etc.)

Cryptolocker can be removed using well know malware removal tools, such as MalwareBytes. But these tools CANNOT unencrypt your infected files.

DO NOT PAY THE RANSOM!

The Cryptolocker malware will display a large warning message that your computer has been compromised, and that you can recover your files if you pay the required ransom (anywhere from $100 to $300). But they say that you only have a limited amount of time to pay this ransom, generally 72 hours.

Even though there are some people who have reported paying the ransom and getting their files unencrypted, I cannot condone such actions. Not only is there is no assurance that the cleanup will take place if you pay the money, it still remains that your system has been compromised.

REFORMAT and RELOAD

I strongly advise to reformat infected systems and restore Windows, either from backup or as a clean install.

Comments (0)
Categories : Backup, Malware, SBS, Security, Servers, Windows
Tags :

Download certugr.asp file

by KW · Comments (0)
Oct 01 2013

Over the past many years, I often get a request for a missing certugr.asp file when installing Certificate Services on SBS 2003 (yes 2003!).

In the past, I’ve  handled these requests offline, but in the chance someone still needs the file in the future, I have provided instructions and a link to download the file from my site.

Instructions:

  1. Right click on this link: certugr.txt and select the “Save target as…” option.certugr_save
  2. Save the file to your desktop
  3. Rename the file from certugr.txt to certugr.asp
  4. Copy the file to your ..\windows\systems32\certsrv folder on your server

Good luck, and let me know if this helps you!

Comments (0)
Categories : SBS, Servers
Tags : ,

Exchange 2007 Rollup 11 SBS 2008

by KW · Comments (0)
Sep 29 2013

I generally like to wait a month before installing Exchange rollups. If you’re running SBS 2008 and Exchange 2007, you may have noticed that Rollup 11 for Exchange 2007 was released on August 13, 2013.

As with all previous Exchange rollups, you can install it via WSUS, or you can install it manually – which is my preference. There is a small trick you need to know to install the rollup manually, so let’s jump in:

  1. Go ahead and download the latest rollup. Rollup 11 can be found here.
  2. You will be asked to select whether to download the 32-bit (x6) or 64-bit (x64). For SBS 2008, you want the x64 version.
  3. Download and save the file to your preferred folder on your server.
  4. Now, if you simply click on the downloaded file and try to install it, it’s not going to work! you will get the following error message “The Installer has insufficient privileges to modify this file: C:\Program Files\Microsoft\Exchange server\RelNotes.htm”.
    image
  5. So you say to yourself, “Oh, I guess I need to right click on the file and ‘run as’ administrator”.
    Go ahead, and try it, and you will be in for a surprise – you won’t find a ‘run as’ option, because this is a .msp file.
    What are you going to do now?
  6. Kudos to my good friend and MVP buddy, Philip Elder, who discovered the following trick to get around this issue:

    Start up a command prompt window using the ‘run as’ administrator, and then within the command prompt window, navigate to the folder where the Rollup file was stored, and type in the full name of the file (including the .msp suffix)
    image

  7. You can now proceed to install the rollup. Be sure to reboot your computer after the installation is completed.
Comments (0)
Categories : Exchange, SBS, Servers, WSUS
Tags :

Windows Server 2012 R2 Free ebook!

by KW · Comments (0)
Sep 04 2013

imageMicrosoft Press recently released another free ebook, this one titled: Introducing Windows Server 2012 R2 Preview Release.

It is available in three formats (PDF, EPUB, and MOBI).

Click here to go to the Microsoft Press blog site to download your copy.

Enjoy!!!

Comments (0)
Categories : News, Servers, SMB, Windows
Tags : ,

WHS 2011 and UEFI support

by KW · Comments (0)
Aug 12 2013

Microsoft released a hotfix (KB 2781272) earlier this year to add backup support for UEFI-based client computers that contain a GUID partition table (GPT) formatted disk. The hotfix addresses four issues that are defined in the KB post.

Please note that prior to installing this hot fix, it is necessary to remove those client computers that contain GPT-formatted disk from the WHS 2011 dashboard, and select ‘Do not archive backup’.

image

Comments (0)
Categories : Backup, Servers, WHS, Windows
Tags : ,

New HP Microserver Gen8 available!

by KW · Comments (0)
Aug 09 2013

Hurrah! HP has released their next generation of the HP Microserver, properly labeled as: HP ProLiant MicroServer Gen8.

First, a quick look back …

HP MediaSmart Server / Data Vault Server

Nearly five years ago, HP released their HP MediaSmart Server for running Microsoft’s Windows Home Server solution. Although it was designed as a “home” solution, many of us immediately saw this as a great backup solution for small businesses. 

Sure enough, a year later, HP repackaged the MediaSmart Server, and sold it as the HP StorageWorks Data Vault Server. Nearly everyone of my customers has a MediaSmart/Data Vault server strictly for doing workstation backups.

All at a cost of less than $500!

image     image

HP MicroServer

Two and a half years ago, I purchased my first HP ProLiant MicroServer. I have one in my lab that I use for demos. It is currently running Windows Server 2012 Hyper-V, 2012 Essentials and Windows 8. At every I.T. seminar or conference I have spoken at in the past two years, you get everyone’s attention when showing off the HP MicroServer.

I have the HP MicroServer installed at customer sites being used as a backup server (WHS 2011), as a member server running Windows Foundation/SharePoint, and as a development system for LOB web applications.

And now, presenting …

HP ProLiant MicroServer Gen 8

Last month HP released the next generation of the MicroServer – HP ProLiant MicroServer Gen 8. And it’s a beauty!

The improvements over the prior MicroServer includes: supports up to 16GB memory, up to 12TB (terabytes) of non-hot plug STA drives, HP iLO4 integrated with the gigabit NIC switch, add-on Raid 5, and easier internal access when adding memory.

It comes in two models: Intel Celeron G1610T (2 core, 2.3GHz, $449) or Intel Pentium G2020T (2 core, 2.5 Ghz, $529). Both models come standard with 2GB memory.

image

But don’t take my word for it. Read what my good friend and MVP partner,  Robert Pearman has to say about the new Gen8 MicroServer!

Let me know what you think of it!

Comments (0)
Categories : Backup, News, SBS, Servers, WHS
Tags :

HP MicroServer Graphics Driver for WHS 2011

by KW · Comments (0)
Aug 08 2013

From the FWIW dept: I recently installed WHS 2011 on HP MicroServer N36L hardware at a site. Customer wants to use it to display rotating family photos on an attached monitor. Two things were required:

  • Finding screen saver software to use
  • Installing the right graphics driver

SCREEN SAVER

The screen saver software was easy to resolve. I downloaded and installed the free version of gPhotoShow. It runs on WHSv1 (Windows server 2003), and WHS2011 (Windows Server 2008R2). I like it because you can have it randomize the photos to be displayed, and other tweaks.

image

 

GRAPHICS DRIVER

The graphics driver was a bit more work. By default, installing WHS 2011 uses the standard VGA graphics driver.

If you go to HP’s support site, they direct you to ASPEED’s web site for downloading the graphics driver.

image

image

There’s no install file, just the driver (inf) files for each operating system. However, as I could not determine which specific model to install (AST1100, AST1160, etc.), I decided to try a different approach..

I then installed and ran the free HWiNFO64 utility (there is also a HWiNFO32 version as well).

image

It told me that I had an ATI/AMD Mobility Radeon HD 2400 graphics. How interesting! What’s nice about the HWiNFO64 utility is that by simply clicking on the graphic card link, it took me right to the AMD site to download the appropriate driver.

image

Comments (0)
Categories : Servers, Tools, WHS
Tags : , ,

Cleanup Log Files (Batch vs PowerShell)

by KW · Comments (0)
Aug 06 2013

Back in Nov 2006 I wrote a blog post on creating a batch command file that could be used to cleanup old IIS log files. Then, in Dec 2007, I wrote an updated blog post with another solution. I thought I would update those posts for 2013 using PowerShell.

OLD SCHOOL (Batch command file)

Both of the above solutions were written in the SBS 2003 era, but will work with SBS 2008/2011. Both versions will let you identify the number of days to keep (I suggest 30 days), and will scan sub-folders under the specified folder.

As a quick review, here’s how to implement my Dec 2007 solution:

  1. Download the zip file from my web site which contains three files: .vbs, .bat, and .log files.
    image
  2. Extract and copy those three files to your desired directory. I normally use c:\scripts.
  3. Edit the .bat file to point to the appropriate parent folder of the log files to be cleaned up, and the number of days of log files to retain.
    For Windows 2008 R2, my .bat file looks like this:
    image
  4. NOTE: If running this for the first time, you may wish to test drive the script, without actually deleting any files. To do this, edit the deloldfiles.vbs file and comment out the ‘file.delete’ line in the script by adding a single quote (‘) to the start of the line. If all works, go back and remove the single quote.
  5. After testing the script manually, all that is left is  to schedule the script to run on a weekly or monthly basis, as desired.

NEW SCHOOL (PowerShell)

While batch files are still supported in the Windows 2008 R2/Windows 2012 era, we need to start getting comfortable with using PowerShell scripts. I found a handy PowerShell script that does this from the Microsoft forum.

This script used the “start-transcript / stop-transcript” command to create a history log of files deleted.

  1. Download the PowerShell script file (deloldfiles.ps1) from my web site.
  2. Edit the script, as necessary, to point to the appropriate parent folder and the number of days to retain, and save.
  3. NOTE: the script includes a “–whatif” option that allows us to run the script without actually deleting anything. If the script appears to work as expected, then simply remove the –whatif option from the script. Be sure to leave the trailing brace } in the script.
    image
  4. To run, right click on the .ps1 file and click ‘Run with PowerShell’
  5. After testing the script manually, don’t forget to schedule it to run on a weekly or mothly basis.

Finally, from the FWIW department: you should know that from a security point of view,
deleting IIS log files or other similar system log files, is not generally recommended.

Comments (0)
Categories : SBS, Servers, Tools, Windows
Tags : ,
« Previous Page
Next Page »

Categories