Posts

intune SCEP NDES 500 Error

Image
If the relevant certificates are in an expired state, were deleted, or revoked from the issuing CA for any causes, the NDES service will fail to start resulting in the Intune SCEP HTTP Error 500 – Internal Server Error. This is what expired on our SCEP server: The certificates were the CEP Encryption and the Exchange Enrolment Agent, now the renewal can be a little bit of fun depending on how you have our certificates templates setup, both of these certificates need to be valid in order for SCEP to work. CEP Encryption This certificate will need to be generated as a local computer certificate, so brose the certificate authority on the MMC and connect to the CA giving the CA for you, once there right click on the "Certificate Template" option and choose manage Once that loads find your certificates which is this case is "CEP Encryption" Once you have this certificate you will need to right click and choose properties, if then then pop on to the security tab you will

AD-Connect from PHS to PTA

Image
Firstly if you domain is federated this method will take precedence over the any methods you select here, the option your select in the user sign-in will only affect users if you moved from Federated to Managed - if you need to move from Federated to Managed you only need one command: Set-MsolDomainAuthentication -Authentication Managed -DomainName <domain name> To check these settings navigate to your ADConnect blade management in Azure by using this link: https://portal.azure.com/#view/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/~/AzureADConnect Once you are here you will notice that under the user sign-in option you will have a breakdown of your federated domains. the options below show we have Federation and SSO enabled and PTA Disabled for now....... You need to decide if PTA is correct for your domain, this can be assed in details using the FAQ https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-pta-faq Furthermore the decision tree flowchart will h

Security error when using Quick Launch icons

Image
 If you have items pinned to the start menu and you get a security popup when you try and run them that looks like this, this will usually be from a network share, but can occur from any folder: Navigate yourself to this folder.....bear in mind the section in fuchsia will be hidden so if you do not have "show hidden files and folders" enabled in your explorer options you ill not see those folders.  %userprofile%\AppData\Roaming\Microsoft\Internet Explorer\ Quick Launch\User Pinned Then once there you will need to run this command from that location........ icacls "*.lnk" /l /SetIntegrityLevel med

PowerShell : automating commands for files in folder

 I had a requirement where I need to take a list of files in a folder, apply certain action to those files in this case it was applying a code sign certificate with a timestamp URL, that certificate was stored on a hardware key That might sound like it made it complicated but that only requires one commands to complete the action with relevant software installed, so to start with I was getting one or two files, but at some point there will be I predict a large number of files added to that folder, The folder structure was pretty simple we had two folders one called “pending-sign” and the other called “signed-files” #Get files in a folder and run the command against each file in the folder $files = Get-ChildItem \\smbshare\msix\pending-sign foreach ($file in $files){ signtool.exe sign /tr http://timestamp.entrust.net/rfc3161ts2 /td sha256 /fd sha256 $file.FullName #Move the file to a new folder after the command has run Move-Item –Path \smbshare\msix\pending-sign\$file -Destina

Zero Day Exploit : CVE-2022-30190 Infrastructure Analysis

Image
There is a new zero day at the time of writing this that can be viewed on this website from the MSRC : Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability – Microsoft Security Response Center I would also like to credit all the people that have made the deep dives possible like John Hammond where you can see a very detailed overview here :  https://youtu.be/dGCOhORNKRk They say : A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code with the privileges of the calling application. The attacker can then install programs, view, change, or delete data, or create new accounts in the context allowed by the user’s rights. They advise: Disabling MSDT URL protocol prevents troubleshooters being launched as links including links throughout the operating system Workaround Steps: Run  Command Prompt  as  Administrator . T

MSIX Update : Signing code with Timestamp server

For the history visit this link that gives you the backgrouind:  https://www.a6n.co.uk/2022/05/signing-code-with-timestamp-server.html However, if you sign a MSIX package you will notice that your get the error: SignTool Error: This file format cannot be signed because it is not recognized. SignTool Error: An error occurred while attempting to sign:packages.msix If you get the above error about "package not recognised" then you are using the wrong version of the signtool.exe - to fix this upgrade your version to the Windows 11 SDK version When you get the new version this "package not recognised" will be replaced with this error: SignTool Error: An unexpected internal error has occurred. Error information: "Error: SignerSign() failed." (-2147024885/0x8007000b) To find out what is going on on the command add a /debug after the work sign and you will get this: The following certificates were considered: Issued to: Growling Bears Issued by: Master Uber Bear E

KMS not activating clients (Windows+Office)

Image
If you have a KMS server and the server is activated but it does not give out activation keys so your clients and servers end up getting the "Active Windows" watermark, there is a good chance that your KMS servers are outside of their KMS license. NOTE : Do not get mixed up between a KMS client and a KMS server, just because its a server does not mean its a KMS server, for a KMS server you need to have the CSVLK key installed on it, also ensure you do not installed a CLVSK on anything other that a KMS server. Also if you are using a MAK key you do not require a KMS servers, if you have an Enterprise you need a KMS activation key which can be obtained from the link below: https://docs.microsoft.com/en-us/windows-server/get-started/kms-client-activation-keys DO NOT install a CSVLK key on other devices, when you install a CSVLK key on a device not intended for KMS services then that server will also listen on the port TCP:1688 - which is a bad idea. To check this run this comm

Creating an "Apt Proxy Conf" File

Apt loads all configuration files under /etc/apt/apt.conf.d. You can create a configuration specifically for our proxy there, keeping it separate from all other configurations. Create a new configuration file named proxy.conf. sudo touch /etc/apt/apt.conf.d/proxy.conf Open the proxy.conf file in a text editor. sudo vi /etc/apt/apt.conf.d/proxy.conf Add the following line to set your HTTP proxy. Acquire::http::Proxy "http://proxy.server:port/"; Add the following line to set your HTTPS proxy. Acquire::https::Proxy "http://proxy.server:port/"; Save your changes and exit the text editor. Your proxy settings will be applied the next time you run Apt.