Windows 8.1 security behavior

Similar Messages

• T61p - Please wait while Windows configures Client Security Password - Manager

  My T61p system is fully updated, however I continue to get "Please with while windows configures Client Security Password - Manager." and then the computer trys to install
  css_manager_vista_tpm.exe
  over and over again.
  What is the problem here and how can I solve?
  How can I contact Lenovo-Thinkpad to assist?
  The problem has reoccured even after I did a system restore to an earlier date.
  It seems to initiate when I first boot up and then open up "Pictures"
  Please help.
  Thanks

  Well, I take everything back. After removing all password entries and re-installing/rebooting, it worked for a while. But now it is doing it all over again. I tried to call techincal support, but they then said I would have to pay for software support and they only support hardware, and to re-install the OS. Great, jeez, I couldn't have tried that myself, and that is so simple and takes no time at all (detecing sarcasm yet?)
  I do a lot of work for large corporations that are watching the IBM=>Lenovo takeover very closely to see if they are going to drop Thinkpads altogether and go with another laptop vendor. This type of weak support does not bode well. The person I was on the phone with was rude, hard to understand, and even told me there was no place to escalate the call to.
  There is no replacement for customer support. It is sad to see no Lenovo involvement in this forum, and don't make the mistake of thinking this is an isolated problem at this time. It is growing.
  Though Thinkpads are great Laptops, Toshiba used to have the market, but their support or should I say lack of it led to their downfall and position of leadership loss.
  It will be no different if Lenovo continues to act like a machine churner.

• Policies missing in SCM Windows 8.1 Security Compliance Baseline v1.0

  Hello,
  I have installed SCM 3.0.60 (downloaded from this link:
  Microsoft Security Compliance Manager) on a Windows 8.1 Virtual Machine. Because I could not connect my VM to internet at the moment, I imported the Windows 8.1 Security Compliance Baseline (downloaded from this link
  SCM Baselines for Windows 8.1, IE 11 and Server 2012 R2 are now live!) and the baseline attachment in SCM. The import process ran well and I then created a custom baseline based on the Win8.1 Computer Security Compliance 1.0 baseline (using the Duplicate
  action in SCM). During my customization I have noticed that some policies were missing from my custom baseline. After verifying the original baseline I have noticed that the policies were missing in it also. I connected my VM to the internet and clicked on
  the Download Microsoft baselines automatically action in SCM. SCM downloaded additional baselines (Office 2013, SQL Server 2012,...). I was expecting the Win8.1 baseline to be updated but it was not. The policies are still missing and I cannot complete my
  customization. For information the missing policies that I've noticed are the following:
  Under Computer Configuration\Administrative Templates\Windows Components\File Explorer
   All policies are missing except "Configure Windows SmartScreen" and "Turn off Data Execution Prevention for Explorer"
  Under Computer Configuration\Administrative Templates\Windows Components\Sync
  your settings theses polices are missing:
   --> Do not sync
   --> Do not sync app settings
   --> Do not sync browser settings
   --> Do not sync desktop personalization
   --> Do not sync on metered connections
   --> Do not sync other Windows Settings
   --> Do not sync passwords
   --> Do not sync personalize
  Under Computer Configuration\Administrative Templates\System\KDC these policies are missing
   --> KDC support for claims, compound authentication and Kerberos armoring
   --> User forest search order
   --> Warning for large Kerberos tickets
   --> Provide information about previous logons to client computer
  It seems that theses policies are not present in the Package.XML file that is included in the Windows-8.1-Security-Compliance-Baseline.cab.
  Does anyone ever experience the same issue?
  Anyone know if there is an updated version of the Windows 8.1 Security Compliance Baseline ? (the version downloaded from the link i supplied above is v1.0)
  Regards,
  François

  Hi,
  in this blog, it is just related to Internet Explorer, not the lock screen camera, it can be found at the GPO.
  Regards
  Wade Liu
  TechNet Community Support

• Windows 2012 server security checklist for corporate company standard/recommended check-list

  Hello All,
  Good Day.
  I am looking for Windows 2012 server security checklist (standard hardening
  settings), would you kindly assist me by providing Wintel 2012 standard/recommended check-list ASAP?
  Thanks in advance.

  Hi,
  The Microsoft Security Compliance Manager 3.0 tool is designed to provide you with an end-to-end solution to help you plan, deploy, and monitor security baselines for computers running Windows Server 2012 in your environment.
  For more detailed information, please refer to the articles below:
  Windows Server 2012 Security Baseline
  http://technet.microsoft.com/en-us/library/jj898542.aspx
  Security Hardening Tips and Recommendations
  http://social.technet.microsoft.com/wiki/contents/articles/18931.security-hardening-tips-and-recommendations.aspx
  Regards,
  Mandy
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Windows 7 internet security will not allow the installation of Flash Player 17 Update

  Windows 7 internet security will not allow the installation of the Flash Player 17 update.  I have tried the direct install using the IE_AX update without success.

  Hi,
  Thanks for the screenshot.  It's very helpful. Essentially, this is an issue with the internet security settings on your machine (Internet Explorer > Internet Options > Security), and not a Flash Player issue.  I Googled "internet security settings prevented one or more files from opening' and it returned numerous hits.  I'm posting a few for you, however, I'm not endorsing any of them.  I recommend you search your self and select one you feel comfortable with.
  https://support.microsoft.com/en-us/kb/2588679
  https://social.technet.microsoft.com/Forums/windows/en-US/6bd973a1-38b5-4ad2-bcf5-e90be18c c64b/your-internet-security-settings-prevented-one-or-more-files-from-being-opened?forum=w 7itproinstall
  How to fix: These files can’t be opened. Your Internet security settings prevented one or more files from being opened. …
  and there are many more.
  Maria

• MSI Z87 G45 + MSI R9 280X + Windows 8.1 secure boot difficulties

  After updating to Windows 8.1 Pro I had the "Secure Boot isn't configured properly" watermark as many others. I determined my disk is GPT partitioned, I enabled UEFI on the GPU by moving the physical switch from the 2 position to the 1 position, and enabled Windows 8 Feature + Secure Boot with standard settings in the G45 bios (ver 1.5). After doing save and reboot I'm presented with a blank screen with my monitor showing a "DVI no input" message. I reset the CMOS to allow me to boot again, but after a couple more tries with the secure boot settings such as enabling/disabling Fast Boot I have not been able to get it to work.
  System:
  MSI Z87 G45
  8GB DDR3 1600mhz Crucial ram
  I5-4670k
  MSI R9 280X
  Samsung 840 SSD 250gb
  Asus cd/dvd drive

  I want to know the same thing. I bought a MSI Z87-G45 Gaming motherboard this month and I can't activate Secure Boot on it because it's still in Setup Mode. I have no idea how to put the motherboard into User Mode and Google doesn't help me much further either. How to activate a key? I have a I5-5670K and GTX 770 by the way.

• Too much Time until logon window after applying Security Configuration Wizard on DC

  Hi,
  The scenario is the following:
  Domain Controller on Windows 2012 R2
  DHCP installed on Domain Controller
  Clients: Win7, Win8
  Servers: Win2008/R2, Win2012 R2
  After applying a SCW template on a DC, the logon window takes too much time to appear (after reboot, lock or sign out).
  The seetings in the template are the following:
  Select Server Roles: All of the default options selected by SCW
  Select Client Features: All of the default options selected by SCW
  Select Administration and Other Options: All of the default options selected by SCW
  Select Additional Services: All of the default options selected by SCW
  Handling Unspecified Services: Do not change the startup mode of the service
  Network Security Roles: All of the default options selected by SCW
  Require SMB Security Features: 2 checkboxes marked
  Require LDAP Signing: the checkbox marked
  Outbound Authentication Methods: Domain Accounts
  Outbound Authentication using Domain Accounts: 2 checkboxes marked
  Inbound Authentication Methods: none of the checkboxes marked
  System Audit Policy: Audit successful activities
  The question is:
  What options(s) include/exclude from SCW template that avoid too much time logon windows takes to appear?
  Thanks in advance!

  Hi,
  Based on my research, SCW helps administrators to ensure that only those services, application capabilities, and ports required for the roles to function are available; anything not specifically needed by the roles the server holds will be disabled. These
  tasks above all consume time to implement, which causes the delay for the Windows logon screen to display.
  Therefore, as the way I see it, it is a normal behavior, and I didn’t find any option which could avoid/reduce time spent on applying settings within the SCW template.
  More information for you:
  The Security Configuration Wizard
  https://technet.microsoft.com/en-us/magazine/2007.04.securitywatch.aspx
  Security Configuration Wizard
  https://technet.microsoft.com/en-us/library/cc754997.aspx
  Best Regards,
  Amy
  Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected]

• Cannot Print to Windows Printer after Security 2008-002 update

  I am unable to print to a Canon image runner 3380 printer on a Windows network after installing Security update 2008-002. Whenever I try to print I get the following error: On Hold Authentication Required. I can click on the Resume button in the print queue and a box pops up to enter my username and password. I've tried entering my user name and password but it does no good. I've also tried reinstalling the printers which also does me no good.
  This printer is located on a Windows 2003 server that is setup as a Domain Controler.

  I did some searching -- more info: This is apparently due to an upgrade to CUPS, which is the Common Unix Printing System (available to administer directly at: http://localhost:631/ ) This is the way to add a printer if you feel especially geeky.
  There is another discussion: http://discussions.apple.com/thread.jspa?messageID=6914585&#6914585
  about this, but apparently it is not a resolution, just a description of the problem.
  So, I really don't want to deinstall the 2008-002 update, if I can help it. I already installed version 1.1, which did not resolve the issue. I would like to be able to print to my Windows-Active Directory printers without resorting to IP printing. It sounds like this is something Apple has to fix, from the discussions I read. Is this true? And if so, any ideas about how long Apple will take to fix it?

• Windows 8.1 Security Risk / Not able to log off a user

  Hello Community,
  First and foremost good morning, I hope everyone is having a good morning.  I'm in dire need of a solution.  The company I work for has four (4) standalone computers with Windows 8.1
  which are located in a break room for, you guessed it, breaks!  They are not on the domain but are on a workgroup.  A former user from the company has one of these machines completely locked up.  Here's what I mean:
  When a user sits down at one of these computers they click on the account Breakroom1, Breakroom2, etc....up to 4 which lets them login.  However, somehow a user has logged in with
  an outlook account and there is absolutely no way for me to log this person out.  I can't right click anywhere and get a logoff button.  I can't right click on the red circle and get an option to log this person out.  The only options I get
  are restart, sleep, and shutdown.  I've browsed through setup to see if there were any options to kick this person off.  I'm completely stumped.  I believe this to be a security risk because no one has been able to do anything about this. 
  I'm trying veryhard not to reimage this machine.
  If anyone has any ideas I will gladly try them out and I thank everyone in advance for their time.
  Respectfully,

  Hi Ricky ,
  “somehow a user has logged in with an outlook account and there is absolutely no way for me to log this person out.”
  Do you mean someone connect the Microsoft account with the local account and then the machine is  locked now. You can`t get into the machine unless you know the Microsoft account`s password, right?
  To solve this problem ,I am afraid you have to contact the Microsoft account`s owner firstly to unlock the account. To avoid this tiresome issue in the future, I recommend you take the following steps:
  1.Log on the computer as an administrator
  2.Run the gpedit.msc and look for the following group policy and set “Users can`t add or log on with Microsoft accounts”,
  Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Accounts: Block Microsoft accounts
  3.Run gpupdate /force
  4.I recommend you take this solution to the others` pcs in the Breakrooms .
  Best regards  

• Need to remove the Shutdown option in Windows 8 since WOL behavior has changed

  For those you who manage systems in an enterprise, you need to read the following article and test it out yourself before you respond.
  http://support.microsoft.com/kb/2776718
  This subject of removing just the shutdown option has been floating around for many...many years without any solutions but now with Windows 8 and it's new WOL behavior, we may need to find one since it may be impossible for System Administrators who manage
  systems in the enterprise with tools like SMS/SCCM, will be unable to wake up the system if the end user shuts it down. There are all kinds of Group Policies, Tweak UI settings and reg hacks that have been discussed over the years but none of them are currently able
  to remove just the shutdown option. Interesting enough, you can change the behavior of the power button to put the system to sleep or hibernate but there doesn't seem to be a way to get the same functionality with the Shutdown option
  in the OS. Ideally, I am looking for a way to show only the Hibernate, the Restart and the Logoff option. Currently I can configure the system to show those three along with the Shutdown.
     

  I ran into this too, but I found the solution, at least for my pc:
  Windows Registry Editor Version 5.00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}\0000]
  "PnPCapabilities"=dword:00000108
  where the '\0000' could be another value, see in regedit.exe.
  The reason this works is, in windows 7, the 2 checkmarks in the "Power Management"-tab of the Ethernet-controller's properties ('allow the computer to turn off this device to save power' and 'allow this device to wake the computer') were independent.
  In windows 8 those 2 settings are dependent, meaning if you UNcheck 'allow the computer to turn off this device to save power', you can not check 'allow this device to wake the computer'.
  The DWORD_value in the registry has the following values:
  0x118 = all checkmarks off (yes really)
  0x010 = 'allow the computer to turn off this device to save power'
  0x000 = 'allow the computer ...' + 'allow this device to wake the computer'
  0x100 = all 3 checkmarks, the former 2 and 'Only allow a magic packet to wake this computer'
  While I can not find the true logic in these value, value 0x108, has the required effect.
  In the GUI, ( the "Power Management"-tab of the Ethernet-controller's properties) it still looks as if 'allow the computer...' is on, so do not change anything there.
  Good luck!

• Windows Update files: Security permissions has "unknown user"

  Ok, this is weird. I have 30 files added in a November Windows update with a compile date or add-to date of 11/21/14. If I look at one of the files. MsSpellCheckingFacility.exe.  I can see it is a legit file.
  https://www.virustotal.com/en/file/e9dcf987838e9a70fca4e1b1dda217bd1e309cd4f6bac47402120f76aac6edc7/analysis/
  However, the security permissions on the file are strange.  The user TrustedInstaller is the owner.  Now that seems to be typical when the file is a Microsoft updated file.  However, the file also has a user added that is unknown.
  user ? S-1-14-21
  Umm, why is this?  Its 30 files like this all REAL Microsoft files....all apparently part of the update.  All scanned against virustotal as being revised about that date/time.  Did Microsoft release an Update Build with files as a part
  of that build that had Microsoft users still attached to them?

  Hi!
  This machine is joined to a domain? This SID with parameter "-21-" indicates a domain. If so, it is needed to verify on local polices if any user had permission on domain workstations enforced by network Administration.
  But when researching by SID "S-1-14-21" we have no
  reference, as parameter "-14-" is not commonly used.
  From articles bellow, we can find how SID works and the well known SIDs:
  http://msdn.microsoft.com/en-us/library/dd302645.aspx
  http://technet.microsoft.com/en-us/library/dn743661.aspx
  As this is not a known SID, I suggest you to try to use the script on link bellow to determine who is the user account:
  http://blogs.technet.com/b/heyscriptingguy/archive/2004/12/03/how-can-i-determine-the-sid-for-a-user-account.aspx
  The problem can be a user account that had already deleted (this is why SID is not resolved to a name) or a problem on WMI component that is not able to resolve SID.
  If not successfull with article above, please post a screenshot on file permission in order to help you further.
  Cheers!
  Alan Martins

• DFS and Windows 7 x64 strange behavior when trying to access a DFS link through mapped drive

  I've manually mapped a network drive (Q Drive) to a DFS location. Whenever I go into "My Computer" and open the Q Drive it shows the DFS links but when I double click one of the links it randomly takes me back to the "My Computer" starting point showing my standard drive letters. If I click through the Q drive and the DFS several time it all of the sudden works. Sometimes this circle of clicking can go on for 5-10 times before it works properly.
  I'm running the x64 edition of Windows 7.  Any suggestions on how to make this work properly? Its very annoying.

  GPO mapped namespace where you can't connect through the mapped drive letter but can connect through the DFS UNC namespace? Do you use access based enumeration?
  I personally think it has something to do with network bandwidth, the security token and offline files. =)
  You can access the namespace itself but not any of the linked shares (try checking the ACL:s on the shares and you get permission denied, but you still see them, ie they are listed).
  I found a post sometime ago about corrupted/trunkated security tokens. If the member was part of too many AD groups the token was trunkated and corrupted. That was going to be my next move. Sniff the traffic and see what actually happens when the issue occur
  if theres something to be learnt there. Since it works correctly through the UNC adress but not through the drive letter you ough to be able to see what is different between the two requests.
  http://blogs.technet.com/b/askds/archive/2008/05/14/troubleshooting-kerberos-authentication-problems-name-resolution-issues.aspx
  One thing I noted was that it only happened to remotely connected computers on slow 3G connections (we use Direct Access). Never on LAN-connected computers with GB access or remote computers with fast (>15Mbps) access. We also use folder redirection,
  which I think could be part of the problem, ie the share never goes online, atleast for us the issue was itermittent, it never happend all of the time, just from time to time. And if I disconnected and reconnected it could fix the issue for that particular
  sessions, usually it didn't but occasionally it did (just pulling the network cable and put it back). Check the offline/online status the folders show up as offline even though they are online.
  Enough of my ramblings. Sorry to hear you still have the problem and I hope you find a way to solve it.

• Edit window is not secure

  Trying to reply now often gives me an incomplete edit wondow, and I cannot add lings, for example.
  This started recently. Sometimes there is no problem, but sometimes there is.
  When trying to open in IE (default security settings), I get a warning that "Only secure content is displayed", see image. Once I click "show all content", the edit window works fine. On chrome there is no such bailout option.
  This is a new problem! It is not really intermittent, but seem to depend on which post/forum I am replying to.
  When it falis, it cannot be fixed by reloading the page.
  LabVIEW Champion . Do more with less code and in less time .
  Attachments:
  UnsecureEdit.png ‏22 KB

  Thoric wrote:
  This thread, from 3 months ago, shows that's what I've been seeing in Chrome too. I don't recall being shown the "Unsecure" message however.
  Sure looks similar. In my case it started very suddenly. The "unsecure message" is very subtle and hard to miss in chrome. All you get is the light-grey shield as seen in my picture and you need to click it to get the details as shown.
  In IE it is a bit more obvious.
  In my case, this occurred in both browsers, so it does not seem like a browser issue.
  I wonder if there is a way to get a much more detailed report on what the browser perceives as a problem.
  LabVIEW Champion . Do more with less code and in less time .

• Windows 7 / 8 Security

  I am having constant issues with having my home network hacked.  I have some neighbors that are having a one sided fight against me, not exactly sure why, but one is a network administrator and since this began they seem to be able to make my windows
  horribly unstable, I get white icons, windows update hangs, shutdown hangs, very slow file search and even to just populate the left side folder options may take ten minutes at time.
  Also, when launching small apps (ie. core ftp) there may be a  five minute delay from double click to launch.
  I can rebuild all the software and update drivers and not plug the machine into the network and it will run perfect for as long as it is unplugged.
  He hacked my local network, which I was able to catch on my router log the strange machine name and mac address, then hacked my main business server taking it down, the off site backup and then erased the MFT and the mirror MFT on the local hard drive.  
  I have tried every fixit and step by step repair for all the issues I am having but to no avail.  Also sfx /scannow says all files are OK.
  My questions are.....  
  With no virus, rootkits or other malware on the network and nothing showing up on the router / firewall logs, what could be doing this?
  Is there any kind of super admin access that can be shut down?  I am not sure if one exists, I have heard it rumored and never thought it true but another web developer and I have started to wonder.  If I leave the network in public mode, it seems
  to have something happening that slows the system but what I described above happens after the network is put into home mode so I can access my home network.
  Also if anyone knows how far can I track this MAC address past just the Apple Manufacturer?
  Is it possible to spoof the Connection Type on the logs of routers?  This really concerns me as it seems they were in or under my home to do this.

  The de-facto move is to re-image, as you can never trust an infected machine after compromise. However, first we must identify what is compromised and the vector the attack took. So are you noticing this activity on only one machine or all machines? A
  MAC address can be spoofed and really means nothing in this situation.
  The first step is to kill network access. If you can kill internet access temporarily I would do so. You can do this on individual host machines or for the entire network. What router are you using? Is the firmware up to date? Is WiFi enabled? Have
  you changed the wifi password yet? What type of encryption are you using on wifi?  Do you have WPS enabled? What traffic do you allow in and out? 
  Next we must identify vulnerabilities on your host machine. A good start is to run MS Security Baseline tool, found here http://www.microsoft.com/en-us/download/details.aspx?id=7558 Common weaknesses are default password and accounts being enabled.
  However, if the compromise has already taken place, the method of entry matters little at this point. Various persistence methods can be implemented on the compromised machines to ensure access is maintained after you apply mitigation to vulnerabilities. It
  is fairly elementary to bypass most security software that uses a blacklist approach. Again, re-image is the best option if you can do it.
  If you can't re-image run an assortment of scanners, and report what their findings are. Again, if they come back empty handed this is no guarantee of your security. Investigate running processes and services, using task manager or process explorer. Look at
  a log files with event viewer, if they haven't been deleted yet. After you sort this out, through removal or reimage, I would suggest installing MS Enhanced Mitigation Toolkit. Its found here http://support.microsoft.com/kb/2458544, and make sure it is
  enabled for all document, email, and network applications.
  Also, I noticed you mentioned an FTP program. FTP is plaintext traffic, so credentials can be stolen easily once someone is on your network. Depending on the account running the ftp program it may be possible to compromise the machine that way, as well.
  I doubt your attacker is that sophisticated, though. SCP is a better alternative, but this is really a secondary issue.
  Another side point, if you know who is hacking you consider legal action. It is a felony to hack devices you do not own or have been given explicit permission to hack. How do you know who is hacking you?

• Is a solo window saying "A security and stability update is available." to install FF26 really valid or is it bogus?or

  Here is what the questionable window looks like:
  upper left corner/across and down
  ln1 (ff global logo) "Software Update"
  ln2 "Update available"
  ln3 "A security and stability update for Firefox is available:
  ln4 "Firefox 26.0"
  ln5 "It is strongly reco'd that you apply this update for FF asap.
  ln6 HTML Link "View more info about this update"
  ln7 (bottom of window) "ask Later" button and "Update FF" button
  While entering this info the window went away!!!
  Before it did i could not copy any of the text (do have screen shot however) and the link did not resolve to any web address. Looked like std FF page but NEVER seen anything like it before!
  no way i was going to click anything except the close [X] button.
  If it is valid, you need to remove the restrictions on it; to make it less suspicious.
  If it is bogus, do you have a plugin or addon to intercept such malicious probes?
  Currently using FF25.0.1; on xp/sp3
  thanks
  NET2868 friday 12-20-2013 mid (EST)

  Firefox 26.0 is available for updates.
  Do you get this update offered if you open Help > About?
  You can find the full version of the latest Firefox 26.0 release in all languages and for all Operating Systems here if you want to install manually:
  *http://www.mozilla.org/en-US/firefox/all.html