Windows Server 2016 – Blacklist Mobile devices on WIFI network

June 21, 2019

Let’s assume you have 2 WIFI networks. 1 for the Office users and 1 for the Guests on a separate VLAN.

Now you don’t want to have all the Office users using there mobile device to log on to the local LAN.

Most challenging is that if you apply MAC address filtering on the Access Point.

It will block the device on both WIFI networks Sad smile

PREQUISITES :

On your DHCP server you need to activate the BLOCK MAC address filtering

Open the DHCP console and enable the DENY LIST using the FILTERS Tab

image

Now you can add the BLOCKED Mac ADDRESSES in the DENY section

image

Tip :

You can also use WILDCARDS like this :

image

Solution :

Windows 2008r2 :

You can use the NETSH command to block MAC addresses on your local LAN.

netsh dhcp server v4 add filter deny 00-0c-29-fe-dd-60 "Mary's PC"

If you need to automate this on a Windows 2008r2 server you need to apply some regular expressions to grab the  MAC address ,-)

Took me more then a day to figure that out how to make it work Sad smile

Windows 2012r2 and higher :

You can use the DHCP Powershell cmdlets

Get-DhcpServerv4Scope -cn YourServer

Set-DhcpServerv4FilterList -ComputerName "YourServer" -Allow $False -Deny $True

Get-DhcpServerv4FilterList

Add-DhcpServerv4Filter -List Allow -MacAddress "F0-DE-F1-7A-00-5E" -Description "Laptop 09"

Remove-DhcpServerv4Filter -MacAddress "F0-DE-F1-7A-00-5E","F0-DE-F1-7A-00-5E"

See also here how to build a Blacklist for PUBLIC IP addresses.

Enjoy !

Advertisements

Windows Server 2016 – How to Blacklist Public IP Addresses, Alert Event ID 20271

June 21, 2019

If you notice unauthorised attacks on you network in your event viewer Event ID 20271 Remote Access

image

image

 

SOLUTION :

Create a BLACKLIST rule using Windows Firewall

Open Windows Firewall with Advanced Security by running wf.msc

On the left, select Inbound Rules, then under the Action menu, choose New Rule

On the Rule Type page, choose Custom.

image
On Program, choose “All programs”

image
On Protocol and Ports, leave the default of Any

image
On Scope, select “These IP addresses” in the remote addresses section and add the problematic IP address in the Add dialog

image
On Action, choose “Block the connection”

image

On Profile, leave the defaults of everything checked.

image

Finally, on Name give the rule a name like “Blacklisting”, and optionally a description.

image

 

See here on how to automate this using PowerShell Event Viewer Scanning & Firewall rules

1. First check if the DENY property is set on your DHCP server

Get-DhcpServerv4FilterList

image

If not you can activate it like this

Set-DhcpServerv4FilterList -ComputerName "YourDHCPServer" -Allow $False -Deny $True

Next you can list all IP’s

Get-DhcpServerv4Filter

And check if they exist as blocked.

image

If you need to add extra you can use this Cmd

Add-DhcpServerv4Filter -List Deny -MacAddress "F0-DE-F1-7A-00-5E" -Description "iphone 09"

 

See here on how to Blacklist based on MAC Address

 

Safety First …

Done !


SharePoint – Online Security and Security by Obscurity

March 22, 2019

SharePoint Online Security settings are scattered all around… Sad smile

Next problem is that the Online version OOTB might not give you all the security features you need ?

So you will have to apply some tricks to fool the users.

Here is an overview of what is to your disposal ….

SP Security :

SharePoint delivers a Security Model that is a combination of AD user & Groups with SP Users & Groups.

See Managing the Security Model for more info.

These users and “Nested” Groups can be used to secure your Site Collections on different levels

image

Using Site Settings –> People and Groups and Site Permissions

image

To set security on different levels

1. Site level
2. List and Library security
3. Record level Security

See here for more info

What is Record level Permissions versus Record level Security, see here for more info.

Setting Record Level Security will also have a performance hit !  So try to avoid it as much as possible.

– Search Security
Via Site Settings you can refine the security on the Search

image

So let’s say you don’t want to have the users see the search EVERYTHING option

image

Go to SITE SETTINGS –> SEARCH Settings

image

Delete the EVERYTHING from the list.

Disable File and Folder Sharing :

image

Go to SITE SETTINGS –> Site Permissions –> Access Request Settings

 

SP Security by Obscurity :


Using Target Audience settings :

This is not a real security because the SP Search will ignore the target audience settings !!


– Hiding List or Document Library records using Audience Targeting :

On the list or Library activate Audience Targeting

image

You have to use it in combination of the Content Query Web Part

See here on how to.

– Hiding Web Parts using Audience Targeting :

This is done using the EDIT Web Part feature

image

In the Advanced Section you specify the TARGET Audience user(s) or group(s).

image image

You can use different other settings to HIDE Web Part features from the users

– Select a different VIEW to limit and filter the records shown in the Web Part. And hide the TOOL Bar if needed.

image

In the MISCELANEOUS section you can hide different sections

image

Here you decide to hide the Web Part Toolbar and only leave the INLINE LIST SEARCH available.

– Hiding Search options using Audience Targeting

image

Next you can  set Targeting Audience using SP Groups to limit the search this site feature for certain users.

– Hiding Objects using CSS

Examples to hide the SEARCH box on a site, and more …

<style type="text/css">  
#DeltaPlaceHolderSearchArea {display: none;}
.ms-InlineSearch-SearchStatus {display:none;}
.ms-cui-topBar2 { display : none; }
</style> 

– Hiding Objects using JQuery, give the same effect.

– Hiding Objects using SharePoint Designer : See below

Tools :

1. SharePoint Designer

Hide Libraries from the all site contents

image

image

Use SP Designer Workflows to automate Security settings on Lists and Libraries or Records / Documents

See here for how to.

First activate the Workflows can use app permissions using Site Features

image

Go to Site Settings –> Site App Permissions

image

Copy this part of the GUID and insert it in

image

Go to the Site Collection URL and add this part  “_layouts/15/appinv.aspx”

Workflow App Permissions : See here for the extra steps to complete the whole process

2. PowerShell

Use PowerShell to automate Security settings on Lists and Libraries or Records / Documents

Or to create reports to get visibility on Security.

See here for some good examples

So if you combine all of them, you can go a long way !

But it is important that you have a good security strategy, before starting to build your application.

Enjoy !


Java – Blocked Untrusted Applications

June 27, 2014

Annoyances !

When I tried to access the web Interface of a Switch I got this message ?

image

Easy to fix if you look on the internet, but in practice it is a different story.

You have to make an Exception in the Java Control Panel –> Security

Go to the Windows Control Panel –> Java Control Panel to find what you need

image

But when you open it, there is no setting there to adjust the security settings ? Except Certificates.

image

But if you go look on Google it show you this interface ?

image

Maybe because of a Java version difference ? Yes and No.

An older version of Java that was installed is still there when you look at the Programs a Features. You can have multiple versions installed.

image

OK so where is then the new Control Panel ?

Just go to the Windows Search and type “JAVA”

image

And start it from there, add the Exception List

image

Run it again in your Browser.

image

and voila Smile Application runs fine again.

image


Windows – Reset password without a password Reset Disk

December 9, 2013

At some point in time, you need to access someone’s PC without knowing his or her password.

Maybe it was forgotten, maybe the person was dismissed, can be any reason.

Here is how to access to the machine without knowing the account or password.

Boot the PC with a Windows Recovery CD, or use an Umbuntu Live CD.

image

1. Next choose Command Prompt.

2. Rename the UTILMAN.EXE to UTILMAN1.EXE and copy the CMD.EXE to CMD_New.EXE and rename CMD_New.EXE to UTILMAN.EXE

3. Reboot the machine again. And click on the left lower Icon (Ease of Access).

image

4. The CMD will open now. Next run the CMD net user Administrator + NewPassword

4. Next reboot the machine and log in using the administrator account + new set password.

Enjoy!