Tag: Windows 8

Stop using the insecure SMBv1/SMB1 protocol

The recent WannaCry ransomware outbreak spread because of a vulnerability in one of the internet’s most ancient networking protocols, Server Message Block version 1 (aka SMBv1 / SMB 1).

Barry Feigenbaum originally designed SMB at IBM. Microsoft has made considerable modifications to the most commonly used version. Microsoft merged the SMB protocol with the LAN Manager product.

The original SMB1 protocol is nearly 30 years old, and like much of the software made in the 80’s, it was designed for the world that no longer exists. The world without malicious actors, without vast sets of important data, without near-universal computer usage. Frankly, its naivete is staggering when viewed through modern eyes.

The Server Message Block, or SMB, protocol is a file sharing protocol that allows operating systems and applications to read and write data to a system. It also allows a system to request services from a server.

This is the protocol mainly used for providing shared access to files, printers, and serial ports and miscellaneous communications between nodes on a network.

In computer networkingServer Message Block (SMB), one version of which was also known as Common Internet File System (CIFS) operates as an application-layer network protocol.

There have been numerous vulnerabilities tied to the use of Windows SMB v1, including remote code execution and denial-of-service exploits. These two vulnerabilities can leave a system crippled, or allow attackers to compromise a system using this vulnerable protocol.

Protocol Version Windows OS
SMB 1 Windows 2000, Windows 2003, Windows XP
SMB 2 Windows Server 2008 and Windows Vista SP1
SMB 2.1 Windows Server 2008 R2 and Windows 7
SMB 3.0 Windows Server 2012 and Windows 8
SMB 3.0.2 Windows Server 2012 R2 and Windows 8.1
SMB 3.1.1 Windows Server 2016 and Windows 10

SMB 1 protocol permits man-in-the-middle exploits and it “isn’t safe” to use. An attacker can use SMB 2 to pull information from the insecure SMB 1 protocol if it exists in a network.

The nasty bit is that no matter how you secure all these things if 
your clients use SMB1, then a man-in-the-middle can tell your client
to ignore all the above. All they need to do is block SMB2+ on 
themselves and answer to your server's name or IP.Your client will 
happily derp away on SMB1 and share all its darkest secrets unless
you required encryption on that share to prevent SMB1 in the first 
place. This is not theoretical-- we've seen it.

                 ~ Ned Pyle, a Principal Program Manager, Microsoft

 

How to remove SMB V1 /SMB 1 in Windows OS?

Windows 8.1 and Windows 10:

Method-1: Open Control Panel (just start typing Control in the search box to find its shortcut quickly). Click Programs, and then click Turn Windows features on or off (under the Programs heading). Or

Start –> Run –> Type appwiz.cpl –> press enter –> Click Turn Windows features on or off

Clear the check box for SMB 1.0/CIFS File Sharing Support, as shown here. That’s it; you’re protected.

SMB1

Method-2:  open a Windows PowerShell prompt with administrative privileges. In the Windows 10 Creators Update, version 1703, right-click the Start button and choose Windows PowerShell (Admin) from the Quick Link menu.) If you’re running an earlier Windows 10 version, enter Windows PowerShell in the search box, then right-click the Windows PowerShell shortcut and click Run as administrator. From that elevated PowerShell prompt, type the following command:

Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol

Press Enter and you’re done.

Note You must restart the computer after you make these changes.

Windows 2012 R2, and Windows Server 2016:

Method-1: Launch Server Manager from Command Line.

Press the Windows key + R to open the Run box, or open the Command Prompt. Type ServerManager and press Enter.

Run

Or Launch Server Manager from Taskbar

Task bar

On Server, the Server Manager approach:

image495

Method-2: On Server, the PowerShell approach (Remove-WindowsFeature FS-SMB1):

Remove-WindowsFeature Name FS-SMB1

image496

On legacy operating systems:

When using operating systems older than Windows 8.1 and Windows Server 2012 R2, you can’t remove SMB1 – but you can disable it.

Windows 8 and Windows Server 2012:

Windows 8 and Windows Server 2012 introduce the new Set-SMBServerConfiguration Windows PowerShell cmdlet. The cmdlet enables you to enable or disable the SMBv1, SMBv2, and SMBv3 protocols on the server component. (A cmdlet is a lightweight command that is used in the Windows PowerShell environment.)

  • To disable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $false

  •  To enable SMBv1 on the SMB server, run the following cmdlet:

Set-SmbServerConfiguration -EnableSMB1Protocol $true

 Windows Server 2008 R2 and Windows Server 2008:

To enable or disable SMB protocols on an SMB Server that is running Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, use Windows PowerShell or Registry Editor.

Windows PowerShell 2.0 or a later version of PowerShell

  • To disable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 0 -Force

  • To enable SMBv1 on the SMB server, run the following cmdlet:

Set-ItemProperty -Path “HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters” SMB1 -Type DWORD -Value 1 -Force

 Note You must restart the computer after you make these changes.

Registry Editor:

Important

This article contains information about how to modify the registry. Make sure that you back up the registry before you modify it. Make sure that you know how to restore the registry if a problem occurs. For more information about how to backup, restore, and modify the registry, click the following article number to view the article in the Microsoft Knowledge Base:  322756 How to backup and restore the registry in Windows

To enable or disable SMBv1 on the SMB server, configure the following registry key:

Registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\ParametersRegistry entry: SMB1
REG_DWORD: 0 = Disabled
REG_DWORD: 1 = Enabled
Default: 1 = Enabled

Windows Vista, Windows 7, and Windows 8:

  • To disable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb20/nsi
sc.exe config mrxsmb10 start= disabled

  • To enable SMBv1 on the SMB client, run the following commands:

sc.exe config lanmanworkstation depend= bowser/mrxsmb10/mrxsmb20/nsi
sc.exe config mrxsmb10 start= auto

Source: Microsoftzdnettechnet.microsoftredmondmagtop-password, techtargetwindowsitpro

How to enable Administrator account in Windows 8.1 & Windows 10 Home Single Language

Use the following steps to active administrator account.

  1. Open the command prompt as Administrator

Normally, the command prompt can be opened as a regular user to run commands that don’t require administrative rights. However, if you need to run a command that requires administrative rights, you must open the command prompt window as administrator.

  • The first method of accessing the command prompt as administrator is to right-click on the Start button  1  in the lower-left corner of the screen and select the Command Prompt (Admin) option from the  User menu.

You can also press the Windows key + X to access this menu.

2

–  The second method involves the Start screen. If you are currently on the Desktop, click the Start button in the lower-left corner of the screen.

63

On the Start screen, start type “command prompt” (without the quotes). The Search panel displays on the right side of the screen and results of the search display as you type. Right-click on Command Prompt and select Run as administrator from the popup menu.

23

So now you are opened the command prompt in administrator mode.

2. Type below given command to see the users list:

C:\WINDOWS\System32>net user

3. Unlock the administrator account.

C:\WINDOWS\System32>net user administrator /active: yes

  1. Give a password.

C:\WINDOWS\System32>net user administrator *

(* – type the password)

Source: howtogeek

 

How to find system up-time on Windows 7, 8 & 2008 Server

If you leave your computer on for extended periods of time, it’s usually a good idea to perform a reboot now and then. Furthermore, if you’re managing multiple computers, it’s difficult to remember when each received a reboot. That’s why Windows keeps track of your total up-time and the last time your computer booted for you. Here’s how to access those pieces of information:

To find total up-time:

Step 1: Launch the task manager. You can do this in one of three ways:

Choice 1: Press Ctrl+Alt+Delete. On the screen that appears, select Start Task Manager.

Choice 2: Right click on the taskbar and select Start Task Manager.

Choice 3: Press CtrlL+Shift+Esc to launch the task manager directly.

Step 2: In this window, click on the Performance tab.

Task Manager-1

Task Manager

Step 3:  Your system’s up-time is displayed next to Up Time (highlighted in the above picture) in the format of Days: Hours: Minutes: Seconds

To find last boot date:

Go to Start  –> Run –> cmd

cmd

In the command prompt, run the following commands: systeminfo | find /i “Boot Time”

-or-

systeminfo | find “Time:”

-or-

systeminfo | find “System Boot Time”

cmd-1

Cheers,

Happy Computing 🙂

source: cnet, superuser, serverfault

Microsoft Names Satya Nadella Its New CEO

Microsoft Names Satya Nadella Its New CEO:

Microsoft Corp.  Announced that its Board of Directors has appointed Satya Nadella as Chief Executive Officer and a member of the Board of Directors effective immediately.  Before being named CEO in February 2014, Nadella held leadership roles in both enterprise and consumer businesses across the company.

Satya Nadella

Joining Microsoft in 1992, he quickly became known as a leader who could span a breadth of technologies and businesses to transform some of Microsoft’s biggest product offerings.

Most recently, Nadella was executive vice president of Microsoft’s Cloud and Enterprise group. In this role he led the transformation to the cloud infrastructure and services business, which outperformed the market and took share from the competition. Previously, Nadella led R&D for the Online Services Division and was vice president of the Microsoft Business Division. Before joining Microsoft, Nadella was a member of the technology staff at Sun Microsystems.

Satya

Originally from Hyderabad, India, Nadella lives in Bellevue, Wash. He earned a bachelor’s degree in electrical engineering from Mangalore University, a master’s degree in computer science from the University of Wisconsin – Milwaukee and a master’s degree in business administration from the University of Chicago. He is married and has three children.

“During this time of transformation, there is no better person to lead Microsoft than Satya Nadella,” said Bill Gates, Microsoft’s Founder and Member of the Board of Directors. “Satya is a proven leader with hard-core engineering skills, business vision and the ability to bring people together. His vision for how technology will be used and experienced around the world is exactly what Microsoft needs as the company enters its next chapter of expanded product innovation and growth.”

Since joining the company in 1992, Nadella has spearheaded major strategies and technical shifts across the company’s portfolio of products and services, most notably the company’s move to the cloud and the development of one of the largest cloud infrastructures in the world supporting Bing, Xbox, Office and other services. During his tenure overseeing Microsoft’s Server and Tools Business, the division outperformed the market and took share from competitors.

all

Microsoft is one of those rare companies to have truly revolutionized the world through technology, and I couldn’t be more honoured to have been chosen to lead the company,” Nadella said. “The opportunity ahead for Microsoft is vast, but to seize it, we must focus clearly, move faster and continue to transform. A big part of my job is to accelerate our ability to bring innovative products to our customers more quickly.”

“Having worked with him for more than 20 years, I know that Satya is the right leader at the right time for Microsoft,” said Steve Ballmer, who announced on Aug. 23, 2013 that he would retire once a successor was named. “I’ve had the distinct privilege of working with the most talented employees and senior leadership team in the industry, and I know their passion and hunger for greatness will only grow stronger under Satya’s leadership.”

Microsoft also announced that Bill Gates, previously Chairman of the Board of Directors, will assume a new role on the Board as Founder and Technology Advisor, and will devote more time to the company, supporting Nadella in shaping technology and product direction. John Thompson, lead independent director for the Board of Directors, will assume the role of Chairman of the Board of Directors and remain an independent director on the Board.

Nadella addressed customers and partners for the first time as CEO during a Customer and Partner Webcast event.

https://az169342.vo.msecnd.net/events/2014/1402/PublicEvent/media/Customer_Partner_Webcast_1000k.mp4

How peoples’ lives are changed through Microsoft technology with a Super Bowl ad. This one-minute ad celebrates what technology can do, and is narrated by Steve Gleason, former NFL player and post-Katrina hero of the New Orleans Saints, now living with ALS. Steve narrates the spot in the same way he communicates daily — using his Surface Pro to speak, via eye tracking technology

Source: Microsoft

The complete list of Windows 7 Logo key shortcuts:

The complete list of Windows 7 Logo key shortcuts:

One of the more powerful, and probably least used, sets of keyboard shortcuts relies on the Windows Logo key, which is common on most keyboards packaged with a Windows-based personal computer. The following list includes all the shortcuts that use the Windows Logo key and explains what each one does. Take a good look because one or two of these shortcuts may make your computing life just a little more efficient.

The shortcuts:

Note: Click graphic to enlarge (Please click twice on image)

source: Microsoft,TechRepublic

UEFI:

UEFI: The acronym stands for Unified Extensible Firmware Interface and is designed to be more flexible than its venerable predecessor.

Wave goodbye to BIOS, say hello to UEFI, a new technology that will drastically reduce start-up times.

The next generation of home computers will be able to boot up in just a few seconds, as 25-year-old BIOS technology makes way for new start-up software known as UEFI.

BIOS technology, which has been used to boot up computers since 1979, was never designed to last as long as it has, and is one of the reasons modern computers take so long to get up and running.

By contrast, UEFI – which stands for Unified Extensible Firmware Interface – has been built to meet modern computing needs, and will soon be the pre-eminent technology in many new computers, enabling them to go from ‘off’ to ‘on’ in seconds.

Pronounced “bye-ose,” BIOS is an acronym for basic input/output system. The BIOS is built-in software that determines what a computer can do without accessing programs from a disk. On PCs, the BIOS contains all the code required to control the keyboard, display screen, disk drives, serial communications, and a number of miscellaneous functions.

The BIOS is typically placed on a ROM chip that comes with the computer (it is often called a ROM BIOS). This ensures that the BIOS will always be available and will not be damaged by disk failures. It also makes it possible for a computer to boot itself.

 Below are the major BIOS manufacturers:

When you turn on your computer, several events occur automatically:

  1. The CPU “wakes up” (has power) and reads the x86 code in the BIOS chip.
  2. The code in the BIOS chip runs a series of tests, called the POST for Power On Self-Test, to make sure the system devices are working correctly. In general, the BIOS:
    • Initializes system hardware and chipset registers
    • Initializes power management
    • Tests RAM (Random Access Memory)
    • Enables the keyboard
    • Tests serial and parallel ports
    • Initializes floppy disk drives and hard disk drive controllers
    • Displays system summary information
  3. During POST, the BIOS compares the system configuration data obtained from POST with the system information stored on a CMOS – Complementary Metal-Oxide Semiconductor – memory chip located on the motherboard. (This CMOS chip, which is updated whenever new system components are added, contains the latest information about system components.)
        4. After the POST tasks are completed, the BIOS looks for the boot program responsible for loading the operating                         system.  Usually, the BIOS looks on the floppy disk drive A: followed by drive C:
        5. After being loaded into memory, the boot program then loads the system configuration information (contained in                the registry in a Windows environment) and device drivers.
       6. Finally, the operating system is loaded, and, if this is a Windows environment, the programs in the Start Up folder                  are executed.

            The BIOS has two fundamental weaknesses. Firstly, it is based on 16-bit assembly code and cannot directly address          the latest 64-bit hardware, and secondly, there are no set standards for specifications, so manufacturers come up with            their own versions.

The participants of the UEFI Forum wanted to set this straight. From the outset, each process has been precisely defined. Thus, the boot process or platform initialization (PI) is clearly described in phases. Immediately after powering up the PC, the Pre-EFI Initialization (PEI) is executed, which initializes the CPU, memory and chipset. This is then followed by the Driver Execution Environment (DXE). At this point, the rest of the hardware is initialized. This process saves the time required for booting because UEFI can integrate various drivers that need not be reloaded during booting. Thanks to these drivers, the user already has access to network card, including features such as network booting and remote assistance at the early stage of the boot process. With the graphics processor enabled, a fancy user interface is also presented.

However, biggest time-saving feature of UEFI is the fact that not all the installed hard drives will be scanned for the boot loader, since the boot drive is set during the installation of the operating system in the UEFI. The default boot loader is run without consuming much time searching the drives.

The faster boot time is not the only advantage of UEFI; applications can be stored on virtually any non-volatile storage device installed on the PC. For example, programs and diagnostic tools such as antivirus or system management tools can be run from an EFI partition on the hard drive. This feature will be very useful to original equipment manufacturers (OEM), who can distribute systems with extra functions in addition to the standard EFI firmware stored on the motherboard’s ROM.

UEFI fully supports 3 TB hard drives

The classic BIOS can access only up to 232 sectors of 512 bytes in size, which  translates to a total of 2 TB. So the upcoming 3 TB variants of Western Digital Caviar Green and Seagate Barracuda XT won’t be fully compatible with the current BIOS. Seagate uses larger sectors to make the full capacity usable on Windows, but the BIOS cannot boot from this drive.

UEFI, on the other hand, works with GUID partition table (GPT) with 64-bit long addresses and can handle up to 264 sectors that address up to 9 Zettabyte (1 zettabyte equals 1 billion terabytes).

The GUID Partition Table (GPT) was introduced as part of the Unified Extensible Firmware Interface (UEFI) initiative. GPT provides a more flexible mechanism for partitioning disks than the older Master Boot Record (MBR) partitioning scheme that was common to PCs.

A partition is a contiguous space of storage on a physical or logical disk that functions as if it were a physically separate disk. Partitions are visible to the system firmware and the installed operating systems. Access to a partition is controlled by the system firmware before the system boots the operating system, and then by the operating system after it is started.

MBR disks support only four partition table entries. If more partitions are wanted, a secondary structure known as an extended partition is necessary. Extended partitions can then be subdivided into one or more logical disks.

GPT disks can grow to a very large size. The number of partitions on a GPT disk is not constrained by temporary schemes such as container partitions as defined by the MBR Extended Boot Record (EBR).

The GPT disk partition format is well defined and fully self-identifying. Data critical to platform operation is located in partitions and not in unpartitioned or “hidden” sectors. GPT disks use primary and backup partition tables for redundancy and CRC32 fields for improved partition data structure integrity. The GPT partition format uses version number and size fields for future expansion. Each GPT partition has a unique identification GUID and a partition content type, so no coordination is necessary to prevent partition identifier collision. Each GPT partition has a 36-character Unicode name. This means that any software can present a human-readable name for the partition without any additional understanding of the partition.

Below given Windows OS supports GPT:

  • Windows 7
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Vista
  • Windows Server 2003 SP1
  • Windows Server 2003 (64-bit)
  • Windows XP x64 edition
Source: wikipedia, chip, MSDN