Bobcares

WeSupport

Call Us! 1-800-383-5193
Call Us! 1-800-383-5193
Call Us! 1-800-383-5193

Microsoft Windows


XenApp Error 10060 – How to fix

Stuck with XenApp Error 10060? We can help you.

Often users get this XenApp error while trying to launch the desktop enabling the “HDX Adaptive Transport” policy set to Diagnostic.

Here at Bobcares, we often handle requests from our customers to fix similar errors as a part of our Server Management Services. Today we will see how our support engineers fix this for our customers.

(more…)

‘http error 401.3 – unauthorized’ in IIS – How to resolve.

Wondering how to resolve ‘http error 401.3 – unauthorized’ in IIS? We can help you.

This error appears when the user account under which the IIS service runs does not have the required permissions to access and serve web server content.

Here at Bobcares, we handle requests from our customers using Windows servers to fix similar issues as a part of Server Management Services.

Today, let’s see how our Support Engineers fix this.

(more…)

Monitor Website Defacement With Nagios XI

Wondering how to monitor Website Defacement With Nagios XI? We can help you.

Website defacement is an attack on a website that changes the visual appearance of the site or a webpage.

As part of our Server Management Services, we assist our customers with several Nagios queries.

Today, let us see how our Support Techs monitor Website Defacement.

(more…)

Hardening Windows Using Microsoft Security Baseline

Wondering how to do ‘Hardening Windows Using Microsoft Security Baseline’? We can help you with it.

Microsoft Security Baseline contains recommended settings Microsoft suggests for Windows workstations and servers to provide secure configuration and protect domain controllers, servers, computers and users.

As part of our Server Management Services, we assist our customers with several Windows queries.

Today, let us see how our Support techs harden Windows Using Microsoft Security Baseline.

 

Hardening Windows Using Microsoft Security Baseline

 

Today, let us see how to implement Microsoft Security Baseline GPOs in our domain.

We can use security baselines to:

  •  Firstly, ensure that user and device configuration settings are compliant with the baseline.
  • Secondly, set configuration settings. For example, we can use Group Policy, Microsoft Endpoint Configuration Manager or Microsoft Intune to configure a device with the setting values specified in the baseline.

Reference Microsoft Security Baseline Group Policies are a part of Microsoft Security Compliance Manager (SCM). SCM is a free product that contains multiple tools to analyze, test and apply the best practices and current security recommendations for Windows and other Microsoft products.

Microsoft Security Compliance Toolkit is available following this link: https://www.microsoft.com/en-us/download/details.aspx?id=55319

We can download these tools:

  • LGPO is used to manage local GPO settings.
  •  PolicyAnalyzer is a tool to analyze existing Group Policies and compare them with the reference policies in the Security Baseline.
  •  SetObjectSecurity

The Security Baseline archive for each Windows version contains several folders:

  •  Documentation contains XLSX and PDF files with the detailed description of the settings applied in the Security Baseline.
  •  GP Reports has HTML reports with the GPO settings to be applied.
  •  GPOs – contains GPO objects for different scenarios. We can import the policies to our Group Policy Management (GPMC) console.
  •  Scripts contains PowerShell scripts to easily import GPO settings to domain or local policies: Baseline-ADImport.ps1, Baseline-LocalInstall.ps1, Remove-EPBaselineSettings.ps1, MapGuidsToGpoNames.ps1.
  •  Templates – additional ADMX/ADML GPO templates (for example, AdmPwd.admx contains local password management settings for LAPS, MSS-legacy.admx, SecGuide.admx)

 

There are GPO Security Baseline templates for different Windows infrastructure elements:

Policies for computers, users, domain servers, domain controllers (there is a separate policy for virtual DCs), as well as Internet Explorer, BitLocker, Credential Guard and Windows Defender Antivirus settings. Configured Group Policies for various scenarios are located in the GPOs folder.

Note that there is a separate Security Baseline set for each Windows Server version or Windows 10 build.

In order to, extract the archive with the Security Baseline version matching our Windows version and open the Group Policy Management (gpmc.msc) console.

1. Firstly, copy ADMX templates to the SYSVOL PolicyDefinitions folder (GPO Central Store) on our DC.
2. Then, create a new GPO with the name Windows 10 2004 Security Baseline.
3. Next, right-click the GPO and select Import Settings.
4. Then, specify a path to the Security Baseline file for our Windows version as a Backup Location.
5. Next, import a policy with the computer settings. Select MSFT Windows 10 2004 – Computer (using the View Settings button, we can view the policy settings in the form of a gpresult report).
6. Then, we are prompted to select how to migrate reference links to security objects and UNC paths. Since the policy is new, select Copying them identically from the source.
7. Then, the reference Security Baseline policy settings for computers running Windows 10 2004 will be imported to our GPO.

To apply the Group Policy object only to computers running the specific Windows build, use GPO WMI filters. For example, for Windows 10 2004, we can use the following WMI filter:

Select Version,ProductType from Win32_OperatingSystem WHERE Version LIKE “10.0.19041%” and ProductType = “1”

Then, apply the filter to our policy and link the policy to the Organizational Unit we need.

In the same way, we can import Security Baselines for users, domain controllers, domain member servers, etc.

Security Baseline contains dozens or even hundreds of settings. Let us see a few security settings:

  • Firstly, managing the program start and installation rules: AppLocker (Software Restriction Policies), UAC and Windows Installer
  •  Then, domain password and account lockout policies
  •  Next, privileged account restrictions
  •  Next, snonymous access restrictions
  •  Then, audit policy settings to get information about all events and user logon history
  •  LSA memory protection
  •  Access to peripherals (including printer and USB installation policies)
  •  Disabling NetBIOS and NTLM protocols
  •  Settings of Remote Assistance, shadow connections, RDS timeouts, CredSSP Oracle Remediation
  •  PowerShell Execution Policy
  •  Then, configuration of Windows Error Reporting
  •  Management of Windows Firewall rules
  •  WinRM settings
  •  Disabling the built-in administrator account
  •  Hardened UNC paths policy
  •  Finally, disabling SMBv1

If we want to protect our home computer running Windows 10, we can apply Security Baseline settings on it using a ready PowerShell script.

Allow unsigned scripts to run:

Set-ExecutionPolicy -Scope Process Unrestricted

Apply the policy:

Baseline-LocalInstall.ps1 -Win10NonDomainJoined

Usually, microsoft Security Baseline settings can enhance the security of our Windows infrastructure and help to make sure that the same settings are applied to all computers (including new ones) on our network.

 

[Need help to harden Nagios XI server? We’d be happy to assist]

Conclusion

In short, today we discussed about Hardening Windows Using Microsoft Security Baseline

Can’t move the folder because there is a folder in the same location that can’t be redirected

Wondering how to fix “Can’t move the folder because there is a folder in the same location that can’t be redirected” error? We can help you.

This error occurs when we try to change the location of a personal folder the second time in Windows. And this error is not specific to a certain Windows version.

Here at Bobcares, we handle requests from our customers using Windows servers to fix similar issues as a part of Server Management Services.

Today, let us see how our Support techs resolve this issue for our customers.

(more…)

The source file names are larger than is supported by the file system

Wondering how to fix Windows error ‘The source file names are larger than is supported by the file system’? We can help you!

Often it is reported that they get this error occurs when trying to copy or delete files/folders.

Here at Bobcares, we handle requests from our customers using Windows servers to fix similar issues as a part of Server Management Services.

Today let’s see how our Support Engineers fix this issue for our customers.

(more…)

Windows error “The volume does not contain a recognized file system”

Wondering how to fix Windows error “The volume does not contain a recognized file system”? We can help you!

Often Windows users report that they get this error when they plug in any external hard drive, USB flash drive, or an SD card.

Here at Bobcares, we handle requests from our customers using Windows servers to fix similar issues as a part of Server Management Services.

Today let’s see how our Support Engineers fix this issue for our customers.

(more…)

Disable NetBIOS and LLMNR Protocols in Windows Using GPO

Wondering how to disable NetBIOS and LLMNR Protocols in Windows Using GPO? We can help you.

The broadcast protocols NetBIOS over TCP/IP and LLMNR are used in most modern networks only for compatibility with legacy Windows versions.

However, both protocols are susceptible to spoofing and MITM attacks. For improving network security, we can disable these protocols on the domain network.

Here at Bobcares, we often get requests from our customers using Windows servers to disable both NetBIOS and LLMNR as a part of our Server Management Services.

Today let’s see the steps that our Support Techs follow to disable these protocols.

(more…)