Quick Fix: Fortinet SSLVPN 98% Error Unable to Establish the Connection

photoThis one puzzled me for several hours this week. After making some changes to the structured cabling we were alerted to an issue preventing SSLVPNs from connecting.

Anyone attempting to connect saw the progress stop at 98% received an error similar to :

Unable to establish the VPN Connection (E=98,T-981066010,M99,R10)

Read more of this post

Quick Fix – Dissapearing Icons – Windows 7

Updated to include information on the ADMX templates.

Title (Required)

Customer had reported to me that their Icons had dissapeard for the second week in a row on a Monday morning…

Weird I thought.

Maintenance Microsoft thinks..

It seems if you have more than 4 ‘broken’ shortcuts on your desktop Microsoft will clean them up for you.

Microsoft defines broken as a shortcut to unavailable resource.

I can see the value of that – in theorey, but imagine this – a customer with a laptop who links directly to shared folders on their corporate LAN, all those links are broken come monday morning.

Not the best idea i have seen implemented in Windows 7.

Anyway, great article here for hints and tips on making the best of Windows 7 maintenance.

http://www.verboon.info/index.php/2010/11/control-windows-7-scheduled-maintenance-behavior-through-group-policy/

Update: If you do not have the Scheduled Maintenance policy in your GPMC, you may need to copy sdiagschd.admx and sdiagschd.adml from a client computer to the domain…

View original post 6 more words

WSUS 2012 R2 and Windows 10 1703

DKIMI have been working on WSUS and Windows 10 for the last few days, following some rather annoying updates to newly deployed Surface Pro devices, and more importantly a grumbling comment from a co-worker ‘can’t we automate this stuff anymore?’.

Well i have to say that was the final straw. Windows 10 and WSUS has been a pain for me since it was released.

With hotfixes, tweaks and dances required and failing to get Windows 10 talking and working with WSUS consistently it perhaps was no surprise that i had opted to point 10 directly to Windows update and only control the schedule and ring, rather than the more traditional granular approach taken with Windows 7 and 8.

So, Yes, the answer is we should be able to manage patching with Windows 10.

Yes, we are going to manage it.

Read more of this post

Update to Windows Management Framework 5.1 on Windows 7

mslogo3Over the weekend i read this article about PowerShell Security in the Enterprise. I decided whilst reading it, i should probably make sure my clients machines have the latest WMF installed.

Assuming this was just a KB article i searched WSUS for KB and found nothing. Reading the blog article about the 5.1 release and then the Install and Configure guidance, we see that WMF 5.1 is released to Windows 7, but, manual steps are required to install it.

The download comes as a ZIP file with a PowerShell script (Install-WMF5.1.ps1) and an MSU for the architecture of the PC.

Read more of this post

Quick Fix: Enable DKIM for Office 365

DKIMIf you have been following some of my recent posts you’ll know i have been talking about Office 365 and Exchange Online and how you can tweak the settings to better secure your mail.

One of the steps for that is to setup DKIM. For Office 365 this requires two CNAME records to be published in your public DNS.

The problem i was having when setting up a new client, was knowing what the CNAME should be set to.

Read more of this post

Quick Fix: 2008 R2 api-ms-win-crt-runtime-l1-1-0.dll is missing, not enough storage to process this command.

picard-facepalmI have just been through a particularly bad support incident, which I wanted to share in great detail. However confidentially precludes me from doing so.

Anyway it turns out it was caused by a failed Windows Update, not a hardware failure as we first suspected.

Plenty of lessons learned here on how not to handle a ticket, but the takeaway is, if you are facing the errors in the title, try this and reboot:

sfc /scannow

You may be unable to launch anything, except a command prompt so it may be you need to go into safe mode which you can set via BCDedit:

bcdedit /set {current} safeboot network

I wish I had thought to check for failed Windows Updates before I started a restore job.. but you live and learn.

Configure and Deploy Microsoft LAPS

IT Security is essentially a risk mitigation game. There is no such thing as a totally secure system, certainly nothing you can ‘set and forget’ and so we are left to decide what we can do, to best protect our systems.

We don’t want an unauthorised person to use our computer, so we use a password. We know passwords can be guessed, or cracked, so we choose more difficult passwords. More powerful attackers can crack more difficult passwords, so we use 2 Factor Authentication.

The list goes on and on and on, but with each risk we can look for a mitigation that works in our environment, knowing that there is nothing we can do to fully protect ourselves but we can make things as difficult as possible for a would be attacker, in the hopes that he or she may look for some lower hanging fruit elsewhere.

With that in mind we are going to look at managing the Local Administrator password for your client computers to help prevent lateral movement through your network.

Read more of this post

%d bloggers like this: