RPC Endpoint Mapper Client Authentication uses NTLM
Introduction The main goal is to secure existent windows 10 clients. As there a few hardening recommendations from for example CIS and Microsoft concerning secure OS configuration i discovered a potential misleading dependency regarding NTLM and RPC. …
Windows Defender keeps losing ASRs deployed by Intune
Hi all, for the whole last week, I have a very strange and recurring problem. Environment: Location EU0501, most devices HAADJ, some devices autopiloted entra only, Windows 10 and 11 on 22H2 or 23H2, Patchlevel 2024-02 or 2024-03 - so up to date. hybrid…
CVEs VS Latest Windows Cumulative Updates
Hi, Could anyone explain and provide the evidence about Latest Cumulative Update? I have one laptop that is missing security updates from my IT while the Windows Update shows that my system is up to date. The missing updates are in CVE. I have searched…
cannot turn on Kernel-Mode Hardware-enforced Stack Protection
I noticed that my Windows 11 Professional system in the Windows Security / Device Security / Core Isolation settings has "Kernel-Mode Hardware-enforced Stack Protection" disabled and grayed out, and above that it says that "This setting is…
Windows Update keeps looping through and asks to restart | KB5036892 - 2024-04
Hi All, Hope you are well. We are experiencing issues with the Windows update. It keeps updating, installing, asking us to restart, after the restart, again it asks to update the windows. This loop keeps going through. Issue occurs with this security…
Is there a way to retrieve data from a BitLocker-encrypted hard drive in a laptop with a roasted motherboard?
I have a Dell Inspiron laptop with a blown-out motherboard, and I am unable to access the hard drive by using an SSD enclosure and connecting it to my desktop, as BitLocker is activated. I have two Microsoft IDs that are linked to the laptop as devices,…
Is Microsoft downplaying support for ECC certificates?
Hi folks, does anyone have any insight into this statement Microsoft's trusted root program requirements page that was updated in Feb? Signatures using elliptical curve cryptography (ECC), such as ECDSA, are not supported in Windows and newer Windows…
Security key 0xc000005f
Environment: Windows 11, Server 2016, Azure AD Free. Problem: Your credentials could not be verified. (0xc000005f) I am trying to activate fido2 security key in my domain. The key which I am using is a Yubikey Bio Fido Edition. First: I activated…
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR?
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR? https://learn.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr FFL & DFL: Windows Server…
Missing SSD option in Boot Manager after changing from Legacy to UEFI boot mode
Hi, my name is Nitish. I have a Lenovo IdeaPad S145-15IKB laptop and recently tried to play Valorant on it. I received an error message that said I needed to enable secure boot. After doing some research on YouTube, I found out that I could fix the…
Trusted Platform Module - Key Attestation not working
Dear Community, I've been on this for several days now and i just can't get it to work. So my hope lies with you guys! :-) My issue is the following: I have a Intel NUC with a TPM 2.0 device. I try to use Auto-Deployment with Shared Multi-user…
securityhealthservice.exe missing and windows security at a glance
i have a problem with my windows security, i cant open it and it always said Windows security at a glance, also when i try to fix it with tutorial on youtube, i cant find my securithhealthservice on system. is there a solution? (my device are…
How to get rid of the Windows Firewall Notification
Hi all, I disabled the Windows Defender Firewall for my lab system due to the system requirement. However the notification always pop up and i noticed that if the user accidentally clicked it, the firewall will eventually get turned back ON. …
Reputation with OV certificates and are EV certificates still the better option?
Hi, I'm an indie developer writing an Electron application. I've registered a cooperation in Canada a few months ago and I purchased an OV certificate for my software. The poor wording of the Windows Smart Screen Defender makes most of my non-technical…
Default Sign-in Option in Windows 10 (client-wide)
Hello Community How can I set the sign-in option: Password: {60B78E88-EAD8-445C-9CFD-0B87F74EA6CD} as default via registry for all users of a Windows 10/11 client? I know the following way to do this for individual users:…
Cannot add phone number to my new email, it says use different alias
When I try adding my number to my new email, it says I cannot use this alias. I even deleted the number from this account and it still says it. When I try adding it back to this alias, it still says I cannot use this alias. My number can't be on any…
Firewall blocking MS Edge updates, Windows 10 PC
When trying to update Microsoft Edge broswer, on my Windows 10 PC, I get this error: So I went to the Windows Defender settings. MicrosoftEdgeUpdate.exe was not listed in the list of available apps, so I did a full File Explorer search for the .exe…
Windows Defender Smartscreen Whitelist
I have an exe located in local appadata of users that is getting blocked by Windows Defender Smartscreen. I have added the SHA 256 of the file in the Indicators on the Defender Portal, but even that doesn't seem to work. Is there any other way to…
How can I not allow Task Scheduler to execute a task out of its schedule?
How can I not allow Task Scheduler to execute a task out of its schedule? I have a task which is scheduled daily at the night, and some times it is executed in the morning. The task is a powershell script (which I could prepend a short assert to exit…
Windows 10 TPM 2.0 Client Authentication in TLS 1.2 with RSA PSS making trouble
Hi everyone I just wanted let you know that we have found an error in combination with TPM-saved RSA certificates and Client Authentication on TLS1.2 with newer Windows 10 Clients (probably all after 1909). It seems that a lot of 2.0 TPMs have a…