Internet Explorer Hardening Mysteries

Today I had a very interesting problem with system hardening and a new application that we are going to use. This application moved from a form based management interface to a web based one. Under normal circumstances this doesn’t provide a huge challenge because management of these type of apps is done over the network… Continue reading Internet Explorer Hardening Mysteries

3DES/FIPS 140-2/RDP Hotfix

In the past I’ve written a blog about the issues my company encountered when we disabled 3DES on our Windows 2008 R2 systems. Since we are obligated to also use FIPS 140-2 for compliance reasons the combination of disabling 3DES, and having FIPS140-2 enabled would break remote desktop functionality. Basically it came down to RDP… Continue reading 3DES/FIPS 140-2/RDP Hotfix

Windows Update Error 0x80072ee2

For a while now I’ve been getting timeouts when using Windows updates through our proxy servers. Everything else seems to be working just fine, no complaints on browsing the web, it just seems that whenever I’m using Windows update through the proxy it takes a few times before it's successful. Up until now it wasn’t… Continue reading Windows Update Error 0x80072ee2

32 Bit Processes on 64 Bit Systems

On our systems we apply hardening policies by all kinds of available techniques. Being local policies, PowerShell scripts or classic batch files even. All the settings are eventually applied by a central installer that takes care of the installation, reboots and validation of the settings. Recently on one of our older systems we ran into… Continue reading 32 Bit Processes on 64 Bit Systems

The Microsoft Root Certificate Program

A couple of days ago I had to deal with a situation where our vulnerability tool was complaining that the root certificate store wasn’t updated for a while. After doing some research it turned out that the update service for the Microsoft root certificate program was blocked. That in turn triggered me to dig into… Continue reading The Microsoft Root Certificate Program

Manually setting Windows Firewall Profiles

What has always bugged me to some extend is that Microsoft removed the possibility to set the Windows firewall profile to my own liking. Not just let Windows decide what’s best. It normally does a pretty good job, but there are occasions where you want to change it manually. Unfortunately, in the network center, there’s… Continue reading Manually setting Windows Firewall Profiles