Internet Explorer Hardening Mysteries

Today I had a very interesting problem with system hardening and a new application that we are going to use. This application moved from a form based management interface to a web based one. Under normal circumstances this doesn’t provide a huge challenge because management of these type of apps is done over the network … Continue reading Internet Explorer Hardening Mysteries

3DES/FIPS 140-2/RDP Hotfix

In the past I’ve written a blog about the issues my company encountered when we disabled 3DES on our Windows 2008 R2 systems. Since we are obligated to also use FIPS 140-2 for compliance reasons the combination of disabling 3DES, and having FIPS140-2 enabled would break remote desktop functionality. Basically it came down to RDP … Continue reading 3DES/FIPS 140-2/RDP Hotfix

0x800b010e – The revocation process could not continue – the certificate(s) could not be checked

I my line of work, every now and then I run into these unique situations. A few weeks ago we needed to do an application upgrade on a few of our systems. Once we started we got the following message: “0x800b010e – The revocation process could not continue – the certificate(s) could not be checked.” … Continue reading 0x800b010e – The revocation process could not continue – the certificate(s) could not be checked

Enable Schannel logging

To enable logging for Secure Channel logging (Schannel), use the following guide. Add the following registry key: Set one of the following values: 0x0000 Do not log 0x0001 Log error messages 0x0002 Log warnings 0x0004 Log informational and success events When troubleshooting I like to set it to 0x0007 (0x0001 + 0x0002 + 0x0004). Reboot … Continue reading Enable Schannel logging

Custom RDP Certificate on Windows Server 2012 R2

Ever since Windows 2012 the Remote Desktop host tool has been removed from the system, making it more difficult to set a custom certificate. When you're in a domain context it's more likely that you will use GPO's and domain related tools to configure your system, but in my work environment I deal with stand-alone … Continue reading Custom RDP Certificate on Windows Server 2012 R2

5 Steps to get started with Azure DSC

In our never ending quest to improve our production environment we are currently looking into the possibilities that Microsoft Azure can offer us. One of offerings that has our interest is state enforcement management with Windows PowerShell, also known as “Desired State Configuration”. I was already deeply impressed with the capabilities that are offered when … Continue reading 5 Steps to get started with Azure DSC