Insidethe.com It is my space, but better than myspace

17Jul/170

Bookmark: Running EXE Over UNC

https://social.technet.microsoft.com/Forums/windows/en-US/70b2dd7e-833c-4240-92e0-9b865e917307/trusted-sites-and-internet-zone-security-level-gpo-is-not-applying-in-windows-server-2008-r2?forum=winserverGP

Apparently, on server2008, despite a domain-wide GPO was applied dictating the trusted sites zone, it seemed to be NOT applied to server2008 !

More specifically, you can see in Internet Options, tab Security, a yellow info line stating that "Some settings are managed by your system administrator", but when checking the list with Trusted sites, this turns out to be empty !

The exact GPO setting I'm referring to:
Computer Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page :
Site to Zone Assignment List     ENABLED
With (example):
http://*.myowncompany.com     2
http://*.microsoft.com                2

Despite this setting, when checking in IE on any Server2008, the list of sites in Trusted Zone is EMPTY !!

This is caused by the fact that by default Internet Explorer Enhanced Security Configuration  (IE ESC) is ENABLED for both users and administrators !

You can disable it for administrators:
Start > Administrative Tools > Server Manager
under Security Information, click Configure IE ESC

Under Administrators : click Off.
Now, after closing and reopening IE, you will find the list with Trusted Sites in place !

 

The correct step is this way: User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page

“Site to Zone Assignment List” , click “Enable” and edit the list.

Add the site and the number two for Trusted Site. (1 = Intranet, 2 = trusted sites, 3 = Internet Zone and 4 = Restricted Site Zone.

To have a list like that (2 is for trusted site)

*.hotmail.com 2

*.outlook.com 2

*.bing.com 2

The PRO of that method:

- It standardizes all domain-joined computers as they will use the same list for everyone.

- It blocks users from entering new trusted sites. Though this can be a con for small offices or for Power Users wanting more autonomy.

The CON of this method:

- It block user for entering new trusted sites. This can be considered a PRO in big offices, as the list is standardized by the IT's team.

https://blogs.msdn.microsoft.com/microsoft_press/2014/04/14/from-the-mvps-setting-internet-explorer-trusted-site-settings-via-group-policy-object-in-windows-server-2012-r2/

 

Go to Group Policy and then expand:

 

Local Computer Policy / User Configuration / Administrative Templates / Windows Components / Attachment Manager

 

2.     On the right pane, double click Inclusion list for low file types.

3.     Click Enable.

4.     Include the file types such as .exe;.bat;.reg;.vbs in the Options box.

5.     Click OK.

 

Hope this helps.

 

Regards,

Linda

https://social.technet.microsoft.com/Forums/windows/en-US/5277371b-dea2-4a2b-802a-bbdc639f627f/disable-open-file-security-warning-unknown-publisher?forum=w7itprogeneral

 

Filed under: bookmark No Comments
16Mar/170

Bookmark: Ajax in Drupal 7

https://www.thirdandgrove.com/mastering-ajax-drupal-7

Filed under: bookmark No Comments
12Feb/170

Bookmark: Wildcards in IIS 7 on Server 2008

https://blogs.msdn.microsoft.com/benjaminperkins/2013/02/01/adding-a-hostname-to-your-ssl-certificate-binding-on-port-443/

In particular a reader comment about setting the host name:

That * doesn't mean that is wild card certificate necessarily.

In IIS7 (on Windows 2008 R2), I saw missing hostname under 'Edit Site Binding' [your first screenshot]. That was the first SSL 443 website on that IIS server. The website was dynamicsSharePoint.domain.com and I used internal certificate server to issue the certificate for that internal Dev / Test site.

  1. I resolved the missing Hostname by opening the MMC console on the server and adding Certificate MMC for Computer
  2. Expand Personal node under Certificates (Local Computer) on server
  3. Right click on the certificate in the list and choose properties
  4. Under General tab, change the 'Friendly Name' from dynamicsSharePoint.domain.com to *.domain.com and click OK
  5. Go to IIS Binding for the website and you should be able to add Hostname and pick the *.domain.com certificate.
  6. Verify the website and you will see certificate in browser with the FQDN / dynamicsSharePoint.domain.com
Filed under: bookmark No Comments
5Aug/160

Bookmark:Bypassing PowerShell Restricted Policies

This blog post saved me a ton of time doing trial and error when I needed to implement something in powershell but couldn't change the execution policy from the default restricted setting.

https://blog.netspi.com/15-ways-to-bypass-the-powershell-execution-policy/

Filed under: bookmark No Comments
3May/160

Bookmarks: Freenas and ZFS Links

Filed under: bookmark No Comments