A more secure and/or private internet

For a Danish machine translated version of this post click here: https://www.microsofttranslator.com/bv.aspx?from=&to=da&a=https://beamex.wordpress.com/2018/04/25/a-more-Secure-and-or-private-Internet/

I’m a father of three kids. I’m using Microsoft Family Safety https://fss.live.com/ to secure my kids internet browsing experience and control how long they use their computer and when. This all works great for Windows devices including our Xbox(s) with approving sites, apps and extending time when needed and Windows’s Edge browser includes great protection from phishing and malware sites.

But as an extra security measure I have started using the personal DNS service from OpenDNS as it adds an extra dimension of limiting/approving sites that are inappropriate or harmful based on predefined categories and custom settings.

You can signup here at no cost here: https://signup.opendns.com/homefree/ and follow the guide there to configure it.

It uses the same DNS database as is being used in the commercial/professional offerings (Umbrella) from OpenDNS/Cisco (Cisco bought OpenDNs years ago) so you get an enterprise class filter at no cost. Actually you can login through the Umbrella website for controlling the solution after having set it up. https://login.umbrella.com/ or just on https://login.opendns.com

OpenDNS works in the way that it changes the way machines on your network resolves the IP address of harmful/inappropriate sites as the machines are directed to OpenDNS’ DNS servers by either changing the DNS server addresses locally on each machine or on your router.

In my case I have changed it on my router and as no one in the household runs with local admin privileges no other than me and my wife can change the DNS servers on the machines, so there is no way of circumventing the solution (almost).
All devices which get their IP information from the router is protected.
When having configured your machines or your router with OpenDNS’ DNS servers you can on the OpenDNS (Umbrella) portal control how restrictive the service needs to be and follow which domains have been blocked.

Btw. If you only want the protection from harmful sites and not limiting specific categories then you can just use OpenDNS’ DNS servers on you machines or routers without signing up with them.
The OpenDNS nameservers are 208.67.222.222 and 208.67.220.220.

BUT, what happens if you really need some machine to circumvent the solution and don’t want anyone (your ISP as an example) recording which addresses you visit. In theory they still can, but then you need to use the more advanced offerings as their DNS over HTTP or TLS options instead
The solution is simple: Configure the DNS servers to Cloudflares DNS servers instead of the OpenDNS’
From the device you want to use this on go to https://1.1.1.1 and follow the guide presented there when pressing the install button for setting it up.
The Cloudflare nameservers are 1.1.1.1 and 1.0.0.1

Cloudflare provides the fastest DNS service on the internet and guarantees complete privacy on what you browse. Nice to be stopping giving Google and the ISP’s that knowledge of you (Google as MANY have their DNS pointing to the famed 8.8.8.8 and 8.8.4.4 addresses)

Btw. If you use Chrome as you browser now you have the possibility to get a more secure browsing experience, as in Edge, by adding this new Windows Defender Browser Protection extension to your Chrome browser: https://chrome.google.com/webstore/detail/windows-defender-browser/bkbeeeffjjeopflfhgeknacdieedcoml

There are many other possibilities are out there, but I think this solution is one of the few that gives this kind of functionality at no cost.

By doing this you have a somewhat layered security model where you have protection in the form of DNS, protection within your browsers and finally if anything slips through an anti-virus/-malware product of some sort like for example Windows Defender.

Posted in Security | Tagged , , | Leave a comment

Office 365/Azure Device Registration – Claim Issuance Rules

I don’t know if in others have seen the below before but to me it was a well-preserved secret, considering how much I have searched for everything possible regarding ADFS, claim issuance rules, MFA and the like.
I had a support case with Microsoft yesterday where he suddenly introduced this page as I had never heard of or seen before
And on it you can find:
And when you run it through then you can get all the delicious claim issuance rules to its Office 365 relying Party as I have seen in several screenshots on the Web:
You can of course also get them in modern installations where ADConnect and ADFS Are Merged Together
But I think the above was pretty nice
Btw. Deruover then I would just like to say that on this page at MS: Https://docs.microsoft.com/en-us/azure/active-directory/device-management-hybrid-azuread-joined-devices-setup
is mentioned on multiple verified domains Then it means on multiple verified FEDERATED domains.
MS says that they will correct it.
Posted in Ikke kategoriseret | Leave a comment

Windows 10 KMS on Server 2012 R2

I tried to install the KMS kwy for Windows 10 on Server 2012 R2 after having installed https://support.microsoft.com/en-us/kb/3058168 but was faced with the error:

Error: 0xC004E016 On a computer running Microsoft Windows non-core edition, run ‘slui.exe 0x2a 0xC004E016’ to display the error text.

I found out that you need to go to your VLSC site: Select licenses – Select your active agreement –  select product keys – find the Windows Srv 2012 DataCtr/Std KMS for Windows 10 product key

Then you can install it like normal:

cscript slmgr.vbs -ipk XXXX-XXXX-XXXX-XXXX-XXXXX

cscript slmgr.vbs -ato

cscript slmgr.vbs -dli (just to check)

You now have a KMS server that can activate windows 10, as well as all of your existing server and desktop client OS’s.

I guess I’m most likely to replace the key when Server 2016 comes out.

 

Posted in Ikke kategoriseret | Leave a comment

Step by Step Customizing RD Web Access 2012 R2 – Part 2

Anothter great article on customizing RD Web Access

msfreaks

In this second post I’ll focus on customizing the main page. That is the page a user sees after the user logs in.

Update: the third post in the series is published, which focuses on customizing the second main page (Connect to a remote PC). Read it here.

Just as a friendly reminder or if you didn’t read the first post (Step by Step Customizing RD Web Access 2012 R2 – Part 1), we’ll be editing the files in the Web Access interface, which can be found in %windir%\web\rdweb\pages\<language-code> on the RD Web Access server.
To be safe, make a full backup copy of the %windir%\web\rdweb\pages folder and subfolders.

The main page is actually made up of two pages. The first page is the page that shows you the published Desktops and RemoteApp programs. By default it looks like this:
RDS Customize Web Access - Default 01
I published several RemoteApps and arranged them…

View original post 1,623 more words

Posted in Ikke kategoriseret | Leave a comment

Step by Step Customizing RD Web Access 2012 R2 – Part 1

Great article on customizing RD Web Access

msfreaks

This is the first post in a series that focuses on customizing the RD Web Access 2012 R2 interface.
This post will not focus on Branding, I will address that in later posts.

Update: It turns out the option to remove the necessity to enter the domain name only worked on domain joined machines. I’ve added an extra part there to make this work on non-domain joined machines as well. I apologize for any inconveniences this may have caused.

Update: the second post in the series is published, which focuses on customizing the first main page. Read it here.
Update: the third and final post in the series is published, which focuses on customizing the second main page. Read it here.

First up is customizing the RD Web Access login page. We’ll be editing stuff, using the Application Settings in Internet Information Services manager (IIS Manager), we’ll be…

View original post 1,521 more words

Posted in Ikke kategoriseret | Leave a comment

2012 in review

The WordPress.com stats helper monkeys prepared a 2012 annual report for this blog.

Here’s an excerpt:

The new Boeing 787 Dreamliner can carry about 250 passengers. This blog was viewed about 1,700 times in 2012. If it were a Dreamliner, it would take about 7 trips to carry that many people.

Click here to see the complete report.

Posted in Ikke kategoriseret | Leave a comment

Windows 8 RSAT does not appear –

I installed my PC with Windows 8 Enterprise and as the first thing installed the Windows 8 RSAT – i noticed that the install was VERY fast.

I then went into the Turn on Windows features part and NO RSAT was present.

I found out that i had to go into the language portion and then install the EN-US Language pack.

Then i was good to go.

I am pretty sure this is because i use a Windows 8 International media.

For the future i will not.

So make sure you have one of these language packs installed which curently are supported by RSAT: cs-CZ, de-DE, en-US, es-ES, fr-FR, hu-HU, it-IT, ja-JP, ko-KR, nl-NL, pl-PL, pt-BR, pt-PT, ru-RU, sv-SE, tr-TR, zh-CN, zh-HK, and zh-TW

Posted in Ikke kategoriseret | Leave a comment