Hands-On Lab. Session 0 Isolation - Native. Lab version: 1.0.0
|
|
- Elfreda Hardy
- 5 years ago
- Views:
Transcription
1 Hands-On Lab Session 0 Isolation - Native Lab version: Last updated: 12/3/2010
2 CONTENTS OVERVIEW... 3 EXERCISE 1: MITIGATING SERVICE UI... 4 Task 1 - Install and Run the Service... 4 Task 2 - Modify the Service to Use WTSSendMessage (Quick-Fix)... 6 Task 3 - Launch UI with Different User Credentials... 7 EXERCISE 2: SECURING SHARED OBJECTS Task 1 - Install and Run the Service Task 2 - Modify the Service to Create the Object in the Global Namespace Task 3 - Modify the Service to Provide Security Attributes (DACL and SACL) for the Object EXERCISE 3: SECURING A FILE OBJECT Task 1 - Install and Run the Service Task 2 - Modify the Integrity Level of the Log File SUMMARY
3 Overview Services are an integral mechanism built into Microsoft Windows operating systems. Services are different from user applications because you can configure them to run from the time a system starts up until it shuts down, without requiring an active user to be present. Services on Windows are responsible for all kinds of background activity that do not involve the user, ranging from the Remote Procedure Call (RPC) service to the Network Location Awareness service. Some services may attempt to display user interface dialog boxes or communicate with user applications. Such services face compatibility problems with Windows 7. Without taking the necessary precautions for properly securing the communication channel with user applications, your services will fail to work properly on Windows 7. Objectives In this lab, you will learn how to: Redesign and fix a service that attempts to display UI Set appropriate security and access levels on kernel objects shared by services and applications System Requirements You must have the following items to complete this lab: Microsoft Visual Studio 2008 Windows 7 Windows Sysinternals Process Explorer 3
4 Exercise 1: Mitigating Service UI In this exercise, you will install and run a service that attempts to display UI directly to the user. You will see the automatic mitigation (interactive services dialog detection) that is built-in to Windows and its effect on the user experience, and will modify the service so that it does not display UI directly. You will also modify the service so that it launches its decoupled UI in a separate process running under the context of the currently active user. Task 1 - Install and Run the Service As part of this task, you will install the service using the sc command line utility and then run it for the first time. This service attempts to display a user interface dialog box that will trigger the service UI mitigation. 1. Using Visual Studio, open the Session0_Starter solution. 2. Build the entire solution (make note of the build configuration you used Debug/Release, x86/x64). 3. Open an administrative command prompt: 4. Click Start. 5. Point to All Programs. 6. Point to Accessories. 7. Right-click Command Prompt. 8. Click Run as administrator. 9. Use the cd command to navigate to the output directory that contains the application binaries. For example, if the output directory is C:\Session0_Starter\Debug, then use the following commands to navigate to that directory: CMD C: cd C:\Session0_Starter\Debug 10. Issue the following command to create the TimeService service CMD sc create TimeService binpath= C:\Session0_Starter\Debug\TimeService.exe 4
5 Help Make sure to replace the path to the service with the path you used in Step 9, and make sure to copy the space after binpath= ). 11. Open the Services MMC Snap-in by clicking +R and typing services.msc into the Run dialog box. 12. Locate the TimeService service, right-click it, and click Start. 13. After a few seconds, you will see a dialog box similar to the following image. 5
6 14. This is the Interactive services dialog detection dialog box, which detects a service attempting to display UI and presents this mitigation fix. 15. Click Remind me in a few minutes to dismiss the message or click Show me the message to switch to the secure Session 0 desktop and see the service UI (a message box). 16. Stop the service by going back to the Services MMC Snap-in, locating the TimeService service, right-clicking it, and clicking Stop. Task 2 - Modify the Service to Use WTSSendMessage (Quick-Fix) As part of this task, you will use the WTSSendMessage function to display a message box to the user. This will serve as a quick fix and replacement for displaying the Interactive services dialog detection dialog box. to the user. 1. If you haven t done so yet, follow steps 1-5 in Task 1 to install the TimeService service. 2. If you haven t done so yet after completing Task 1, make sure to stop the TimeService service (see step 10 in Task 1). 3. Using Visual Studio, open the Session0_Starter solution. 4. Locate the TimeService project under the UI\Native solution folder and open the TimeService.cpp file. 5. Find the first //TODO comment in the file. Comment out the MessageBox function call and replace it with the following: LPWSTR lpsztitle = L"Time Change"; LPWSTR lpsztext = L"Notification: 5 seconds have elapsed.\r\nwould you like to see more details?"; DWORD dwsession = WTSGetActiveConsoleSessionId(); 6
7 WTSSendMessage(WTS_CURRENT_SERVER_HANDLE, dwsession, lpsztitle, static_cast<dword>((wcslen(lpsztitle) + 1) * sizeof(wchar_t)), lpsztext, static_cast<dword>((wcslen(lpsztext) + 1) * sizeof(wchar_t)), MB_YESNO MB_ICONINFORMATION, 0 /*wait indefinitely*/, &dwresponse, TRUE); 6. Build the solution. 7. Repeat steps 6-7 from Task 1. You should see a message box appear on your main desktop asking you a question, without the Interactive service dialog detection dialog box standing in your way. 8. Click No to dismiss the message. 9. Stop the service (see step 10 from Task 1). Task 3 - Launch UI with Different User Credentials As part of this task, you will modify the service so that it launches a new interactive UI process running under the context of the currently active user, which will display the user interface on behalf of the service. 1. Repeat steps 1-4 from Task Find the second //TODO comment in the TimeService.cpp file. 3. Begin with retrieving the active session ID and its related user token (see for background on user tokens) using the WTSGetActiveConsoleSessionId and WTSQueryUserToken functions. This is the token that will be used for creating the interactive UI process. Insert the following code: BOOL bsuccess = FALSE; STARTUPINFO si = 0; 7
8 PROCESS_INFORMATION pi = 0; si.cb = sizeof(si); DWORD dwsessionid = WTSGetActiveConsoleSessionId(); HANDLE htoken = NULL; if (WTSQueryUserToken(dwSessionID, &htoken) == FALSE) 4. Duplicate the token so that it can be used to create a process, using the DuplicateTokenEx function. Insert the following code: HANDLE hduplicatedtoken = NULL; if (DuplicateTokenEx(hToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &hduplicatedtoken) == FALSE) 5. Create an environment block for the interactive process, using the CreateEnvironmentBlock function. Insert the following code: LPVOID lpenvironment = NULL; if (CreateEnvironmentBlock(&lpEnvironment, hduplicatedtoken, FALSE) == FALSE) 6. Retrieve the full path of the client application by retrieving the full path to the service executable (using GetModuleFileName), stripping away the file name (using PathRemoveFileSpec), and then concatenating the client application name. Insert the following code: WCHAR lpszclientpath[max_path]; if (GetModuleFileName(NULL, lpszclientpath, MAX_PATH) == 0) 8
9 PathRemoveFileSpec(lpszClientPath); wcscat_s(lpszclientpath, sizeof(lpszclientpath)/sizeof(wchar), L"\\TimeServiceClient.exe"); 7. Create the process under the target user s context using the CreateProcessAsUser function. Insert the following code: if (CreateProcessAsUser(hDuplicatedToken, lpszclientpath, NULL, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS CREATE_NEW_CONSOLE CREATE_UNICODE_ENVIRONMENT, lpenvironment, NULL, &si, &pi) == FALSE) CloseHandle(pi.hProcess); CloseHandle(pi.hThread); bsuccess = TRUE; 8. Make sure you have code in place to free resources allocated during this work. Insert the following code: Cleanup: if (!bsuccess) ShowMessage(L"An error occurred while creating fancy client UI", L"Error"); if (htoken!= NULL) CloseHandle(hToken); if (hduplicatedtoken!= NULL) CloseHandle(hDuplicatedToken); if (lpenvironment!= NULL) DestroyEnvironmentBlock(lpEnvironment); 9. Build the solution. 9
10 10. Repeat steps 6-7 from Task 1. Without the Interactive service dialog detection dialog box standing in your way, you should see a message box appear on your main desktop asking you a question. Click Yes and a client application will be launched, presenting you with the current time. 11. Close the client application and stop the service (see step 10 from Task 1). Watch out For purposes of this exercise, we simplified this sample code and did not adhere to all securitycoding guidelines when we designed and implemented this project. Carefully consider possible security issues before creating a process under the context of another user and using that process to communicate back to the service. Exercise 2: Securing Shared Objects In this exercise, you will install and run a service that creates a kernel object (event) that is shared with a standard application. You will see that the event is not accessible to the standard application because it does not reside in the same session namespace, and because its access control rights are not configured properly. Task 1 - Install and Run the Service As part of this task, you will install the service using the sc command line utility and then run it for the first time. You will see that the service client receives an Access Denied error when it attempts to use the event created by the service. 1. Enable User Account Control (UAC). From Start, click Search and enter User Account Control. Choose Change User Account Control settings from the search results. Then ensure that the slider is not set to Never notify. 10
11 2. Using Visual Studio, open the Session0_Starter solution. 3. Build the entire solution (make note of the build configuration you used Debug/Release, x86/x64). 4. To open an administrative command prompt, click Start, point to All Programs, point to Accessories, and then right-click Command Prompt. Click Run as administrator. 5. Use the cd command to navigate to the output directory that contains the application binaries. For example, if the output directory is C:\Session0_Starter\Debug, then use the following commands to navigate to that directory: CMD C: cd C:\Session0_Starter\Debug 6. Issue the following command to create the AlertService service Note: Make sure to replace the path to the service with the path you used in step 4, and make sure to copy the space after binpath= ). CMD sc create AlertService binpath= C:\Session0_Starter\Debug\AlertService.exe 7. Open the Services MMC Snap-in by clicking +R and typing services.msc into the Run dialog box. 8. Locate the AlertService service, right-click it, and click Start. 9. Open a standard command prompt. From Start, point to All Programs, click Accessories, and then click Command Prompt (Note: do not run the command prompt as an administrator). 10. Repeat step 5 within the standard command prompt. 11
12 11. Issue the following command to launch the AlertService client application, which attempts to open the event created by the service and use it for synchronization (WaitForSingleObject). CMD AlertServiceClient 12. Note that the client fails to open the event with an error 2, meaning that the event could not be found. 13. Stop the service by going back to the Services MMC Snap-in, locating the AlertService service, right-clicking it, and clicking Stop. Task 2 - Modify the Service to Create the Object in the Global Namespace As part of this task, you will change the name of the object to include the prefix of the global namespace. 1. If you haven t done so yet, follow steps 1-5 in Task 1 to install the AlertService service. 2. If you haven t done so yet after completing Task 1, make sure to stop the AlertService service (see step 10 in Task 1). 3. Using Visual Studio, open the Session0_Starter solution. 4. Locate the AlertService project under the Security\Native solution folder, and open the AlertService.cpp file. 5. In the file, find the //TODO comment marked with STEP 1 and replace the call to CreateEvent with the following line: g_halertevent = CreateEvent(NULL, FALSE, FALSE, L"Global\\AlertServiceEvent"); 6. Locate the AlertServiceClient project under the Security\Native solution folder, and open the AlertServiceClient.cpp file. 7. In the file, find the //TODO comment marked with STEP 1 and replace the call to OpenEvent with the following line: HANDLE hevent = OpenEvent(SYNCHRONIZE, FALSE, L"Global\\AlertServiceEvent"); 8. Build the solution. 12
13 9. Repeat steps 7-13 from Task 1. Note that the client still fails to access the event (this time because of security settings and not because of its namespace). 10. Run Process Explorer from Windows Sysinternals (download the tools from c47c5a aspx if you do not have them). 11. Select the AlertService service in the list of processes (if the service does not appear, from the File menu, click Show processes from all users to restart Process Explorer with administrative privileges). 12. Ensure that the lower pane view is visible and that it displays the process handles (press CTRL+H for convenience, or open the pane from the View menu). 13. Find the \BaseNamedObjects\AlertServiceEvent event in the handle list, right-click it and click Properties. 14. In the Properties dialog box, select the Security tab. Note that the only security groups that have access to the event are the SYSTEM group and the Administrators group. 13
14 Task 3 - Modify the Service to Provide Security Attributes (DACL and SACL) for the Object As part of this task, you will modify the service so that it properly sets access control rights (DACL and SACL) on the event object, making it accessible to its client. 1. Repeat steps 1-4 from Task In the file, find the //TODO comment marked with STEP Find the active session ID and the user token associated with it using the WTSGetActiveConsoleSessionId and WTSQueryUserToken functions. Insert the following code: DWORD dwsessionid = WTSGetActiveConsoleSessionId(); HANDLE htoken = NULL; if (WTSQueryUserToken(dwSessionID, &htoken) == FALSE) 4. Use the GetTokenInformation function to retrieve the user account SID (security identifier). Note that two passes are required one to determine the size of the TOKEN_USER structure and another to actually fill it in. Insert the following code: 14
15 DWORD dwlength; TOKEN_USER* account = NULL; if (GetTokenInformation(hToken, TokenUser, NULL, 0, &dwlength) == FALSE && GetLastError()!= ERROR_INSUFFICIENT_BUFFER) account = (TOKEN_USER*)new BYTE[dwLength]; if (GetTokenInformation(hToken, TokenUser, (LPVOID)account, dwlength, &dwlength) == FALSE) 5. Use the ConvertSidToStringSid function to convert the user account SID to its string representation and from it construct an SDDL string that represents the security descriptor of the event that the service creates later. Insert the following code: LPWSTR lpszsid = NULL; if (ConvertSidToStringSid(account->User.Sid, &lpszsid) == FALSE) WCHAR sddl[1000]; wsprintf(sddl, L"O:SYG:BAD:(A;;GA;;;SY)(A;;GA;;;%s)S:(ML;;NW;;;ME)", lpszsid); 6. Convert the SDDL security descriptor string to a security descriptor using the ConvertStringSecurityDescriptorToSecurityDescriptor function. Insert the following code: PSECURITY_DESCRIPTOR sd = NULL; if (ConvertStringSecurityDescriptorToSecurityDescriptor(sddl, SDDL_REVISION_1, &sd, NULL) == FALSE) 7. Initialize a SECURITY_ATTRIBUTES structure with the security descriptor created in step 6 and replace the line to create the event with the following code: SECURITY_ATTRIBUTES sa; 15
16 sa.binherithandle = FALSE; sa.lpsecuritydescriptor = sd; sa.nlength = sizeof(sa); g_halertevent = CreateEvent(&sa, FALSE, FALSE, L"Global\\AlertServiceEvent"); if (g_halertevent == NULL) 8. Locate the //TODO comment marked with STEP 3 and insert the following code to free the resources required to initialize the event: Cleanup: if (htoken!= NULL) CloseHandle(hToken); if (account!= NULL) delete[] account; if (lpszsid!= NULL) LocalFree(lpszSid); if (sd!= NULL) LocalFree(sd); if (g_halertevent == NULL) CloseHandle(g_hAlertEvent); 9. Build the solution. 10. Repeat steps 7-13 from Task 1. Note that the client succeeds to open the event and receive notifications from the AlertService service. 11. Repeat steps 9-13 from Task 2. Note that this time, the event grants access to the currently active user, which is why the AlertService client is able to open the event even though it does not have administrative privileges on the system. Watch out The security descriptor string (SDDL) used in this sample does not represent security best practices. In your applications, ensure that you apply the tightest security to resources shared by services and applications, and perform threat analysis and modeling to ensure that you have not created a security hole. 16
17 Exercise 3: Securing a File Object In this exercise, you will install and run a service that creates a log file that should be accessible to the user. However, the user will be unable to write to or delete the file unless the service sets the appropriate security attributes, including the integrity level, which will allow the user to access the file. Task 1 - Install and Run the Service As part of this task, you will install the service using the installutil command line utility and then run it for the first time. You will see that the user is receiving an Access Denied error when attempting to delete the file created by the service. 1. Using Visual Studio, open the Session0_Starter solution. 2. Build the entire solution (make note of the build configuration you used Debug/Release, x86/x64). 3. To open an administrative command prompt, click Start, point to All Programs, point to Accessories, and then right-click Command Prompt. Click Run as administrator. 4. Use the cd command to navigate to the output directory to which the application binaries were deployed. For example, if the output directory is C:\Session0_Starter\Debug, then use the following commands to navigate to that directory: CMD C: cd C:\Session0_Starter\Debug 5. Issue the following command to create the LoggingService service (make sure to replace the path to the service with the path you used in step 4, and make sure to copy the space after binpath= ). CMD installutil LogService.exe 6. Open the Services MMC Snap-in by clicking +R and typing services.msc into the Run dialog box. 7. Locate the LoggingService service, right-click it, and click Start. 8. To open a standard command prompt, click Start, point to All Programs, click Accessories, and click Command Prompt (Note: do not run the command prompt with administrator privileges). 17
18 9. Stop the service by going back to the Services MMC Snap-in, locating the LoggingService service, right-clicking it, and clicking Stop. 10. Open a Windows Explorer window (by going through My Computer, or directly) and navigate to the C:\ root directory. Locate the LogService.txt file. 11. Attempt to delete the file using Windows Explorer (right-click the file and click Delete, or press the Del key). The attempt will fail with an access denied error, because we have not authorized the user to write to or delete the file. Task 2 - Modify the Integrity Level of the Log File As part of this task, you will modify the integrity level of the log file created by the service. As a result, the user will be able to write to the log file and even delete it. 1. If you haven t done so yet, follow steps 1-5 in Task 1 to install the LoggingService service. 2. If you haven t done so yet after completing Task 1, make sure to stop the LoggingService service (see step 10 in Task 1). 3. Using Visual Studio, open the Session0_Starter solution. 4. Locate the LogService project under the Security\Managed solution folder, and open the LoggingService.cs (C#) or LoggingService.vb (Visual Basic) file. 5. In the file, find the //TODO comment marked with? and add the following code: IntegrityLevelHelper.SetFileIntegrityLevel(@"C:\LogService.txt", IntegrityLevel.Medium); 6. Build the solution. 7. Repeat steps 6-11 from Task 1. This time, the user is able to delete the log file because it is not protected by a system integrity level. Summary In this lab, you have diagnosed two problems caused by Session 0 isolation, designed application fixes for these problems, and implemented these fixes. You have used quick-fix strategies such as the WTSSendMessage function to send a message to the interactive user from within a service, as well as well-designed solutions, such as configuring access control to a shared kernel object or file and launching a UI process from within a service under the context of the currently active user. 18
Interaction between services and applications of user level in Windows Vista Author: Yuri Maxiutenko, Software Developer of Apriorit Inc.
1 Interaction between services and applications of user level in Windows Vista Author: Yuri Maxiutenko, Software Developer of Apriorit Inc. This article is devoted to the question about working with services
More informationWindows Access Control List (ACL) 2
What do we have in this session? Windows Access Control List (ACL) 2 1. Access Control Lists (ACLs) 2. Object-specific ACEs 3. Trustees 4. Access Rights and Access Masks 5. ACCESS_MASK 6. Access Mask format
More informationWMI log collection using a non-admin domain user
WMI log collection using a non-admin domain user To collect WMI logs from a domain controller in EventLog Analyer, it is necessary to add a domain admin account of that domain in it. Alternatively, you
More informationControlPoint. Native Installation Guide. February 05,
ControlPoint Native Installation Guide February 05, 2018 www.metalogix.com info@metalogix.com 202.609.9100 Copyright International GmbH., 2008-2018 All rights reserved. No part or section of the contents
More informationModule 3 Remote Desktop Gateway Estimated Time: 90 minutes
Module 3 Remote Desktop Gateway Estimated Time: 90 minutes A. Datum Corporation provided access to web intranet web applications by implementing Web Application Proxy. Now, IT management also wants to
More informationChapter 3 Process Description and Control
Operating Systems: Internals and Design Principles Chapter 3 Process Description and Control Seventh Edition By William Stallings Example of Standard API Consider the ReadFile() function in the Win32 API
More informationWindows Management Instrumentation Troubleshooting for Orion APM
Windows Management Instrumentation Troubleshooting for Orion APM Why do my APM WMI Monitors Show Status Unknown?... 1 WMI Troubleshooting Flowchart for Orion APM 2 Testing Local WMI Services... 3 Test
More informationHands-On Lab. Background Services -.NET. Lab version: Last updated: 10/8/2009
Hands-On Lab Background Services -.NET Lab version: 1.0.0 Last updated: 10/8/2009 CONTENTS OVERVIEW... 3 EXERCISE 1: TRIGGER-START SERVICE... 7 Task 1 Implement Service Configuration Changes... 7 Task
More informationThe information in this document is based on these software and hardware versions:
Contents Introduction Prerequisites Requirements Components Used Configure Generate Certificate Signed Request Sign the Certificate on the Certificate Authority Install the Certificate Copy the certificate
More informationBROWSER-BASED SUPPORT CONSOLE USER S GUIDE. 31 January 2017
BROWSER-BASED SUPPORT CONSOLE USER S GUIDE 31 January 2017 Contents 1 Introduction... 2 2 Netop Host Configuration... 2 2.1 Connecting through HTTPS using Certificates... 3 2.1.1 Self-signed certificate...
More informationIT Essentials v6.0 Windows 10 Software Labs
IT Essentials v6.0 Windows 10 Software Labs 5.2.1.7 Install Windows 10... 1 5.2.1.10 Check for Updates in Windows 10... 10 5.2.4.7 Create a Partition in Windows 10... 16 6.1.1.5 Task Manager in Windows
More informationThinkVantage Fingerprint Software
ThinkVantage Fingerprint Software 12 2 1First Edition (November 2005) Copyright Lenovo 2005. Portions Copyright International Business Machines Corporation 2005. All rights reserved. U.S. GOVERNMENT
More informationAccess Gateway Client User's Guide
Sysgem Access Gateway Access Gateway Client User's Guide Sysgem AG Sysgem is a trademark of Sysgem AG. Other brands and products are registered trademarks of their respective holders. 2013-2015 Sysgem
More information2 Administering Microsoft Windows Server 2003
2 Administering Microsoft Windows Server 2003 Exam Objectives in this Chapter: Manage servers remotely Manage a server by using Remote Assistance Manage a server by using Terminal Services remote administration
More informationCitrix Connector Citrix Systems, Inc. All rights reserved. p.1. About this release. System requirements. Technical overview.
Citrix Connector 3.1 May 02, 2016 About this release System requirements Technical overview Plan Install Citrix Connector Upgrade Create applications Deploy applications to machine catalogs Publish applications
More informationvsphere Replication for Disaster Recovery to Cloud
vsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced
More informationMonitoring Windows Systems with WMI
Monitoring Windows Systems with WMI ScienceLogic version 8.8.1 Table of Contents Introduction 4 Monitoring Windows Devices in the ScienceLogic Platform 5 What is SNMP? 5 What is WMI? 5 PowerPacks 5 Configuring
More informationStarting Microsoft Visual Studio 6.0 And Exploring Available Controls Tools
Starting Microsoft Visual Studio 6.0 And Exploring Available Controls Tools Section 1. Opening Microsoft Visual Studio 6.0 1. Start Microsoft Visual Studio ("C:\Program Files\Microsoft Visual Studio\Common\MSDev98\Bin\MSDEV.EXE")
More informationInstalling SQL Server Developer Last updated 8/28/2010
Installing SQL Server Developer Last updated 8/28/2010 1. Run Setup.Exe to start the setup of SQL Server 2008 Developer 2. On some OS installations (i.e. Windows 7) you will be prompted a reminder to install
More informationvsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.5
vsphere Replication for Disaster Recovery to Cloud vsphere Replication 6.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationHands-On Lab. Windows Azure Virtual Machine Roles. Lab version: Last updated: 12/14/2010. Page 1
Hands-On Lab Windows Azure Virtual Machine Roles Lab version: 2.0.0 Last updated: 12/14/2010 Page 1 CONTENTS OVERVIEW... 3 EXERCISE 1: CREATING AND DEPLOYING A VIRTUAL MACHINE ROLE IN WINDOWS AZURE...
More informationThinManager and FactoryTalk View SE Deployment Guide
Application Technique Original Instructions ThinManager and FactoryTalk View SE Deployment Guide Copyright 2019 Rockwell Automation Inc. All rights reserved Contents Background... 4 Goal of Configuration
More informationHOL122 Lab 1: Configuring Microsoft Windows Server 2003 RPC Proxy
HOL122 Lab 1: Configuring Microsoft Windows Server 2003 RPC Proxy Objectives After completing this lab, you will be able to: Install remote procedure call (RPC) over Hypertext Transfer Protocol (HTTP)
More informationIntroduction. How Does it Work with Autodesk Vault? What is Microsoft Data Protection Manager (DPM)? autodesk vault
Introduction What is Microsoft Data Protection Manager (DPM)? The Microsoft Data Protection Manager is a member of the Microsoft System Center family of management products. DPM provides continuous data
More informationAccessData FTK Quick Installation Guide
AccessData FTK Quick Installation Guide Document date: May 20, 2014 2014 AccessData Group, Inc. All rights reserved. No part of this publication may be reproduced, photocopied, stored on a retrieval system,
More informationINF204x Module 2 Lab 2: Using Encrypting File System (EFS) on Windows 10 Clients
INF204x Module 2 Lab 2: Using Encrypting File System (EFS) on Windows 10 Clients Estimated Time: 30 minutes You have a standalone Windows 10 client computer that you share with your colleagues. You plan
More informationFilr 3.4 Desktop Application Guide for Mac. June 2018
Filr 3.4 Desktop Application Guide for Mac June 2018 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent
More informationDelegating Access & Managing Another Person s Mail/Calendar with Outlook. Information Technology
Delegating Access & Managing Another Person s Mail/Calendar with Outlook Information Technology 1. Click the File tab 2. Click Account Settings, and then click Delegate Access 3. Click Add 4. Type the
More informationPrivileged Access Agent on a Remote Desktop Services Gateway
Privileged Access Agent on a Remote Desktop Services Gateway IBM SECURITY PRIVILEGED IDENTITY MANAGER User Experience and Configuration Cookbook Version 1.0 November 2017 Contents 1. Introduction 5 2.
More informationApplication Notes for Installing and Configuring Avaya Control Manager Enterprise Edition in a High Availability mode.
Application Notes for Installing and Configuring Avaya Control Manager Enterprise Edition in a High Availability mode. Abstract This Application Note describes the steps required for installing and configuring
More informationWorkspace ONE UEM Certificate Authentication for EAS with ADCS. VMware Workspace ONE UEM 1902
Workspace ONE UEM Certificate Authentication for EAS with ADCS VMware Workspace ONE UEM 1902 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationWhatsUp Gold 2016 Installation and Configuration Guide
WhatsUp Gold 2016 Installation and Configuration Guide Contents Installing and Configuring WhatsUp Gold using WhatsUp Setup 1 Installation Overview 1 Overview 1 Security considerations 2 Standard WhatsUp
More informationIBM Atlas Policy Distribution Administrators Guide: IER Connector. for IBM Atlas Suite v6
IBM Atlas Policy Distribution Administrators Guide: IER Connector for IBM Atlas Suite v6 IBM Atlas Policy Distribution: IER Connector This edition applies to version 6.0 of IBM Atlas Suite (product numbers
More informationvsphere Replication for Disaster Recovery to Cloud vsphere Replication 8.1
vsphere Replication for Disaster Recovery to Cloud vsphere Replication 8.1 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationScheduling WebEx Meetings with Microsoft Outlook
Scheduling WebEx Meetings with Microsoft Outlook About WebEx Integration to Outlook, page 1 Scheduling a WebEx Meeting from Microsoft Outlook, page 2 Starting a Scheduled Meeting from Microsoft Outlook,
More informationms-help://ms.technet.2004apr.1033/ad/tnoffline/prodtechnol/ad/windows2000/howto/mapcerts.htm
Page 1 of 8 Active Directory Step-by-Step Guide to Mapping Certificates to User Accounts Introduction The Windows 2000 operating system provides a rich administrative model for managing user accounts.
More informationGetting Started with Cisco WebEx Meeting Applications
CHAPTER 6 Getting Started with Cisco WebEx Meeting Applications Revised: September, 2010, Contents Modifying Your Provisioned Cisco WebEx Account, page 6-1 Setting Proxy Permissions, page 6-5 Productivity
More informationSetup Guide for AD FS 3.0 on the Apprenda Platform
Setup Guide for AD FS 3.0 on the Apprenda Platform Last Updated for Apprenda 6.5.2 The Apprenda Platform leverages Active Directory Federation Services (AD FS) to support identity federation. AD FS and
More informationAccessData. Forensic Toolkit. Upgrading, Migrating, and Moving Cases. Version: 5.x
AccessData Forensic Toolkit Upgrading, Migrating, and Moving Cases Version: 5.x 1 AccessData Legal and Contact Information Document date: March 27, 2014 Legal Information 2014 AccessData Group, Inc. All
More informationCST8152 Compilers Creating a C Language Console Project with Microsoft Visual Studio.Net 2003
CST8152 Compilers Creating a C Language Console Project with Microsoft Visual Studio.Net 2003 The process of creating a project with Microsoft Visual Studio 2003.Net is to some extend similar to the process
More informationChapter. Accessing Files and Folders MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER
Chapter 10 Accessing Files and Folders MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER Monitor, manage, and troubleshoot access to files and folders. Configure, manage, and troubleshoot file compression
More informationSetting Up the Server
Managing Licenses, page 1 Cross-launch from Prime Collaboration Provisioning, page 5 Integrating Prime Collaboration Servers, page 6 Single Sign-On for Prime Collaboration, page 7 Changing the SSL Port,
More informationInstallation and Upgrade Guide
ControlPoint for Office 365 Installation and Upgrade Guide Publication Date:November 09, 2017 All Rights Reserved. This software is protected by copyright law and international treaties. Unauthorized reproduction
More informationQuest Migration Manager Upgrade Guide
Quest Migration Manager 8.14 Upgrade Guide 2017 Quest Software Inc. ALL RIGHTS RESERVED. This guide contains proprietary information protected by copyright. The software described in this guide is furnished
More informationDeploying Windows Updates using WSUS and MBSA
Technical white paper Deploying Windows Updates using WSUS and MBSA Windows-based HP Thin Clients Table of contents Overview... 2 Requirements for applying Windows security patches... 2 Additional precautions...
More informationHands-on Lab Exercise Guide
602: New Features of XenApp 7.6 Hands-on Lab Exercise Guide Worldwide Technical Enablement & Readiness January 2015 1 Table of Contents Contents... 2 Overview... 3 Scenario... 5 Lab Preparation... 6 Attach
More informationThis Quick Start describes how to use Bocconi Cloud Service, called Filr in the rest of the document, from your Windows desktop.
Quick Start Bocconi Cloud Service, based on Novell Filr, allows you to easily access all your files and folders from your desktop, browser, or a mobile device. In addition, you can promote collaboration
More informationAutomating the Windows 2000 Installation
Chapter 2 Automating the Windows 2000 Installation MICROSOFT EXAM OBJECTIVES COVERED IN THIS CHAPTER Perform an unattended installation of Windows 2000 Professional. Install Windows 2000 Professional by
More informationSAS Viya 3.3 Administration: Identity Management
SAS Viya 3.3 Administration: Identity Management Identity Management Overview................................................................. 2 Getting Started with Identity Management......................................................
More informationGE Fanuc Intelligent Platforms
GE Fanuc Intelligent Platforms Vendor Statement for CERT CVE-2009-0216 CERT has reported vulnerabilities in ifix (versions PDE, 2.0, 2.2, 2.21, 2.5, 2.6, 3.0, 3.5, 4.0, 4.5, and 5.0). The vulnerabilities
More informationTOP SERVER V5 CLIENT CONNECTIVITY ROCKWELL FACTORYTALK VIEW STUDIO. Table of Contents
ROCELL FACTORYTALK VIEW 1 (15) Table of Contents Overview and Requirements... 2 Creating a New FactoryTalk Project... 2 Adding a New Data Server to the Project... 4 Synchronizing FactoryTalk with the OPC
More information5.5.3 Lab: Managing Administrative Settings and Snap-ins in Windows XP
5.5.3 Lab: Managing Administrative Settings and Snap-ins in Windows XP Introduction Print and complete this lab. In this lab, you will use administrative tools to monitor system resources. You will also
More informationBEST PRACTICE GUIDE USING THE PANZURA GFS TO ACCELERATE AUTODESK VAULT. Created in conjunction with
BEST PRACTICE GUIDE USING THE PANZURA GFS TO ACCELERATE AUTODESK VAULT This document provides recommended configurations for running Autodesk Vault Professional Server with the Panzura Global File System
More informationNETWRIX PASSWORD EXPIRATION NOTIFIER
NETWRIX PASSWORD EXPIRATION NOTIFIER ADMINISTRATOR S GUIDE Product Version: 3.3 January 2013 Legal Notice The information in this publication is furnished for information use only, and does not constitute
More informationLesson 1: Preparing for Installation
2-2 Chapter 2 Installing Windows XP Professional Lesson 1: Preparing for Installation When you install Windows XP Professional, the Windows XP Professional Setup program allows you to specify how to install
More informationRemote Process Explorer
Remote Process Explorer Frequently Asked Questions LizardSystems Table of Contents Introduction 3 What is Remote Process Explorer? 3 Before Installing 3 How can I download Remote Process Explorer? 3 Will
More informationGuided Exercise 1.1: Setting up the sample OpenEdge Data Object Services
Guided Exercise 1.1: Setting up the sample OpenEdge Data Object Services Overview Before you can develop a web app, you must set up the back-end services for the data providers that the web app will use.
More informationAbout the XenClient Enterprise Solution
About the XenClient Enterprise Solution About the XenClient Enterprise Solution About the XenClient Enterprise Solution XenClient Enterprise is a distributed desktop virtualization solution that makes
More informationInstall and Issuing your first Full Feature Operator Card
Install and Issuing your first Full Feature Operator Card Install S-Series versasec.com 1(28) Table of Contents Install and Issuing your first Full Feature Operator Card... 3 Section 1: Install and Initial
More informationWAVELINK AVALANCHE REMOTE CONTROL 3.0 QUICK START GUIDE
This document provides information about using Remote Control to connect to mobile devices. OVERVIEW This document contains the following sections: Overview Installing the Remote Control Setup Kit Activating
More informationInstalling and Updating GEMS
Installing and Updating GEMS To download and install GEMS for the first time to the hard drive of any desktop or to a network server, see Full Program Installation Desktop or Network. If you currently
More informationINF204x Module 1, Lab 3 - Configure Windows 10 VPN
INF204x Module 1, Lab 3 - Configure Windows 10 VPN Estimated Time: 40 minutes Your organization plans to allow Windows 10 users to connect to the internal network by using the VPN client built into the
More informationReading your way around UAC
Reading your way around UAC Abusing Access Tokens for UAC Bypasses James Forshaw @tiraniddo What I m Going to Talk About Why Admin-Approval UAC is even worse than you thought! Why Over-the-Shoulder UAC
More informationVMware Horizon JMP Server Installation and Setup Guide. 13 DEC 2018 VMware Horizon 7 7.7
VMware Horizon JMP Server Installation and Setup Guide 13 DEC 2018 VMware Horizon 7 7.7 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you
More informationAbila MIP. Human Resource Management Installation Guide
Human Resource Management Installation Guide This is a publication of Abila, Inc. Version 2017.2 2017 Abila, Inc. and its affiliated entities. All rights reserved. Abila, the Abila logos, and the Abila
More informationControlPoint. Installation Guide for SharePoint August 23,
ControlPoint Installation Guide for SharePoint 2007 August 23, 2017 www.metalogix.com info@metalogix.com 202.609.9100 Copyright International GmbH., 2008-2017 All rights reserved. No part or section of
More informationWork Smart: Windows 7 New Features
About Windows 7 New Features The Windows 7 operating system offers several new features to help you work faster and more efficiently, and enable you to access the files, folders, programs, and applications
More informationSecurity Permissions in TCR 2.x
Security Permissions in TCR 2.x Dan Krissell November 10, 2011 Contents Overview... 2 Authentication... 2 Authorization... 2 Where do I find my users and groups to assign access?... 3 How to implement
More informationOracle Enterprise Single Sign-On Universal Authentication Manager. Administrator's Guide Release E
Oracle Enterprise Single Sign-On Universal Authentication Manager Administrator's Guide Release 11.1.2 E27160-03 March 2013 Oracle Enterprise Single Sign-On Universal Authentication Manager Administrator's
More informationDistributed Processing
What is Distributed Processing? An FTK examiner machine can be configured to utilize three additional machines to assist case creation / data processing as remote "workers". These additional processing
More informationUsing Windows 7 with Select2Perform
Using Windows 7 with Select2Perform NOTE: If your test session does not use a simulation player, then you do not need to follow these instructions. If you use Windows 7 and take a test that contains a
More informationWindows Firewall Service Could Not Start Access Denied
Windows Firewall Service Could Not Start Access Denied Mainboard and HDD's replaced - the Windows Server 2008 R2 is loading up, but many of the network applications cannot be access from the connected
More informationAccessData. Forensic Toolkit. Upgrading, Migrating, and Moving Cases. Version: 5.x
AccessData Forensic Toolkit Upgrading, Migrating, and Moving Cases Version: 5.x 1 AccessData Legal and Contact Information Document date: February 11, 2015 Legal Information 2015 AccessData Group, Inc.
More informationEsko. Suite 12 Engines Installation (Beta)
Suite 12 Engines Installation (Beta) Contents 1. Before installing Suite 12... 3 1.1 How to change Data Execution Prevention (DEP) Settings...3 1.2 How to change the password policy... 4 2. How to install
More informationPerforming an ObserveIT Upgrade Using the Interactive Installer
Performing an ObserveIT Upgrade Using the Interactive Installer ABOUT THIS DOCUMENT This document contains detailed procedures and instructions on how to upgrade ObserveIT by using the interactive "One
More informationImplementing Messaging Security for Exchange Server Clients
Implementing Messaging Security for Exchange Server Clients Objectives Scenario At the end of this lab, you will be able to: Protect e-mail messages using S/MIME signing and encryption Manage e-mail attachment
More informationTEKLYNX LABEL ARCHIVE
TEKLYNX LABEL ARCHIVE U S E R G U I D E LABEL ARCHIVE User Guide DOC-LAS2012-QSM-US-2007013 The information in this manual is not binding and may be modified without prior notice. Supply of the software
More informationOutline. Security. Security Ratings. TCSEC Rating Levels. Key Requirements for C2. Met B-Level Requirements
Outline Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik Ratings System Components 2 Ratings TCSEC Rating Levels National Computer Center (NCSC) part of US Department of Defense
More informationOracle Enterprise Single Sign-on Provisioning Gateway. Installation and Setup Guide Release E
Oracle Enterprise Single Sign-on Provisioning Gateway Installation and Setup Guide Release 11.1.1.2.0 E15699-02 Novmber 2010 Oracle Enterprise Single Sign-on Provisioning Gateway, Installation and Setup
More information3 Administering Active Directory
3 Administering Active Directory Exam Objectives in this Chapter: Set an Active Directory forest and domain functional level based upon requirements. Manage schema modifications. Add or remove a UPN suffix.
More informationFull file at Chapter 2: Securing and Troubleshooting Windows Vista
Chapter 2: Securing and Troubleshooting Windows Vista TRUE/FALSE 1. An elevated command prompt can only be attained by an administrator after he or she has responded to a UAC box. T PTS: 1 REF: 70 2. There
More informationVirtual CD TS 1 Introduction... 3
Table of Contents Table of Contents Virtual CD TS 1 Introduction... 3 Document Conventions...... 4 What Virtual CD TS Can Do for You...... 5 New Features in Version 10...... 6 Virtual CD TS Licensing......
More informationExercise 1: Assigning Responsibilities to Delegates (This was called Proxy in GroupWise)
Delegates Exercise 1: Assigning Responsibilities to Delegates (This was called Proxy in GroupWise) 1. On the menu bar, click Tools and then click Options. 2. When the Options dialog box opens, click on
More informationSecurity. Outline. Security Ratings. Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik
Ausgewählte Betriebssysteme Institut Betriebssysteme Fakultät Informatik Outline Ratings System Components Logon Object (File) Access Impersonation Auditing 2 Ratings National Computer Center (NCSC) part
More informationPreupgrade. Preupgrade overview
overview, page 1 Virtual contact center upgrades, page 2 Common Ground preupgrade task flow, page 3 Technology Refresh preupgrade task flow, page 5 Common Ground preupgrade tasks, page 6 Technology Refresh
More informationPassword Reset Server Installation
Password Reset Server Installation Vista/Server 08 and Windows 7/Server 2008 R2 Table of Contents I. Requirements... 4 A. System Requirements... 4 B. Domain Account Requirements... 5 C. Recommendations...
More information20411D D Enayat Meer
Lab A Module 8: Implementing Direct Access by Using the Getting Started Wizard Scenario: Recommended lab time is 240 Minutes {a complete class session is dedicated for this lab} Many users at A. Datum
More informationNovell Filr Desktop Application for Mac Quick Start
Novell Filr 1.0.2 Desktop Application for Mac Quick Start April 2014 Novell Quick Start Novell Filr allows you to easily access all your files and folders from your desktop, browser, or a mobile device.
More informationLepideAuditor for File Server. Installation and Configuration Guide
LepideAuditor for File Server Installation and Configuration Guide Table of Contents 1. Introduction... 4 2. Requirements and Prerequisites... 4 2.1 Basic System Requirements... 4 2.2 Supported Servers
More informationTable of Contents HOL-SDC-1317
Table of Contents Lab Overview - Components... 2 Business Critical Applications - About this Lab... 3 Infrastructure Components - VMware vcenter... 5 Infrastructure Components - VMware ESXi hosts... 6
More information8 MANAGING SHARED FOLDERS & DATA
MANAGING SHARED FOLDERS & DATA STORAGE.1 Introduction to Windows XP File Structure.1.1 File.1.2 Folder.1.3 Drives.2 Windows XP files and folders Sharing.2.1 Simple File Sharing.2.2 Levels of access to
More informationIBM FileNet Business Process Framework Version 4.1. Explorer Handbook GC
IBM FileNet Business Process Framework Version 4.1 Explorer Handbook GC31-5515-06 IBM FileNet Business Process Framework Version 4.1 Explorer Handbook GC31-5515-06 Note Before using this information and
More informationSetting Access Controls on Files, Folders, Shares, and Other System Objects in Windows 2000
Setting Access Controls on Files, Folders, Shares, and Other System Objects in Windows 2000 Define and set DAC policy (define group membership, set default DAC attributes, set DAC on files systems) Modify
More informationPerceptive Content Licensing
Perceptive Content Licensing Advanced Design and Setup Guide Perceptive Content, Version: 7.1.x Written by: Product Knowledge, R&D Date: August 2015 2015 Lexmark International Technology, S.A. All rights
More informationSun VirtualBox Installation Tutorial
Sun VirtualBox Installation Tutorial Installing Linux Mint 5 LTS Guest OS By Dennis Berry Welcome to the world of virtualization and Linux. This tutorial is intended to help users who are new to the world
More informationEmpty the Recycle Bin Right Click the Recycle Bin Select Empty Recycle Bin
Taskbar Windows taskbar is that horizontal strip at the bottom of your desktop where your open files and programs appear. It s where the Start button lives. Below are improvements to the taskbar that will
More informationIBM Cognos Open Mic Cognos Analytics 11 Part 1. 1 st Jun, IBM Corporation
IBM Cognos Open Mic Cognos Analytics 11 Part 1 1 st Jun, 2016 IBM Cognos Open MIC Team Chakravarthi Mannava Presenter Subhash Kothari Technical Panel Member Deepak Giri Technical Panel Member 2 Agenda
More informationManaging Load Plans in OTBI Enterprise for HCM Cloud Service
Managing Load Plans in OTBI Enterprise for HCM Cloud Service Copyright 2014, Oracle and/or its affiliates. All rights reserved. 1 Objective After completing this lesson, you should be able to use Configuration
More informationSmartConnector Configuration Guide for
SmartConnector Configuration Guide for Mazu Profiler V3 Schema DB August 15, 2007 SmartConnector Configuration Guide for Mazu Profiler V3 Schema DB August 15, 2007 Copyright 2007 ArcSight, Inc. All rights
More informationThinkVantage Fingerprint Software
ThinkVantage Fingerprint Software 12 2 1First Edition (February 2006) Copyright Lenovo 2006. Portions Copyright International Business Machines Corporation 2006. All rights reserved. U.S. GOVERNMENT
More information