IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [windows-server]

123 questions
0
votes
1 answer

pass the hash via psexec from windows server 2012 ( DC ) to client

I am trying to do some pentest training on my local labs. I created a lab has 3 Windows 2012 r2 servers and 2 Windows 7 + 8 PCS. All machines protected via passwords. I added both to the domain controller then I tried to use psexec tool to connect…
evilcode1
  • 83
  • 6
0
votes
1 answer

Security considerations when opening port for a service?

I would like to host a service (written in C#) on my server and allow it to be accessed from outside the network. I know that I need to open a port in the firewall for this to work, and I managed to do this, but I have no idea how safe this is. Is…
Bassie
  • 103
  • 4
0
votes
1 answer

Changing server side certificate during ongoing connection -> is it supported ? what are the effects on the existing connections?

I was wondering (based on the TLS RFC and its current implementation by the major vendors / platforms - i.e. Microsoft's IIS): how would an existing active SSL / TLS session behave / react if the server where to change the certificate that was used…
Ottootto
  • 123
  • 1
  • 6
0
votes
1 answer

change read/write user permissions in windows server 2012 from java code

I would like to code the following : In a windows server 2012-R2 administrator account, I have a my java application which launches an external application to run in a restricted user account. My java application also changes the user account…
Guigui
  • 3
  • 1
0
votes
1 answer

Multiple TLS / SSL sessions originated between 2 Windows Servers (2012R2) sharing the same symmetric session keys - is this possible?

I'm testing a scenario where 2 applications residing on 2 separate windows 2012r2 servers are opening N concurrent TLS1.2 mutual authentication sessions (using different certificates for the client authentication part) to the same server. Due to the…
Ottootto
  • 123
  • 1
  • 6
0
votes
1 answer

How did hackers brute force my Windows server username?

About a year ago my Windows server 2008 R2 server was hacked. I had RDP open to the world, I know, not a good idea. Being that it was a year ago I don't have any of the logs, but I was thinking about something today. How did they get the…
Anthony Fornito
  • 63
  • 2
  • 7
0
votes
1 answer

Implications of joining the active directory domain with the domain administrator

I always used the domain administrator to join the active directory domain, but I've never set up more than a few machines. Is that considered a security risk, is the end-user somehow able to obtain the domain administrators password? Are there any…
boolean.is.null
  • 255
  • 1
  • 7
0
votes
2 answers

Compromised server name and port number of a SQL Server DB Server

I would like to get an expert opinion on how dangerous is it to have the database server name and SQL server instance and port number compromised by accidentally exposing it in source code snippet posted on the internet. A connection string was…
Paceman
  • 101
  • 2
0
votes
1 answer

How to hide Windows Media Services server version header

We have a Windows Media services server (used for streaming video) that returns the following banner in HTTP responses Server: Cougar/9.6.7600.16564 I am trying to see if it is possible to stop the server from including this banner (or at least the…
Stu W
  • 612
  • 6
  • 17
0
votes
1 answer

2FA with Windows NPS

I would like to set up two-factor authentication for my Wireless users. I have an Windows NPS server that is currently authenticating my wireless users and I want to add certificates or any other second factor for authentication. Microsoft NPS…
Roman_T
  • 113
  • 2
0
votes
2 answers

How does a Certificate Private Key get transferred on import / export?

I am fairly new to certificates in general and have setup my own standalone CA for testing purposes. I have noticed some interesting behavior of private keys which I'm trying to find some documentation on. In Certificate Authority Console (certsvr /…
MichaelChan
  • 225
  • 1
  • 3
  • 8
0
votes
1 answer

Test a known list of possible Windows Remote Desktop credentials?

I've forgotten my password to my home server. It's a new Windows 2012R2 VM, I didn't change the maximum password age requirements in Group Policy DC (even tho I know I should have) until it was too late, and now I've forgotten what I changed it…
IT Bear
  • 211
  • 1
  • 2
  • 9
-1
votes
1 answer

window operating system vulnerability scanner tool

I want to use window operating system vulnerability scanner tool, just like lynis tools which scans on local os i.e like misconfiguration, os version, like firewall and AV configured. please recommend me the tools which do this kind of scan?
mubee
  • 1
-1
votes
1 answer

System Infected: Trojan.Naid Activity

We have Tomcat 6 in the production server with Symantec Endpoint Protection on windows server 2008 server datacenter. Symantec showing following lines in logs [SID: 27068] System Infected: Trojan.Naid Activity 2 attack blocked. Traffic has been…
Pawan Patil
  • 387
  • 3
  • 11
-1
votes
1 answer

Secure access to pre authorized individuals only on application server

I am building a PHP application and would like to lock the backend (even login page) to only be accessible to preauthorized people - even further be able to link activities to the authorized individuals. I am aware that such locking may be done…
Erick
  • 103
  • 3
1 2 3
8
9