Software Restriction Group Policy
A guide for setting up Software Restrictions in Group Policy.Under Enforcement Properties set “All software files except libraries (such as DLLs)”, “All users except local administrators” (which will allow members of the local administrators group to bypass the policy completely) and ignore certificate rules unless you are planning to whitelist software via certificates, this can be handy for allowing user to install some programs to %appdata% such as slack, and or certain video conferencing sof...
Read post
The usual lecture from the local System Administrator
The usual lecture from the local System AdministratorSystems administration is a complex web of everyday ethical situations. Consider that the sysadmin runs into a problem where he/she encounters a file with salary information is not loading correctly due to a request from finance, the sysadmin knows its against company policy for him/her to know salary data but finance needs immediate assistance before they make changes to payroll. Or consider that a company has decided to restructure, the sy...
Read post
Replacing Windows File Servers with CentOS 7
Replacing Windows File Servers with CentOS 7After a fair amount of trial and error I finally have a process that’s working well for me. This is in no way a comprehensive guide on using SSSD with Samba to authenticate active directory users/groups to file shares but its a great start and is working well in my lab. Many thanks to all those who contributed to articles in the helpful resources list at the bottom.Part 1: Install and configure SSSDPackages needed for SSSD to work correctlyyum inst...
Read post
The Stages of Security Awareness
More and more business, institutions, and Individuals are willing to reason that the cost of a data breach is less than or equal to the cost of treating customer data with the same care they treat their own social security number, email password, or bank information. Or at least it seems that way up until the point at which they get caught or become aware that they didn't invest in securing business data. Like many things, the problem is becoming aware of the issue. So what are the key points of...
Read post
Jurassic Park
Jurassic Park is an excellent sci-fi movie it checks all of the right boxes: Genetic engineering? Check. John Williams? Check.Samuel L Jackson saying "Hold onto your butts" with a cigarette in is mouth? Check. Possibly evil mega-corporation bringing back dinosaurs and thus monetizing life itself? Check. A subplot about a bunch of computers going offline to be fixed by some kid who says “it's a Unix system I know this!”? Check. Humans running for their lives from dinosaurs? Check. Lawyer caught...
Read post
Digital security for normal people
I was in Starbucks the other day and overheard a local computer tech helping someone reinstall windows on their laptop, the tech left and I started a conversation with the laptop owner.  His laptop had been infected with ransomware and he, unfortunately, didn't have a backup. We had a short conversation about backups where the painfully obvious was stated and not much more.  Having backups may not sound like a security strategy but that's because many people think that security is about protecti...
Read post
Enabling DKIM in Office 365
Enabling DKIM in office 365 is way harder than it should be if you're not letting Microsoft manage your DNS records for you.  Office 365 is not my preferred groupware system but it seems to be a necessary evil in the business world.  In order to enable DKIM for office 365 its required that you add two CNAME records.  In the example below I'm using the domain name azulpine.com and the office 365 tenet azulpine.com.  If you have a .com TLD then it follows you should be able to drop in your domai...
Read post