Archive

Archive for June, 2011

FIM CM 2010 – Sommarkollo 2011 @ MS Sweden

June 30th, 2011 Comments off

Tack för en bra diskussion hos Microsoft i Kista under FIM CM sommarkollo 2011

Inspelningen av del 1 :

Ladda ner ADCS powershell skriptet adcs_install.ps1

Ladda ner presenationen för FIM CM Sommarkollo

TechNet videos: Security Compliance Manager 2 teaser

June 30th, 2011 Comments off

Want to take an early look at the next version of the Security Compliance Manager (SCM) 2 tool? In this three-part screencast series with Sr. IT pro Evangelist Matt Hester, he takes you on a quick tour of the tool’s features and benefits, including new features in SCM 2 like GPO import, baseline setting customization, local GPO functionality, an enhanced user interface, and an improved installation experience.Check out these new screencasts!

Use SCM 2 to harden your machines to meet industry standards

June 29th, 2011 Comments off
Microsoft Security Compliance Manager (SCM) 2 enables organizations to take better advantage of their existing knowledge and investments, and customize security and compliance settings with ease. Customers can harden their machines to industry standards, monitor for configuration drift and address the configuration requirements of hundreds of regulations like SOX, PCI and HIPAA. Learn more.

New SCM 2 features include:

  • GPO import: SCM 2 can now import Group Policy Object (GPO) Backup files to allow organizations to import and compare their existing knowledge against Microsoft baseline recommendations. This long-awaited feature effectively helps you to customize and manage your organization’s existing knowledge stored in Active Directory.
  • Baseline setting customization: Modifying baselines just got easier. Adding, extending, or deleting settings from a baseline is an effortless process in this new version of the tool.
  • Local GPO functionality: Apply security baselines directly to client and server computers using the LocalGPO command-line tool, which enables you to secure stand-alone computers and test different baselines without using Active Directory to deploy them. Use this tool to create local policy snapshots that you can import into SCM 2 using the new GPO import capabilities, which you can then compare, customize, and export as needed.
  • Additional features: These include a new and enhanced UI that provides simpler navigation in the tool, and improved installation with SQL Server 2005 and later releases of SQL Server.

Version 2 of the SCM tool will release with a full complement of Microsoft product baselines, including these new and/or updated baselines:

  • Windows Internet Explorer 9
  • Windows Server 2008 R2 Service Pack 1 (SP1)
  • Windows Server 2008 SP2
  • Windows Server 2003 SP2

————————————————————————————————————-

In more detail

Microsoft Security Compliance Manager (SCM) 2 provides security and compliance configuration recommendations from Microsoft, centralized baseline management features, a baseline portfolio, customization capabilities, and security and compliance baseline export flexibility to accelerate your organization’s ability to efficiently manage the security and compliance process for the most widely used Microsoft products and technologies. The formerly stand-alone product-specific security guides are now included in the SCM tool.

Version 2 of the SCM tool releases with a full complement of Microsoft security and compliance baselines, including a new Windows Internet Explorer 9 Security Baseline, and updated baseline versions for Windows Server 2008 R2 SP1, Windows Server 2008 SP2, and Windows Server 2003 SP2.

These new beta baselines provide:

  • Setting severity ratings, allowing you to quickly sort, prioritize, and apply Microsoft security and compliance recommendations.
  • Consolidated product baselines that eliminate EC and SSLF baseline components, and make viewing, customizing, and implementing your security baselines easier than ever!
  • New compliance-based settings groups allow quicker and easier compliance reporting and audit preparation, when used with the  GRC management solution within System Center.

Additional product baselines are currently in development, including baselines for: Windows 7 SP1, Microsoft Exchange Server 2007, Exchange Server 2010, SQL Server 2008 and SQL Server 2008 R2 (multiple roles), Office 2010, Windows Vista SP2, Windows XP SP3, and Windows Internet Explorer 8.

To learn more about the Security Compliance Manager tool, visit the TechNet Library.

UAG SSL Client Certificate Authentication Problems…

June 17th, 2011 4 comments

It is pretty straight forward to configure SSL Client Certificate Authentication in UAG, just follow the steps in the online guide at http://technet.microsoft.com/en-us/library/ee861163.aspx and you should be able to run in almost no time except for an issue that occurs whenever your logon name and  common name does not match!

An authentication error will occur with the error message in UAG telling that the user account does not have the expected cn, upn or email value that has been extracted from the users SSL authentication certificate at the time of logon. Looking at the certificate all values of cn, upn and email shows a 100% match of the same values on the user account!

Looking at the cert auth scripts in UAG we can see that UAG is using the value of the common name of the certificate subject as the user_name. The user_name is then used to obtain information from Active Directory regarding that user account. And this is where the error occurs, the matching for the username is simply wrong.

To correct this you can obtain the UPN value from the client certificate in the certificate validation script and use that value to obtain the user logon name by simply splitting at the @ sign.

Download the UAG customupdate-cert scripts and make sure to change the authserver01 key word to the name of your authentication repository.

/Hasain

secadmins.com is IPv6 enabled :)

June 7th, 2011 Comments off
Categories: IPv6 Tags: