Forum Widgets
Latest Discussions
Example: Use the ADK for Windows 10 / 11 to Create an ISO Image with Anti-Malware Services Disabled
NOTE: The following requires either the 64-bit Windows 10 2004 ADK, or the 64-bit Windows 11 23H2 ADK, and the accompanying WinPE Add-On to be installed. (1.) Download the Windows 10 / 11 ISO Image ( 32-bit / 64-bit ) and place in the following folder: C:\ISO Download Windows 10 / 11 Disk Image (ISO) -> Select Download -> Windows 10 / 11 (multi-edition ISO) -> Download Select the product language -> English (United States) -> Confirm Windows 10 / 11 English -> 32-bit Download / 64-bit Download NOTE: When Downloading the ISO Images on Windows 10 / 11, you must use a User-Agent Switching Addon, like in the examples below: User-Agent Switcher and Manager: https://chrome.google.com/webstore/detail/user-agent-switcher-and-m/bhchdcejhohfmigjafbampogmaanbfkg ( Firefox: https://addons.mozilla.org/en-US/firefox/addon/user-agent-string-switcher/ ) NOTE: Right-click on the batch file after extracting it from the archive, and click "Run as administrator". (2.) Unzip / extract the archive ( Win10_11_ISO_Image_Generator.zip ), which contains the following batch file: Win10_11_ISO_Image_Generator.bat NOTE: The following text documents organize each stage of the ISO image creation process: WINDOWS 10 22H2 32-BIT: C:\Patches\Win10\CheckList_W10_x86.txt WINDOWS 10 22H2 64-BIT: C:\Patches\Win10\CheckList_W10_x64.txt WINDOWS 11 24H2 64-BIT: C:\Patches\Win11\CheckList_W11_x64.txt NOTE: Currently no official download sources exist for Windows 10 / 11 64-bit ARM ISO Images: WINDOWS 10 22H2 ARM 64-BIT: "C:\Patches\Win10\CheckList_W10_x64_ARM.txt" WINDOWS 11 24H2 ARM 64-BIT: "C:\Patches\Win11\CheckList_W11_x64_ARM.txt" (3.) After installing the operating system, you will have to reset the DACL, which requires Sdelete / Sdelete64 /Sdelete64a (Sysinternals ) This should only be run from a bootable WinPE ISO Image: C:\Patches\Batch_Files\ACL\WinPE_8_3_Reset_C_Drive_Wipe_ACL_Disable_ELAM_SmartScreen.bat This batch file is best used, from within the WinPE environment, to reset file permissions to default on any drive that isn't a system volume: C:\Patches\Batch_Files\ACL\WinPE_8_3_Reset_Drive_Wipe_ACL.bat Open the Command Prompt -> Start Menu -> Run -> taskmgr -> File -> Run new Task -> %SystemRoot%\System32\cmd.exe -> Select "Create this task with administrative privileges." -> Click OK. (4.) After rebooting, the default Windows Apps have to be reset on Windows 11, and reinstalled on Windows 10, due to the removal of Orphaned SIDs and the DACL being reset: CMD /Q /C START /MIN /REALTIME /WAIT /B C:\Patches\Batch_Files\Reset_Apps_Win10_11.bat (5A.) Configure the Firewall and Network Stack: CMD /Q /C START /MIN /REALTIME /WAIT /B C:\Patches\Batch_Files\Firewall\Generic_Win10_11_Firewall_Settings.bat (5B.) Alternate: My current setup looks similar to this, aside from the folder layout. I have hardened the network stack, and replaced the built-in unicast / multicast DNS with an Encrypted Stub Resolver: CMD /Q /C START /MIN /REALTIME /WAIT /B C:\Patches\Batch_Files\Post_Install_Win10_11.bat CMD /Q /C START /MIN /REALTIME /WAIT /B C:\Patches\Batch_Files\Post_Activation_CMD_PowerShell_UI_Configuration_Win10_11.bat The following script enables Windows Update / Microsoft Store Updates: CMD /Q /C START /MIN /REALTIME /WAIT /B C:\Patches\Batch_Files\Firewall\Enable_Windows_App_Update_Firewall.bat The following script disables Windows Update / Microsoft Store Updates: CMD /Q /C START /MIN /REALTIME /WAIT /B C:\Patches\Batch_Files\Firewall\Disable_Windows_App_Update_Firewall.bat The following script creates temporary firewall rules for installing software, which expire after approximately thirty seconds of no activity: CMD /Q /C START /MIN /REALTIME C:\Patches\Batch_Files\Firewall\Temp_Firewall_Rule_Generator.bat The most common problem after patching / updating Windows, is the fact that you often have to modify / delete any new registry entries the patches or services create, that bypass security rules / security policies you have set in place: CMD /Q /C START /MIN /REALTIME C:\Patches\Batch_Files\Registry_Patch_Win10_11.bat To remove unwanted apps, edit this batch file based on your needs: CMD /Q /C START /MIN /REALTIME /WAIT /B C:\Patches\Batch_Files\Selective_Removal_Win10_11_Apps.bat The following batch file erases the Command Line history, MUI Cache, Jumplists, as well as most Temporary Files on the System Drive: CMD /Q /C START /MIN /REALTIME C:\Patches\Batch_Files\Clear_Default_Cache_Win10_11.batMousefluffNov 07, 2024Iron Contributor7KViews0likes0CommentsBuild 2024 companion guide: Windows developer security resources
Ready to learn more about the topics discussed in our sessions on "Unleash Windows App Security & Reputation with Trusted Signing" and "The Latest in Windows Security for Developers" at Microsoft Build 2024? Here are some resources and tools to help you get started: Dive deeper into: Passkeys in Windows - (1 min.) Get a quick overview of passkeys, how they are used in Windows, and how they compare to passwords. Virtualization-based security (VBS) key protection - (5 min.) Learn how to create, import, and protect your keys using VBS. NTLM-less - (4 min.) Find the syntax, parameters, return value, and remarks for the AcquireCredentialsHandle (Negotiate) function. Personal Data Encryption (PDE) - (5 min.) Get information on prerequisites, protection levels, and more for this security feature that provides file-based data encryption capabilities to Windows. Virtualization-based security (VBS) Enclave - (1 min.) Explore the functions used by System Services and Secure Enclaves. Trusted Platform Module attestation - (8 min.) Explore key TPM attestation concepts and capabilities supported by Azure Attestation. Zero Trust DNS - (4 min.) Learn more aboutZero Trust DNS (ZTDNS), currently in development for a future version of Windows to helpsupport those trying to lock down devices so that they can access approved network destinations only. Win32 app isolation repo - Access the documentation and tools you need to help you isolate your applications. MSIX app packaging - (3 min.) Learn how to use the MSIX Packaging Tool to repackage your existing desktop applications to the MSIX format. Trusted Signing - Access how-to guides, quickstart tutorials, and other documentation to help you utilize this Microsoft fully managed end-to-end signing solution for third party developers. Smart App Control - (3 min.) Get to know the requirements and stages for Smart App Control, plus get answers to frequently asked questions. Coming soon: Making admins more secure Granular privacy controls for all Win32 apps Continue the conversation. Find best practices. Join us on the Windows security discussion board.Katharine_HoldsworthNov 01, 2024Microsoft439Views0likes0CommentsSuggestion to Enhance File Ownership Security and Usability in Windows
Dear Windows Engineering Team, I would like to address an aspect of file ownership control in Windows that could benefit from additional security and usability measures. This concerns the disparity between how easily administrators can change ownership from TrustedInstaller (or other system accounts) in the Properties > Security GUI and the complex, command-line-only methods required to revert ownership back to TrustedInstaller. This design presents potential risks for system stability and security. Current Issue: Currently, any administrator can take ownership of critical system files from TrustedInstaller via the graphical interface with a few clicks. However, to restore ownership to TrustedInstaller, users must navigate complex command-line tools like SubInAcl or icacls, which are not accessible or known to many users, especially non-specialists. This discrepancy can lead to: Accidental Ownership Changes: Non-specialist administrators might take ownership of system files, unaware of the potential consequences. This can inadvertently weaken the system’s security model, as files intended to be protected under TrustedInstaller’s restricted access are now more vulnerable. Irreversible System State: After taking ownership, users often cannot easily restore it to TrustedInstaller, as it requires knowledge of specific command-line tools and service account nuances. This restriction can leave critical files permanently less secure or misconfigured, creating system instability and potential security gaps. Suggested Solution: To mitigate these issues, I propose a balanced approach to file ownership control. The following changes would improve both security and usability: Two-Way Ownership Controls in the GUI: Allow the Properties > Security > Advanced > Owner dialog to not only take ownership from system accounts but also restore ownership back to TrustedInstaller. This would ensure users can revert any changes made accidentally or for temporary troubleshooting purposes without requiring command-line tools. Enhanced Warnings and Permissions: Introduce additional warnings or elevated confirmation when changing ownership from critical system accounts like TrustedInstaller to make the potential impact clear. This would help non-specialists make informed decisions. Ownership Reversion Assistance: A guided wizard or dedicated tool in Windows that allows users to return ownership to TrustedInstaller or other system accounts would also address this gap, giving administrators a straightforward way to correct accidental changes. This change would enhance system integrity by making it easier for users to return files to their original secure state and by ensuring that file ownership changes—especially those affecting system accounts—are managed consistently across both directions. Thank you for considering this suggestion. I believe that these adjustments would make Windows more secure and user-friendly for all administrators, regardless of expertise level. Sincerely, a long time Windows userlysy7765Oct 28, 2024Occasional Reader58Views0likes0CommentsMicrosoft Family Safety
I am trying to add my daughter's computer to the family to monitor web searching, apps etc. I have followed the instructions on creating an account and go to settings, click on the account and click allow and it still will not register that a device has been connected. Any ideas??Todd_TellesOct 24, 2024Copper Contributor257Views0likes1CommentApplying the fix for KB5025885 (CVE-2023-24932)
In reference to this article:KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support In late August, I created a series of scripts that perform the steps described in the article. This worked fine for 30 to 40 PCs over the next few weeks. I stopped as I had other tasks to attend to. Today, I decided to resume. A Surface Go 2 and a Lenovo E590 both fail to apply it. Both machines have the latest 2024-10 Cumulative Update (newer than is required). Both machines are Secure Boot enabled. Both machines are rebooted twice before proceeding to the next step (e.g. making a registry change). Both machines return "false" to bothGet-SecureBootUEFI commands (which verify whether applying the fix was successful), for a total of 8 reboots. Machines in which my scripts were successful still return "true" for both Get-SecureBootUEFI commands. Has something changed?tylermontney_accOct 24, 2024Brass Contributor116Views0likes0CommentsCreate A FIPS-140 Compliant Secure Offline Password Management System for Windows / WSA / WSL2
Keepass Portable version (KeePass-2.xx.zip file) | KeePassDX (Android - Latest - Build Free) Guidelines for Creating Passwords: 1.) *MOST* newer and legacy systems do not support passwords longer than 64 characters as a rule of thumb (or the full range of printable ASCII Characters) 2.) They MUST also Utilize a Cryptographically Secure Pseudorandom Number Generation Scheme (NIST Random Bit Generation Overview -> https://csrc.nist.gov/Projects/Random-Bit-Generation) 3.) Password Generators Should AVOID Introducing Bias Towards one Range of Characters or an Individual Character at ALL COSTS 4.) No whitespaces, and no Control Characters are allowed -> https://www.unicode.org/charts/PDF/U0000.pdf 5.) The maximum range for all printable characters within the Latin ASCII Character set (Unicode,) is 1-94 Characters in BASE10 / Decimal (0-93 in BASE64 / HEX) -> 0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz!"#$%&'()*+,-./:;<=>?@[\]^_`{|}~ NOTE: KeePass Seed for Keyfile: 32767 HEX chars (32KB + HASH CRC / Checksum value) NOTE: Vera Crypt Keyfile: 2^20 (2097152 HEX chars) output directly in raw form to hex editor then save for 1MB file size NOTE: When using Vera Crypt: If a GPT partition on a non-system volume, is created using "Convert GPT" in the Diskpart utility, or with a Diskpart script, delete any reserved partitions on that drive FIRST, and then create a primary partition. This works much better in cross-platform settings, especially with removable drives / mass storage devices, and it also wastes less space. Useful Links for Password Management on Older Versions of Windows, MS-DOS, PC-DOS, FreeDOS, CP/M, OS/2, some Unix / Linux variants: Windows Wordpad/Microsoft Word/Office Standards -> https://docs.microsoft.com/en-us/openspecs/standards_support Windows Code Page 1252 / IBM 437 (Informal standard found in most early x86 PCs and IBM AT/XT clones) ISO 8859-1 (Standardized version of IBM437) -> https://docs.microsoft.com/en-us/windows/win32/intl/code-pages Code Page Identifiers -> https://docs.microsoft.com/en-us/windows/win32/intl/code-page-identifiers ISO/IEC 8859-1:1998 -> https://webstore.iec.ch/publication/11730 Unicode Character Code Charts -> https://www.unicode.org/charts/ Guidelines for Creating a Manual Password List Printout / Sheet / Card: 1.) Always use a monospaced font with a slashed zero 2.) Choose Size 9-10 in Regular or Bold 3.) Examples: Consolas, Cascadia Code, Monaco, Menlo, Roboto Mono, PT Mono, etc -> https://en.wikipedia.org/wiki/List_of_monospaced_typefaces START: ___PW: -------0123456789----------0123456789-- +++++++----------++++++++++----------++ CONSOLAS BOLD 12PT < DELETE THIS LINE AFTER START: ___PW: -------0123456789----------0123456789--0123456789----------0123456789-- +++++++----------++++++++++----------++----------++++++++++----------++ CONSOLAS BOLD 12PT < DELETE THIS LINE AFTER Post-Installation Guide for KeePass / KeePassDX -> Enable FIPS 140 Mode: KeePass.chm -> Technical FAQ - PG# 37/40 -> If all your PCs have the .NET Framework 4.8 or higher installed, you can enable the usage of FIPS-validated algorithm implementations by opening the 'KeePass.exe.config' file using a text editor and deleting the line '<enforceFIPSPolicy enabled="false" />'. Options -> Security -> Clipboard auto-clear time (seconds; main entry list): 5 Options -> Security -> General -> Lock workspace when locking the computer or switching the user Options -> Security -> General -> Lock workspace when the computer is about to be suspended Options -> Security -> General -> Lock workspace when the remote control mode changes Options -> Security -> Clipboard (Main Entry List) -> Clear clipboard when closing KeePass Options -> Security -> Clipboard (Main Entry List) -> Do not store data in the Windows clipboard history and the cloud clipboard Options -> Security -> Clipboard (Main Entry List) -> use 'Clipboard Viewer Ignore' clipboard format Options -> Security -> Advanced -> Use native library for faster key transformations Options -> Security -> Advanced -> Prevent certain screen captures Options -> Security -> Advanced -> Enter master key on secure desktop Options -> Security -> Advanced -> Clear master key command line parameters after using them once Options -> Security -> Advanced -> Remember master password (in encrypted form) of a database while it is open Options -> Policy -> Plugins Options -> Policy -> Auto-Type Options -> Policy -> Auto-Type - Without Context Options -> Interface -> Main Window -> Minimize to tray instead of taskbar Options -> Interface -> Main Window -> Minimize main window after performing auto-type Options -> Interface -> Main Window -> Minimize main window after locking the workspace Options -> Interface -> Main Window -> Hide 'Close Database' toolbar button when at most one database is open Options -> Interface -> Entry List -> Use alternating item background colors Options -> Interface -> Entry List -> When selecting an entry, automatically select its parent group, too Options -> Interface -> Entry List -> When showing dereferenced data, additionally show references Options -> Interface -> Dialogs -> Show confirmation dialog when moving entries/groups to the recycle bin Options -> Interface -> Dialogs -> Show results of database maintenance in a dialog Options -> Interface -> Dialogs -> Show confirmation dialog when opening a database file whose minor format version is unknown Options -> Interface -> Advanced -> Require password repetition only when hiding using asterisks is enabled Options -> Interface -> Remember recently used files: 1 Options -> Integration -> System-wide hot keys -> Global auto-type: None Options -> Integration -> System-wide hot keys -> Global auto-type - password only: None Options -> Integration -> System-wide hot keys -> Auto-type selected entry: Ctrl+Alt+Shift+A Options -> Integration -> System-wide hot keys -> Show KeePass window: None Options -> Advanced -> Start and Exit -> Remember and automatically open last used database on startup Options -> Advanced -> Start and Exit -> Limit to single instance Options -> Advanced -> Start and Exit -> Start minimized and locked Options -> Advanced -> Auto-Type -> Always show global auto-type entry selection dialog Options -> Advanced -> Auto-Type - Sending -> Prepend special initialization sequence for Internet Explorer windows Options -> Advanced -> Auto-Type - Sending -> Send Alt keypress when only the Alt modifier is active Options -> Advanced -> Auto-Type - Sending -> Ensure same keyboard layouts during auto-type Options -> Advanced -> Auto-Type - Sending -> Allow interleaved sending of keys Options -> Advanced -> Auto-Type - Sending -> Cancel auto-type when the target window changes Options -> Advanced -> Auto-Type - Sending -> Cancel auto-type when the target window title changes Options -> Advanced -> File Input/Output Connections -> Verify written file after saving a database Options -> Advanced -> File Input/Output Connections -> Use file transactions for writing databases Options -> Advanced -> File Input/Output Connections -> Use file transactions for writing configuration settings Options -> Advanced -> File Input/Output Connections -> Extra-safe file transactions (slow) Options -> Advanced -> Automatically search key files Options -> Advanced -> Remember key sources (key file paths, provider names, ...) Options -> Advanced -> Remember working directories Options -> Advanced -> Remember password hiding setting in the main window Options -> Advanced -> Remember password hiding setting in the entry editing dialog Options -> Advanced -> Mark TAN entries as expired when using them Misc: Enable Rearranging Entries: View -> Sort By -> No Sort NOTE: The following 4 settings must be Enabled to modify or create a new Database, though after any changes are saved, they must be disabled before exiting the program. New changes require you to selectively enable these settings, without entering in the master key, and then restart the program. 1.) Options -> Policy -> New Database 2.) Options -> Policy -> Save Database 3.) Options -> Policy -> Change Master Key 4.) Options -> Policy -> Change Master Key - No Key Repeat File -> New... Database Settings -> General -> Database name Database Settings -> Security -> Database file encryption algorithm: AES/Rijndael (256-bit key, FIPS 197) Database Settings -> Security -> Key derivation function: AES-KDF Database Settings -> Security -> Iterations: Example Iterations: Start Menu -> Run -> Calc Calc -> Menu -> Scientific Calc -> 2 -> xY (exponent) -> 20 -> = -> 1048576 -> M+ (Memory add) 1.) Calc -> MR (Memory recall) -> x or * (multiply) -> 64 -> = -> 67108864 ( Average Delay Time -> Multicore PC: 1-2 Seconds ) 1A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear) 2.) Calc -> MR (Memory recall) -> x or * (multiply) -> 128 -> = -> 134217728 ( Average Delay Time -> Multicore PC: 2-2.5 Seconds ) 2A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear) 3.) Calc -> MR (Memory recall) -> x or * (multiply) -> 256 -> = -> 268435456 ( Average Delay Time -> Multicore PC: 4-4.5 Seconds ) 3A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear) 4.) Calc -> MR (Memory recall) -> x or * (multiply) -> 384 -> = -> 402653184 ( Average Delay Time -> Multicore PC: 7-7.5 Seconds ) 4A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear) 5.) Calc -> MR (Memory recall) -> x or * (multiply) -> 512 -> = -> 536870912 ( Average Delay Time -> Multicore PC: 9-9.5 Seconds ) 5A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear) 6.) Calc -> MR (Memory recall) -> x or * (multiply) -> 768 -> = -> 805306368 ( Average Delay Time -> Multicore PC: 14-14.5 Seconds ) 6A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear) 7.) Calc -> MR (Memory recall) -> x or * (multiply) -> 1024 -> = -> 1073741824 ( Average Delay Time -> Multicore PC: 18-19.5 Seconds ) 7A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear) 8.) Calc -> MR (Memory recall) -> x or * (multiply) -> 1536 -> = -> 1610612736 ( Average Delay Time -> Multicore PC: 28-28.5 Seconds ) 8A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear) 9.) Calc -> MR (Memory recall) -> x or * (multiply) -> 2048 -> = -> 2147483648 ( Average Delay Time -> Multicore PC: 37-38.5 Seconds ) 9A.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear) 10.) Calc -> MR (Memory recall) -> x or * (multiply) -> 4096 -> = -> 4294967296 ( Average Delay Time -> Multicore PC: 75-76 Seconds ) 10A.) Calc -> MC (Memory Clear) 10B.) Calc -> C (Clear) or CE (Clear Entry) then C (Clear) 11.) Calc -> Edit -> History -> Clear 11A.) Alternate: Calc -> Right Panel (History Tab) -> Trash Can icon in the bottom right corner (Clear) NOTE: On most mid-range smartphones, ranges 3-7 can often take anywhere between 2-10 minutes to decrypt Database Settings -> Compression: Gzip Database Settings -> Advanced -> Limit number of history items per entry: 0 Database Settings -> Advanced -> Limit history size per entry (MB): 0 Database -> Right Click -> Add Group... NOTE: More sensitive passwords typically only work with Option #2, and require Two-channel auto-type obfuscation to be disabled. Most things work with Option #2 and Two-channel auto-type obfuscation enabled in a browser. Option #1 works with the majority of logins for game launchers and other similar software. In most situations, Option #2 with Two-channel auto-type obfuscation enabled will be the default choice. Option #1 -> Add Group -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER} Option #2 -> Add Group -> Auto-Type -> Override default sequence -> {PASSWORD} Database -> <Entry Name> -> Edit Entry... Edit Entry -> Username Edit Entry -> Password Edit Entry -> Repeat NOTE: The easiest way to set it up is assign groups with a special ruleset so post-setup configuration is easier later on Edit Entry -> Auto-Type -> Enable auto-type for this entry Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group NOTE: In some cases you might have to bypass the rules for individual entries to maintain a cohesive layout within the group. This is if the software does not allow you to tab between fields, or copy paste ( security software is like this. ) Option #1 -> Edit Entry -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER} Option #2 -> Auto-Type -> Override default sequence -> {PASSWORD} NOTE: You have to manually enable or disable this for each entry within each group: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation Practical Considerations / Choices for the Most Frequently Used KeePass Group Settings Templates / Layouts: 1.) Most common for computer software on a desktop / laptop (2.) Common for browser logins, and some computer software, which is easier to use in conjunction with the "Auto-Type Selected entry" hotkey combination 3.) Most common for security software / programs / poorly-designed web page logins (4.) The least common type of group layout NOTE: If you are using KeePass to create a database to export to KeePassDX, layout #2 or #3 save the most time when manually editing entries. 1A.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER} 1B.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry 1C.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group 1D.) ENABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation 2A.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {PASSWORD} 2B.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry 2C.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group 2D.) ENABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation 3A.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {PASSWORD} 3B.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry 3C.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group 3D.) DISABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation 4A.) ENABLE: Add Group -> Auto-Type -> Override default sequence -> {USERNAME}{TAB}{PASSWORD}{ENTER} 4B.) ENABLE: Edit Entry -> Auto-Type -> Enable auto-type for this entry 4C.) ENABLE: Edit Entry -> Auto-Type -> Inherit default auto-type sequence from group 4D.) DISABLE: Edit Entry -> Auto-Type -> Two-channel auto-type obfuscation File -> Save Disable: Options -> Policy -> New Database Disable: Options -> Policy -> Save Database Disable: Options -> Policy -> Change Master Key Disable: Options -> Policy -> Change Master Key - No Key Repeat Right-Click System Tray Icon -> Lock Workspace File -> Exit KeePassDX -> Gear Icon (Top Right Corner) -> App settings Enable: Delete password Disable: Write-protected Enable: Keep screen on Enable: Show lock button Generated Password size: 64 Enable: Hide passwords Enable: Remember databases locations Enable: Remember keyfile locations Enable: Show recent files Enable: Hide broken database links KeePassDX -> Gear Icon (Top Right Corner) -> Form filling Device keyboard settings -> Manage Keyboards -> ENABLE: Magikeyboard (KeePassDX) Enable: Magikeyboard settings -> Entry: Entry selection Enable: Magikeyboard settings -> Keys: Auto key action Optional: Enable: Magikeyboard settings -> Switch Keyboard: Auto key action Enable: Autofill settings -> Manual selection KeePassDX -> Gear Icon (Top Right Corner) -> Advanced unlocking Enable: Device credential unlocking Enable: Auto-open prompt Delete encryption keys (useful only if you have to generate / import a new database layout) NOTE: After you reboot the device / smartphone, you have to log into the database, making sure to tap the orange circle emblazoned with a lightning bolt afterwards, and save your database ( 3 vertical dots in the top-right corner -> Save data ) KeePassDX -> Gear Icon (Top Right Corner) -> App settings Enable: Write-protected (Only Enable after saving a working configuration) NOTE: The Following List Describes a Process for Inputting Database Entries into the Password Field on a Login Screen / Prompt / Form: 1.) Enter in the username for the login credentials if necessary / based on entry / group layout 3.) Enable the keyboard using the following line below 3A.) Settings (Android UI) -> Language & input -> Current keyboard -> Switch from Gboard to Magikeyboard (KeePassDX) 2.) Switch to KeePassDX and select the entry from the database 4.) Switch back to the login screen on the app and click the button with 3 stars / asterisks on it ( *** )MousefluffOct 16, 2024Iron Contributor218Views0likes0Commentssites need to be excluded from dpi/ssl for installing windows products
Hi guys. After activating dpi/ssl on our SonicWall i cannot install Microsoft products. I need to know which sites/addresses I need to exclude from this rule. Ex *.microsoft.com Thanks, BogdanBogdan2025Oct 16, 2024Copper Contributor67Views0likes0CommentsLimit Windows Defender CPU Usage
I have the problem that our Clients use too much CPU during a FullScan. Actually, the usage is limited to 20%, but the setting seems to have no effect. Whether I set it via Configuration Manager or GPO, the result is the same. Does anyone have a similar problem or even better... a solution?philippwreeOct 14, 2024Copper Contributor95KViews1like18Commentslaptop failing to log onto wifi
I've been away for 9 days but left my laptop on. Upon return home, it would no longer access my router wifi. I've rebooted the router and laptop more times than I can recall. I've logged on to the router and everything looks correct, all the passwords are as normal. Surprisingly, my phone, my ipad, and my tv continue to log on, so it is just the laptop giving me a problem. I had an hour with the virginmedia tech support guy, who checked out the router and tried to check the computer too, without success. The computer then updated the latest windows update, so I sat and waited. Still no connections available, stating "can't connect to this network". The ethernet connection is working fine by the way, hence this posting. Any ideas out there??Stephen_RoskillyOct 12, 2024Copper Contributor1.2KViews0likes4Comments
Resources
Tags
- security11 Topics
- BitLocker9 Topics
- Windows 109 Topics
- Windows Defender6 Topics
- Defender5 Topics
- windows5 Topics
- Intune4 Topics
- wdac4 Topics
- Edge4 Topics
- Application Guard3 Topics