Auditer les serveurs de fichiers (part2)


 

Aujourd’hui, juste un très court post pour noter ces deux petites astuces, toujours sur les File Servers…

Contexte: on veut savoir exactement à quoi a accès un user de notre AD sur un de nos file servers… si mon user s’appelle PEJOUBERT, on doit aller voir rapidement à quels groupes de sécurité il appartient et recouper ces informations avec les groupes utilisés sur le partage de fichiers afin d’établir la correspondance….

  • PEJOUBERT est membre du groupe “GS_FILER1_Compta”.
  • Sur le serveur FILER1, le Répertoire “Compta” est partagé avec le groupe “GS_FILER1_Compta” en lecture-écriture.
  • >>  Donc PEJOUBERT a Accès en lecture-écriture au répertoire Compta sur Filer1.

Simple mais ça devient vite compliqué quand on multiplie les répertoires, sous répertoires et partages …bb545021.hero_windows_sysinternals(fr-fr)

Encore une fois, SYSINTERNALS à la rescousse, il nous suffit de prendre accesschk.exe!

et là il suffit de tout simplement ouvrir un prompt cmd, se positionner dans le répertoire contenant Accesschk.exe, et de lancer la commande suivante:

>Accesschk.exe –s –d PEJOUBERT f:\FileShares\*.* > AuditPEJOUBERT_FILER1.txt

le résultat de cette commande sera un fichier texte dans lequel chaque répertoire et sous-répertoire partagé sous f:\FileShares\ sera testé, et les permissions que PEJOUBERT a sur ce dernier seront notée en face…un dossier par ligne.

(le –d c’est pour DIRECTORIES et le –s pour le RECURSIF: le fait d’aller chercher dans le répertoire enfant, puis son enfant, puis son enfant, etc.)

typiquement un exemple de sortie serait:

    • RW F:\FileShares\Compta
    • RW F:\FileShares\Compta\SRV-FACTURES
    • RW F:\FileShares\Compta\SRV-DEVIS
    • RW F:\FileShares\Compta\SRV-CLIENTS
    • R F:\FileShares\Compta\SRV-PARTAGE
    • R F:\FileShares\Compta\PERSO

R pour Read (Lecture seule)

W pour Write (Ecriture, et donc modification…)

plus rapide non? Et si vous voulez aller un peu plus loin dans la démarche, vous pouvez, toujours sur le même modèle mais sans le –d, et en ciblant sur un répertoire particulièrement sensible, vous pouvez alors obtenir une liste des FICHIERS et leur permissions pour PEJOUBERT…

>Accesschk.exe –s PEJOUBERT f:\FileShares\Compta\SRV-DEVIS\*.* > AuditPEJOUBERT_FILER1.txt

Sympa non, et facile! au passage comme la plupart des outils Sysinternals, ils sont disponibles gratuitement sur le site de Microsoft, et n’ont pas besoin d’être installés…alors mettez les dans votre boite à outils car vous en aurez tôt ou tard besoin!

https://technet.microsoft.com/en-us/sysinternals/bb842062.aspx

C’est tout pour cette fois…mais si vous avez le temps jetez un œil aux autres utilitaires SYS INTERNALS disponible dans la suite complète… vous avez entre autres merveilles, et toujours pour nos serveurs de fichiers: AccessEnum et  ShareEnum, listant respectivement les droits d’accès et les partages présents…toujours utiles!

image

@+

PierrE

Publié dans Audit, File Server, Formation, Security, Storage | 1 commentaire

SCCM TP1701, premiere version de 2017!


Encore une Fois des Nouvelles d’Yvette Smile

Hello everyone! We are happy to let you know that update 1701 for the Technical Preview Branch of System Center Configuration Manager has been released. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available. This months new preview features include:

  • UEFI inventory data Hardware inventory can now determine whether the device is UEFI-enabled.
  • Express files support for Windows 10 Cumulative Update – Configuration Manager can support Windows 10 Cumulative Update using Express files. This functionality is only supported in Windows 10 version 1607 with a Windows Update Agent update included with the updates released on January 10, 2017 (Patch Tuesday). For more information see https://docs.microsoft.com/sccm/core/get-started/capabilities-in-technical-preview-1612#express-installation-files-support-for-windows-10-updates.
  • Validate Device Health Attestation Data via Management Point – You can now configure management points to validate health attestation reporting data for cloud or on-premises health attestation service.
  • Updated Content Library Cleanup Tool – The command line tool (ContentLibraryCleanup.exe) used to remove content that is no longer associated with any package or application from a distribution point (orphaned content) has been updated with fixes for known issues.
  • Host software updates on cloud-based distribution points – Beginning with this preview version, you can use a cloud-based distribution point to host a software update package.
  • Support for Microsoft Azure Government cloud added to Operations Management Suite (OMS) Connectorfeature – You can now configure an OMS connector for the OMS workspace on Microsoft Azure Government cloud.
  • Additional boundary groups improvements – Clients now find software update points using Boundary Group associations.

Weve also made several improvements to operating system deployment, many of which were the result of your User Voice feedback:

  • Support for more applications for the Install Applications task sequence step
  • Expire standalone media
  • Support for additional content in stand-alone media
  • Configurable timeout for Auto Apply Driver task sequence step
  • Package ID is now displayed in task sequence steps
  • Windows 10 ADK tracked by build version
  • Default boot image source path can no longer be changed

Update 1701 for Technical Preview Branch is available in the Configuration Manager console. For new installations please use the 1610 baseline version of Configuration Manager Technical Preview Branch available on TechNet Evaluation Center.

We would love to hear your thoughts about the latest Technical Preview! To provide feedback or report any issues with the functionality included in this Technical Preview, please use Connect. If theres a new feature or enhancement you want us to consider for future updates, please use the Configuration Manager UserVoice site.

Thanks,

The System Center Configuration Manager team

Configuration Manager Resources:

Documentation for System Center Configuration Manager Technical Previews

Try the System Center Configuration Manager Technical Preview Branch

Documentation for System Center Configuration Manager

System Center Configuration Manager Forums

System Center Configuration Manager Support

Download the Configuration Manager Support Center

Afficher l’article…

Publié dans System Center | Tagué , , | Laisser un commentaire

Patch Tuesday!!!


********************************************************************

Microsoft Security Bulletin Summary for January 2017

Issued: January 10, 2017

********************************************************************

This bulletin summary lists security bulletins released for January 2017.

The full version of the Microsoft Security Bulletin Summary for January 2017 can be found at <https://technet.microsoft.com/library/security/ms17-jan>.

Critical Security Bulletins

============================

MS17-002

– Affected Software:

– Microsoft Word 2016 (32-bit edition)

– Microsoft Word 2016 (64-bit edition)

– Microsoft SharePoint Enterprise Server 2016

– Impact: Remote Code Execution

– Version Number: 1.0

MS17-003

– Affected Software:

– Windows 8.1 for 32-bit Systems:

– Windows 8.1 for x64-based Systems:

– Windows Server 2012

(Windows Server 2012 Server Core installation not affected)

– Windows Server 2012 R2

(Windows Server 2012 R2 Server Core installation not affected)

– Windows RT 8.1:

– Windows 10 for 32-bit Systems

– Windows 10 for x64-based Systems

– Windows 10 Version 1511 for 32-bit Systems

– Windows 10 Version 1511 for x64-based Systems

– Windows 10 Version 1607 for 32-bit Systems

– Windows 10 Version 1607 for x64-based Systems

– Windows Server 2016 for x64-based Systems

– Impact: Remote Code Execution

– Version Number: 1.0

Important Security Bulletins

============================

MS17-001

– Affected Software:

– Windows 10 for 32-bit Systems

– Microsoft Edge

– Windows 10 for x64-based Systems

– Microsoft Edge

– Windows 10 Version 1511 for 32-bit Systems

– Microsoft Edge

– Windows 10 Version 1511 for x64-based Systems

– Microsoft Edge

– Windows 10 Version 1607 for 32-bit Systems:

– Microsoft Edge

– Windows 10 Version 1607 for x64-based Systems:

– Microsoft Edge

– Windows Server 2016 for x64-based Systems:

– Microsoft Edge

(Windows Server 2016 Server Core installation affected)

– Impact: Elevation of Privilege

– Version Number: 1.0

MS17-004

– Affected Software:

– Windows Vista Service Pack 2

– Windows Vista x64 Edition Service Pack 2

– Windows Server 2008 for 32-bit Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for x64-based Systems Service Pack 2

(Windows Server 2008 Server Core installation affected)

– Windows Server 2008 for Itanium-based Systems Service Pack 2

– Windows 7 for 32-bit Systems Service Pack 1

– Windows 7 for x64-based Systems Service Pack 1

– Windows Server 2008 R2 for x64-based Systems Service Pack 1

(Windows Server 2008 R2 Server Core installation affected)

– Windows Server 2008 R2 for Itanium-based Systems Service Pack 1

– Impact: Denial of Service

– Version Number: 1.0

 

********************************************************************

Title: Microsoft Security Advisory Notification

Issued: January 10, 2017

********************************************************************

Security Advisories Released or Updated Today ==============================================

* Microsoft Security Advisory 3214296

– Title: Vulnerabilities in Identity Model Extensions Token Signing Verification

https://technet.microsoft.com/library/security/3214296.aspx

– Reason for Revision: V1.0 (January 10, 2017): Advisory

published.

– Originally posted: January 10, 2017

– Updated: N/A

– Version: 1.0

Publié dans Security | Laisser un commentaire

Configuration Manager now supports macOS Sierra(v10.12).


News from Yvette Smile

Thecurrent branch (version 1610) of System Center Configuration Manager now supports macOS Sierra(v10.12).macOS Sierrasupport requires that Configuration Manager Mac clients have a minimum client version of 5.0.8466.1. You can download the latest Mac client for System Center Configuration Manager here.

Note: The version of theMac client agent displayed in the Mac preference pane may be different than the version collected by hardware inventory and displayed in the Configuration Manager Console.

For more information about how to upgrade the Configuration Manager Mac client, refer to the How to upgrade clients on Mac computers in System Center Configuration Manager topic.

An update to System Center Endpoint Protection (SCEP) for Mac which includes support for macOS Sierra is also available on the Volume Licensing Service Center (VLSC) https://www.microsoft.com/Licensing/servicecenter. The required version is 4.5.27.1.

Additional resources:

Afficher l’article…

Publié dans Apple, Deployment, System Center | Laisser un commentaire

Formations en ligne pour Janvier


Si vous souhaitez monter en compétences sur Windows 10 et SCCM…le mois de janvier vous réserve des bonnes surprisesSmile

Cette semaine :

image

5 heures de formations en ligne sur SCCM 1610 et TP1612 plus Windows 10 par les gurus MVPs de rigueur!

Plus tard dans le mois, pour ceux qui le suivent sur twitter, Sami Laiho has his own webcast: Mastering Windows Security Settings – How I do it! sans faire dans le détail, cela doit être la session à ne pas manquer sur la sécurité sous Windows, tous OS confondus!

image

Et Microsoft nous propose des cycles de formation gratuits sur Azure:

Formation gratuite sur Azure, en ligne et à la demande.
Ne vous laissez pas submerger par les vagues de nouvelles technologies. Nous proposons désormais un accès gratuit à notre catalogue de plus de 10 cours en ligne, du niveau débutant au niveau expert, un catalogue qui s’enrichit constamment. Le cours “Microsoft Azure Fundamentals” actualisé et le tout nouveau cours “Microsoft Azure for AWS Experts” offrent les bases nécessaires pour commencer à travailler dans Azure avant d’enchaîner sur des scénarios plus complexes. D’autres cours seront ajoutés prochainement, afin que votre équipe puisse affiner encore plus ses compétences.

Inscrivez-vous dès aujourd’hui à nos formations Azure  ›

brain-laptop-9590567Alors profitez de ce début d’année pour prendre de nouvelles dispositions et de nouvelles résolutions!

 

La formation évolue, certes, et devient de plus en plus concise et en ligne mais elle n’a jamais été aussi abordable et facile a intégrer dans nos agendas…profitez en et montez en compétences sur les sujets du moment, à votre rythme et à un prix défiant toute concurrence!

@+

PierrE

Publié dans Azure, business, Certification, Deployment, Event, Formation, Fun, GPOs, ICD, Insider Preview, Intune, MCT, MDT, Migration, MVP, PowerShell, Ransomeware, Scripting, Security, SysInternals, vNext, Windows10, WSUS | Laisser un commentaire

Merry Christmas….Joyeux Noel


Joyeux Noel à tous et à toutes… Plein de bonnes choses et de jolis cadeaux 🙂

We wish you a Merry Christmas…May you receive all the gifts you want 🙂

merry-christmas

The Red Kaffe Team / Thanks for the 2016 stats…that’s your gift to us 🙂

stats2016

Growing audience is a good sign! Thanks to you all.

PierrE.

 

Publié dans Uncategorized | Laisser un commentaire

Microsoft Security Bulletin Release


********************************************************************

Title: Microsoft Security Bulletin Releases

Issued: December 19, 2016

********************************************************************

Summary

=======

The following bulletins have undergone a major revision increment.

* MS16-155 – Important

Bulletin Information:

=====================

MS16-155

– Title: Security Update for .NET Framework (3205640)

https://technet.microsoft.com/library/security/ms16-155.aspx

– Reason for Revision: Revised bulletin to announce that Security

and Quality Rollup updates 3210142 and 3205402 have been

rereleased with a detection change for WSUS customers that

removes a supersedence relationship between these and previously

released October Security-Only updates 3188736 and 3188730,

respectively. These are detection changes only. There were no

changes to the update files. Customers who have already

successfully installed any of these updates do not need to take

any action. For more information, see the Microsoft Knowledge

Base article for the respective update.

In addition, revised bulletin to announce that update 3210142 is

available for Windows Server 2008 for Itanium-based Systems

Service Pack 2, and that update 3205402 is available for Windows

Server 2008 R2 for Itanium-based Systems Service Pack 1. Customers

should apply the applicable updates to be protected from the

vulnerabilities discussed in this bulletin. The majority of

customers have automatic updating enabled and will not need to

take any action because the updates will be downloaded and

installed automatically.

– Originally posted: December 13, 2016

– Updated: December 19, 2016

– Bulletin Severity Rating: Important

– Version: 2.0

Publié dans Security, WSUS | Laisser un commentaire