Hyper-V. Windows. Active Directory. Scripts. WSUS. PowerShell. How to configure an authoritative time server in Windows Server. Windows Server includes W32Time, the Time Service tool that is required by the Kerberos authentication protocol.
The Windows Time service makes sure that all computers in an organization that are running the Microsoft Windows 2000 Server operating system or later versions use a common time. To guarantee appropriate common time usage, the Windows Time service uses a hierarchical relationship that controls authority, and the Windows Time service does not allow for loops. By default, Windows-based computers use the following hierarchy: Configuring the Windows Time service to use an internal hardware clock To have us configure the Windows Time service to use an internal hardware clock for you, go to the "Fix it for me" section.
Fix it for me To fix this problem automatically, click the Fix it button or link. Collapse this imageExpand this image NotesThis wizard may apply only to English versions. Let me fix it myself ( ) How to back up and restore the registry in Windows Troubleshooting Applies to. Windows Incident Response. I've run across a number of tools recently, some directly related to forensics, and others more related more to IR or RE work.
I wanted to go ahead and put those tools out there, to see what others think... Memory Analysis There have been a number of changes recently on the memory analysis front. For example, Mandiant recently released their RedLine tool, and HBGary released the Community Edition of their Responder product. While we're on the topic of memory analysis tools, let's not forget the erstwhile and formidable Volatility.
Also, if you're performing memory dumps from live systems, be sure to take a look at the MoonSol Windows Memory Toolkit. SQLite Tools CCL-Forensics has a trial version of epilog available download, for working with SQLite databases (found on smartphones, etc.). I'm familiar with the SQLite Database Browser...epilog would be interesting to try. MFT Tools Sometimes you need a tool to parse the NTFS $MFT file, for a variety of reasons.
Exchange. Microsoft WINS Service <= 5.2.3790.4520 Memory Corruption. Luigi Auriemma Application: Microsoft WINS service Versions: <= 5.2.3790.4520 Platforms: Windows Bug: arbitrary memory corruption Exploitation: remote, versus server Date: found 21 Oct 2010 patched 10 May 2011 advisory 13 Sep 2011 Author: Luigi Auriemma e-mail: firstname.lastname@example.org web: aluigi.org References: 1) Introduction 2) Bug 3) The Code 4) Fix WINS stands for "Windows Internet Name Service" and is a classical service running on port 42 usually active in intranet environments for resolving the NetBIOS names. Notes: the reported dumps refer to WINS 5.2.3790.4520 on Windows 2003 Server. The problem is located in the function at address 0101488A used to perform the sending of a reply packet back to the client where it's raised an exception if send() fails, for example because the client interrupted the connection before the receiving of the data.
In this function the size of the data to send (0x2c) is passed to ntohl() and stored on the stack buffer where is located the beginning 01013E77 . 50 PUSH EAX ; |Arg2.