Monday, May 6, 2013

Auditing Authentication in Windows Serve 2008


When a user logs on to any computer in the domain using his or her domain user account, a domain controller authenticates the attempt to log on to the domain account. This generates an account logon event on the domain controller.
The computer to which the user logs on for example, the user’s desktop generates a logon event. The computer did not authenticate the user against his or her account; it passed the account to a domain controller for validation. The computer did, however, allow the user to log on interactively to the computer. Therefore, the event is a logon event. When the user connects to a folder on a server in the domain, that server authorizes the user for a type of logon called a network logon. Again, the server does not authenticate the user; it relies on the ticket given to the user by the domain controller. But the connection by the user generates a logon event on the server.
Open Group Policy Management. Expand Domain Controllers OU. Right Click the Default Domain Controllers Policy. Select Edit. Expand Computer Configuration>Windows Settings>Security Settings. Click Audit Policies. Right click Audit account logon events and select Properties. Select Define these policy settings and select Success and Failure. Click OK. Right click Audit logon events and select Properties. Select Define these policy settings and select Success and Failure. Click OK. Both audit policies are enabled. Close the dialogue box. In order to test the audit policy the Administrator will attempt to log on with an incorrect password. Close Group Policy Management and try it.

After some failed logons check event viewer security log. Note the Audit Failures. Double click an event for more detail. These are the event’s details. You can also access Microsoft’s online database for more information about any event. Close all open dialogue boxes to return to the desktop. Enjoy your reading :)

Configuring Password and Lockout Policies in windows Server 2008

In a Windows Server 2008 domain, users are required to change their password every 42 days, and a password must be at least seven characters long and meet complexity requirements including the use of three of four character types: uppercase, lowercase, numeric, and non alphanumeric.

hree password policies—maximum password age, password length, and password complexity—are among the first policies encountered by administrators and users alike in an Active Directory domain. Rarely do these default settings align precisely with the password security requirements of an organization. Your organization might require passwords to be changed more or less frequently or to be longer.
There are exceptions to every rule, and you likely have exceptions to your password policies.
To enhance the security of your domain, you can set more restrictive password requirements for accounts assigned to administrators, for accounts used by services such as Microsoft SQL Server, or for a backup utility. In earlier versions of Windows, this was not possible; a single password policy applied to all accounts in the domain.In this lesson, you will learn to configure fine-grained password policies, a new feature in Windows Server 2008 that enables you to assign different password policies to users and groups in your domain.

If the new password meets requirements, Active Directory puts the password through a mathematical algorithm that produces a representation of the password called the hash code. The hash code is unique; no two passwords can create the same hash code. The algorithm used to create the hash code is called a one-way function. You cannot put the hash code through a reverse function to derive the password. The fact that a hash code, and not the password itself, is stored in Active Directory helps increase the security of the user account.

The password settings configured in the Default Domain Policy affect all user accounts in the domain. The settings can be overridden, however, by the password-related properties of the individual user accounts. On the Account tab of a user’s Properties dialog box, you can specify settings such as Password Never Expires or Store Passwords Using Reversible Encryption. For example, if five users have an application that requires direct access to their passwords, you can configure the accounts for those users to store their passwords, using reversible encryption.

In this lesson, you will learn how to implement your enterprise’s password and lockout policies by modifying the Default Domain Policy Group Policy object (GPO).

Click Group Policy Management. Expand the domain. Right Click Default Domain policy and click Edit. Expand – Computer Configuration>Policies>Windows Settings>Security Settings. Expand Account Policies. Select Password Policies. Right Click Maximum password age and select Properties. Change Password will expire in: to 30 days. Click OK. Maximum password age is now set to 30 days. Next select Account lockout policy and right click Account lockout threshold and select Properties. Set invalid logon attempts to 3. When you Click OK Windows will suggest values for the remaining policies, Click OK to accept these. The suggested values can be changed later. Click OK. The Account lockout policy is now configured. All open dialogue boxes can now be closed.

Fine-Grained Password and Lockout Policy

You can also override the domain password and lockout policy by using a new feature of Windows Server 2008 called fine-grained password and lockout policy, often shortened to simply fine-grained password policy.
Fine-grained password policy enables you to configure a policy that applies to one or more groups or users in your domain. To use fine-grained password policy, your domain must be at the Windows Server 2008 domain functional level. To raise the domain functional level open Active Directory Users and Computers.

Right click the domain and select Raise domain functional level. Select Windows Server 2008 and click Raise. Warning Raising the domain functional level cannot be reversed. Click OK to continue. Click Close to complete.

Fine-Grained Password and Lockout Policy

The settings managed by fine-grained password policy are identical to those in the Password Policy and Accounts Policy nodes of a GPO.
However, fine-grained password policies are not implemented as part of Group Policy, nor are they applied as part of a GPO. Instead, there is a separate class of object in Active Directory that maintains the settings for fine-grained password policy: the password settings object (PSO).

Most Active Directory objects can be managed with user-friendly graphical user interface (GUI) tools such as the Active Directory Users and Computers snap-in. You manage PSOs, however, with low-level tools, including ADSI Edit.

In this exercise, you will create a PSO that applies a restrictive, fine-grained password policy to users in the Domain Admins group. Before you proceed with this exercise, confirm that the Domain Admins group is in the Users container. If it is not, move it to the Users container.

Click Administrative tools>ADSI Edit. Expand the domain. Expand CN=System. Select CN=Password Settings Container. Right click and select New>Object. Click Next to continue. Type a name for the new object and click Next.

PSO Precedence and Resultant PSO

A PSO (Password Settings Object) can be linked to more than one group or user, an individual group or user can have more than one PSO linked to it, and a user can belong to multiple groups. So which fine grained password and lockout policy settings apply to a user? One and only one PSO determines the password and lockout settings for a user; this PSO is called the resultant PSO. Each PSO has an attribute that determines the precedence of the PSO. The precedence value is any number greater than 0, where the number 1 indicates highest precedence. If multiple PSOs apply to a user, the PSO with the highest precedence (closest to 1) takes effect.

Set the Precedence value to 1 and click Next. Type False The password is not stored using reversible encryption and click Next. Type 30 The user cannot reuse any of the last 30 passwords and click Next. Type True Password complexity rules are enforced and click Next. Type 10 Password must be at least 10 characters in length and click Next. Type 1:00:00:00. A user cannot change his or her password within one day of a previous change. The format is d:hh:mm:ss (days, hours, minutes, seconds) and click Next. Type 45:00:00:00. The password must be changed every 45 days and click Next. Type 5. Five invalid logons within the time frame specified by (the next attribute) will result in account lockout and click Next. Type 0:01:00:00. Five invalid logons (specified by the previous attribute) within one hour will result in account lockout and click Next. Type 0:01:00:00. An account, if locked out, will remain locked for one hour or until it is unlocked manually. A value of zero will result in the account remaining locked out until an administrator unlocks it and click Next. The attributes listed are required. After clicking Next on the msDS-LockoutDuration attribute page, you will be able to configure the optional attribute. Click the More Attributes button.

In the Edit Attributes box, type CN=DomainAdmins,CN=Users,DC=es-net,DC=co,DC=uk
and click Set. Click OK. The new PSO is now active.

Resultant PSO

To identify the PSO that controls the password and lockout policies for an individual user.

Open the Active Directory Users And Computers snap-in.
Click the View menu and make sure that Advanced Features is selected.
Expand the domain and click the Users container in the console tree.
Right-click the Administrator account and choose Properties.
Click the Attribute Editor tab.
Click the Filter button and make sure that Constructed is selected. The attribute you will locate in the next step is a constructed attribute, meaning that the resultant PSO is not a hard-coded attribute of a user; rather, it is calculated by examining the PSOs linked to a user in real time.
In the Attributes list, locate msDS-ResultantPSO.
Identify the PSO that affects the user.
The Domain Admins PSO that you created is the resultant PSO for the Administrator account. Enjoy your reading.

Sunday, April 28, 2013

Facebook Apps Money Change (July 2013 Breaking Changes)



Start from this morning untill July 2013 facebook will announce new feature for all user who use one of their social plug in to chaange their notification.
All users need to fix it on time for their use of Apps. Please see the screen shoot for an example to change your apps: 
 Screen 1: 



Screen 2: 


Enjoy your Breaking Changes  From FaceBook. :D

Thursday, April 25, 2013

How to find Product ID on your windows 8


Hello everyone today i will show you how to find Microsoft ID products in windows 8 in your own computers.

Did you that you can find Product ID for your windows 8 Microsft products just follow my tutorial:

Now let start:

1: for user useing windows 8

windows key + pause/break bottom to open system properties than you will see the prompt windows show up( see the picture bellow)

2. Scroll down to the buttom, and look under Windows is activated you will see the Products ID as show : example: 00178-70000-00011-AA579 ( see the picture bellow)


Enjoy it: :D

Thursday, April 4, 2013

Fix windows live and tweak.

Some of the editors migrated their home PCs from Windows XP or Vista to Windows 7, and we encountered a little glitch with Windows Live Mail that drove us bananas for the better part of an afternoon. We’d like to save you the same grief.
Our e-mails imported fine from XP’s Outlook Express, but we found that in the “Sent items” view in Live Mail, it was impossible to tell at a glance to whom we sent our mails. That’s because the columns in the default view didn’t include the one for the “To:” field. (Your mileage may vary. The missing “To:” field didn’t happen in another install we performed, but the next step—the grey-out issue—did.)
Simple enough, we thought—it’s easy to customize the view to show the “To:” field. You’d just hit Alt, go the View menu, choose the Columns item, and…hey wait a minute, the Columns menu option is greyed out! Hmmm. All we wanted was to restore this little column:
12-Tweak-Live-Mail
An afternoon of tweaking and searching later, we discovered that, strangely enough, repositioning the preview pane (the region of the screen that shows you a preview portion of a selected e-mail) was the only thing that would “un-grey” the Columns item on the View menu. This is likely a bug, and we’d expect it to be fixed before long. But how to work around it, for now?
In your Sent Mail view in Live Mail, hit Alt to bring up the menu bar, click View > Layout, and in the Layout dialog box, change the Reading pane (Mail) entry to At the bottom of the message list. (You can also uncheck the Show the reading pane box if you’d like to get rid of the pane altogether.) Hit OK, and you should be able to access the Columns entry in the View menu to tweak the columns that are displayed.

Wednesday, April 3, 2013

Download Windows Live to restore common windows application.

If you’re a Windows XP user who has just migrated to Windows 7, you’re likely to notice a few old friends missing: notably, a mail client (Outlook Express) and Windows Movie Maker. And if you’re using Vista, the Windows Mail, Movie Maker, and Photo Gallery apps might be conspicuous by their absence in 7.

In Windows 7, Microsoft has moved these programs off-OS and made them part of a downloadable package of apps called “Windows Live Essentials.” (Why, if they’re “Essentials,” they’re not included as part of the OS is another story, though.) This is the Live Essentials page.

11-Live-Essentials

You’ll need to sign up for a free Windows Live account to download the lot. (You may well already have one.) You may or may not need Live Essentials, depending on the e-mail client you tend to use and whether you already own some favorite photo- and video-editing software, but we think the download is worth the trouble, regardless. For one thing, the Windows Photo Gallery app has been bulked up a bit from Vista’s; it now has more editing functions, so it can be a time saver versus launching a full-featured photo editor. And Windows Movie Maker, as in Vista, incorporates the ability to burn a DVD Video direct from the app, so no need to fire up Nero, Roxio, or another big burning app for straightforward jobs. Check out the Live Essentials pack at http://download.live.com.

Tuesday, March 19, 2013

Start Learning CSS Part 2

The basic page template

Go to the Tutorfordesign home page and grab the practice HTML page that we will use as the starting template for this tutorial. You can find it under the heading: ‘To create the practice HTML page do the following:’ Follow the instructions there and create your basic HTML page.
Once you have created the template page, create a folder and name it something like: ‘myCSSwebsite’ and then drop the HTML page into it. In that same folder, create a new text document and call it: ‘myCSS.css’. Once created open that file and paste in this template CSS code and then save it:

/* Generic Selectors */
 
body {
font-family: Georgia, "Times New Roman", Times, serif;
font-size: 14px;
color: #333333;
background-color: #F9F9F9;
}
 
p {
width: 80%;
}
 
li {
list-style-type: none;
line-height: 150%;
list-style-image: url(../images/arrowSmall.gif);
}
 
h1 {
font-family: Georgia, "Times New Roman", Times, serif;
font-size: 18px;
font-weight: bold;
color: #000000;
}
 
h2 {
font-family: Georgia, "Times New Roman", Times, serif;
font-size: 16px;
font-weight: bold;
color: #000000;
border-bottom: 1px solid #C6EC8C;
}
 
/**************** Pseudo classes ****************/
 
a:link {
color: #00CC00;
text-decoration: underline;
font-weight: bold;
}
 
li :link {
color: #00CC00;
text-decoration: none;
font-weight: bold;
}
 
a:visited {
color: #00CC00;
text-decoration: underline;
font-weight: bold;
}
 
li a:visited {
color: #00CC00;
text-decoration: none;
font-weight: bold;
}
 
a:hover {
color: rgb(0, 96, 255);
padding-bottom: 5px;
font-weight: bold;
text-decoration: underline;
}
 
li a:hover {
display: block;
color: rgb(0, 96, 255);
padding-bottom: 5px;
font-weight: bold;
border-bottom-width: 1px;
border-bottom-style: solid;
border-bottom-color: #C6EC8C;
}
 
a:active {
color: rgb(255, 0, 102);
font-weight: bold;
}
 
/************************* ID's *************************/
 
#navigation {
position: absolute;
width: 210px;
height: 600px;
margin: 0;
margin-top: 50px;
border-right: 1px solid #C6EC8C;
font-weight: normal;
}
 
#centerDoc {
position: absolute;
padding: 0 0 20px 0; /*top right bottom left*/
margin-top: 50px;
margin-left: 235px;
}
 
Don’t let the CSS freak you out, I will explain the important details and you will soon see how easy it really is. One last thing for you to do before I finish this part of the tutorial, we need to add some code to our HTML page.
In between the <body></body> tags you will need to insert this code:

<div id="navigation">
 
<h2>The Main navigation</h2>
</div>
 
 
<div id="centerDoc">
 
<h1>The Main Heading</h1>
 
<p>Go to the Tutorfordesign home page and grab the
practice HTML page that we will used as the starting template for this
tutorial. You can find it under the heading: 'To create the practice HTML
page do the following:'.</p>
 
<p>Follow the instructions there and create your basic HTML page
... and do it now!</p></div>
And in between the <head> </head> tags you will need to insert this:
<title>First CSS Tutorial</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="myCSS.css" rel="stylesheet" type="text/css">
With this in place we will be able to start styling our page. If you take a look at the HTML page now you may be surprised to see that we already started!