PSScriptPolicyTest script gets blocked by AppLocker in the event log. Why and what are those files?!

If you are using AppLocker (which you should) and have enabled the function “MSI and Scripts” in AppLocker to whitelist only signed PowerShell scripts you will get some errors in the event log even though your scripts are signed. Checking the event viewer log for AppLocker events you will see that the logged on user tried to run 2 different scripts starting with __PSScriptPolicyTest and the extensions .ps1 and psm1. The full name is something like  __PSScriptPolicyTest_bavjba32.xjg.ps1 where the name is __PSScriptPolicyTest_..ps1/psm1

Continue reading >

Using File Screen to block Ransomware like WannaCry on server shares – Part 1

There has been a lot of talk of the WannaCry malware last couple of weeks and I will try to describe how you can add another layer of security between a infected computer and your central file storage. There is already a few write-ups within this area, most of them only use the File Screen service to block users from creating new files with know extensions or renaming existing ones. This is a good start but it does not actually prevent the user (or the malware running in user context) from deleting all the files on your servers.

Continue reading >

Setup BITS for ConfigMgr Current Branch

When using ConfigMgr in distributed environments, there are times when you want to limit how much bandwidth a client is using when downloading content. In all fairness, when having techniques like Peer Cache, and BranchCache at your disposal, you may get away by not limiting the bandwidth, but for most distributed environments you probably want to configure BITS to control how much bandwidth that is used over the WAN links. BITS is after all the component that is used for the actual downloads.

Continue reading >
1 3 4 5 6 7 23
Page 5 of 23
>