What is “Dedic”?
2012.08.17
Well, if You speak Russian and in computer crimes world from any side, You know what I am talking about. If not – here are brief look at what it is, what purposes and why named this way.
Day by day…
Terminal Services
Tags
Windows 2008: Get RDS grace period status
2012.05.01
Server Windows 2008 Remote Desktop Services have a grace period of 90 days from installation till day it lock access to users. Suddenly, there is no big red screen with countdown, or even small announce in Server Manager about expiration date. It somehow hidden, so eventually expiration date is usually not expected 
Now – Your business is down.
How You can connect locked Server? Run RDP client in Admin mode: mstsc /admin – to connect to locked server. Here You can configure licensing and add licenses.
By the way – You can see Days left by few ways:
1. in CMD (Run as Administrator) – paste and run:
wmic /namespace:\\root\CIMV2\TerminalServices PATH Win32_TerminalServiceSetting WHERE (__CLASS !=”") CALL GetGracePeriodDays
From Here – thx Ovi Borrero
2. Or You can use PowerShell script or VB to have this info – see MSDN
CVE-2012-0002 attack vector
2012.03.20
“I have no RDP listhener, available from Internet” – this somehow became excuse and way to feel safe. Dan Kaminsky scanned Internet for RDP ports, found about 5 million of hosts available via RDP, so all others suddenly feel more comfortable.
Really?
Let’s see attack vector. Let’s assume RCE is available:
1. Infecting Internet-available not-patched RDP servers (both 3389 and different ports)
2. From them – scan local networks and spread exploiting further.
3. For each new network connection – try RDP access to available subnet
Well, in this two-three step access even laptop in protected LAN with VPN access to secured server with no Internet Access became a must-be-patched machine.
So – please have time to patch not only internet-available server, but all internal network (domain clients in windows network available via RDP in default config for XP).
MS12-020 aka CVE-2012-0002 by Luigi Auriemma
2012.03.16
Well, here is the moment – at 16.03.2012 Luigi Auriemma, the researcher who discovered (or made it public) RDP RCE flaw in Microsoft Remote Desktop protocol, released the technical info.
There were few comments here and there, that strictly elite exploit for this flaw was known, but since no proof were released, lets assume this is a new threat.
According to Mr. Auriemma, bug was discovered at 16.03.2011 (!) – wow, this is example of temper. About a year with critical all-modern-platform MS bug in pocket, waiting for vendor to fix it. White Hat of the year 2011 – indeed.
Now – we can just wait for worm to come… And let’s hope it will not be like Sandworm from Duna
Patch CVE-2012-0002: Microsoft RDP Remote Code Execution Vulnerability
2012.03.14
Reported by Luigi Auriemma vulnerability in RDP till now was not widely exploited, but patch released, that mean it can be reversed. Since tomorrow,all Your Windows machines should be patched, otherwise You in trouble? List of vulnerable systems literally include all Windows machines, who can be reached via RDP, both clients and servers.
Best way – run Windows Update.
If You prefer manual patching, here is the list:
Clients:
Microsoft Windows 7 for x64-based Systems SP0
Microsoft Windows 7 for x64-based Systems SP1
Microsoft Windows 7 for 32-bit Systems SP0
Microsoft Windows 7 for 32-bit Systems SP1
Microsoft Windows XP Professional x64 Edition SP2
Microsoft Windows Vista x32 SP2
Microsoft Windows Vista x32 SP2
Servers:
Microsoft Windows Server 2003 Datacenter x64 Edition SP2
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2003 x32 Standard Edition SP2
Microsoft Windows Server 2003 Itanium SP2
Microsoft Windows Server 2008 for 32-bit Systems SP2
Microsoft Windows Server 2008 for x64s SP2
Microsoft Windows Server 2008 R2 x64 SP1
Microsoft Windows Server 2008 for x64 SP2
Microsoft Windows Server 2008 for x64 R2
Microsoft Windows Server 2008 R2 Itanium SP0
Microsoft Windows Server 2008 for Itanium SP2
Microsoft Windows Server 2008 R2 Itanium SP1
“Windows presentation foundation terminal server print w” error
2011.07.27
On Windows Server 2008 Standard Terminal Services (or as they call it -Remote Desktop Services)(both x32 & x64) some major error that caused printing problems:
“Windows presentation foundation terminal server print w”
Windows pop-up on WinXP clients, on Vista\Win7 no error at all, just – not printing. Well? What to do?
1.there is KB from MS: http://support.microsoft.com/kb/2021394
Checked – Not helped.
2. there are workarounds with replacing TsWpfWrp.exe on clients with server version
Checked – Not helped.
3. then – forums recommend reinstall server
Almost done, but not
So, solution that worked for my few servers, was partially mentioned by Jeff Pitsch in his post about EasyPrint. So, as in all previous versions of Windows – just to reinstall EasyPrint driver.. Yeah?
Guess what – no Printer Drivers console by defaults (Server Properties in older versions ) so from where to delete? Aha! Server Manager – Add Roles – Printer … Role – Next – Ok.
Now You have Printer Servers – Server Name – Drivers
Here You actually can manage installed printer drivers. Remove EasyPrint drivers and XPS drivers. Reboot. Check that drivers reappeared in list. Check You can print successfully.
Have a great day!
Pages
Calendar
| S | M | T | W | T | F | S |
|---|---|---|---|---|---|---|
| « Mar | ||||||
| 1 | 2 | 3 | 4 | |||
| 5 | 6 | 7 | 8 | 9 | 10 | 11 |
| 12 | 13 | 14 | 15 | 16 | 17 | 18 |
| 19 | 20 | 21 | 22 | 23 | 24 | 25 |
| 26 | 27 | 28 | 29 | 30 | 31 | |
