Simple: Install Linux! Okay, that might sound too blunt, Tomas, but it’s true: The last bare-metal Windows installation in the household, my dedicated “gaming machine”, has recently been reinstalled with GNU/Linux Debian. Microsoft’s passive-aggressive Windows 10 EOL threat doesn’t work on me, or at least not in intended way. I was surprised to find out that Steam games not only just run but also have a approx 10–15% speed bump. And that’s on my old nVidia 1070. Impressive! Read more

Not only since my seven security tips1 have I been getting questions about why I prefer to keep Windows and an Active Directory2 offline. That may sound inflexible, and in an era of AI-generated cybersecurity slop3 I may look like an outsider. So in today’s blog post I provide more context, explain the technical background, and lay out how ransomware works. Finally, I show how an AD operated offline can still be used with the internet and email as usual. Read more

It was the early 2000s and I was sitting there with a massive brick from Microsoft Press.1 The proud price back then: 129 Deutsche Mark. I flipped through it and felt a déjà vu: I knew these pages! Not in terms of content, but the layout, the structure, the examples, even the icons in the side notes: These were the lost manuals of the 1990s! Okay, for the younger generation, I’ll have to explain: Once software used to come in boxes. Big ones with printed books inside. At first, thick ring binders. Later, massive volumes printed on thin and razor-sharp bible-like paper. Overnight, these vanished. First to CD-ROMs, then into the still young internet. Read more

If you have an own PKI in your AD, you may stop reading and move on. Nothing to see here. My gut however tell me, many mid-sized companies don’t have one and are at the mercy of Alex Neff’s Python script.1 Wsuks2 positions itself as man-in-the-middle between a Windows Update Server (WSUS) and the various servers/clients. It spoofs the WSUS IP in the ARP table. Upon contact (default: every 24 hours), a psexec64.exe along with a PowerShell script is distributed to the machines and executed, including elevation to Administrator. The payload can be adjusted arbitrarily. Read more

Security through obscurity1 is not working. This is not an allegation, it is a proven fact. Today’s proof has a particularly large impact on worldwide Microsoft Windows installations. The Windows Security Centre (WSC) API2 has been made to accept any program as an anti-virus solution. The WSC works as follows: If a manufacturer of an AV security solution wants to install his snakeoil, he/she first has to be able to switch off the anti-tempering mechanisms so that it is not identified as malware. Hence the extremely strict non-disclosure of this API until now. Read more

Today, shortly before weekend, I felt that pain again when seeing a PowerShell script. Somebody has literally raped the System.IO.DirectoryInfo across several pages and eternalised himself beyond anything related to aesthetics, technology or rationality. The aim of the script was to zip all the subdirectories of given folder one by one and push them to another drive with an ISO 8601-compliant timestamp prefix. To ease the pain, here’s my decades-old snippet. Literally just in three lines. For better customisation, only the variables are separated: Read more

Crashed services of a business software are inconvenient. If they occur more than once, it becomes annoying. If there is also a software supplier who is unwilling or unable to solve the problem, it gets complicated. A quick and pragmatic solution was needed shortly before the Easter holidays. If only there was not another obstacle in the way: It is all about Windows services. No progress with on-board resources Usually, modern operating systems provide an administrator with the necessary tools to control services. In Windows, it is the graphical snap-in services.msc in the Microsoft Management Console1, which has barely changed since NT4 Option Pack. You can set the start modes and up to three error handling modes: Read more

Even measured by Microsoft’s own standards, the half-life of promises is astonishing. Since 2015 it has been said that Windows no longer follows the classic licensing and version scheme. Windows 10 is the “last Windows”1. Six years later, everything has changed. That roughly corresponds to the lifespan of a PC office desktop. Compared to the much longer product cycles in SMEs, e.g. enterprise resource planning software, Microsoft appears erratic and unpredictable in its actions. Why bother with it, when you can’t trust their promises obviously? Read more

Feedbacks to my recently written blog “Working in Homeoffice Part I”: No Tomas, you can’t say you believe Windows is broken by design, bashing everybody up in the face. or: It’s not that simple getting privileges on windows computers. Well, how to put it right? Perhaps by explaining how easy and quickly you can become an administrator on Windows 7 or Windows 2008R2 server? Without knowledge of any login data at all? Read more