Security in the Enterprise on Microsoft Virtual Academy (MVA) course

There is a new course on Microsoft Virtual Academy (MVA) to talk about security. Security in the Enterprise is hold by Simon May, Infrastructure Technical Evangelist, and Erdal Ozkaya, Microsoft MVP in Windows IT Pro. It a entry level MVA course to let you understand the concept and get some tips to protect your enterprise. It's worth watching it.

This posting is provided “AS IS” with no warranties, and confers no rights!

Check the credential of mapped network drive by WMI

Assuming that you'd like to know the user name of mapped network drive. The easy way to find the user name by performing wmic on Command Prompt or PowerShell.

wmic netuse where localname="<Drive letter name>" get UserName /value

You don't need to provide administrator's credential to perform this command.

To check the user name by PowerShell, we can perform the following cmdlets.

Get-WmiObject -Class Win32_NetworkConnection | Select UserName

For PowerShell 3.0 or later, we can perform Get-CimInstance -ClassName Win32_NetworkConnection | Select UserName

By the way, there is a useful tool named WMI Explorer. It's easy for us to find the WMI class.

This posting is provided “AS IS” with no warranties, and confers no rights!

Check local and domain user accounts status

To check a local user account status, administrators can perform "net user <user name>" in a Command Prompt to check it.

For domain user account, perform "net user <user name> /domain" in a Command Prompt.

It also displayed the Last logon" time, "Password expires" and etc.

More information

How to Use the Net User Command

This posting is provided “AS IS” with no warranties, and confers no rights!

Windows workstations or Windows Servers failed to open a share folder which is provided by network attached storage (NAS)

Symptom
When a workstation connects to a share folder which is provided by network attached storage (NAS), the workstation is pop-up the error message.

\\<Server Name> is not accessible. You might not have permission to use this network resource. Contact the administrator of this server to find out if you have access permissions.

The account is not authorized to log in from this station.

Cause
The workstation was enabled "Microsoft network client: Digitally sign communications (always)" setting on Local Computer Policy or Domain Policy which is located at "Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options". However, the network attached storage doesn't support or enable this function.

Resolution
By default, "Microsoft network client: Digitally sign communications (always)" is disabled on standalone workstations, domain workstations and domain member servers. If this setting is enabled, SMB client requires SMB servers to use SMB Message Signing. If network attached storage don't support or enable SMB Message Signing, Windows which are enables the setting reject this SMB connection. Some companies follow a Windows security hardening guide to enable this option by Group Policy.

1. Enabling SMB Message Signing on network attached storage
If network attached storage support SMB Message Signing, enable this setting on network attached storage.

2. Change "Microsoft network client: Digitally sign communications (always)" setting to Disabled
If this setting isn't broken your Windows security hardening of your company, disable it as the following path.

Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options > Microsoft network client: Digitally sign communications (always) - Disabled

After updating the setting, administrators have to reboot the server.

More information
The Basics of SMB Signing (covering both SMB1 and SMB2)

How to Shoot Yourself in the Foot with Security, Part 1

This posting is provided “AS IS” with no warranties, and confers no rights!