Jak zabránit obnově smazaných dat na disku – NTFS ?

Co třeba příklad, kdy mám na počítači nebo serveru nějaká data, která nechci aby čelt někdo jiný (server bude využívat cizí admin a já zde ukládal důvěrná data). Data na serveru smažu, ale to nikomu nezabrání aby byla data obnovena. Tedy dokud neprovedu alespon jedno přepsání na disku v místě, kde byla původní data zapsána.

K tomuto nám slouží integrovaný nástroj cipher.exe .  Tento nástroj je dostupný už od Windows Serveru 2003 :\, no já o něm teda fakt nevěděl :). Na tyhle věci jsem do nedávna používal specilizovaný nástroj třetí strany 🙂 .

cipher

 

C:\Users\svobodma>cipher /?

Displays or alters the encryption of directories [files] on NTFS partitions.

CIPHER [/E | /D | /C]
[/S:directory] [/B] [/H] [pathname […]]

CIPHER /K [/ECC:256|384|521]

CIPHER /R:filename [/SMARTCARD] [/ECC:256|384|521]

CIPHER /U [/N]

CIPHER /W:directory

CIPHER /X[:efsfile] [filename]

CIPHER /Y

CIPHER /ADDUSER [/CERTHASH:hash | /CERTFILE:filename | /USER:username]
[/S:directory] [/B] [/H] [pathname […]]

CIPHER /FLUSHCACHE [/SERVER:servername]

CIPHER /REMOVEUSER /CERTHASH:hash
[/S:directory] [/B] [/H] [pathname […]]

CIPHER /REKEY [pathname […]]

/B Abort if an error is encountered. By default, CIPHER continues
executing even if errors are encountered.
/C Displays information on the encrypted file.
/D Decrypts the specified files or directories.
/E Encrypts the specified files or directories. Directories will be
marked so that files added afterward will be encrypted. The
encrypted file could become decrypted when it is modified if the
parent directory is not encrypted. It is recommended that you
encrypt the file and the parent directory.
/H Displays files with the hidden or system attributes. These files
are omitted by default.
/K Creates a new certificate and key for use with EFS. If this
option is chosen, all the other options will be ignored.

Note: By default, /K creates a certificate and key that conform
to current group policy. If ECC is specified, a self-signed
certificate will be created with the supplied key size.

/N This option only works with /U. This will prevent keys being
updated. This is used to find all the encrypted files on the
local drives.
/R Generates an EFS recovery key and certificate, then writes them
to a .PFX file (containing certificate and private key) and a
.CER file (containing only the certificate). An administrator may
add the contents of the .CER to the EFS recovery policy to create
the recovery key for users, and import the .PFX to recover
individual files. If SMARTCARD is specified, then writes the
recovery key and certificate to a smart card. A .CER file is
generated (containing only the certificate). No .PFX file is
generated.

Note: By default, /R creates an 2048-bit RSA recovery key and
certificate. If ECC is specified, it must be followed by a
key size of 256, 384, or 521.

/S Performs the specified operation on the given directory and all
files and subdirectories within it.
/U Tries to touch all the encrypted files on local drives. This will
update user’s file encryption key or recovery keys to the current
ones if they are changed. This option does not work with other
options except /N.
/W Removes data from available unused disk space on the entire
volume. If this option is chosen, all other options are ignored.
The directory specified can be anywhere in a local volume. If it
is a mount point or points to a directory in another volume, the
data on that volume will be removed.
/X Backup EFS certificate and keys into file filename. If efsfile is
provided, the current user’s certificate(s) used to encrypt the
file will be backed up. Otherwise, the user’s current EFS
certificate and keys will be backed up.
/Y Displays your current EFS certificate thumbnail on the local PC.
/ADDUSER Adds a user to the specified encrypted file(s). If CERTHASH is
provided, cipher will search for a certificate with this SHA1
hash. If CERTFILE is provided, cipher will extract the
certificate from the file. If USER is provided, cipher will
try to locate the user’s certificate in Active Directory Domain
Services.
/FLUSHCACHE
Clears the calling user’s EFS key cache on the specified server.
If servername is not provided, cipher clears the user’s key cache
on the local machine.
/REKEY Updates the specified encrypted file(s) to use the configured
EFS current key.
/REMOVEUSER
Removes a user from the specified file(s). CERTHASH must be the
SHA1 hash of the certificate to remove.

directory A directory path.
filename A filename without extensions.
pathname Specifies a pattern, file or directory.
efsfile An encrypted file path.

Used without parameters, CIPHER displays the encryption state of the
current directory and any files it contains. You may use multiple directory
names and wildcards. You must put spaces between multiple parameters.

 

Rubriky: MIcrosoft Windows (client/server) | Komentáře nejsou povolené u textu s názvem Jak zabránit obnově smazaných dat na disku – NTFS ?

Powershell – Regular Expressions „list of characters“

powershell

 

 

.

matches any character except newline

\

escape character

\w

word character [a-zA-Z_0-9]

\W

non-word character [^a-zA-Z_0-9]

\d

Digit [0-9]

\D

non-digit [^0-9]

\n

new line

\r

carriage return

\t

tabulation

\s

white space

\S

non-white space

^

beginning of a line

$

end of a line

\A

beginning of the string (multi-line match)

\Z

end of the string (multi-line match)

\b

word boundary, boundary between \w and \W

\B

not a word boundary

\<

beginning of a word

\>

end of a word

{n}

matches exaclty n times

{n,}

matches a minimum of n times

{x,y}

matches a min of x and max of y

(a|b)

‘a’ or ‘b’

*

matches 0 or more times

+

matches 1 or more times

?

matches 1 or 0 times

*?

matches 0 or more times, but as few as possible

+?

matches 1 or more times, but as few as possible

??

matches 0 or 1 time

Rubriky: Powershell | Komentáře nejsou povolené u textu s názvem Powershell – Regular Expressions „list of characters“

How automatically set DSRM password or something like that via Powershell

function set-DSRMPass {
Begin {write-host „`n“
Write-Host -ForeGroundColor Yellow „Set new DSRM password …… “ ;
}
Process {

#$ntdspasschange = ‚ntdsutil „set dsrm password“ „reset password on server null“‚
#invoke-expression $ntdspasschange

$pass = Read-Host „password“ -AsSecureString
$wshell = New-Object -ComObject wscript.shell;
$wshell.Run(„cmd.exe“)
sleep 5
$wshell.SendKeys(‚ntdsutil‘)
$wshell.SendKeys(‚{ENTER}‘)
sleep 5
$wshell.SendKeys(‚set dsrm password‘)
$wshell.SendKeys(‚{ENTER}‘)
sleep 5
$wshell.SendKeys(„reset password on server null“)
$wshell.SendKeys(‚{ENTER}‘)
$wshell.SendKeys(„$pass“)
$wshell.SendKeys(‚{ENTER}‘)
sleep 5
$wshell.SendKeys(„$pass“)
$wshell.SendKeys(‚{ENTER}‘)
$wshell.SendKeys(‚q‘)
$wshell.SendKeys(‚{ENTER}‘)
$wshell.SendKeys(‚q‘)
$wshell.SendKeys(‚{ENTER}‘)
}
#ntdsutil „set dsrm password“ „reset password on server null“ q q

}

 

 

 

 

 

Rubriky: Powershell | Komentáře nejsou povolené u textu s názvem How automatically set DSRM password or something like that via Powershell

Powershell does not show all

Perhaps you have a same problem, which I have some minute ago. It is good time to write this show article and share with you how solve this trouble.

This is our problem:

PowershellNotShowAll

 

 

Solution is this variable – $formatenumerationlimit

When we set this variable to 200 -> $formatenumerationlimit = 200 , powershell will show us more. When I set variable to $formatenumerationlimit= -1, powershell will show us all

 

🙂

 

 

Rubriky: Powershell | Komentáře nejsou povolené u textu s názvem Powershell does not show all

Active Directory on Windows Server version(DFL, FFL) – new features

 List of changes with Domain and Forest functional levels

2008 Domain functional level:

  • Multiple password policies per domain
  • User-viewable last logon information
  • Increased Kerberos encryption
  • DFS replication for SYSVOL shares

2008 R2 Domain functional level:

  • Better and more automated service account management
  • Security logs and access lists based on authentication type

2008 R2 Forest functional level:

  •  AD „recycle bin“

2012 R2 Domain functional level:

  • Restricted admin mode – Mstsc /restrictedadmin (it is not store admin passwordon remote desktop to LSA)
  • LSA Protection
  • Protected user groups
  • Authentication Polices
  • Silos (management for authentication polices)
  • COMPOUND ID
  • Kerberos Armoring

2012 R2 Forest functional level:

  • nothing

2016 domain functional level:

All default Active Directory features, all features from the Windows Server 2012R2 domain functional level, plus the following features:

  • DCs can support rolling a public key only user’s NTLM secrets.
  • DCs can support allowing network NTLM when a user is restricted to specific domain-joined devices.
  • Kerberos clients successfully authenticating with the PKInit Freshness Extension will get the fresh public key identity SID. – > https://datatracker.ietf.org/doc/rfc8070/?include_text=1
  • Temporary Group Membership : It requires to enable the Privileged Access Management Feature in Windows Server 2016 forest

For more information see ‚What’s New in Kerberos Authentication and What’s new in Credential Protection‘

2016 forest functional level:

All of the features that are available at the Windows Server 2012R2 forest functional level, and the following features, are available:

  • Privileged access management (PAM) using Microsoft Identity Manager (MIM)
  • (PAM) Groups membership expiration, (PIM)Shadow Security Principals )

 

2025  vNext forest functional level (no changes in 2019 & 2022):

All of the features that are available at the Windows Server 2016-2019-2022 forest functional level, and the following features, are available:

  • ADDS DB update – > Jet Blue extends the page size to 32K
  • New NUMA (Non-Uniform Memory Access) support benefits
  • Priority of replication partners – > Administrators now have the ability to increase the priority for specific replication partners
  • New algorithm for locating DC – >The new discovery algorithm allows DCs to be found based on NetBIOS names without relying on this outdated protocol
  • Security enhancements – RC4 is now added to the cipher list for methods that should not be used, LDAP communication now supports TLS 1.3 for LDAP over TLS. In addition, LDAP sealing is automatically enabled after SASL authentication.
  • Password change methods – > SAM-RPC method for changing passwords uses AES encryption and is accepted as the new default. SAM-RPCs will be blocked in the future. Protected Users group and for local accounts of domain computers, the SAM-RPC interface will be blocked by default.
Rubriky: Active Directory | Komentáře nejsou povolené u textu s názvem Active Directory on Windows Server version(DFL, FFL) – new features