Trusteer Rapport is an application that over 70 banks around the world have asked their customers to use to prevent Phishing and Malware attacks. I came across an issue this week where this application would cause the computer to Blue Screen of Death every time the user attempted to go to his Online Banking.
This is obviously not what it is intended to do.
Chatting to their tech support (very efficient), it came out that it is a known problem caused by a conflict between Rapport's protection mechanism against "Kernel Keylogging" and the computer's mouse driver configuration.
They say it should be fixed in an upcoming version, but if you have this issue, here is a work-around:
1) Open Rapport's Console (Start > Programs > Trusteer Rapport > Rapport Console)
2) Click on the arrow icon to move to page 2
3) Click on "Edit Policy" in the "Security Policy" widget
4) Type the required characters
5) Locate "Block Kernel Keylogging (PS/2)" and choose "Never" in the drop-down list next to it
6) Locate "Block Kernel Keylogging (USB)" and choose "Never" in the drop-down list next to it
7) Click on "Save"
8) Restart your PC and see if the problem still occurs
NinjaTek
Thursday, November 25, 2010
Monday, November 22, 2010
Proxy Autodetection using a PAC file and WPAD
This is a really great and really easy feature to implement on your network. It basically means that you never need to manually enter the details for your proxy server in your internet browser…It will pick it up automatically…how cool is that?!
OK, so here’s the gameplan:
1) Create a PAC (Proxy Automatic Configuration) file
2) Publish your PAC file
3) Enable Autodetection using WPAD (Web Proxy Autodiscovery Protocol)
a. DHCP – preferred for IE
b. DNS – required for other browsers (eg Firefox)
4) Use Group Policy to Enable Automatically Detect Settings option in IE
1 - Creating a PAC file
PAC files contain JavaScript code used to define where to find a proxy server under certain conditions. I’m not going to get into the advanced functions of PAC files, as there are plenty of great resources on the web already (see end of post)
Here is a basic PAC file for a single address range network with no special conditions. All you need to do is change the BOLD to your network’s details. We want to be able to configure WPAD through DNS as well as DHCP, so we will need this file to be called wpad.dat (lowercase) – The DNS method requires this naming format.
Copy this into notepad and save it as: wpad.dat
function FindProxyForURL(url, host)
{
if (isPlainHostName(host))
{
return "DIRECT";
}
if (isInNet(host, "192.168.0.0", "255.255.255.0"))
{
return "DIRECT";
}
if (isInNet(myIpAddress(), "192.168.0.0", "255.255.255.0"))
{
return "PROXY 192.168.0.1:8080";
}
}
In the above example:
The IP range is: 192.168.0.0
Subnet Mask is: 255.255.255.0
Proxy Server IP is: 192.168.0.1
Proxy Server Port is: 8080
You can test your PAC file by entering it manually into Internet Explorer:
Tools -> Internet Options -> Connection -> LAN Settings -> Use Automatic configuration script
Address: file://C:\wpad.dat (With the wpad.dat file located on the C: root)
2 – Publishing the PAC file
We will publish our PAC file using IIS. If you don’t have IIS running yet, pause reading now while you quickly add it.
Ready?
Great…
If you are using IIS 6:
· Right Click on the domain name and click Properties
· On the HTTP Headers tab click MIME Types
· Click New
Extension: .dat
MIME Type: application/x-ns-proxy-autoconfig
Extension: .dat
MIME Type: application/x-ns-proxy-autoconfig
· Click OK.
If you are using IIS 7:
· Click on the Server
· On the right hand side double click MIME Types
· On the Right hand Pane click Add…
Extension: .dat
MIME Type: application/x-ns-proxy-autoconfig
Extension: .dat
MIME Type: application/x-ns-proxy-autoconfig
· Click OK.
Copy the wpad.dat file to the C:\inetpub\wwwroot\ directory of the IIS server.
3a – Enabling Autodetection using DHCP
· Open the DHCP console
· Server 2003: Right Click the server's name
· Server 2008: Right Click on IPv4
· Click Set Predefined Options…
· Right Click on IPv4 and click Set Predefined Options…
· Click Add…
Name: WPAD
Data type: String
Code: 252
Name: WPAD
Data type: String
Code: 252
· In the String Value box, type the URL of the PAC file (eg: http://192.168.0.1/wpad.dat)
· Right click Server Options and click Configure Options
· Confirm that 252 – WPAD is ticked and contains the correct URL.
· Right Click Scope Options and click Configure Options
· Scroll Down and tick 252 – WPAD
· Click OK
3b – Enabling Autodetection using DNS
· Open the DNS console
· Right click the appropriate Forward Lookup Zone and click New Host (A)
· In Name type: wpad
· Enter the IP address of the IIS server
NOTE: WPAD in Server 2008 DNS server Global Query Block List
If you are using Server 2008 you may not be able to ping WPAD once you have added the Host Record. This is because it is blocked by a new security measure called DNS server global query block list. Please be aware of the reasons for this list before you remove wpad from it. Microsoft has an in depth document on the subject (See Source below).
To remove WPAD from the Global Query Block List, remove it from the following registry value:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DNS\Parameters\GlobalQueryBlockList
Source: Google Search: DNS_Server_Global_ Query_Block List.doc
4 - Use Group Policy to Enable Automatically Detect Settings option in IE
Now that we are this far it should be working great…As long as the Automatically Detect Settings option is ticked in the client’s Internet Explorer. Here’s how to make that the default option for everyone in the domain using Group Policy:
· Open Group Policy Management
· Right Click on the Default Domain Policy and click Edit (or create a new GPO)
· Go to the following: User Configuration\Policies\Windows Settings\Internet Explorer Maintenance\Connections
· Open the Automatic Browser Configuration setting
· Select Automatically detect configuration settings
· Click OK
And that’s it…If all went well you won’t have to manually enter proxy settings in IE again. Below are some sites that explain how to use all the advanced settings of a PAC file.
Thursday, November 18, 2010
WebMarshal: Allowing Windows 7 and Office 2010 to Activate
If you use M86 Security's WebMarshal as a proxy on your network, then you might have noticed that you are unable to activate any new Microsoft products (Windows 7 or Office 2010) over the internet. Microsoft's first method is to use the phone to activate...Fair enough, but if you ever need to roll out any more than 2 products this option would get rather annoying...
You'll just need to add some Microsoft sites to the WebMarshal Content Filter Bypass list to allow activation over the internet.
Sources:
http://support.microsoft.com/kb/921471
http://www.m86security.com/kb/article.aspx?id=10454
You'll just need to add some Microsoft sites to the WebMarshal Content Filter Bypass list to allow activation over the internet.
1) Go to the WebMarshal Console-> Tools -> Proxy Server Wizard...
2) Click through the wizard till you get to Proxy Content Filter Bypass (Advanced)
3) Add the following entries:
- http://go.microsoft.com/
- https://sls.microsoft.com/
- https://sls.microsoft.com:443
- http://crl.microsoft.com/pki/crl/products/MicrosoftRootAuthority.crl
- http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
- http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureCommunications.crl
- http://crl.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
- http://www.microsoft.com/pki/crl/products/MicrosoftProductSecureServer.crl
- https://activation.sls.microsoft.com
4) Click through the rest of the wizard and finish.
5) Commit changes and test activations.
6) Be amazed that you didn't have to chat to Microsoft Susie...or whatever her name is...
Sources:
http://support.microsoft.com/kb/921471
http://www.m86security.com/kb/article.aspx?id=10454
Tuesday, November 16, 2010
SMTP Server Status Codes and SMTP Error Codes
Ever wonder what an error 510 is? or 5.2.3? Here's a nice summary of pretty much any SMTP errors you may come across...
SMTP Error Codes
Thanks to the guys from www.answersthatwork.com for this great guide!
SMTP Error Codes
Thanks to the guys from www.answersthatwork.com for this great guide!
Monday, November 15, 2010
Outlook keeps asking for username and password (SBS2008)
This seemed quite a common issue a little while ago and I'm sure a Windows Update caused the problem. It is very annoying for users, as they are bombarded with logon credential boxes while trying to use Outlook. Even though they put in the correct credentials, the box keeps requesting them.
Fortunately it's a quick one to fix:
Go to IIS Manager -> Sites -> SBS Web Applications
Select Autodiscover
Open SSL Settings
Under Client Certificates select Accept
Click Apply
Restart the World Wide Web Publishing Service
If this does not resolve the problem, do the same process for the following:
With this fixed, the users can go back to happily sending out chain letters or whatever it is end-users do these days :-/
Fortunately it's a quick one to fix:
Go to IIS Manager -> Sites -> SBS Web Applications
Select Autodiscover
Open SSL Settings
Under Client Certificates select Accept
Click Apply
Restart the World Wide Web Publishing Service
If this does not resolve the problem, do the same process for the following:
- OAB
- owa
- Rpc
- RpcWithCert
With this fixed, the users can go back to happily sending out chain letters or whatever it is end-users do these days :-/
Exchange 2010 Read Receipts in UTC Time
We've had this issue with a few clients with Exchange 2010 where Read Receipts are returned in the UTC time-zone (GMT) instead of your Exchange server's time-zone as in previous versions of Exchange.
"Your message was read on Tuesday, November 09, 2010 10:02:00 AM UTC."
Microsoft say that this is by design because "the sending server doesn't know which time zone you're in", so it defaults to UTC. There is currently no way to change this, but there are rumours that it is scheduled to be changed in Exchange 2010 Update Rollup 5 (ETA=?)
Currently, the only option for now is to teach your users how to work out your time-zone from UTC...
GOOD LUCK!
"Your message was read on Tuesday, November 09, 2010 10:02:00 AM UTC."
Microsoft say that this is by design because "the sending server doesn't know which time zone you're in", so it defaults to UTC. There is currently no way to change this, but there are rumours that it is scheduled to be changed in Exchange 2010 Update Rollup 5 (ETA=?)
Currently, the only option for now is to teach your users how to work out your time-zone from UTC...
GOOD LUCK!
Sunday, November 14, 2010
Welcome to Ninjatek777
Hi! Welcome to my new blog. I am a full time IT consultant dealing with Microsoft technology and small to medium businesses. My plan here is to share some knowledge to fellow IT Ninja's as I come across an issue. Yes, I am a Ninja, and yes I know where you live...but don't worry, I won't flip out and kill you...
Subscribe to:
Posts (Atom)