How to Remove Failed DCs from Active Directory Domain in Windows Server 2016

When you promote the server to domain controller and failed, you are still left with its metadata inside Active Directory Domain. Because of this, you may face some of the following issues: 

When you again promote the same server with same NetBIOS name, you will fail because of the same objects reside in active directory

You won’t be able to promote a new server to domain controller because of replication issues and failure of FSMO role owners.

It is advised to clean the AD metadata whenever you fail in promoting DCs. This article can help you with this. 

Open PowerShell with elevated privileges and execute the following commands in sequence.

Step 1. Type ntdsutil and hit enter from keyboard

Step 2. Type metadata cleanup and hit enter from keyboard

Step 3. Type connections and hit enter from keyboard

Step 4. Type connect to server <NetBIOS or DNS name of any domain controller of the domain you would like to delete failed DC from>

Step 5. Type q and hit enter from keyboard

Step 6. Type select operation target and hit enter from keyboard

 Step 7. Type list domains and hit enter from keyboard

Step 8. Type select domain <Domain number in which failed DC is located> and hit enter from keyboard

 Step 9. Type list sites and hit enter from keyboard

Step 10. Type select site <Site number in which failed DC lies > and hit enter from keyboard

 Step 11. Type list servers in site and hit enter from keyboard

 Step 12. Type select server <Server number of failed DC you want to remove> and hit enter from keyboard

 Step 13. Type q and hit enter from keyboard

Step 14. Type remove selected server and hit enter 

Step 15. Ignore the warning and click YES

At point this point the DC should have been removed. Repeat from step 6 if you would like to remove more failed DCs.

The “HawkEye” attack by cyber criminals

Even if you’ve heard of it before, it’s still worth reminding yourself how the scam works, which is something like this:

1. Buy booby-trapped documents that use the Microsoft Word Intruder (MWI) exploit tool. If opened on an unpatched version of Windows, these documents automatically install chosen malware on the victim’s computer, with no user clicks required.

2. Buy a commercially-available keylogger and configure the booby-trapped files to download and install it. (This case used the now-defunct Hawkeye keylogger.)

3. Pick a broad industry sector, e.g. leather and leather products.

4. Send a small number of scam emails (typically a few thousand in total) pretending to be quotation requests or payment information, each containing a booby-trapped MWI document.

5. Infect victims with the keylogger and wait until they type in their email passwords.

6. Use the stolen email passwords to watch their inboxes, until you see that a customer has been invoiced and is about to pay.

7. Email the customer from the hijacked account, instructing the customer to use a new account number for future payments.

8. Take the money yourself and quickly move it where it can’t easily be found or recovered.

Just one or two criminals, working unaided, and with enough patience to go after a small number of high-value victims, could easily operate a scam of this sort.

What to do?

1. Patch promptly. The booby-trapped documents in this attack relied on a security hole that had been patched years before.

2. Keep your security software up-to-date. A good anti-virus can block attacks like this at several points, and you win if you can stop any one of them, starting with the original inbound email.

3. Beware of unsolicited attachments. This can be hard if your job is business development and the email is a Request For Quotation, but avoid opening just any old document.

4. Consider using a stripped-down document viewer. Microsoft’s own Word Viewer, for example, is usually much less vulnerable than Word itelf because it’s much simpler. (It doesn’t support macros, either, which protects against Locky-type attacks, too.)

5. If your email software supports it, use 2FA. That’s short for two-factor authentication, those one-time codes that come up on your phone on a special security token. With 2FA, just stealing your email password isn’t enough on its own.

6. Have a two-person process for important transactions. Paying large invoices and changing remittance advice shouldn’t be too easy. Require separate approval from a supervisor, so you always get a second opinion when large sums are at stake.

Tip to make your home safer on Data Privacy Day

Most software and hardware comes with default settings, such as SSID (security set identifier), passwords, to enable you run and operate them easily.Unfortunately what you gain in ease of use, you can lose in security.

The best default passwords are unique to each individual device, but even those may have been written or stored somewhere by the manufacturer – which means your password has been outside of your control and shared passwords can’t ever be considered secret.

Worse than that are unique passwords generated by a predictable algorithm, such as the TP-LINK router that can be cracked with 70 guesses, because any kind of pattern or predictability in a password gives attackers exactly the kind of leg up they’re looking for.

In the worst (but not uncommon) case, every copy of a device or download will arrive with the same default password, or even a backdoor.

Default passwords turn up in everything, from sophisticated databases and VoIP systems to a simple home Wi-Fi routers. And the crooks know it.

Manufacturers are relying on you to change the defaults. If you don’t then you’re leaving the key in the door for hackers because they don’t have to crack your password, they can just look it up.

There are now so many devices connected to the internet with either widely known default passwords or no passwords at all that there are entire search engines devoted to them, like Shodan, an IoT search engine that doesn’t just find your insecure cameras, it takes photos with them too.

And it isn’t just your routers or IoT devices – it’s the software running on desktops, laptops and servers too. Anything that allows a connection in to your computer such as Remote Desktop or VNC is a potential target.

So this Data Privacy Day, why not go home and ask yourself – what, exactly, is connected to my home network and what is accessible from the outside world either physically, via Wi-Fi or over the internet; a router? a printer? a computer running RDP (remote desktop)? cameras? 

For each of those things, apply the guideline; don’t do defaults.

Make sure that you understand how to set the password on each device or piece of software and be sure that it isn’t using the one it arrived with. If you’re not sure, just change it to something strong and unique, and if you can’t change it or worse yet set one at all… turn it off and take it back to the store.

Internet Explorer 11 – now the only way to go

 

A week ago, we informed you concerning the impending end of older version of internet explorer. Our our main concern is that about 10% of users in the world appear to be running windows xp which has not been patched to protect against security vulnerabilities since early 2014. 

And also most user of window 7 might have the same mindset and resist upgrading to internet explorer 11 on the grounds that the old one is still effective, so why risk changing anything.

The challenge for desktop windows users is that IE cumulative update that was published by Microsoft on Tuesday 12 January 2016 (MS16-001) is the last ever update for Windows 7 that will patch IE 8, 9 and 10.

Those versions, plus IE 7, are still supported on some legacy server and embedded platforms, and will therefore continue to get updates on those platforms.

But desktop users who insist on sticking with older versions of IE will, loosely speaking, have a browser that contains zero-days for ever.

There won’t be any patches unless you are on IE 11, and that means any security holes in earlier versions of IE that become known to cybercrooks will be exploitable for ever.  there probably will be – hacks published that let you scrape IE updates from the Windows versions where older IEs are still supported, such as latest builds of Windows Server 2008 R2.

If you have legacy web apps that still won’t work on the latest Internet Explorer – and IE 11 has already been around for six months longer than XP has been retired – then please don’t blame Microsoft.

Blame the web app vendor, especially if they’re still charging you licensing fees for software that hasn’t kept up with security improvements in the web world.

Internet Explorer 8, 9 and 10 to reach 'end of life' next Tuesday

If you intend to keep using internet explorer for ever, you need to stop using the version you now have and upgrade to the latest internet explorer 11.

the specification for desktop version include the following:

Version of windows: Official internet version are:

windows 7 internet explorer 8,9,10,11

windows 8.1 internet explorer 11

windows 10 internet explorer 11

Therefore, make sure you determine exactly which version of internet explorer you've got and we also suggest that you verify to make sure rather than choosing what you you consider might be the better choice. And you need to ask yourself a question.

Are you aware of when you version of IE will receive it's security update?

if you are already on using the IE version 11, i must say you are already on a safe side.

However if you are already on windows 7 and haven't updated to the latest internet explorer 11, then by Tuesday 12 January 2016, you will stop receiving  security updates and fixes from Microsoft.

if you consider doing absolutely nothing, then any security vulnerability that arise on the your existing internet explorer version will not be patched and will never be patched. 

Therefore, after January 12 2016, if you haven't updated to the IE version 11, your windows 7 computer will start issuing “End of Life notifications“