Technical

Tech Short: Modify vCenter Single Sign-On Password Policy

Warning:  I do not advocate that anyone to make modifications which extend outside of their organizations security policies. Doing so may put account security as risk.

By default, passwords associated with vSphere Single Sign-On expire every 90 days. As a user approaches this expiry point they will be reminded that their password is about to expire.

In my lab I wanted to avoid the need to change my password so frequently so I decided to extend the number of days required between password changes.

The steps below can be followed:

  1. Log in to the vSphere Web Client as a user with vCenter Single Sign-On administrator privileges
  2. Browse to Administration > Single Sign-On > Configuration
  3. Click the Policies tab and select Password Policies
  4. Click Edit
  5. Modify the “Maximum Lifetime”
  6. Click OK

Under the password policies you may take note of various options which can be modified based on your criteria or organization password policy.

Here are the password policy options:

 

Maximum lifetime:

Maximum number of days that a password can exist before the user must change it.

Restrict reuse:

Number of the user’s previous passwords that cannot be selected. For example, if a user cannot reuse any of the last six passwords, type 6.

Maximum length:

Maximum number of characters that are allowed in the password.

Minimum length:

Minimum number of characters required in the password. The minimum length must be no less than the combined minimum of alphabetic, numeric, and special character requirements.

Character requirements:

Minimum number of different character types that are required in the password. You can specify the number of each type of character, as follows:

  • Special: & # %
  • Alphabetic: A b c D
  • Uppercase: A B C
  • Lowercase: a b c
  • Numeric: 1 2 3

The minimum number of alphabetic characters must be no less than the combined uppercase and lowercase requirements.

In vSphere 6.0 and later, non-ASCII characters are supported in passwords. In earlier versions of vCenter Single Sign-On, limitations on supported characters exist.

Identical adjacent characters:

Maximum number of identical adjacent characters that are allowed in the password. The number must be greater than 0.

For example, if you enter 1, the following password is not allowed: p@$$word

 

Ref: ESXi and vCenter Server 5.1 Documentation > vSphere Security > vCenter Server Authentication and User Management > Configuring vCenter Single Sign On

Office 365: Use Content Search to delete unwanted Emails from Organization

Office 365: Use Content Search to delete unwanted Emails from Organization

As an admin you can use the Content search located under Security & Compliance to search for and delete email message from select or all mailbox in your organization.  This is particularly useful to remove high-risk emails such as:

  • Message that contains sensitive data
  • Messages that were sent in error
  • Message that contain malware or viruses
  • Phishing message

 

To start the process, we begin with creating a content search:

  1. Log into your Office 365 protection center – https://protection.office.com
  2. Click on Search & investigation, then select Content search
  3. From Content search click on the “New” Icon
  4. Enter a name for this search job
  5. Select either specific mailboxes or “all mailboxes”
  6. Select “Search all sites”, public folders are an option depending on your search criteria
  7. Click Next
  8. Enter in keywords to search of leave blank to search for all content
  9. Add Conditions – In my example I am looking for a subject (ex. Microsoft account unusual sign-in activity)

  10. Click Search

 

The search will start and results will be displayed in the right pane.

When completed you a preview the results and export to computer as a report.

Now the you have generated a search you can move to deleting the content you had searched for.

To do this we will need to connect to the Security & Compliance Center using remote PowerShell.

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session -AllowClobber -DisableNameChecking

$Host.UI.RawUI.WindowTitle = $UserCredential.UserName + ” (Office 365 Security & Compliance Center)” 

 

Once successful authenticated, and connected to the compliance center you can creation a new action to delete the items found in our previous search.

This is done by using the following example:

New-ComplianceSearchAction -SearchName “Phishing” -Purge -PurgeType SoftDelete

 

Change Screen Resolution for a Ubuntu Hyper-V Virtual Machine

Just finished installed Ubuntu as a Windows 10, Hyper-V guest.  I went to modify the video settings and noticed them to be locked in place.  After some searching; Thank you Google… Found the solution that worked for me.

Ref: Ben Armstrong’s Virtualization Blog

Steps to change screen resolution:

  1. Open Terminal
  2. Type: sudo nano /etc/default/grub
  3. Find the line starting with GRUB_CMDLINE_LINUX_DEFAULT, and add video=hyperv_fb:[the resolution you want]. The resolution I want is 1280×720. So my line ends up looking like this: GRUB_CMDLINE_LINUX_DEFAULT=”quiet splash video=hyperv_fb:1280×720″
  4. Write the changes (Ctrl X)
  5. Run: sudo update-grub
  6. Reboot the virtual machine

When you return from your restart you will have the resolution you applied in the grub config.

 

 

 

Enabling Hyper-V for use on Windows 10

You all know when it comes to virtualization I am VMware all the way.  However, it has recently to my attention that the use of VMware Player on a company issued computer may be a violation of the EULA as this type of activity would be considered commercial use of the software.

So the option is to purchase a license or use the native Virtualization built into my Windows 10.

Ref: Workstation Player FAQs

  • Here are some capabilities of Windows 10 virtualization:
  • Hot add & remove for memory and network adapters: Windows and Linux Guests
  • Windows PowerShell Direct: Issue commands inside a virtual machine from the host
  • Linux secure boot:  – Ubuntu and SUSE Linux Enterprise Server can use secure boot options
  • Hyper-V Manager: Hyper-V manager can manage computers running Hyper-V on Windows Server 2012, Windows Server 2012 R2 and Windows 8.1

 

Prerequisites

The following prerequisites are required to successfully run Hyper-V on Windows 10:

Windows 10 Pro or Enterprise 64 bit Operating System
64 bit processor with Second Level Address Translation (SLAT)
4GB system RAM at minimum
BIOS-level Hardware Virtualization support

 

Windows 10 Hyper-V Install Steps:

  1. Enable virtualization support in bios
  2. Access the Control Panel
  3. From Control Panel select Programs
  4. In Windows Features select Hyper-V
  5. After installation of Hyper-V has completed, restart computer

The installation of Hyper-V is now complete.  The next step is to setup the Virtual Switch Manager for networking and configure your first virtual machine. This is can be done by:

  1. Clicking the search icon on the task-bar and then typing Hyper-V Manager .
  2. Select Virtual Switch Manager in the Actions pane
  3. Choose External and then click on the Create Virtual Switch button
  4. Give the new Virtual Switch a name, and ensure the active NIC is selected

 

Check Point: Enable SSL Encryption for LDAP Accounts

Background:

Check Point users faced an issue when they wanted to change their expired passwords when logging into to the VPN via the SecureClient. Although they had been prompted to change password their attempts were not successful.

I did some investigation into this and discovered that SSL needs to be allowed for LDAP communication for credentials changes.
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk40735

 

Symptoms

  • SecureClient user unable to change password when it expires while authenticating through LDAP server.
  • Error seen in Log Viewer: “reason: Client Encryption: Failed to modify password, LDAP Error.”
  • Error seen on SecureClient: “Negotiation with gateway <gateway_name> at site <site_name> has failed. Failed to modify password, LDAP error.”

 

Cause

Windows AD is denying changing passwords over unencrypted channel.

 

Solution

1. Enable SSL Encryption in the LDAP Account unit. Select ‘Manage –> Servers and OPSEC Applications –> LDAP Account Unit‘.

2. Under the Servers tab, after completing General tab, select Encryption tab.

3. Select “Use Encryption (SSL)“.

4. Port will be 636.
5. Fetch the server’s fingerprint.

6. Click “ok“, to save “ok” to exit LDAP Account Unit Properties
7. Click “close” on Servers and OPSE Applications