A Few Words on Keeping your Passwords Safe

How do you store your system password—as a sticker on your monitor? Or do you have the habit of keeping your Google or Facebook password as a sticky note on your desktop? If yes, and your password is still safe, you are very lucky.

When you keep your passwords on desktops or at easily accessible places, there are chances that somebody use them to access your work computer, email, social networking, or even internet banking accounts. Hackers are on run everywhere. They operate from close range or form remote, and steal your passwords to access your personal or even more valuable information. It is the time to be more careful about passwords—the secure keys to your digital worlds.


How hackers steal your passwords?

Nobody can predict how minds with criminal intentions operate. But the general ways of stealing passwords are:

  • Trying dictionary-based attacks. Do you open your dictionary to find a password? Beware! There are software programs that can enter all the dictionary words in to the password field one after the other to find the actual one. The program performs so quickly that all the dictionary words will be tried in a few seconds.
  • Brute-force cracking. Many people use random keyword combinations with no meaning as passwords. But what if a program can try all the possible keyword combinations in the password field? Such attacks have been found to be very successful in cracking small passwords.
  • Trying dictionary words with substituted characters. Do you think it is safer to use ‘Pa$$w0rd’ or ‘p@ssw0rd’ as your password? Can a password be safer just because of replacing ‘l’ with ‘1’, ‘e’ with ‘3’, and ‘o’ with ‘0’? In no way, it is safer. Password cracker tools are intelligent enough to try the most commonly used character replacements.
  • Phishing. In phishing, hackers try to fool users through emails that appear to be from an original source. These emails urge users for immediate action and lead them to fake websites that appear like the original ones. Information entered on these sites are captured by the hackers.
  • Spying from behind. It is nothing but stealing your passwords by spying on your computer activities. People lurking around you can note your passwords as you enter them on your laptops, mobiles, etc.
  • Intelligent guessing based on personal information. People as well as some programs can guess passwords from personal information that is available to them. Mainly they get information from online profiles on various sites. They try to guess passwords based on this information and succeed in many occasions.

How web services protect your passwords?

Web services are very cautious about password stealing attempts. Some of the precautionary measures taken by them to avoid password cracking are:

  • Minimum complexity requirements for passwords. Email services and other services mandates passwords to meet minimum complexity requirements. They make it mandatory to have a minimum length, and a minimum number of special characters and numbers in it. Also, many of them rate the strength of the password and inform the user of it.
  • Multi-factor authentication. In this, for successful login you need to have at least two devices. After providing your regular password, you will have to authenticate through a second device, usually a mobile phone. A commonly used method is to send a one-time password (OTP) to the mobile phone. This OTP provides additional security to your login. However, more advanced options for this step are available now. Also, some services allow you the flexibility of creating your own list of one-time-passwords in advance.
  • Security questions. Web services provide an additional layer of security through security questions. When the user configures the web service account for the first time, he will be choosing a few questions and providing answers for them. Later, when authentication is required, he has to provide the same answers for these questions.
  • Account locking after repeated unsuccessful attempts. Most of the web services lock the account temporarily after you try to login three or more times unsuccessfully. It ensures that no one can use the trial and error method for finding the password. One can succeed only if he is damn sure about the password.

How to protect your passwords

In order to protect your passwords, you should create strong passwords. Also, you have to use them very carefully.

  1. Create strong passwords
  2. Use passwords carefully

Creating strong passwords

Weak passwords are vulnerable. You need to create strong passwords. Here are the Dos and Don’ts of creating strong passwords:


  • Keep it long
  • Long passwords are difficult to crack. So make them have at least eight characters.
  • Make it complex
  • Make passwords complex so that it is difficult to guess them or find them by trial. Mix alphabets and numerals, use small letters and capital letters, and use one or more special characters in them.
  • Make it easy to remember.
  • When passwords are easy-to-remember, they need not be saved or written somewhere. So they are safer.
  • Make it from a phrase or sentence


    • ‘You are Welcome to New York’ is an easy sentence to remember. By taking the first letters of each word you will get ‘YaWtNY’. Now you can make it long and complex by adding numbers, special characters, small letters etc. You can try similar methods yourself.
    • Don’t take a word out of dictionary
    • Don’t use dictionary words or a common word as password as they are prone to dictionary-based attacks.
    • Don’t follow common patterns
    • When you follow commonly used patterns, one can guess it easily. So never try common patterns for your passwords.
    • Don’t use words related to you
    • If you use some personal information like name, DOB etc., somebody will be able to guess it. So never use personal information as password.
    • Don’t use commonly used passwords or easy keyword combinations
    • Words like password, qwerty, 123456 are widely used as passwords. Almost all easy character combinations possible on a computer keyboard can be tried using software programs. So don’t try ‘aaaaaaa,’ ‘aaaaaab’ etc. as passwords.

How to be careful while using passwords?

Here are some tips for using passwords safely:

  • Use different passwords for different sites. Don’t use the same password for all your accounts. Make it different for Facebook, Twitter, LinkedIn, Google, and so on.
  • Don’t save passwords on browsers/websites. Don’t use the password saving feature of browsers or ‘remember password’ option provided by websites. Configure web browser settings according and uncheck password remember option on provided by web services. To be on the safer side, always clear the history after using the internet (especially if you are using public computers).
  • Don’t store passwords on easily accessible places. Don’t place your passwords on monitors, desktops, or on places near your computer table. If you write them, keep them away from computers. Make passwords easy to remember so that it is not necessary to write them down.
  • Change default passwords. Don’t use default or system generated passwords. Change them in the first login itself.
  • Don’t share passwords with anybody. The best advice is not to share your passwords with anybody. Even if you share, change it immediately after the requirement is over.
  • Provide fictional answers to security questions. If you provide real answers to security questions, somebody can find them and use them. But when you give fictional answers, only you know them. But be sure that you remember them.
  • Don’t respond to suspicious emails and messages. Don’t respond to suspicious emails and messages; don’t follow links on them.
  • Try to minimize the information you provide online. Don’t provide all your personal information on social networking sites and other online services. Provide personal information only on trusted and reliable websites.
  • Don’t give the access of physical devices to strangers. It is elementary –don’t let strangers and unreliable people use your systems and mobiles.


Password safety is a matter of concern for all computer users. Experts suggest various methods to make your passwords stronger and to use them securely. These methods are formulated after studying various strategies followed by password crackers. You can keep your passwords safer simply by following these simple guidelines.

Author Bio:

Satyendra Tiwari is associated with Lepide Software as a Manager – Product Marketing Operations.



LepideAuditor Suite

The Enterprise IT “Swiss army knife”

I’ve recently had the chance to work with the newest version for LepideAuditor Suite which is a comprehensive tool that does more than the name states (auditing). Of course out of all the targeted products I chose to focus on Active Directory, Group Policy and Exchange 2013.


I am not going to go over the installation part because it’s pretty straight forward and Lepide already covers well all the installation steps involved.

Active Directory Auditing

The LepideAuditor for Active Directory comes with a built in Active Directory Health Monitor Dashboard view and integrated Backup and Restore solution. So this is something I really like; having not only audit information but also a view of the overall health and performance history of the AD environment and also the possibility to quickly restore from backup anything related to Active Directory. That is nice!

The first dashboard that opens up shows an overview of the changes in your environment at a glance.


In order to audit logon/logoff events in your environments there are some preliminary steps to configure. For this you can follow the steps described in this article which covers everything very well:


Once you have logon auditing enabled you can see for example when a User has logged on, from where and the type of logon that was performed. See below an example:


Another useful audit report is the Failed Logon report. Here you can see not only the number of failed logon attempts but also the reason why it failed. For Auditors this is the kind of information they are interested in. Below you can see an example:


You can check the uses that were created during a specified period of time. You can see an example below.


One of my favorites when tracking down a “resource access” issue or a “did not receive some email” issue is to see when Group membership was modified. For me this is very useful and I am sure that for some of you as well.


You can even monitor DNS changes and track down what happened to each individual DNS record.


Above you can see the typical STS record created for ADFS. And that is not all;


You can even see tombstoned DNS records! I remember having to remove some lingering objects related to tombstoned DNS records. This tool would have been really useful back then.

GPO Auditing

Looking into the GPO monitoring capabilities and available reports I must say I was impressed with the amount of built in Audit Reports. In a large environment with hundreds of Group Policy Objects where multiple Domain Admins (or delegated GPO admins) manage the settings, it can get hard to keep track of who changed what and when. So a good GPO auditing tool is more than welcomed in this case.

The Lepide GPO Auditor comes with the built in backup feature which can be extremely useful for restoring previous working GPOs to their initial state. By default the backup interval for GPOs is every 1 hour. If your environment doesn’t have a large number of GPOs or a lot of ‘hands’ working with them you can set this interval to something like every 8 hours.


In the restore tab you will be able to restore for example a deleted GPO which is pretty cool and fast.





This will restore the previously backed-up GPO with all settings as expected.


Above is a screenshot with all the available built in audit reports that make auditing GPOs really easy even for someone without a lot of Group Policy management experience.

You can easily setup alerts or scheduled reports whenever an event is recorded.


I like the Set Alert option as it allows to keep track of important GPO changes like the Default Domain Controllers Policy or the Default Domain Policy.

I did a lot of tests with the GPO monitoring part and I have to say that you cannot get any more detailed in terms of Auditing GPOs. I replicated a simple but common issue related to GPOs, when for example someone deletes a GPO link. By doing this, the GPO is not removed but the settings will no longer apply. If you use a complex OU structure and don’t link GPOs to the Domain Root and filter using groups, it can be hard to detect when this has happened.

LepideAuditor-Marius-Ene-16 Sure enough, the change is picked up quite quickly.


Another common one, when the GPO link is disabled (not removed).


Again the change is picked up fast.


I’ve also scheduled a report that sends periodically related to GPO Link changes. This works great as you can see below:


I am not sure about you but for me this is really helpful. Along with the integrated backup/restore feature for the GPOs I believe this is an invaluable tool to have.

Exchange Auditing

Exchange server is the typical enterprise email solution for many companies and sometimes evaluating the health or monitoring the changes can be a difficult task without a specialized software. LepideAuditor for Exchange Server covers all these tasks and more.

When looking at the built in available audit reports you can instantly appreciate the usefulness of this tool.


Keep in mind that these are only the built in ones, you can easily create custom reports and alerts that meet your needs.

You can see for example when a send or receive connector was modified,


You can see when mailbox permissions were modified, database changes were performed, as you can see below



I did a simple test; we get mailbox and grant Full Access permissions to another user. Below are the default permissions.


And we see the change being picked up by Lepide. That is nice!


You can easily schedule an Alert based on this object change which would allow you to be informed in almost real time of the change.

I am not going to continue with all the options and possibilities that this tool can bring to the table, if I had to do that we would need a series of blog posts to show everything.

The conclusion

The LepideAuditor Suite is an invaluable toolset for any System Admin that wants full visibility into his environment in terms of auditing, server health monitoring, alerting, and backup history with fast restore capabilities. LepideAuditor Suite manages to put all these features under a single pane of glass.


You can download your trial version here:


More information about LepideAuditor Suite here:



Editarea grupurilor SCOM in XML


Cateodata avem nevoie sa cream anumite view-uri care sa contina informatiile necesare pentru clienti. Se pare ca cei de la Microsoft s-au grabit putin cand au scos management pack-ul pentru Hyper-V 2012. Acest MP nu contine un grup cu obiectele de tip Windows Computers asa cum au majoritatea MP-urilor.

Din acest motiv va trebui sa cream un grup nou editand direct XML-ul fiindca editorul din GUI nu ne este util in acest caz.

Primul lucru pe care trebuie sa il facem este sa cream un grup nou si sa il salvam intr-un management pack.

Hyper-V Computers Group

Exportam MP-ul fie din Consola fie din powershell.

Cautam grupul creat dupa Display Name. Vom gasi numele in tagul de DisplayStrings.

Verificam ca avem referintele necesare pentru Windows Computer si Hyper-V Role, daca nu, le copiem din alt MP.


Luam ID-ul pentru Discovery si cautam din nou. Asa va arata un Grup gol in XML.

Default XML

Vom face cateva modificari acestui grup pentru a contine instantele care ne intereseaza. Inlocuim clasa default: <MonitoringClass>$MPElement[Name=”SystemCenter!Microsoft.SystemCenter.AllComputersGroup”]$</MonitoringClass>

Cu urmatoarea: <MonitoringClass>$MPElement[Name=”Windows!Microsoft.Windows.Computer”]$</MonitoringClass>

Stergem continutul tagurilor <Expression>. Stergem si commentul din dreptul tagului de deschidere din <MembershipRule>.

Clean Expression

Adaugam operatorul Contains si clasa respectiva, in acest caz Hyper-V.

Relatia dintre clasele Windows.Computer si HyperV.ServerRole este una parent-child. Practic spunem in expresia noastra ca vrem un grup cu toate obiectele de tip Windows Computer ce gazduiesc si clasa de HyperV.Role.

La sfarsit va arata asa.


Importam management pack-ul inapoi. Inainte de a se importa se va face validarea MP-ului asa ca daca sunt gresezi de sintaxa nu se va importa.

Asteptam ca procesul de group calculation sa se termine, apoi putem folosi grupul pentru view-uri, overrides, etc.





Operations Manager Failed to Access the Windows Event Log – Hyper-V 2008/2012


A trecut ceva timp de cand nu am mai pus ceva pe Blog dar astazi se schimba lucrurile. O sa scriu despre o problema care apare atunci cand avem un management pack pentru Hyper-V 2008 si importam si versiunea pentru Hyper-V 2012, side by side. Problema este generata de faptul ca management pack-ul de HV 2008 targeteaza incorect clase de HV abstracte (clase generale) care se aplica implicit si la management pack-ul de HV 2012. Mai exact are cateva monitoare definite sa afle Health State-ul anumitor componente. Si face asta verificad event log-ul pe targetul respectiv. Problema este ca la Hyper-V 2012 acele loguri un exista.

In acest caz avem 2 solutii la indemana. Fie dezactivam monitoarele respective pentru serverele ce ruleaza 2012, fie cream niste ‘dummy event logs’ pe serverele afectate. Mie personal nu imi place varianta B cu toate ca este perfect valida.

Alertele generate vor fi:


In cazul de mai sus vedem ca verifica Log-ul imaginar ‘Microsoft-Windows-Hyper-V-Network-Admin’ dar vor fi si alte alerte generate de acelasi monitor ‘Microsoft-Windows-Hyper-V-Image-Management-Service-Admin’.

Acum avem ceva informatii. Now we have to see which Monitors look for those Event Logs. Pentru asta folosim powershell:

$HyperVLibraryMP = Get-SCOMManagementPack -DisplayName ‘Microsoft Windows Hyper-V 2008 Monitoring’

$Hyper2008Mon = Get-SCOMMonitor -ManagementPack $HyperVLibraryMP

$AlertImage = $Hyper2008Mon | Where-Object {$_.Configuration -match ‘Microsoft-Windows-Hyper-V-Image-Management-Service-Admin’}

$AlertImage | fl name, displayname

$AlertNetwork = $Hyper2008Mon | Where-Object {$_.Configuration -match ‘Microsoft-Windows-Hyper-V-Network-Admin’}

$AlertNetwork | fl name, displayname

Rezultatele vor fi urmatoarele:


Acum stim ce monitoare trebuiesc dezactivate. Pasii sunt urmatorii:

  1. Authoring > Change ScopeHV_3
  2. Cautam dupa ‘hyper-v virtual’ > Selectam clasele de mai sus > OK.HV_4
  3. Expandam pana ajungem la monitoare.
  4. Mai sus vedem monitoarele ce trebuiesc dezactivate.
  5. Deschidem Properties pentru primul monitor si confirmam ca incearca sa verifice Log-ul respectiv.HV_5
  6. Facem Overrides > Disable Override > For all objects of another class.HV_6
  7. Cautam dupa ‘Hyper-v’ si selectam clasa de Hyper-V 2012 de mai sus.
  8. Repetam acelasi process pentru celelalte 5 monitoare ramase. Mai jos cateva screenshot-uri.HV_8HV_9

Dupa ce am dezactivat monitoarele, trebuie sa facem Reset Health State pentru serverele afectate. In cazul meu au fost multe.

Am scris un script simplu care face reset pe monitoarele afectate.


Accepta ca parametrii numele alertei care in cazul nostru este ‘Operations Manager Failed to Access the Windows Event Log’ si Resolution state-ul care in cazul meu este 0 (New). Poate fi orcare din codurile aferente de exemplu Closed 255.

Output-ul arata cam asa in ISE:


Dupa ce am resetat monitoarele nu mai avem alerte. Script-ul in format text mai jos:

Import-Module OperationsManager

$AlertNameInput = Read-Host -Prompt “Please enter the alert name”

$AlertReolutionInput = Read-Host -Prompt “Please enter the alert resolution state”

$Alerts = Get-SCOMAlert -Name $AlertNameInput -ResolutionState $AlertReolutionInput

if ($Alerts){

Write-Host -BackgroundColor Yellow -ForegroundColor Black “Below are the alerts found:”


$Alerts | % {$i++;Write-Host -ForegroundColor Yellow “$i`t`t$($_.TimeRaised)`t`t$($_.Name)”}

Write-Host -BackgroundColor Yellow -ForegroundColor Black “Below are the Monitors identified:”

foreach ($Alert in $Alerts){

$Monitor = $Alert.MonitoringRuleId | Get-SCOMMonitor


$n++;Write-Host -ForegroundColor Yellow “$n`t$($Monitor.DisplayName)`t$($Monitor.GetManagementPack())”

$Instance = Get-SCOMClassInstance -Id $($Alert.MonitoringObjectId)

Write-Host -ForegroundColor Yellow “Resetting the `’$($Monitor.DisplayName)`’ for $($Instance.DisplayName)”

$Instance.ResetMonitoringState($Monitor) | Select-Object -ExpandProperty Status | Format-Table -AutoSize

Write-Host -ForegroundColor Yellow “Done”




else{Write-Host -ForegroundColor Yellow “No alerts were found using the inputted criterion”}

AD Initial Sync Requirement


AD Initial Sync Requirement

Am observat ca acest comportament nu este cunoscut de multi administratori, asa ca m-am gandit sa scriu ceva despre asta. Pentru cei ce stiu la ce se refera va fi doar un refresher.

Acest comportament este mai comun in mediile de testare deoarece DC-urile si topologia sunt modificate in mod frecvent. Intr-un mediu de productie unde un DC are mai multi parteneri de replicare de unde se poate replica, este mai putin probabil dar nu imposibil.

‘Initial Sync Requirement’ este o functionalitate utila, implementata pentru a se asigura functionalitatea rolurilor FSMO. Nu voi mai descrie ce face fiecare in parte, asta puteti afla aici: http://technet.microsoft.com/en-us/library/cc961939.aspx

Ce inseamna asta. Inseamna ca intr-un domeniu in care avem cel putin 2 domain controllere, in momentul cand porneste un DC care tine un rol FSMO, acel domain controller nu poate oferi serviciile specific rolurilor FSMO pana nu se replica naming contextul ce hosteaza acel rol FSMO.

De exemplu, sa presupunem ca rolul de PDC este tinut de DC1.

DC1 DC2 DC3  DC4

Atat timp cat nu se replica cu nici un partener, orice functionalitate legata de rolul de PDC nu va putea fi efectuata.

In versiunea originala de Windows Server 2003, dupa ce se restarta un DC, acesta incerca sa replice naming contextual de la un DC aflat in acelasi site cu el. Daca nu exista un DC care era in acel site, astepta pana se consuma intervalul de replicare specificat pe connection objectul cu site-ul respectiv (min 15 min), timp in care serviciile FSMO nu puteau fi utilizate.

In Windows Server 2003 SP1, s-a schimbat procesul, si atunci cand un DC porneste incearca sa replice de la orice partener de replicare disponibil, indifferent daca se afla in acelasi site sau nu.

Exista un override in registry care poate dezactiva ‘initial sync requirement’ pe care il puteti folosi daca stiti cu siguranta ca partenerii de replicare nu mai sunt disponibili. De exemplu DC-urile cu care se replica erau VM-uri si au fost inchise fara metadata cleanup, si acum am ramas cu un DC disponibil. Mai jos aveti cheia, valorile fiind 0 sau 1.


“Repl Perform Initial Synchronizations”=dword:00000000







Error installing SQL 2012 on Windows Server 2008 R2 Core Edition

sql2012 logo

Error installing SQL 2012 on Windows Server 2008 R2 Core Edition

Am incercat urmez pasii din cartea de la Microsoft 70-462 pentru instalarea de SQL 2012 pe un Windows Server Ccore 2008 R2.

Pe scurt montezi imaginea cu SQL 2012, si din CMD se ruleaza setup.exe cu ceva parametrii.

Pentru toate optiunile consultati http://msdn.microsoft.com/en-us/library/ms144259.aspx#Install – Install SQL Server 2012 from the Command Prompt.

Comanda arata ceva de genul:

Setup.exe /qs /action=install /features=sqlengine,is,conn /instancename=mssqlserver /updateenabled=False /sqlsysadminaccounts="Contoso\Kim_Akers" /Iacceptsqlserverlicenseterms

SQL 2012 poate fi instalat folosind linia de comanda dar pe un server core este obligatoriu folosirea parametrului ‘/qs’ (quiet simple).

Dupa cum spuneam foloseam un mediu de testare si nu am stat sa fac toate update-urile asa ca nu stiu daca acest comportament se intampla si pe o masina patch-uita la zi.

Versiunea de OS folosita:

SQLCore version

Dupa ce rulam comanda imi afisa eroarea de mai jos:

SQLCore 2

Calea catre log este %ProgramFiles%\Microsoft SQL Server\110\Setup Bootstrap\Log

SQLCore error

Nici logul acesta nu a fost de ajutor. Raspunsul l-am gasit pe forumuri mai exact aici.

Se pare ca problema ar fi din cauza ca lipseste o cheie din registrii care in mod normal ar fi prezenta. Cheia in cauza este ‘Uninstall’. Dupa ce am verificat, intradevar lipsea.

SQLCore reg

Imediat dupa ce am creat cheia respective am rulat din nou setup-ul si a mers fara probleme.

SQLCore 1

the end.