Posts

Showing posts from August, 2016

Cannot change Event Log size: The maximum log size specified is not valid. It is too large or too small.

Image
When you try and change the Event Log size you may see the following error The maximum log size specified is not valid. It is too large or too small. Screenshot of the event log settings The maximum log size specified is not valid. It is too large or too small. This error can be seen when the event log sizes have been set using Group Policy.

Document the "Local Administrator Password Solution" (LAPS) settings

Image
The Local Administrator Password Solution (LAPS) provides the ability to automatically update local administrator account passwords for domain joined computers. This can help increase security by Settings local administrator passwords to different values on each computer and member server, whereas typically administrators set the same local admin password on each machine Passwords can be changed more frequently Local admin passwords can be obtained directly from Active Directory If you want more information about LAPS this video is pretty informative We've updated the XIA Configuration Server to automatically gather these settings for each of your domain joined machines. The settings collected include Installed Enabled DLL File Location DLL Version Administrator Account Name Password Age (Days) Password Length Password Expiration Protection Enabled Password Complexity Type

Error installing KB2919355 (Windows8.1-KB2919355-x64) "The update is not applicable to your computer"

Image
When you try and install SQL Server 2016 you may see the error stating that you need to install KB2919355. However when you try and install the update you receive the error "The update is not applicable to your computer" This issue can be installed if the following update is also not installed: March 2014 servicing stack update for Windows 8.1 and Windows Server 2012 R2 https://support.microsoft.com/en-gb/kb/2919442 Looking for a SQL documentation tool ? Why not check out XIA Configuration Server ?

When using AuditPol.exe you see the error "Error 0x00000057 occurred: The parameter is incorrect."

Image
auditpol /get /subcategory:"Audit Credential Validation" Error 0x00000057 occurred: The parameter is incorrect. This issue can occur when you enter the command auditpol /get /subcategory: name ...And you enter the word "Audit" as part of the name - for example "Audit Account Validation" as is shown in the Group Policy Editor. The word audit is added as a display name in the gpedit.msc Instead of auditpol /get /subcategory:"Audit Credential Validation" Enter auditpol /get /subcategory:"Credential Validation"

Get the Windows Advanced Audit Policy configuration from remote machines with PowerShell

Image
As part of our Server Documentation Tool we have now expanded it's security audit capability. The system can now gather information about the advanced audit policy of a Windows machine all the way to Windows 10. The information is gathered from remote machines without an agent being installed using Windows PowerShell remoting. In a similar fashion to the Group Policy Console or the Auditpol.exe tool the following category or subcategory information can be obtained. The auditpol.exe tool gives you the definitive configured settings, and it is the same API that XIA Configuration Server uses to determine the active audit settings. In addition to auditpol.exe however we also collect information about whether the setting is configured locally or using Group Policy, and if using Group Policy which policy is effective in applying this setting. ( NOTE: Not all subcategories are available on all operating systems) Account Logon Credential Validation Kerberos Authenticati...

Programmatically get Windows Advanced Audit Policy Configuration with C# .NET AuditEnumerateCategories Win32 API

We've recently been working on CIS compliance reporting within the XIA Configuration Server platform. Part of the compliance for Server 2012 R2 includes the ability to document the configuration of the Windows Advanced Audit Policy (also known as audit subcategories). This is a bit of a problem due to the fact that Microsoft provide no PowerShell or WMI interface for this and the raw settings are stored in an obfuscated part of the registry. You can however read the Windows Advanced Audit Policy by using C# .NET with the low level Win32 API. We've provided the wrapper as an example. The one issue with this API is that it can only be executed for the local machine as is the case with the AuditPol.exe tool... /// <summary> /// Provides management functions of the advanced audit policy (audit policy subcategory settings). /// </summary> public class AdvancedAuditPolicyWrapper {     /// <summary>     /// ...