CredSSP, Windows RDP connection error.

Recently Microsoft changed the security in regards to Remote Desktop connections. This was to address a vulnerability that existed with RDP that allowed an attacker to take complete remote control of a Windows PC.

With this came some security changes and you will need to add a registry entry to your machines if you get Security Connection errors in Windows OS and Server OS when you try and use RDP to connect to an older remote machines. When I say older I mean Windows 7 and Server 2008, Windows 8.x might be affected as well.

For more information on CredSSP see this Microsoft article: https://support.microsoft.com/en-ca/help/4056564/security-update-for-vulnerabilities-in-windows-server-2008

In Windows 7 the error looks like the following…

win7

In Windows 10 the error is a little more detailed and looks like this…

To get past this issue all you need to do is add the following registry entry to your machine.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\CredSSP\Parameters]
“AllowEncryptionOracle”=dword:00000002

Alternatively here is a reg file in a zip file that you can just run. Make sure you reboot after adding the registry entry.

https://drive.google.com/file/d/13vDjZQqwEGZYNL5wnbig5iOzOs26EKn-/view?usp=sharing

I created a group policy on my Domain to push this registry entry to all computers.

Advertisements

Disabling Automatic Updates on Server 2016

The server 2016 GUI does not provide a means to disable Windows Updates and by default the updates are set automatically download. There is a spot for updates in the GUI but it is a placebo. If you wish you can disable Windows Updates and run them manually at your hearts content, you need to do this via the sconfig text based applet.

Do the following. Start Powershell as admin and run the sconfig command. This is the server configuration text based applet.

Once you have run this applet option 5 is for Windows updates. For productions server the Manual option is probably the best choice.

A pop up will notify you of the changes once selected and from here on in all your updates will have to be downloaded and installed manually.

WMI Filtering in Group Policy

Item level targeting is great and all, it works well for granular targeting. But with Item Level Targeting you are limited to only Active Directory components.

WMI or Windows Management Instrumentation consists of a set of extensions to the Windows Driver Model that provides an operating system interface through which instrumented components provide information and notification.

What if I told you you could set up policies that that allow you to target specific users, specific user names, specific hardware, and specific software. Even specific hardware types. You could deploy hardware specific drivers on your domain using WMI flitering.

It’s actually pretty slick, and far superior to anything that SNMP can offer. It is a very powerful tool set for a Sys Aadmin. The level of control for WMI filtering is absolutely amazing and robust. But is it secure? Well that depends, it can be, if you follow best practices there is no reason it shouldn’t be.

WMI filters are similar to SQL queries, for example…

select Version, ProductType from Win32_OperatingSystem where
 ((Version like "10%") and (ProductType = 1))

The above version 10 followed by the wildcard character will select Windows 10 and Server 2016 operating system versions. ProductType = 1 means the desktop OS version, where as type of 3 would mean the server OS version. Finally ProductType = 2 means that the machine is a Domain Controller.

select Version, ProductType from Win32_OperatingSystem where
 ((Version like "6.1%") and (ProductType = 1))

The above is for Windows 7.

select Version, ProductType from Win32_OperatingSystem where
 ((Version like "6.3%") and (ProductType = 3))

Finally the last one is Server 2012 R2.

Note that the name space that this is available in, is root\CIMv2.

If you want to find and query WMI you can use the official tool available from Microsoft, it’s called The WMI Code Creator tool and it’s available here. If the link is dead just search for it. An alternative to this is the NirSoft SimpleWMIView available here, and Wmi Explorer available here.

WMI Code Creator looks something like the following. It allows you to browse all the WMI possibilities and search for property values of WMI classes. For obvious reasons you will need the .NET framework installed on your machine.

 

Creating a WMI Filter is simple. Open up your Group Policy Management application, expand your domain and at the bottom you should have a folder named WMI Filters. In this folder you can also see a collection of WMI Filters and which policies they are applied to.

Right click this folder and select New…

Give your Filter a name and Description, then click Add.

Finish by clicking OK and Save. You have now created a WMI Filter for Server 2016 all versions.

Now you need to apply the filter to a policy. Locate a policy in your Manager, and in the right pane on the bottom under WMI Filtering now you can select the filter you just created.

That’s pretty much it, you can play around with the WMI Code Creator and see that you can do some very granular filtering with this. You can create filters based on OS, CPU, Disk drives anything that you can think of. This is a very powerful tool and if you’re familiar with SQL queries you should have no trouble coming up with some complex filters.

Specific Host Name:

root\CIMV2 – Win32_ComputerSystem – DNSHostName = ‘YourHostname’

 

As a side note if you are a C# .NET developer you can also benefit from WMI using the System.Management namespaces in Visual Studio. You will need to add a reference to it in your Visual Studio project. This allows you to query Microsoft Operating System hardware and retrieve statistics from said machine.

Sample C# Code:

 ManagementObjectSearcher processor = 
 new ManagementObjectSearcher("root\\CIMV2", 
 "SELECT * FROM Win32_PerfFormattedData_Counters_ProcessorInformation");
 foreach(ManagementObject query in processor.Get())
 {
 coreValues.Add((string)query["PercentProcessorTime"]);
 }

Home Media – Part 4 – OSMC/KODI/XBMC

This is part 4 of a series of write ups called Home Media.

Part 1 – The NAS build

Part 2 – The Setup

Part 3 – The Rip

Now that you have a whole infrastructure setup for streaming in your house, what do you do?

First thing is first, you will need some sort of hardware. Be it an old laptop, a Odroid-C2 box, an Android Box or a Raspberry Pi3. Then you will be creating two xml files called Sources.xml and/or AdvancedSettings.xml. These two files are responsible for media sources and database connections respectively. With Advancedsettings in the mix you can also add an SQL instance to your setup.

The benefit to the SQL database is that if you have multiple devices in your home, you can pause your content in one room and resume it in another. Your library info is stored in one place, the databse, and can be easily backed up and restored using software such as HeidiSQL. Library updates can be performed using headless installations of KODI and are picked up by all other devices on the network connected to the DB.

Easiest way to run a headless installation of KODI is to use the LinuxServer.io docker container which they have created and is available from here https://github.com/linuxserver/docker-kodi-headless. This works well if you have a server at home. If you are running a Pi or Odroid device with KODI on it this might not be necessary, since these are always on low power devices. Potentially you can send all update requests to these boxes.

For Laptop and Android Boxes go to their respective app stores and install KODI. On Linux you have to install KODI manually. Head over to Kodi.TV and they have all the packages you need over there. For further installation instructions head over to the KODI wiki.

In this example I will be working with v17.x or K, code named Krypton. For the Odroid-C2 and RaspberryPi I suggest heading over to LibreELEC and grabbing the installation source from there. The equivalent LibreELEC version of KODI version 17 is 8.x. For the Odroid and RPi you will need to image the storage device, SD card or eMMC storage. On Windows use the Rufus software. Alternatively LibreELEC has built their own installation tool to install the OS on a storage device. For further installation instruction for LE suing their tool go to their wiki site. An alternative to LibreELEC is OpenELEC, this has builds for devices that Libre does not support.

Note that when you boot in to KODI for the first time, specifically LibreELEC, you should enable SAMBA and SSH. SAMBA will be useful for copying the xml files to your KODI box later on.

Installation:

Once you have installed Rufus and plugged your SD/eMMC card to your computer start Rufus and locate the drive letter that is the storage device of your choosing.

In Rufus click the drop down list and select DD Image, then to the right of it click the image icon.

Rufus will prompt for a file with a Open selection window. Select the appropriate image and click Open.

It will warn you about erasing all the data on the storage device, accept the prompt and let Rufus run through it’s thing.

Once complete close Rufus and check that your file structure of the SD card look something like the above. The storage device is now ready to be plugged into your hardware and you can proceed to boot it.

Database:

Install the database of your choice. I use MariaDB, it’s a free open source SQL software. It was forked after MySQL was bought out by Oracle. I run this in a docker on my home server. However you like to proceed pick the installation of your choice.

The docker container is available on the Docker hub and can be found here: https://hub.docker.com/_/mariadb/

To run the docker with persistent storage run the following docker commands.

First you need to pull the installation.

docker pull mariadb:latest

An alternative to the latest tag you can use the versions available on the site, 5, 10… etc. Then you will need to run the docker using the docker run command. It will look something like the follwing.

docker run -d –restart=always –net=bridge –name mariadb -v /my/own/datadir:/var/lib/mysql -e MYSQL_ROOT_PASSWORD=SomePassword -e MYSQL_USER=kodi -e MYSQL_PASSWORD=kodi -p 3306:3306 mariadb:latest

For Unraid 6 you can use a Docker MariaDB template available here:

https://github.com/Exist2Resist/docker-templates/tree/master/exist2resist

There are 3 key commands you need to execute on the database after you have installed it. You can find the database installation instructions for various OS versions on the KODI wiki.

Make sure after you setup a sa or root user on the database you write down the password. After this log into the database and run the following 3 commands.

  1. Type in: CREATE USER 'kodi' IDENTIFIED BY 'kodi'; and press return
  2. Type in: GRANT ALL ON *.* TO 'kodi'; and press return
  3. Type in: flush privileges; and press return

These commands create a user with the name kodi and password kodi. This will be used in your KODI installations via the advancedsettings.xml file to connect to the database.

sources.xml:

The sources file is used to connect KODI to your network shares and sources for your media and music. A sources file has the <sources></sources> tags at the beginning and end of the file and should look something like the following…

smb: stands for samba, your other option would be nfs which is the file sharing protocol in linux. Also if you notice the above shares are accessible to anyone on the local network. If you want to password protect these shares go ahead but you will need to change the <path>, using the example above to smb://username:password@Tower/Music/.

The sections (<music>), name (<name>) and path(<path>) are all mandatory in the example above. Every other field is optional.

Note that if you are using a database to store the media information you do not need the sources.xml file on all your instances of Kodi. You will only need both files on the instance which updates the library and database. All other instances only need to connect to the database. The database contains a files table which has an idPath column that stores the path to the files.

For further detail on the sources xml you can head over to the KODI wiki, http://kodi.wiki/view/Sources.xml

Note that with the database in the mix you should enable the option to wait for network before starting KODI. This is only available in OpenELEC and LibreELEC builds of KODI. I have not been able to find this in the vanilla KODI, but that should not matter as more than likely these installations will usually run on a box that requires manual KODI start anyways.

advancedsettings.xml:

The advanced settings file has the <advancedsettings></advancedsettings> tags at the beginning and end of the file and below is an example of what the advancedsettings.xml should look like. This file is very fickle and it has a lot of options it can take. Use the example below as a starting point.

<videodatabase> and <musicdatabase> point to an sql instance via the IP address username and password. Default port for sql is always 3306.

Also if you want to pause and resume your playback at different locations in your home, include the <importwatchedstate> and <importresumepoint> tags and set them to true under the <videolibrary> tag. Under the same tag <backgroundupdate> updates the library without any popups of notifications. <recentlyaddeditems> sets the amount of new items that will be visible under the TV Shows and Movies sections. Default I believe is 25, you can set this to whatever.

In version 17+ of KODI the cache tag is pretty important. If you are experiencing the odd buffering interruption while watching content from your file server set this option and have all content buffer.

In previous versions of KODI this option was set under the network tag. Sections 2.8.4 and 2.8.3 of the Advancedsettings.xml wiki, respectively.

Cache buffers the file in memory instead of the local storage. If you notice a lot of stutter on your streams, especially with version 17 if you add this sections the performance should greatly improve. Mind you if you have terrible internet and you are using external or http video sources there are no guarantees. If want to do this you will need to do some math first, use this bit calculator if you’d like, don’t trust google they mess the calculation and conversion up badly. But more on that later.

The cache section looks something like the following.

<cache>
<buffermode>1</buffermode>
<memorysize>477184000</memorysize>
<readfactor>10</readfactor>
</cache>

Buffer mode with value of 1 will cache any content streamed in KODI. Local or remote it doesn’t matter.

Memory size is where you will need to do some converting and calculating. So the max memory size depends on your system and this value can not exceed a third of your max free memory. So if your device is running while playing content with 300 MB of free memory your max memory size should be 100MB or 104857600 bytes. If you don’t adhere to the 1:3 ratio rule, there is a high probability that your box will crash.

Read factor is the speed at which the content gets buffered at or read into memory at. If a files average bit rate is 6MB/s, with a read factor of 10 the file will be read at 60MB/s into the cache buffer. Average bit rate multiplied by the read factor. Take your network bandwidth into consideration when calculating this. If not specified the default is 4.

For further details on the advancedsettings xml you can head over to the KODI wiki http://kodi.wiki/view/Advancedsettings.xml

File placement:

If you enabled SAMBA and SSH on your KODI device you can navigate to the Userdata share of the device and place both xml files there. Even though you don’t need both it is recommended that you do. The network name or IP will be required for you to navigate to the shared folder. You should have enabled SAMBA when you set up your KODI box. During said setup you gave the installation a name, if you kept it default navigating to \\LIBREELEC via file explorer should bring up the box’s shares.

Open up the Userdata folder and you should see some folders and 4 xml files.

Place both the XML files in here.

Alternatively you can SSH into your box using putty or similar software. Default user name is root and the password is libreelec.

Once in there you can use either vi or nano to create both the files and paste the contents. The location of where the file should be stored are as follows.

/storage/.kodi/userdata/

You can create the files manually by performing the following commands in SSH.

nano advancedsettings.xml

Then paste the contents of the file into the window and click ctrl + x, this will prompt you if you want to save the file, type in y and hit enter to confirm the file name.

Repeat the same for the sources file.

A very important step, you will need to set KODI to wait for the network when it boots if you are using a db connection. If you do not do this your library will not populate.

In your add-ons select the LibreELEC Configuration add on.

Then set the Wait for network… option and set it to 10 second. There has not been an instance where 10 seconds has not been enough for me.

Your KODI box should now be ready to go, reboot and enjoy.

Whatcha talkin’ bout? FOO! Setting up proper fail over in a Cluster.

Here is what a 2 node fail over cluster should look like. Double network redundancy on the back end with each node and the SAN connecting to both back end switches.

selection_046

In order to setup proper cluster fail over the Server needs to be set to Fail Over Only (FOO). Remember that Windows has iSCSI volume size restrictions. So when you create volumes and LUNs on you SAN you need to limit the size. See link at end of article.

To do this you need a couple things, first you need to connect the iSCSI connection to both servers. Some SAN manufacturers have their own DMS drivers, which are usually a modified version of the Microsoft DSM driver. HP actually recommends using the Microsoft DSM.

The proper DSM is required in order to setup proper MPIO (Multipath Input and Output) on a cluster.

In short MPIO, is the multipath interconnect necessary for failover, it uses the DSM driver to achieve this. Generally the DSM driver is provided by the OS vendor, in this case Microsoft. This is also the HP recommended method of connecting to the SAN from Microsoft Windows, and most other manufacturers also use the Microsoft DSM driver.

Map iSCSI connections

First we need to properly map the iSCSI connections. Be aware that you will be mapping the same connection multiple times, this is necessary for failover. In the above example each server has 4 connections. 2 for the 20 subnet and 2 for the 30 subnet. Open up iSCSI Initiator and select the Discovery tab.

In the discovery tab add all 4 IP destinations, x.x.20.110, x.x.30.110, x.x.20.111, x.x.30.111.

Click the Discover Portal… button and add each one of those connections.

Next select the Targets tab, you should see the inactive iSCSI connection here.

Highlight the connection and click Connect. The HP SAN is setup with a single iSCSI connector and multiple LUNs. Some devices have multiple iSCSI connectors with a single LUN on each. Depending on the setup you might have to do this to each connector.

A Connect To Target window will pop up, check off Enable multi-path and click Advanced.

Under Local adapter select Microsoft iSCSI Initiator, for the Initiator IP select the IP for the Server, and the Target Portal IP should be one of the two IPs on the same subnet as the Initiator IP. It should look like the following.

selection_047

Now repeat these steps, highlight the same connection, click Connect, check of Enable multi-path, click Advanced…, rinse and repeat, this will map the other three connections.

10.10.20.4 -> 10.10.20.111, 10.10.30.6 ->  10.10.30.110, 10.10.30.6 -> 10.10.30.111.

If you click the Favourite targets tab you should see 4 similar targets. These are all the connections you just created for the one iSCSI target(iqn).

Set up Connection Fail Over

Next start the MPIO applet, Start > Run > mpiocpl your Vendor should be listed in the Devices: window. If it is not you will need to add it via the Discover Multi-Paths tab, others window. Highlight the Device Hardware and click Add. Say no to the reboot.  

selection_048

Next in the SPC-3 compliant window check off Add support for iSCSI devices and click Add. You will again be prompted to reboot. This time do so.

selection_049

If you run the command mpclaim -s -d in an admin CMD session you should see the connection now.

selection_050

Back in the iSCSC Initiator applet, if you highlight the iqn connection on the Targets tab and click Properties, Devices, and MPIO, you should see the Load Balance policy and all the paths that this connection can fail over to.

Your load balance policy will initially default to Round Robin change this to Fail Over Only. If you do this all but one connection should set to Active, all others will go into Standby. Click Apply.

Don’t worry if the connections don’t go into standby, just make sure that FOO is applied. Sometimes with multiple mapped disks this can happen.

selection_051

Now is you run the same mpclaim command your LB Policy should be changed to FOO (Fail Over Only). You will need to do this for each mapped disk.

selection_052

To change the Load Balancing policy to FOO run mpclaim with the -L and -M switch.

mpclaim.exe -L -M 1

The one at the end is indicative of a FOO LB policy, if a connection fails it will immediately fail over to the next one. This is for always on high demand systems.

Now if you run the -s -d switches you should see FOO under the LB policy.

selection_053

Now go into Control Panel > Administrative Tools > Computer Management and bring the iSCSI disk online and format them to NTFS. I had an instance where the disk wouldn’t come online even when I brought it online. If this is the case resize your LUN disks, they are too large.

Mpclaim determines the policy for the iSCSI connection. For more information on mpclaim go to Microsoft’s website and user the following reference https://technet.microsoft.com/en-us/library/ee619743(v=ws.10).aspx

https://technet.microsoft.com/en-us/library/dd851699(v=ws.11).aspx

iSCSI and VHD/VHDX volume size restrictions.

The age of telemetry and online tracking.

Telemetry has been around for a while, Windows 7 had it, and I believe even Vista might have had it.

Having said this Microsoft did not previously sell this information to third parties not did it previously include personal information. When I say personal information I mean your age gender, approximate location, and online habits. Legally they can not give your name, address, and other details that would allow someone to pin point you in real life. So instead they are selling as much as they can about you without actually telling them who you really are. Mind you Micrrosoft is not the only company that uses telemetry data, recently Nvidia got caught with their hand in the cookie jar as well. Scary, right?

Windows:

Fret not where there is a will there is a way. If like me you spend a lot of time connected to the online world there should be a few applications that you need to explore.

For Windows 10 there are a couple of Telemetry applications that you can install that will kill the services and registry entries that allow Windows to send your data to big brother.

O&O Software has an Antispy-Tool for Windows 10. This is a free download. It’s called O&O ShutUp10. With this tool you can pick and choose in great detail what you want to block and what you want to allow.

03

The folks over at Safer Networking that brought us Spybot Search and Destroy have also built a similar tool. They call their Telemetry removal tool Spybot Anti-Beacon, the link can be found on their download page. This has a portable version so you can run it off a flash drive if you need to.

capture

The first time you run this it will show you what you have blocked and what is still tracking you. If you click the “Show Options” button it will show you the registry keys that will be changed. Click Immunize and restart your computer.

Besides these tools, I have also edited my hosts file and added a bunch of domain names that direct to 0.0.0.0, essentially to nowhere. Spybot also adds a couple hosts entries into the file.

0.0.0.0 a.ads1.msn.com
0.0.0.0 a.ads2.msads.net
0.0.0.0 a.ads2.msn.com
0.0.0.0 a.rad.msn.com
0.0.0.0 a-0001.a-msedge.net
0.0.0.0 a-0002.a-msedge.net
0.0.0.0 a-0003.a-msedge.net
0.0.0.0 a-0004.a-msedge.net
0.0.0.0 a-0005.a-msedge.net
0.0.0.0 a-0006.a-msedge.net
0.0.0.0 a-0007.a-msedge.net
0.0.0.0 a-0008.a-msedge.net
0.0.0.0 a-0009.a-msedge.net
0.0.0.0 ac3.msn.com
0.0.0.0 ad.doubleclick.net
0.0.0.0 adnexus.net
0.0.0.0 adnxs.com
0.0.0.0 ads.msn.com
0.0.0.0 ads1.msads.net
0.0.0.0 ads1.msn.com
0.0.0.0 aidps.atdmt.com
0.0.0.0 aka-cdn-ns.adtech.de
0.0.0.0 a-msedge.net
0.0.0.0 az361816.vo.msecnd.net
0.0.0.0 az512334.vo.msecnd.net
0.0.0.0 b.ads1.msn.com
0.0.0.0 b.ads2.msads.net
0.0.0.0 b.rad.msn.com
0.0.0.0 bs.serving-sys.com
0.0.0.0 c.atdmt.com
0.0.0.0 c.msn.com
0.0.0.0 cdn.atdmt.com
0.0.0.0 cds26.ams9.msecn.net
0.0.0.0 choice.microsoft.com
0.0.0.0 choice.microsoft.com.nsatc.net
0.0.0.0 compatexchange.cloudapp.net
0.0.0.0 corp.sts.microsoft.com
0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
0.0.0.0 cs1.wpc.v0cdn.net
0.0.0.0 db3aqu.atdmt.com
0.0.0.0 df.telemetry.microsoft.com
0.0.0.0 diagnostics.support.microsoft.com
0.0.0.0 ec.atdmt.com
0.0.0.0 feedback.microsoft-hohm.com
0.0.0.0 feedback.search.microsoft.com
0.0.0.0 feedback.windows.com
0.0.0.0 flex.msn.com
0.0.0.0 g.msn.com
0.0.0.0 h1.msn.com
0.0.0.0 i1.services.social.microsoft.com
0.0.0.0 i1.services.social.microsoft.com.nsatc.net
0.0.0.0 lb1.www.ms.akadns.net
0.0.0.0 live.rads.msn.com
0.0.0.0 m.adnxs.com
0.0.0.0 msedge.net
0.0.0.0 msftncsi.com
0.0.0.0 msnbot-65-55-108-23.search.msn.com
0.0.0.0 msntest.serving-sys.com
0.0.0.0 oca.telemetry.microsoft.com
0.0.0.0 oca.telemetry.microsoft.com.nsatc.net
0.0.0.0 pre.footprintpredict.com
0.0.0.0 preview.msn.com
0.0.0.0 rad.live.com
0.0.0.0 rad.msn.com
0.0.0.0 redir.metaservices.microsoft.com
0.0.0.0 schemas.microsoft.akadns.net
0.0.0.0 secure.adnxs.com
0.0.0.0 secure.flashtalking.com
0.0.0.0 settings-sandbox.data.microsoft.com
0.0.0.0 settings-win.data.microsoft.com
0.0.0.0 sls.update.microsoft.com.akadns.net
0.0.0.0 sqm.df.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com
0.0.0.0 sqm.telemetry.microsoft.com.nsatc.net
0.0.0.0 ssw.live.com
0.0.0.0 static.2mdn.net
0.0.0.0 statsfe1.ws.microsoft.com
0.0.0.0 statsfe2.ws.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com
0.0.0.0 telecommand.telemetry.microsoft.com.nsatc.net
0.0.0.0 telemetry.appex.bing.net
0.0.0.0 telemetry.microsoft.com
0.0.0.0 telemetry.urs.microsoft.com
0.0.0.0 vortex.data.microsoft.com
0.0.0.0 vortex-bn2.metron.live.com.nsatc.net
0.0.0.0 vortex-cy2.metron.live.com.nsatc.net
0.0.0.0 vortex-sandbox.data.microsoft.com
0.0.0.0 vortex-win.data.microsoft.com
0.0.0.0 watson.live.com
0.0.0.0 http://www.msftncsi.com
0.0.0.0 apps.skype.com
0.0.0.0 fe2.update.microsoft.com.akadns.net
0.0.0.0 m.hotmail.com
0.0.0.0 pricelist.skype.com
0.0.0.0 reports.wes.df.telemetry.microsoft.com
0.0.0.0 s.gateway.messenger.live.com
0.0.0.0 s0.2mdn.net
0.0.0.0 services.wes.df.telemetry.microsoft.com
0.0.0.0 statsfe2.update.microsoft.com.akadns.net
0.0.0.0 survey.watson.microsoft.com
0.0.0.0 ui.skype.com
0.0.0.0 view.atdmt.com
0.0.0.0 watson.microsoft.com
0.0.0.0 watson.ppe.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com
0.0.0.0 watson.telemetry.microsoft.com.nsatc.net
0.0.0.0 wes.df.telemetry.microsoft.com

*Note not all of the above addresses belong to Microsoft. Most of those URLs preform some sort of tracking so probably a good idea to block them anyways.

Nvidia:

Recently it has been discovered that Nvidia included Telemetry in their driver software. Some believe it is only part of the GForce experience, but that is not the case, it is installed along side the driver.

In order to disable the Telemetry bundled with the Nvidia driver you need to download Autoruns from Sysinternals. Extract the package and run the executable as Administrator. Make sure the everything tab is selected and filter content with the keyword: nvidia. Then proceed to uncheck the following items and then just close the application, followed by a reboot.

capture2

Now Nvidia might not be tracking anything, but that is not the point. Also you will need to do this every time you reinstall the driver.

Web browser:

To hide yourself online, obviously the best technology is a VPN or a proxy server. However these can cost quite a bit of money.

My suggestion is use two of the better online extensions. Electronic Frontier Foundations Privacy badger and uBlockOrigin.

Privacy Badger can be installed right from the eff.org web page. To install uBlickOrigin go to your web browsers extension store to find plugin and install it. For Vivaldi go to the chrome store as it is based on Chromium and all chrome extensions are compatible with it.

Generate Cyclic Redundancy Check (CRC) Using CertUtil

A CRC is used to detect any changes to the original data/content, the most common reason being accidental data modification and corruption. CRCs are used to validate integrity, to ensure that the data sent is the data received.

It’s quite easy to create a CRC with tools built into the Windows operating system. Open a command prompt window, browse to the location of your file and run the following command:

CertUtil -hashfile <file_name> MD5

By default CertUtil uses SHA1 if the algorithm is not specified, for this example we’re using MD5. CertUtil supports many different algorithm types.

  • MD2
  • MD4
  • MD5
  • SHA1
  • SHA256
  • SHA384
  • SHA512

Once the command has completed successfully CertUtil will output a sequence of numbers and characters, this is the MD5 hash. We will use this hash to validate the integrity of the file once it’s transferred. Once the file is copied we will run the same command and compare the values. If they match the file is valid, if not we know the data was altered. To simplify this process I’ve written a small script in PowerShell that you can leverage.

if ( $(CertUtil -hashfile "<file_name>" MD5) -eq "<hash_from_certutil>" ) { 
  Write-Host "CRC File Integrity Check Passed." -ForegroundColor "Green"

  Write-Host "`nPress any key to exit..."
  $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  exit 0
}
else {
  Write-Host "CRC File Integrity Check Failed." -ForegroundColor "Red"
  Write-Host "Please re-download file and re-run CRC check."

  Write-Host "`nPress any key to exit..."
  $x = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
  exit 1
}