Windows Server 2016 TP 5 leaks out as a torrent. heres the product keys

It is confusing why this technical preview has not been released to the public yet, since it is version 14291, and the windows 10 technical preview build is already 14316, but I’m guessing that maybe they are going to release technical preview 5 as a later build, hopefully one that is more similar to the latest windows 10 preview build. It is very strange that it wasn’t released to the public, because at build, there were some sessions that mentioned Server technical preview 5 and said it was going to be released soon, but it’s been almost a month and still nothing. However, since the torrents are available to download I tried it out, and if you install it over technical preview 4, it’s going to ask for a product key, (if you clean install, it lets you skip this by selecting I do not have a product key). The product keys accepted are the same as the technical preview 4 release, and I will list them below:
Server 2016 Datacenter TP5 Key: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67
Server 2016 Essentials TP5 Key: FVPY2-6KNF7-8CKF8-YHJDY-BBDJ8

Should we let the FBI access our encrypted data?

The strong encryption debate… I have been researching FBI Director James Comey’s “Conversations” with the House of Representatives and with U.S. Senators, as well as anything having to do with the subject for the past 6 months or so. This has been taking up most of my time, as I am using the research for several courses in my last semester at W.G.U. My first research paper is for my English course and it just needs to be about 10-15 pages, however it has been taking me a long time since I keep finding more sources, and I am just about done with my annotated bibliography. This bibliography needs to have 10 sources cited using A.P.A formatting, along with a summary, Source Credibility, and Source Relevance for each source. This ‘annotated bibliography’ is almost 10 pages long itself, and I am looking into cutting it shorter to save some of this information for the actual paper.

Anyway, my thesis is similar to the following…
The United States government should not implement legislation to require device manufacturers and internet communications firms to put backdoors into their devices for law enforcement to be able to access users' encrypted data because this would only hurt United States companies since users wanting encryption would simply use services and devices from outside the United States and further complicating encryption with mandated exceptional access will only cause already complicated software to become more complicated and therefore will lead to more vulnerabilities. Backing up my argument I use the relatively small amount of available credible sources on this subject. I have had to use Hearings on C-Span and magazine articles since I have only found about 5 scholarly journals on the subject (available without paying a fee online).

Now of course, anyone who really understands encryption knows that only the sender and the receiver should be able to know what is in the message. However, this has actually become rare, as cloud services often keep a key that they use to be able to get into your data if they are presented with a court order. For example, Dropbox, OneDrive, and Google Drive all tell you that your data is encrypted, but that doesn’t mean that the provider cannot find out what you are storing, as long as you don’t pre-encrypt what you upload to the cloud, they have to be able to show you your data, like when you use a browser to access your cloud storage. This means that if the government goes to Google and gives them your email address, they can access your cloud drive data and give it to law enforcement. There are solutions that allow you to pre-encrypt your data before you send it up there (into the cloud storage) but what then happens is that if you use the providers methods of accessing the data, it will then be encrypted and unreadable until you use your encryption solution to enter the key and then be able to read your data again.

New York and California are attempting to pass legislation that will require device manufacturers to be able to decrypt any devices sold in those states, however, it is easy enough to purchase a mobile phone from anywhere in the world on the internet, so I don’t see how this is going to affect terrorists or criminals, who will most likely just purchase phones from elsewhere if this becomes law. If you want to read my paper you can download it from the following link, just click below and save it to your computer.
Encryption: Decriminalizing Necessary Security – DOI: 10.13140/RG.2.1.4874.0888

Try the new Amazon Kindle Unlimited for free for 7 days, then 30 more

I just received Kindle Unlimited 7 day trial and they are letting me read any books I want for 7 days, well that’s not long enough to even read one book when you are doing a million other things, but its nice to be able to read anything you ever wanted to check out for free, even if its only for a week, UPDATE: After you finish your 7 days, Amazon will shoot you an email to extend the trial for another 30 days, then you have to click the link in the email, sign back into Amazon, and then….

Well, that’s where it gets tricky, I was on my phone this morning and I did what the email said, only to then log in and be on a screen that said, CONTINUE YOUR AMAZON UNLIMITED Subscription… so I’m gonna do some more hunting around to figure out how to extend the trial for 30 days more, but I wanted to update this post, so the 7 day trial won’t discourage anyone from giving it a shot.

Click the following link to check out the kindle store, you may have to do a little digging to get the free trial but it is available if you never used it before.
Shop Amazon – Kindle Book Deals

EMET 5.5 Beta available now

Emet IconMicrosoft has released a Beta version of its EMET tool. You can download it from here: This was released back in October but I have been running version 5.2 for a long time, so I installed the new Beta version to see whats new. If you are running an older operating system such as Windows Vista or Windows 7, you probably won’t benefit from any new features much but if you are running Windows 10 or Server 2012r2, I would suggest trying it in a lab environment first before deploying it to any production environments.

Changes to the GUI interface include most noticeably a new section that says “Block Untrusted Fonts”. This setting is included to support Windows 10 only. Other new features include better configuration of various mitigations via GPO, however I am still trying to figure out how not to crash the app when clicking on the Group Policy button. There are also EAF/EAF+ pseudo-mitigation performance improvements. More information can be found on the technet blog.

The first bug I found on my Windows 10 system was that there is a new button that says Group Policy in the toolbar on the top left. I clicked the button and a box opened up that said the name of my domain at the top but it also said LOCAL GROUP POLICY and it eventually crashed the emet gui dashboard before anything else happened. I collected a dump and I’m analyzing it as it may be related to my Domain’s group policy settings anyway, so this may not affect you as it did over here. However, this crash happens on more than one computer so I sent it in to Microsoft’s Emet feedback.

After uninstalling SCCM tp3 “successfully,” System Center Configuration Manager TP4 refuses to install

So, I uninstalled System Center Configuration Manager Technical Preview 3 last night. The uninstaller said it was successful, however when attempting to install the newest technical preview on the same machine, I was met with the following failures:

  1. Remote Differential Compression is needed, Well, this is already installed and has never been a problem before on this machine.
  2. Previous components are still installed from an earlier installation of System Center Configuration Manager.
    Really?, the uninstaller said it was able to uninstall everything, I even went into the registry and deleted anything related to SMS or SCCM tp3.

So, this was of course very annoying and I spent a couple hours trying to solve this problem, by reading the logs, and hunting through the registry, but after searching the web I found posts that suggested starting the RemoteRegistry service, and although I had it set to start automatically, it must have not started itself, so I just went and started it, now I am installing.
Update: even after starting the remoteregistry service install still is stuck with the same two prereqchk errors

this is still not solved…

System Center Configuration Manager Technical Preview 4 Available Now

System Center Configuration Manger

You can download the latest preview of System Center Configuration Manager and Endpoint Protection now from the Technet Evaluation Center. I have not seen any posts or documentation detailing anything specific to the 4th preview, so it must have just been released. Hopefully they have fixed a bug that I have found in the 3rd T.P. where the application catalog and the application catalog web service roles will not install because of a IIS version check error. I have been getting the error that IIS version 7 or above must be installed, however version 10 is installed along with all of the required prerequisites, so I am about to install it and check what has changed in this new preview version.

As with the other technical preview versions of configuration manager, this preview is also only good for 60 days, and upgrades are not supported, (which is annoying if you have been using the 3rd technical preview. I am going to have to uninstall the TP 3 before installing the 4th Technical preview.

Detecting WinShellEventLogging malicious tasks with Pooface, Spdc32.exe, and CBInt.exe Malware

There is this annoying malware that I found on a bunch of computers that seemed to be just downloading adware and several malicious programs. Most of the files were not recognized or cleaned automatically by Microsoft Windows Defender. I first noticed this malware when looking in Task Manager and seeing a few executables running that did not belong. There was spdc32.exe, SBCint.exe, and Pooface.exe. Upon killing these processes, and hunting for the source of these files, it seemed to start in the Windows\Temp folder. However, this most likely was related to two Task Scheduler tasks that were found in all of the infected computers. These tasks were called WIN Shell EventLogging and WIN Shell EVENT NOTIFICATION. If you have these tasks in your task scheduler, disable them immediately and then delete them, all that they do is download more spyware/adware/malware secretly into your temp folders.

If you look in task manager or Process Explorer and see spdc32.exe, or SBCint.exe, or pooface.exe, or if you see any folders in the Windows\TEMP directory that look like these pictures, there’s a good chance that you also may have this CRAPware lurking somewhere. The most interesting thing about this set of malware files is that it spread around the network and was only affecting the WIndows Server 2012R2, or WIndows 10 technical previews. It did not seem to infect windows 7 desktops or Windows 8.1 either. The source of this malware is still being investigated, but I have a feeling it may have been introduced with a torrent ISO download of one of the earlier WIndows 10 Technical preview builds, as this is where it seemed to originate. The good news is that after simply deleting all of these found executables and tasks, the computers seem to be clean, and we are looking at them very thoroughly. However before deleting these files, I took hashes of them and added Software Restriction Policies forbidding running any of these executables on all of the machines in this network. AppLocker has also been introduced however, we are still running in audit mode at this time. If you have any questions about this malware please contact me because I could not finish the article as I am now in the hospital for almost 2 months. poofaceEXEfileLocationblowfishDLLsLocation

Some of my favorite sessions from Microsoft’s Ignite Conference (Mark Russinovich & Paula Januszkiewicz)

Malware Hunting with Sysinternals Tools
Date: May 6, 2015 from 5:00PM to 6:15PM Day 3 Arie Crown Theater BRK3319
Speakers: Mark Russinovich

Adventures in Underland: What Your System Stores on the Disk without Telling You
Date: May 8, 2015 from 12:30PM to 1:45PM Day 5 E450 BRK3320
Speakers: Paula Januszkiewicz

Recalling Windows Memories: A Useful Guide to Retrieving and Analyzing Memory Content
Date: May 8, 2015 from 9:00AM to 10:15AM Day 5 S102 BRK2342
Speakers: Paula Januszkiewicz

Hidden Talents: Things Administrators Never Expect from Their Users Regarding Security
Date: May 7, 2015 from 3:15PM to 4:30PM Day 4 N231 BRK3323
Speakers: Paula Januszkiewicz

The Ultimate Hardening Guide: What to Do to Make Hackers Pick Someone Else
Date: May 7, 2015 from 10:45AM to 12:00PM Day 4 S503 BRK3343
Speakers: Paula Januszkiewicz

Hack Proof Your Clients And Servers in a Day – (Ignite Session)

This video was recorded at Microsoft Ignite conference last week, and it was one of my favorite sessions. Marcus Murray and Hasain Alshakarti demonstrate some hacks using the Metasploit Framework, Mimikatz, and PowerShell. They show you how easy it is to gain access to any system, to steal the passwords from Windows servers and clients, and also how easy it has become to evade anti-virus. They also offer many reasons why you should not be using the same passwords on more than one website. My advice is of course to start using LastPass everywhere. Here’s a referral link for Last Pass Premium: … Enjoy the video@!

Advanced Desired State Configuration

Microsoft Virtual Academy’s Advanced Desired State Configuration course features Jeffrey Snover and Jason Helmick.

I wanted to post this a while ago, but I’ve been so busy with school and Project Management, that I keep having to put off finishing it. I recently finished completing the Advanced Desired State Configuration Powershell course in the Microsoft Virtual Academy, and it focuses on developing custom DSC Resources and implementing composite resources and partial configurations. Once again, Powershell inventor Jeffrey Snover and his sidekick Jason Helmick were funny and entertaining as they introduced custom Desired State Configuration resources, classes, and composite and partial configurations.

Once again, the scripts used in each of the modules are available in The Powershell Gallery, however to download and install the module you can use Powershell. If you have the WMF5.0 February preview installed, then simply open up the powershell ISE and type find-module *MVA* to find the module used for this course. The correct title is MVA_DSC_2015_Day_2. I recommend using the following command to install both modules:
find-module *MVA* | Install-Module

Once you have the module installed you can use the command Show-MVA_DSC_Examples -Day 2 -Module (#1-7), to open the commands and code in the Powershell ISE.

The second half of this course starts off with an introduction to building your own custom DSC resources. Jeffrey Snover and Jason Helmick actually both predict that 100% of all DSC users will actually build their own custom resources. I think that number may be just a little less, but creating custom resources is really not that difficult, you may have to watch these videos several times to get the hang of it however.

Now, you are going to want to download and unzip the DSCResourceKit Wave 10, although in the course they use Wave 9. However, each new wave just adds resources to the previous one, and fixes some bugs. In this case there were 8 new resources added, and several bugs were fixed. Extract the kit to a folder such as C:\Scripts.

To get the correct files in the Modules directory you are gonna need to extract the files from the resource kit into a folder and then go deep into the folder past the All Resources folder if you want to get it into the WindowsPowerShell Modules folder. The DSC Resource Kit Wave 10 can be downloaded in a zip file which is titled ‘DSC Resource Kit Wave 10’ If you extract the file you will get a folder with this title and a folder underneath that titled ‘All Resources’. Important: You are going to want to extract this folder anywhere and then copy everything Underneath the All Resources folder into ‘C:\Program Files\WindowsPowerShell\Modules’ and then you will have the resources in the modules folder. There really is no need to keep the folder “All Resources.” Once you put the resources in the modules folder, they will be available for use in the PowerShell ISE.

Now that you have the DSC Resources and the MVA modules you can get started created your own DSC resources with Jeffrey Snover and Jason Helmick in the MVA Advanced Desired State Configuration course. They go through demos of creating custom DSC resources, creating DSC resources using classes, and also partial or composite configurations as well. I would strongly recommend that anyone interested in Powershell Desired State Configuration to go to the Microsoft Virtual Academy website and watch these videos. Now, you also can use a new powershell module to download the videos directly to a folder on your hard drive. You can simply type
Find-Module 'Download-DSCVideos' | Install-module

and then you can run the following command Download-DSCVideos -dest ‘C:\DSCVideos’ -Advanced -verbose

Watch the MVA, download the DSC Resource Kit Wave10, and the WMF 5.0 April release is available in the Microsoft Download center: