Om Henrik Rading

Denne forfatter har endnu ikke udfyldt nogle detaljer.
So far Henrik Rading has created 15 blog entries.

Unlock BitLocker Encrypted Drive From WinPE the Secure Way!

I have seen several blog posts on how to unlock a BitLocker encrypted drive from Windows PE, using the recovery password stored in the Microsoft Bitlocker Administration and Monitoring (MBAM) SQL Server database. What's the problem with these solutions? All of these have one thing in common: they query the SQL database directly, requires changing SQL Server configuration and granting access to the database directly. Why is this a problem? Well, in my opinion this is a bad design approach, as the core purpose of implementing BitLocker volume encryption and MBAM is to secure our data from being compromised. By [...]

Create Windows 10 Enterprise ISO from Professional media

Microsoft has released build 10041 of Windows 10 Technical preview, but again there is only an ISO for the Professional edition.The workaroundwell lucky for us, there is a way around this. It is possible to utilize DISM to change editions of Windows, so by running a few commands we can upgrade the install.wim from Pro to Enterprise.To do this you need a computer with Windows 10 installed, as we need the latest version of DISM. Simply install Windows 10 Pro using the latest release on a physical or virtual computer.Mount the Windows 10 Pro ISO, and copy the content to [...]

By |2015-04-21T10:14:14+01:00april 21st, 2015|General info, Windows Client|2 Comments

SMSTS.log Size and History is Reset During Refresh Scenarios

If you have changed the default values for LogMaxSize and LogMaxHistory in your SMSTS.ini in your boot media, some of you might have experienced that these values gets reset to their default values (1000000 and 1) during a refresh scenario. This causes us to loose build history and makes troubleshooting quite difficult as logs are incomplete. Well, our friends over at E1 have created a nifty little tool that you can use to overcome this issue. The tool will change the following variables that controls the log behavior, these are normally read-only and can not be changed the way we [...]

Change Temporary Location for SCCM Media Creation

When you create Task Sequence media in Configuration Manager, the environment variable TMP is used to locate temporary storage for the creation process. By default this points to the users temp folder, which is usually on C: drive with limited space. While this is normally not a problem for creating an online boot media, creating offline media with many driver packages, software packages etc. you are bound to run into trouble. It is not only the Create TS Media wizard that uses this location, is also used when a WIM file needs to be mounted, so every time you create [...]

By |2014-10-28T09:47:36+01:00oktober 28th, 2014|Configuration Manager (SCCM), General info|7 Comments

Activate local Admin account – or why you need BitLocker!

While this is not a newly discovered hack, I feel that we can not stress the importance of using Bitlocker to encrypt our hard drives. If you like me encounter customers that still runs their computers unencrypted, and don’t see the need for encryption. just use the following guide to show them how easy it is to activate the local administrator account and reset its password. Step 1 Show the customer that the local administrator account is disabled. (or that you don’t know the password). Step 2 Boot from any bootable media, such as the original installation media, Ultimate Boot [...]

By |2014-09-26T14:32:36+01:00september 26th, 2014|Operating Systems, OS Deployment, Security|8 Comments

Deploying Windows 8 with MBAM Used-Space-Only Encryption

Windows 8 comes with the option to pre-provision the disk for use with BitLocker, allowing only the used-space to be encrypted, thus reducing the encryption time a lot. Problem occur when enterprises want to use the Microsoft Bitlocker Administration and Monitoring (MBAM) toolkit from the Microsoft Desktop Optimization Pack (MDOP) to store BitLocker recovery keys, and track compliance. MBAM 2.0 sp1 does not support used-space encryption as per the release notes, forcing enterprises to either drop MBAM or perform full encryption of the disk, which can be a time consuming task depending on disk size and CPU performance. After spending [...]

By |2014-03-11T15:35:38+01:00marts 11th, 2014|OS Deployment, Security, Windows Client|14 Comments