Monthly Archives: November 2017

How to enable for vPro/AMT computers mutual authentication using certificates.

November 19, 2017 by Munkhtuvshin Baatar
3 comments

In May 2017 Intel publicly confirmed the vulnerability in own firmware for vPro/AMT.

To download and patch such computers from Dell use links inside the PDF file from following link.

But as i mentioned in my linkedin post it’s possible to protect even noname computers (without updated BIOS) with compromised ME firmware — implementing SSL/TLS certificates for mutual authentication. In this post i will show how it can be done.

At first let’s consider that

  • you know that your computer supports vPro/AMT, ME version, you know AMT type (ISM or full AMT and so on)
  • you already use intel
Read the rest

Rufus as an alternative for free Microsoft Windows 7 USB DVD download tool

November 16, 2017 by Munkhtuvshin Baatar
No comments

Microsoft Windows 7 USB DVD download tool is very capricious, long time is not updated, doesn’t work in many cases (can after spent long time to copy 2-4gb, only in the end of process suddenly cast error that couldn’t create boot records; or doesn’t work on other version of windows and so on). Therefore i prefer to use tiny rufus utility. It’s free and very small – less than megabyte. Doesn’t need to be installed – portable – ready to work immediately after download. Very stable work to create Windows install disks for any edition and version, including windows 10 … Read the rest

How to create handy boot USB toolbox

November 16, 2017 by Munkhtuvshin Baatar
No comments

To have for each tool CD/DVD/USB flash disk is too inconvenient, so let’s combine on one USB flash disk all of them.

  1. Download yumi
  2. format your Flash disk as FAT32 (ntfs will not work with grub loader), so there is iso file limitation of FAT32, not more than 2GB.
  3. never leave in iso file name spaces. Prepare all necessary iso files (usually i prefer to have multiple versions of hiren tools/ERD/DART10/acronis tools, veeam BER, macrius repair disk, veeam agent, WDS capture disk and so on)
  4. iso files are not extracted and copied as is to the flash disk !!! not
Read the rest

Some recommendations for windows installers.

November 16, 2017 by Munkhtuvshin Baatar
No comments
    1. if you want to install any version of Windows on large disk (bigger than 2TB) start your PC from UEFI, not from conventional BIOS boot. Otherwise you will be able after installation to use only 2TB from for example 3 or 4TB hdd.
    2. sometimes previous OEM repair service partitions, or linux/unix partitions cannot be removed from HDD by windows GUI, in this case just do following (NEVER DO IT ON HDD WITH DATA, after “clean” command whole disk (all partitions) will be erased ! ): 
      diskpart
list disk
select disk 0
clean

      (if you install fresh windows – during booting

Read the rest

How manually enable Let’s encrypt SSL for Windows IIS server.

November 16, 2017 by Munkhtuvshin Baatar
No comments

Let’s Encrypt free certificates are very useful for Microsoft web servers, MS Dynamics Nav web client access, Exchange and Lync/Skype for business external accesses and so on (better to use it with windows ACME clients for auto prolongation of certificate)

But if you have problems with publishing 80/443 port of your web server (conflict with router admin port, or maybe even server is not in public Internet access and so on, maybe you should configure manually Let’s encrypt SSL for your testing environment)

1. go to https://zerossl.com

2.

3.

Certbot/ACME clients use “HTTP verification”. We will in this post use … Read the rest