Powershell: Enable virtualization and Credential Guard in an instant (Lenovo laptops)

Windows 10 Credential Guard is currently another hot topic considering cyber security. Credential Guard is a new feature in Windows 10 (Enterprise and Education edition) that helps to protect your credentials on a machine from threats such as pass the hash.

To be able to enable Credential Guard in Windows, you need to have virtualization enabled on the CPU in the BIOS. Virtualization is rarely enabled by default, and as such you will need to enable it manually (F1, enter BIOS, modify the setting) or better yet, find a solution to do so remotely and automatically.

I have created following script in Powershell, that initially enables virtualization in the BIOS (Note: We only use Lenovo laptops, hence this is made for Lenovo laptops only) and then apply the registry-keys to enable Credential Guard. All steps are logged into c:\Windows\EnableCredentialGuard.log

The script can be targeted to the proper Windows 10 versions through SCCM collections (I this example I only target W10 1607 and 1703, as these Windows 10 versions no longer require the Isolated User Mode feature when enabling Credential Guard, as it’s now embedded into the Hypervisor)

When deploying powershell script from SCCM, remember to create the program with a command line like this: powershell.exe -ExecutionPolicy Bypass -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File .\CredentialGuard\Enable-VirtualizationCredentialGuard.ps1

Snip of the logfile when everything succeeds:

Dynamic Stamps in Adobe Acrobat

This is a tad offtopic, but it took me a while to figure out how to make a dynamic stamp in Adobe Acrobat, as when inserted, prompts the user for input and automatically puts the input on top of the stamp. So here goes: (this requires Adobe Acrobat Pro or the ability to make/edit forms in pdf)

  1. First off, open Adobe Acrobat and go to Comment -> Annotations -> Stamp drop down -> Custom Stamps -> Create Custom Stamp (This is the easy part, so I only touch this briefly)
  2. Browse to your file containing the stamp (I have stamps made in the pdf format. For this I made the stamp in Illustrator)
  3. Give it a name and a category and click OK

With above in place, you now have a new stamp-file located at AppData\Roaming\Adobe\Acrobat\11.0\Stamps. It’s given a random generic name like “PSrfwCzHqxg6fYZmnjYV0D.pdf”.  So far, so good.

Now go ahead and open and edit this file in Adobe Acrobat Pro and:

  1. Select Tools -> Forms -> Edit
  2. Go to Tasks -> Add New Field -> Button and insert the button somewhere in the blank page
  3. Right Click the new button and select Properties
  4. Go to the Action page, and select Run a JavaScript in the Select Action option.
  5. Click Add and paste following two lines of code into the window and click OK and Close

JavaScriptButtonProperties

Now click the new button with the JavaScript action you just made, and take notice of the template IDs in the popup:

javaScriptWarning

#9a6csAl0hXSlWeY-OYTDiD
#WZtYwuwFlm9eAFnYXvCOGA
#y2fXxVRn8AcGrHnfA2BJdD

Above IDs will be used when creating the text field on the stamp. The text field created in the following steps, is where the input from the prompt goes.

  1. Tasks -> Add New Field -> Text Field
  2. Right Click the new text field and select Properties
  3. Go to the Calculate page and insert a Custom calculation script
  4. Insert below script and make sure to your template IDs from above is correct
  5. Place the text field where desired and save the stamp file

Now, when the stamp is inserted from Adobe Reader / Adobe Acrobat following window pops up and the net result is my stamp with my input on top of it.

InsertStamp Stamp

Debug and view Windows .dmp files.

Quick and short post.

Nowadays if a BSOD happens in Windows, the OS automatically restarts the system. The users in an enterprise never notice that an BSOD just occured, but will find their computer automatically rebooting and as a result hereof, the users calls the helpdesk.

If a BSOD just happened, windows will log the errors in .dmp files. Typical location is %SystemRoot%\MEMORY.DMP

To view the .dmp files, you will need  the Windows Software Development Kit (SDK). This one is for Windows 8.1: https://msdn.microsoft.com/da-DK/windows/desktop/bg162891

Following the SDK, comes windbg.exe. This is the tool that allows you to view the content of the .dmp files.

Before opening any .dmp files, you will need to specify a symbol search path. You do so by launching WinDbg and click File -> Symbol File Path.

Insert following path: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols

(Replace the text in bold with your preffered location for the symbols)

More on the symbols: http://support2.microsoft.com/kb/311503