How to Enable/Install SMTP relay Service on Windows Server Using IIS Role
How to Easily Create Network Team in Microsoft Windows 2012, 2016, 2019
How To Create a Virtual Machine in Microsoft Azure Portal – For Beginners
This is a problem for newly installed windows 7 operating system.
Issues / Problem:- A required Windows Security Hotfix KB2533623 has not been installed. But this Hotfix is no longer available for download in MS site.
So you need to install the Hotfix KB2758857 which is available to download.
Solution / FIX:- Install this security Hotfix from the Microsoft Site.
- Download and install this update using the control panel and windows updates option.
- or instead, you can manually download this update from the details below.
This article will guide you to redirect the URL using HTTP Redirect functionality in IIS.
Open IIS Manager from Start >> Administrative Tools >> Internet Information Services (IIS) Manager.
Expand the server name in the connection pane, then expand the Sites and navigate to the domain. Double-click on Http Redirect option.
Mark the check box Redirect requests to this destination and mention the URL to which you want to redirect your site.
- After that you will be provided with the below mentioned options for Redirect Behavior:
- Redirect all requests to exact destination (instead of relative to destination): When this option is checked, regardless of the original destination, all requests will be redirected to exact location specified in the box. If this option is unchecked everything will be redirected relative to the destination.
- Only redirect requests to content in this directory (not subdirectories): When you set redirection, by default content would be served by main directory and all its subdirectories. When you check this option, you can limit requests to just main directory without affecting the subdirectories.
- Status code: With this drop down you can select the status code (301, 302 and 307) you want to send back while redirecting.
- 301 Permanent ==> IIS 7 will return HTTP response status as HTTP/1.1 301 Moved Permanently
- 302 Found ==> IIS 7 will return HTTP response status as HTTP/1.1 302 Redirect
- 307 Temporary ==> IIS 7 will return HTTP response status as HTTP/1.1 307 Redirect
- After selecting the appropriate options, click on Apply.
It may be one of the world’s most popular games, but PlayerUnknown’s Battlegrounds hasn’t been without controversy. Called ‘addictive’ and ‘dangerous’, PUBG has at times been banned in Nepal, parts of India, Iraq, and China.
If you live in or are traveling to one of these countries — don’t worry. You can still play PUBG with help from a VPN.
The best VPNs are capable of bypassing even the strictest geo-restrictions, meaning you can play PUBG in countries where it’s been blocked.
Even if you don’t live in a country where PUBG has been banned, VPNs can also have lots of other benefits when it comes to gaming. Using a VPN server can reduce latency and lag, as well as protecting you from hackers.
Quick Guide: Best VPNs for PUBG
- NordVPN – With an impressive worldwide network of super-fast, P2P-friendly servers, NordVPN is our top recommendation for PUBG.
- ExpressVPN – One of the fastest VPNs out there, ExpressVPN also has intuitive custom apps that make it perfect for gaming on all devices.
- CyberGhost – Quick, simple, and affordable, CyberGhost is a great all-rounder for gaming.
- Surfshark – Unlimited simultaneous connections make Surfshark a brilliant option for gamers who like to use different devices.
- Private Internet Access – Cannot beat the Great Firewall of China, but has a widespread global network to play other PUBG regions.
What You Need in a VPN for PUBG
If you live in — or you’re going to visit — a country where PlayerUnknown’s Battlegrounds has been blocked, you’ll first need a VPN that is capable of bypassing geo-restrictions.
China, for example, is infamous for its Great Firewall. Only the best VPNs are capable of getting around this kind of censorship. They can do this by either avoiding detection via obfuscated servers or by having such a large network that they can immediately replace any servers that are detected and blacklisted by anti-VPN software.
For gamers who don’t live in a country where PUBG has been blocked, getting around geoblocking can still be useful. PUBG’s new update means you’re often assigned to a server based on your local region. A VPN will mask your location, meaning that you can connect to PUBG via a server in a different location if you want to play in another region.
Reducing the distance between yourself and a gaming server in this way also reduces ping. This means reduced lag and increased speeds for you.
To make the most of both of these benefits, you’ll need a VPN with a worldwide network of servers in the countries you’d like to access.
As with any online game, PUBG also comes with a very real risk of hacking. Connecting to any game server leaves your IP address vulnerable to detection. This, in turn, leaves you vulnerable to cyber attacks like a DDoS or DoS.
Using a VPN to connect to PUBG gives you an extra layer of protection against hackers by hiding your IP address. When you connect to a game server, any potentially malicious users will see the VPN server IP address instead of your own. Choose a VPN with the highest levels of encryption and security to keep your personal data private.
Lastly, if you want to play PUBG Mobile as well as on your console and computer, you need a VPN that allows you to protect multiple devices under one license. Multiple simultaneous connections can also be really useful if you like to have friends round for a team session.
Best VPNs for PUBG
There’s a reason why our users rank NordVPN as the best VPN service. Special obfuscated servers are designed to bypass even the most rigorous firewalls while you can also connect to anti-DDoS servers and CyberSec software to keep yourself safe from hackers.
An outstanding network of 5,200+ servers across 60 countries gives you plenty of options for accessing regional tournaments and content. This huge number of servers also guarantees you a fast and uninterrupted connection for smooth gaming. You can protect all of your devices with up to 6 simultaneous connections.
Best of all, you can test whether NordVPN suits you entirely risk-free with a 30-day money-back guarantee.
NordVPN can unblock:
- Netflix, HBO, Hulu, Showtime, BBC iPlayer, Amazon Prime Video, and Sling TV.
- Yes, P2P specialty servers available.
NordVPN works on these devices:
- Windows, macOS, Android, iOS, Android TV, Linux, Chrome, and Firefox. It’s also compatible with routers.
While it is one of the more costly options when it comes to VPNs, our users think ExpressVPN is worth it. 3,000+ servers in 94 countries not only give you 160 locations to choose from, but they also give you the fastest speeds of any VPN.
A great option for those who already have a little VPN knowhow, ExpressVPN is endlessly customizable so can be entirely tailored to gaming. For example, split tunneling allows you to choose exactly which traffic you want to protect with the VPN. 256-bit encryption and a strict no-logs policy will also keep you and your personal information safe.
If you want to make sure ExpressVPN is worth the money, you can always make the most of its 30-day money-back guarantee.
ExpressVPN can unblock:
- Netflix, Hulu, HBO, Amazon Prime Video, Showtime, Sling TV, DAZN, and BBC iPlayer.
- Yes, all servers support P2P activity.
ExpressVPN works on these devices:
- Windows, macOS, Android, iOS, Android TV, Linux, Chrome, and Firefox. It also offers an app for use with certain routers.
All of CyberGhost’s apps are incredibly intuitive and easy-to-use. You won’t need to worry about any complicated settings, simply choose from a list of activities and CyberGhost will automatically connect you to the best server for your needs.
A stellar network of 3,600+ servers across 60 countries gives you plenty of locations to choose from and you can protect up to 7 devices under one profile. CyberGhost’s no-logs policy, military-grade encryption, and DNS and IP Leak protection will also keep you safe — even in the event of a dropped connection.
CyberGhost gives you a generous 45 days to trial its service completely free. Or you can see what real users have to say in our reviews.
CyberGhost can unblock:
- Dedicated streaming profile with servers optimized for: Netflix, BBC iPlayer, Sky Go, Comedy Central, Eurosport, ESPN, and others.
- Yes; dedicated profile shows countries and number of users.
CyberGhost works on these devices:
- Windows, macOS, Android, iOS, Amazon Fire Stick, Android TV, Linux, and Chrome.
Sometimes, being a newcomer has its advantages. Surfshark’s relative youth means it’s actually really good at flying under the radar when it comes to unblocking geo-restricted content. You’ll be able to choose from 800+ servers in 50+ countries and all servers are P2P-friendly.
Connections on Surfshark are fast and reliable and privacy is guaranteed by a no-logs policy, kill switch, DNS leak protection, high-end encryption, and unique MultiHop software.
However perhaps the most popular feature with our users is Surfshark’s unlimited device connection. That means you can safely game on all of your devices, or protect your entire team when they come round to play PUBG.
Surfshark can unblock:
- Netflix, Hulu, CBS, ESPN, Amazon Prime Video, and others.
- Yes, all servers support P2P activity.
Surfshark works on these devices:
- Windows, macOS, Android, iOS, FireTV, Linux, Chrome, and Firefox.
Priding itself on its top-class security, Private Internet Access is the perfect choice for the privacy-conscious gamer. Hackers and cheats will be unable to infiltrate your connection thanks to military-grade encryption.
Further top-shelf security features include leak protection, a kill switch, and strict no-logs policy. Whether your gaming, streaming, or doing anything else online, you’re protected with Private Internet Access.
Private Internet Access is currently unable to beat the Great Firewall of China, but its widespread global network of 3,200+ high-speed servers in over 40 countries allow you to play PUBG in other regions with no lag.
Protected Users Security Group
- 7 minutes to read
Applies To: Windows 8.1, Windows Server 2012 R2
This topic for the IT professional describes the Active Directory security group Protected Users and explains how it works. This group was introduced in Windows Server 2012 R2.
Members of this group are afforded additional protections against the compromise of credentials during authentication processes.
This security group is designed as part of a strategy to effectively protect and manage credentials within the enterprise. Members of this group automatically have non-configurable protections applied to their accounts. Membership in the Protected Users group is meant to be restrictive and proactively secure by default. The only method to modify these protections for an account is to remove the account from the security group.
Accounts for services and computers should not be members of the Protected Users group. This group provides no local protection because the password or certificate is always available on the host. Authentication will fail with the error “the username or password is incorrect” for any service or computer that is added to the Protected Users group.
This domain-related, global group triggers non-configurable protection on devices and host computers running Windows Server 2012 R2 and Windows 8.1, and on domain controllers in domains with a primary domain controller running Windows Server 2012 R2. This greatly reduces the memory footprint of credentials when users sign into computers on the network from a non-compromised computer.
Depending on the account’s domain functional level, members of the Protected Users group are further protected due to behaviour changes in the authentication methods that are supported in Windows.
- The member of the Protected Users group cannot authenticate by using NTLM, Digest Authentication, or CredSSP. On a device running Windows 8.1, passwords are not cached, so the device that uses any one of these Security Support Providers (SSPs) will fail to authenticate to a domain when the account is a member of the Protected User group.
- The Kerberos protocol will not use the weaker DES or RC4 encryption types in the pre-authentication process. This means that the domain must be configured to support at least the AES cipher suite.
- The user’s account cannot be delegated with Kerberos constrained or unconstrained delegation. This means that former connections to other systems may fail if the user is a member of the Protected Users group.
- The default Kerberos Ticket Granting Tickets (TGTs) lifetime setting of four hours is configurable by using Authentication Policies and Silos, which can be accessed through the Active Directory Administrative Centre (ADAC). This means that when four hours has passed, the user must authenticate again.
For more information, see How the Protected Users group works in this topic.
The following table specifies the properties of the Protected Users group.
|Default container||CN=Users, DC=<domain>, DC=|
|Default member of||None|
|Protected by ADMINSDHOLDER?||No|
|Safe to move out of default container?||Yes|
|Safe to delegate management of this group to non-service admins?||No|
|Default user rights||No default user rights|
How the Protected Users group works
This section explains how the Protected Users group works when:
- Windows 8.1 devices are connecting to Windows Server 2012 R2 hosts.
- The account is located at the Windows Server 2012 R2 domain functional level.
When Windows 8.1 devices are connecting to Windows Server 2012 R2 hosts
When the Protected Users’ group account is upgraded to the Windows Server 2012 R2 domain functional level, domain controller-based protections are automatically applied. Members of the Protected Users group who authenticate to a Windows Server 2012 R2 domain can no longer authenticate by using:
- Default credential delegation (CredSSP). Plain text credentials are not cached even when the Allow delegating default credentials Group Policy setting is enabled.
- Windows Digest. Plain text credentials are not cached even when Windows Digest is enabled.
- NTLM. The result of the NT one-way function, NTOWF, is not cached.
- Kerberos long-term keys. The keys from Kerberos initial TGT requests are typically cached so the authentication requests are not interrupted. For accounts in this group, Kerberos protocol verifies authentication at each request..
- Sign-in offline. A cached verifier is not created at sign-in.
Non-configurable settings to the TGTs expiration are established for every account in the Protected Users group. Normally, the domain controller sets the TGTs lifetime and renewal, based on the domain policies, Maximum lifetime for user ticket and Maximum lifetime for user ticket renewal. For the Protected Users group, 600 minutes is set for these domain policies.
After the user account is added to the Protected Users group, protection is already in place when the user signs into the domain.
When domain controllers other than Windows Server 2012 R2 require the Protected Users security group
The Protected Users group can be applied to domain controllers that run an operating system earlier than Windows Server 2012 R2. This allows the added security that is achieved by using the Protected Users group to be applied to all domain controllers. The Protected Users group can be created by HYPERLINK “https://technet.microsoft.com/library/cc816944(v=ws.10).aspx” transferring the primary domain controller (PDC) emulator role to a domain controller that runs Windows Server 2012 R2. After that group object is replicated to other domain controllers, the PDC emulator role can be hosted on a domain controller that runs an earlier version of Windows Server.
For more information, see How to Configure Protected Accounts.
Built in restrictions of the Protected Users security group
Accounts that are members of the Protected Users group that authenticate to a Windows Server 2012 R2 domain are unable to:
- Authenticate with NTLM authentication.
- Use DES or RC4 encryption types in Kerberos pre-authentication.
- Be delegated with unconstrained or constrained delegation.
- Renew the Kerberos TGTs beyond the initial four-hour lifetime.
Accounts for services and computers should not be members of the Protected Users group. This group provides no local protection because the password or certificate is always available on the host.
Event log information
Two operational administrative logs are available to help troubleshoot events that are related to Protected Users. These new logs are located in Event Viewer and are disabled by default, and are located under Applications and Services Logs\Microsoft\Windows\Microsoft\Authentication.
|EVENT LOG INFORMATION|
|Event ID and Log||Description|
|104 ProtectedUser-Client||Reason: The security package on the client does not contain the credentials. The error is logged in the client computer when the account is a member of the Protected Users security group. This event indicates that the security package does not cache the credentials that are needed to authenticate to the server. Displays the package name, user name, domain name, and server name.|
|304 ProtectedUser-Client||Reason: The security package does not store the Protected User’s credentials. An informational event is logged in the client to indicate that the security package does not cache the user’s sign-in credentials. It is expected that Digest (WDigest), Credential Delegation (CredSSP), and NTLM fail to have sign-on credentials for Protected Users. Applications can still succeed if they prompt for credentials. Displays the package name, user name, and domain name.|
|100 ProtectedUserFailures-DomainController||Reason: An NTLM sign-in failure occurs for an account that is in the Protected Users security group. An error is logged in the domain controller to indicate that NTLM authentication failed because the account was a member of the Protected Users security group. Displays the account name and device name.|
|104 ProtectedUserFailures-DomainController||Reason: DES or RC4 encryption types are used for Kerberos authentication and a sign-in failure occurs for a user in the Protected User security group. Kerberos preauthentication failed because DES and RC4 encryption types cannot be used when the account is a member of the Protected Users security group. (AES is acceptable.)|
|303 ProtectedUserSuccesses-DomainController||Reason: A Kerberos ticket-granting-ticket (TGT) was successfully issued for a member of the Protected User group.|
Requirements to provide client-side protection for members of the Protected Users group include:
- The Protected Users global security group is replicated to all domain controllers in the account domain.
- Devices and hosts are running Windows 8.1 or Windows Server 2012 R2.
Requirements to provide domain controller protection for members of the Protected Users group include:
- The domain functional level in the account domains is set to Windows Server 2012 R2.
To enable Windows Server 2012 R2 and Windows 8.1 protection for clients on domains with pre-Windows Server 2012 R2 domain functional levels, after the Protected Users group has replicated throughout the domain, a user signs in with an account that is a member of a Protected Users group.
Use below command:
openssl.exe pkcs12 -in _SSLCertificate-Chain.pfx -nokeys -out SSLCertificate-chain.crt
Please use below command to extract the Key file without password
openssl rsa -in key.pem -out key_with_no_pw.key
Use below command to extract the PFX file using certificate Chain.
openssl pkcs12 -export -out SSLCertificate.pfx -inkey Certificate.key -in SSLCertificate.crt -in intermediateCA.crt -in rootCA.crt
openssl pkcs12 -export -out SSLCertificate.pfx -inkey Certificate.key -in SSLCertificate.crt