精华内容
下载资源
问答
  • 2018.7.20Windows日志与审核

    千次阅读 2018-12-28 09:00:29
    2018.7.20 Windows事件日志简介 位置 管理工具-事件查看器 本质上是数据库:发生什么--什么时间-与谁有关-是否系统相关-访问什么资源 共有五种事件级别:所有的事件必须只能拥有其中的一种事件级别 成功的...

    (沉积笔记整理发布)

    2018.7.20Windows日志与审核

    Windows事件日志简介

    位置:管理工具-事件查看器

    本质上是数据库:发生什么--什么时间-与谁有关-是否系统相关-访问什么资源

    共有五种事件级别:所有的事件必须只能拥有其中的一种事件级别

    成功的审核安全访问尝试,主要指安全性日志,所有的成功登录系统都会被记录为成功审核事件

    Windows日志文件

    文件名、结构、存储位置

    扩展名evtx   位置“%systemroot%”\system32\winevt\logs

    位置

    位置

     

     

    Windows事件日志分析

    Win7和winser2008r2

    用户登录与注销

    场景

    判断哪个用户登录

    分析被控制的用户的使用情况

    事件id

    4624 -登录成功

    4625 -登录失败

    4634/4647-注销成功

    4672-使用超级用户进行登录

     

    追踪硬件变动

    场景

    分析那些硬件设备什么时间安装到系统中

    事件id

    20001 即插即用驱动安装-系统日志

    20003 即插即用驱动安装-系统日志

    4663 移动设备访问成功

    4656 移动设备访问失败 安全日志

     

    无线网络位置

     

    事件id

    10000-网络连接成功

    10001-连接失败

     

     

    筛选日志

     

    *其他日志分析工具

     

     

     

    Windows安全审计实战

     

    配置审计策略

    • 安全日志
      1. 记录系统的安全审计事件,包含各种类型的登录日志、对象访问日志、进程追踪日志、特权使用、账号管理、策略变更
    • 应用程序日志
    • 系统日志
    • 失败审核failure audit
    • 信息information
    • 警告warning
    • 错误error
    • 成功审核success audit
    展开全文
  • It may be possible to recover a KeePass database whose Master Key includes a Windows User Account (WUA) ifcertain user data is available. Typical situations are: A Windows computer is not boot...

    It may be possible to recover a KeePass database whose Master Key includes a Windows User Account (WUA) ifcertain user data is available. Typical situations are:

    • A Windows computer is not bootable but the boot disk can still be mounted as data drive.
    • A Windows user profile has been deleted but a backup of the profile is available.
    • A Windows user profile has been damaged but the critical files can still be read, or a backup of the user profile is available.

    The database recovery process below may be used to temporarily recover a KeePass database whose Master Key includes a non-domain WUA that is no longer operational. The procedure may be adaptable to a domain WUA [1]but it has not been tested. Once a database is recovered its Master Key can be changed to remove the original WUA key component. This database recovery process has not been tested for all cases, one case that has not been tested is where the old WUA password or username was changed after the ProtectedUserKey.bin file (DPAPI blob) was created [2].

    The procedure is not suitable for permanently moving the database and retaining the old WUA Master Key component because it will break preexisting databases in the account where the recovery was performed, if the preexisting databases include a WUA in their Master Key. It is strongly recommended that a temporary WUA be used for the KeePass database recovery.

    The procedure was developed based on the description of DPAPI in Recovering Windows Secrets and EFS Certificates Offline by Elie Burzstein and Jean Michel Picod (2010) and the Microsoft Technet article How to recover a Vault corrupted by lost DPAPI keys.


    Section I - Preliminaries.
    1. Configure Windows File Explorer to show hidden and system files, and file extensions. A screenshot is attached.

      1. Start Windows File Explorer (e.g. press Win-E, or type explorer.exe in the Windows Search Bar)
      2. If the Menu bar is not displayed press the 'Alt' key to display it.
      3. Select 'Tools>Folder Options>View(tab)' from the folder options dialog box.
      4. Check 'Show hidden files, folders, and drives'
      5. Uncheck 'Hide extensions for known file types'
      6. Uncheck 'Hide protected operating system files (Recommended)'
    2. Definitions:

      1. WUA is a Windows User Account
      2. WUA Master Key(s) are the Master Key(s) for a WUA. These keys are different from the KeePass database Master Key.
    Section II - Collect files and data from the old (non-operational) WUA.
    1. Copy the KeePass database to be recovered and if one is used, its associated key file.
    2. Obtain the password(s) and username(s) of the old WUA [3].
    3. Copy the WUA Master Key folder: C:\Users\<username>\AppData\Roaming\Microsoft\Protect\<SID>\, where <username> is the username and <SID> is the SID of the old WUA. The folder name will be similar to S-1-5-21-2676219764-1201964595-2451656395-1000

      1. There will likely be only one "SID" folder in the "Protect" folder. If there is more than one SID folder, figure out which is the SID folder of the old WUA and copy it.
      2. The SID folder will contain one file called 'Preferred' and one or more WUA Master Key files with names like 
        b8d158ae-b61b-4987-9326-962ed2654c17. Count the number of WUA Master Key files in the folder.
    4. Copy the ProtectedUserKey.bin file (DPAPI blob) located in the
      C:\Users\<username>\AppData\Roaming\KeePass\ directory of the old WUA.
    Section III - Add the WUA Master Keys used by the old WUA to a temporary WUA.
    1. Create a temporary WUA and log in to it.
    2. Copy the WUA Master Key folder from Section (2) step 3 to the following directory in the temporary WUA:%APPDATA%\Microsoft\Protect\ Verify that the number of WUA Master Keys in the folder matches the number that was copied in Section (2) step 3.
    3. Add registry keys needed by the DPAPI migration utility.

      1. Edit the attached file: DPAPI migration.reg.txt replacing every instance of <SID> and <username> with the SID and username of the old WUA. For example the final entry in DPAPI migration.reg.txt for username "George" with a SID of S-1-5-21-2676219764-1201964595-2451656395-1000, would be:

        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\DPAPI\MigratedUsers\S-1-5-21-2676219764-1201964595-2451656395-1000\UserName]
        "George"=""

      2. Rename DPAPI_migration.reg.txt to DPAPI migration.reg and run it (double click on the file). A warning will be displayed. After proceeding a confirmation dialog that the keys have been added to the registry will be displyed.
    4. Open a command prompt and run the utility:
      c:\windows\system32\dpapimig.exe. Enter the old WUA password if prompted for it.

      1. Verify that the WUA Master Keys from the old WUA were moved out of the folder that was created inSection (3) step 2.
      2. If the process was partially successful (some but not all WUA Master Key were moved) check the date of the oldest WUA Master Key that was successfully moved. If it predates the date on ProtectedUserKey.bin file from the old WUA then the remaining unexported WUA Master Keys may probably be ignored. If it doesn't, then it is is probably necessary to repeat the WUA Master Key import process (from Section (3) step 3) using older passwords and usernames, from the old WUA (if they are known).
      3. If the process failed entirely (no old WUA Master Keys were moved), then find the problem and repeat the entire process. This may include recreating the registry keys, because these keys may be deleted when the dpapimig utility is run.
    Section IV - Restore the old computer ProtectedUserKey.bin (DPAPI blob), Open the KeePass database, Change the Master Key, and Make a copy of the database.
    1. Copy the ProtectedUserKey.bin from the old computer to the temporary WUA directory:%APPDATA%\KeePass\.
    2. Copy the KeePass database to be recovered and if one was used, its associated key file, to a convenient location in the temporary WUA (e.g. the Desktop).
    3. Open KeePass, navigate to the KeePass database, supply the complete KeePass Master Key remembering to check the 'WUA' box in the Master Key dialog. The database should open. If the database does not open, check the modified date of ProtectedUserKey.bin file in %APPDATA%\KeePass\.

      1. If the modified time has changed to the current time the ProtectedUserKey.bin file was not valid and the above WUA Master Key migration procedure (Section(3) above) failed. Carefully recheck all steps and for errors and repeat the procedure incorporating any corrections.
      2. If the modified time did not change, the ProtectedUserKey.bin was OK. Some other component of the the Master Key that was entered is incorrect.
    4. While the recovered KeePass database is open, change the database Master Key ('File>Change Master Key...') to remove the WUA component. Save and close the database. The database can now be moved to other computers and different WUAs.
    5. After verifing that the database can be opened in other WUAs remove the temporary WUA.


    [1] See How to recover a Vault corrupted by lost DPAPI keys for a descripription on how to recover domain DPAPI Master Keys.

    [2] See Recovering Windows Secrets and EFS Certificates Offline section 3.2 for possible issues related to recovering WUA Master Keys.

    [3] It appears that WUA Master Keys encrypted with an old WUA passwords and/or usernames can also be recovered if the old WUA passwords and usernames are known. This capability has not been fully tested with respect to recovering KeePass databases.


    Discussion

    • Dale 
      Dale 
      2015-06-03

      It appears that with Win 8.1 the WUA permissions are different.
      Access to the old files is not enabled when logged on with temp user account, and a different version of the desktop is presented.

      Some suggestions are appreciated

       
    展开全文
  • 题意:  思路: 用优先队列直接模拟就OK了,另外优先队列存pair的时候比较的是first的值,实测!! 上代码: #include &lt;iostream&gt; #include &lt;queue&gt; ......

    题意: 

    思路: 用优先队列直接模拟就OK了,另外优先队列存pair的时候比较的是first的值,实测!!

    上代码:

    #include <iostream>
    #include <queue>
    #include <cstdio>
    #include <algorithm>
    #include <cmath>
    #include <cstring>
    #include <queue>
    #include <vector>
    #define INF 0x3f3f3f3f
    #define FRE() freopen("in.txt","r",stdin)
    
    using namespace std;
    typedef long long ll;
    typedef pair<int,string> P;
    const int maxn = 1e5+10;
    priority_queue<P, vector<P>, greater<P> > que;
    string op,name;
    int n,id;
    
    int main() {
        //FRE();
        cin>>n;
        for(int i = 0; i<n; i++) {
            cin>>op;
            if(op[0]=='P') {
                cin>>name>>id;
                que.push(P(id, name));
            } else {
                if(que.empty()){
                    cout<<"EMPTY QUEUE!"<<endl;
                }
                else{
                    P p = que.top();
                    que.pop();
                    cout<<p.second<<endl;
                }
            }
        }
        return 0;
    }
    /*
    样例输入:
    9
    PUT msg1 5
    PUT msg2 4
    GET
    PUT msg3 2
    PUT msg4 4
    GET
    GET
    GET
    GET
    样例输出:
    msg2
    msg3
    msg4
    msg1
    EMPTY QUEUE!
    */

     

    展开全文
  • ...Download 20 Windows 2003 Server ebooks (10 MCSE/MCSA Books + 10 Others)... DESCRIPTION:: MCSA / MCSE eBooks: 1. Name : MCSA/MCSE - 70-290 - Windows Server 2003 Environment Management and Maintenan
    Image

    ...Download 20 Windows 2003 Server ebooks (10 MCSE/MCSA Books + 10 Others)...

    DESCRIPTION::

    MCSA / MCSE eBooks:

    1. Name : MCSA/MCSE - 70-290 - Windows Server 2003 Environment Management and Maintenance Study Guide
    Publisher : Sybex
    Publication Date : N/A
    ISBN : 0-7821-4260-5
    Pages : 624
    File Type : PDF
    File Size : 9.3 MB

    2. Name : MCSA - Managing And Maintaining A Windows Server 2003 Environment - Exam Cram 2 Exam 70-292 - Kalani Kirk Hausman, Bruce Parrish
    Publisher : Que
    Publication Date : November 11, 2003
    ISBN : 0-789-73011-1
    Pages : 384
    File Type : CHM
    File Size : 3.6 MB

    3. Name : MCSA/MCSE - Managing And Maintaining A Microsoft Windows Server 2003 Environment - Exam Cram 2 Exam 70-290 - Dan Balter
    Publisher : Que
    Publication Date : October 16, 2003
    ISBN : 0-7897-2946-6
    Pages : 512
    File Type : CHM
    File Size : 5.1 MB

    4. Name : MCSA/MCSE - 70-299 - Windows Server 2003 Network Security Administration Study Guide - Russ Kaufmann, Bill English
    Publisher : Sybex
    Publication Date : 2004
    ISBN: 0-7821-4332-6
    Pages : 603
    File Type : PDF
    File Size : 16 MB

    5. Name : MCSE - 70-293 - Planning And Maintaining A Windows Server 2003 Network Infrastructure Study Guide - Michael Cross et al.
    Publisher : Syngress
    Publication Date : 2003
    ISBN: 1-9318-3693-0
    Pages : 603
    File Type : CHM
    File Size : 27.6 MB

    6. Name : MCSE Training Guide 70-293 Planning And Maintaining Windows Server 2003 Network Infrastructure - Will Schmied, Robert J. Shimonski
    Publisher : Que
    Publication Date : December 24, 2003
    ISBN : 0-7897-3013-8
    Pages : 700
    File Type : CHM
    File Size : 7.9 MB

    7. Name : MCSE Windows 2000 Server Exam Cram™ 2 (Exam 70-215) - Will Schmied, Lee Scales
    Publisher : Que
    Publication Date : April 02, 2003
    ISBN : 0-7897-2873-7
    Pages : 448
    File Type : CHM
    File Size : 4.0 MB

    8. Name : MCSE: Windows Server 2003 Network Security Design Study Guide (Exam 70-298)
    - Brian Reisman, Mitch Ruebush
    Publisher : Sybex
    Publication Date : 2004
    ISBN : 0-7821-4329-6
    Pages : 736
    File Type : CHM
    File Size : 14.4 MB

    9. Name : MCSE : Windows Server 2003 Planning a Network Infrastructure Certification Passport - Exam 70 293 - Mike Meyer's Certification Passport - Martin C. Brown, Chris McCain
    Publisher : McGraw-Hill/Osborne
    Publication Date : 2004
    ISBN : 0-07-222570-X
    Pages : 418
    File Type : PDF
    File Size : 6.9 MB

    10. Name : MCSE - 70-297 - Windows Server 2003 Active Directory And Network Infrastructure - MCSE Training Kit [2004] - Walter Glenn, Michael T. Simpson
    Publisher : Microsoft Press
    Publication Date : 2004
    ISBN : N/A
    Pages : 503
    File Type : PDF
    File Size : 4.1 MB

    OTHERS:

    1. Name : Active Directory Cookbook For Windows Server 2003 & Windows 2000 - Robbie Allen
    Publisher : O'Reilly
    Publication Date : September 2003
    ISBN : 0-596-00464-8
    Pages : 622
    File Type : CHM
    File Size : 1 MB

    2. Name : Inside Microsoft Windows Server 2003 - William Boswell
    Publisher : Addison Wesley
    Date Published : April 11, 2003
    ISBN : 0-7357-1158-5
    Pages : 1376
    File Type : CHM
    File Size : 14 MB

    3. Name : Mastering Active Directory for Windows Server 2003 - Robert R. King
    Publisher : Sybex
    Publication Date : N/A
    ISBN: 0-7821-4079-3
    Pages : 542
    File Type : PDF
    File Size : 12.8 MB

    4. Name : Learning Windows Server 2003, 2nd Edition - Jonathan Hassell
    Publisher : O'Reilly
    Publication Date : February 2006
    Print ISBN-10: 0-596-10123-6
    Print ISBN-13: 978-0-59-610123-7
    Pages : 742
    File Type : CHM
    File Size : 7.4 MB

    5. Name : The Best Damn Windows Server 2003 Book Period 2004 - Susan Snedaker
    Publisher : Syngress
    Publication Date : N/A
    ISBN: 1-931836-12-4
    Pages : 1033
    File Type : PDF
    File Size : 21.9 MB

    6. Name : The Ultimate Microsoft Windows Server 2003 System Administrator's Guide - Robert Williams, Mark Walla
    Publisher : Addison Wesley
    Publication Date : April 11, 2003
    ISBN : 0-201-79106-4
    Pages : N/A
    File Type : CHM
    File Size : 15.9 MB

    7. Name : Windows® Server 2003 - Clustering & Load Balancing - Robert Shimonski
    Publisher : McGraw-Hill/Osborne
    Publication Date : 2003
    ISBN : 0-07-222622-6
    Pages : 401
    File Type : PDF
    File Size : 7.5 MB

    8. Name : Windows Server 2003 Registry - Olga Kokoreva
    Publisher : A-LIST
    Publication Date : 2003
    ISBN : 1-931-76921-4
    Pages : 566
    File Type : CHM
    File Size : 28.2 MB

    9. Name : Windows® Server 2003 - The Complete Reference - Kathy Ivens, Rich Benack, Christian Branson, Kenton Gardinier, John Green, David Heinz, Tim Kelly, John Linkous, Christopher McKettrick, Patrick J. Santry, Mitch Tulloch
    Publisher : McGraw-Hill/Osborne
    Publication Date : N/A
    ISBN : 0-07-223028-2
    Pages : 1015
    File Type : PDF
    File Size : 23.5 MB

    10. Name : Windows Server Hacks - Mitch Tulloch
    Publisher : O'Reilly
    Publication Date : March 2004
    ISBN : 0-596-00647-0
    Pages : 384
    File Type : CHM
    File Size : 1.9 MB

    Download Links:
    Code:
    http://rapidshare.com/files/19476277/20Win2k3ebk.rar
    http://rapidshare.com/files/19474187/20Win2k3ebk1.part1.rar
    http://rapidshare.com/files/19472527/20Win2k3ebk1.part2.rar
     
    展开全文
  • Windows 10 20H1 2004新功能

    千次阅读 2020-03-06 21:11:36
    Windows 10的年度更新版本20H1即将问世。 目前可以从insider preview渠道中获得。这个版本中看上去对搜索功能做了不小的改进。包括搜索的磁盘占用率以及搜索的一些展示方式。 其它的一些改进包括 Windows ...
  • 20windows秘密

    2007-01-27 15:06:00
    1. systeminfo:让XP列出更多有用信息 Windows XP 总是在炫耀它可以给稳定工作多么长的时间!要想详细地了解这一信息,你可以接入 Windows 的“开始菜单”,再开启“附件菜单”中的“命令提示符”,然后在其中...
  • Windows Server 2019 Update 2010,20H2 作者:gc(at)sysin.org,主页:www.sysin.org Microsoft Windows Server 2019 Windows Server 2019 Update 2010 Version 1809,Updated 2010,Build 17763.1518,Build Date...
  • Windows 10 20H2正式版尝鲜

    千次阅读 2020-10-25 17:24:12
    Windows 10 H2正式版来了 10月21日,微软正式推送了Windows 10 20H2版本更新。新版本的功能在5月的预览版中已经曝光的差不多了,还是有一定小期待。我一直打算换,但是由于担心稳定性问题,加之网上一直有各种bug...
  • Believe it or not, its exactly 20 years since Microsoft released Windows 1.0. And, although the company is being fairly low-key in its celebrations of the event (except in Japan), I think its worth
  • windows10 2004补丁包直接升级20H2

    千次阅读 2020-11-20 14:48:04
    windows10 2004版本升通过小补丁包直接升级到20H2,不需要下载官方20H2的iso进行升级,(如果windows更新中直接推送了20H2的更好,本文针对在windows更新中未收到20H2推送的,且又不想下载完整20H2 iso系统镜像的) ...
  • 双系统windows下安装deepin20下载deepin.ios并制作启动盘分卷安装deepin安装完成后拔掉启动盘重启就可以愉快玩耍了 下载deepin.ios并制作启动盘 deepin官网,下载ios,这里我选择网易云镜像 ...
  • 双硬盘分别安装windows和Ubuntu20双系统

    万次阅读 多人点赞 2018-01-26 13:12:36
    所以这里我使用的另一种方法是把windows和ubuntu安装在不同的硬盘上,win装在固态硬盘上,ubuntu装在机械硬盘上,这样子装好后这两个系统互不影响,你可以随意重装windows系统,你也不用担心windows系统更新...
  • Windows系统太卡加速技巧 https://blog.csdn.net/libusi001/article/details/90298878 Dos窗口文字背景颜色设置 https://blog.csdn.net/libusi001/article/details/100097638 Windows软件开机自启的两种...
  • windows全局热键For those of you who like to use the quickest methods of getting things done on your computer, we have shown you many Windows shortcuts and hotkeys for performing useful tasks in the ...
  • Windows 7来了——知道你所不知道的WindowsWindows 7来了,您的电脑准备好了吗?Windows 7来了,您会用了吗?对这个全新的操作系统,您在观望之余,是否也开始了蠢蠢欲动……虽然有较多的出版社会出版了关于...
  • Windows历代版本一览

    千次阅读 2017-09-12 11:39:48
    版本 版本号 集成浏览器 .Net Framework版本号 发布日期 Windows 1.0 ... 1985/11/20 Windows 2.0 2.0 - - 1987/12/9 Windows 3.0 3.0 - - 1990/5/22 Windows 3.1 3.1 - - 1992/3/
  • windows和linux空格

    2019-08-20 14:25:37
    20 WINDOWS \n\r CRLF 0D 0A UNIX \n LF 0A
  • Windows10安装ubuntu 20双系统

    千次阅读 2020-12-24 08:35:15
    参考: https://www.cnblogs.com/masbay/p/10745170.html 第一步
  • 目前最新版的是微软于2020-10-20发布的Version 20H2镜像包。 2. 下载地址 2.1. 迅雷 Windows 10 (business editions), version 20H2 (x64) - DVD (Chinese-Simplified)ed2k://|file|...
  • 20windows XP小秘密

    2007-12-20 22:39:00
    1. systeminfo:让XP列出更多有用信息 Windows XP 总是在炫耀它可以给稳定工作多么长的时间!要想详细地了解这一信息,你可以接入 Windows的“开始菜单”,再开启“附件菜单”中的“命令提示符”,然后在其中输入...
  • windows20%带宽限制的误区

    千次阅读 2016-07-07 11:06:22
    由于Windows XP或2003有20%的“保留带宽”,有这样一个推论:去掉后速度提升20%,xp在带宽上做了手脚。这些说法在网上广为流行,然而你费时费力去掉这个限制后,却发现速度并没有提升! 据我所知,这个方法最早来源...
  • 12月12日电子工业出版社博文视点在中关村图书大厦五层举行了博文视点大讲堂第20期——Windows 7来了——知道你所不知道的Windows 7,邀请到了众多微软MVP在讲座现场分享经验,受到了广大读者的好评。 Windows 7来了...
  • Windows 10 20H2 (Updated 2021-01-24 v19042.746)

    千次阅读 2021-01-24 21:26:44
    Windows 10 商业版(含教育版、企业版、专业版、专业教育版、专业工作站版) SHA256: AB9B0CAD001FF218AC5DF17BAB973116CC7B418B4D45F3757F2A3F865F8125F7 ed2k://|file|...
  • 微软近日释出了Windows 10 20H1 Build 18912的官方ISO档案,让测试人员可干净安装预计在明年春天问世的新版Windows 10。微软甫于今年5月释出代号为Windows 10 19H1的Windows 10 1903,预计下一个版本应该是在今年...
  • 20天精通 Windows 8:系列课程资料集 Windows 8是继Windows 7之后的新一代操作系统,是由Microsoft公司开发的、具有革命性变化的操作系统。它支持来自Intel、AMD和ARM的芯片架构,由微软剑桥研究院和苏黎世理工...
  • Windows10最新版20H2系统下载与安装

    千次阅读 2020-11-14 19:08:16
    Windows10最新版20H2系统下载、安装并激活一、系统镜像下载二、系统安装三、系统激活参考文档 一、系统镜像下载 2020年10月21日,微软官方终于在许多用户的热切期盼下,正式发布了Win10十月更新版20H2更新,此版本是...
  • Windows10升级到20H2后想加环境变量,此电脑右键属性打不开原来的属性窗口, 打开了: 用控制面板里面的系统也打不开… 百度搜了半天…在一个B站视频下面的评论里找到了解决办法: ... 成功打开: ...
  • Windows XP的20个特殊小技巧 Windows系统中总有无尽的技巧可以供我们发掘,每次都有惊喜。看看这次给大家带来了什么?  1.在记事本中自动记录文件的打开时间  在记事本中,我们可以记录每次打开某个文本文件...
  • 在安装了WindowsXP操作系统后,可能通过修改一些设置来达到优化系统的目的,下面笔者就给大家准备了20Windows XP操作系统的优化技巧。1、删除Windows强加的附件 1)用记事本NOTEPAD修改/winnt/inf/sysoc.inf,用...

空空如也

空空如也

1 2 3 4 5 ... 20
收藏数 40,171
精华内容 16,068
关键字:

20windows