RDP Saved credentials problem, how disable Windows Defender Credential Guard - windows

After Windows updates, there is occurred saved credentials problem, rdp always asks password, cannot be saved.. The reason is Windows Defender Credential Guard.
How to solve this issue ?

Solution from Microsoft Learn (https://learn.microsoft.com/en-us/windows/security/identity-protection/credential-guard/credential-guard-manage):
Start Local Group Policy Editor
Edit group policy
Navigate to Computer Configuration > Administrative Templates > System > Device Guard > Turn on Virtualization Based Security. In the "Credential Guard Configuration" section, set the dropdown value to "Disabled":
Local Group Policy Editor

My solution is here,
> Open registry editor (regedit)
> Find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
> Add a new DWORD value named LsaCfgFlags. and set it to 0 to
disable it.
> Close registry editor and restart the system.
If anyone knows another way, please add it to the post.

Related

Visual Studio Live Share: As a host how to give access/permission to my participant

I'm trying to do Quick Fixes (the lightbulb icon at the left margin of the editor) as a participant in live share, but I'm getting this error.
As a host how do I give access/permission to my participant?
Enable this in your user settings:
Liveshare > Languages: Allow Guest Command Control
Allow guests to run commands via Code Actions ("Quick Fixes") and CodeLens

How to Disable Internet Explorer Enterprise mode in IE

I want to disable the site , that is loading in Enterprise mode .
I have checked the Register key settings and Group policy object ,
Under Register:
{HKLM|HKCU}\Software\Policies\Microsoft\Internet Explorer} the Main is not exists
and under GPO the Enterprise mode option is not available.
In both the place it is not configured. Any suggestions?.
Thank you in advance.
It's possible, although unlikely, that the EnterpriseMode registry key is in {HKLM|HKCU}\Software\Microsoft\Internet Explorer (notice it's not in the Policy node).
Another possibility is that you have locally set the site to use Enterprise Mode. This is done by going to "Tools" -> "Enterprise Mode".
You can do this with the help of the Registry editor.
Open a regedit.exe from "Run" and go to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode.
You will find keys against the Enterprise mode in the right hand side panel, such as DEFAULT, ENABLE and SITELIST.
You will need to DELETE the keys called ENABLE and SITELIST.
Run your application again on IE and test. You must have the result.
NOTE: This solution could be temporary as the registry adds those keys back after a system restart!

VS Express 2013 for Web - Browser is security restricted or JavaScript is disabled

I initially installed the Microsoft Visual Studio Express 2013 for Web on my desktop. My desktop runs Windows 8.1 with internet explorer 11. It ran fine until the license expired after the first 30 days. I tried to sign in to renew the license, however after clicking the 'sign in' button I get an error dialog. The dialog states 'Browser is security restricted or javaScript is disabled. I have no other option but to close and exit Visual Studio.
I went to the online forums for Microsoft. There were discussions and suggestions on how to fix the error. I tried lowering the settings for the security tab in internet explorer. I have validated the option for scripting is enabled. I have also added https://*.visualstudio.com to the trusted sites tab. Other users on the forum have tried the same suggestions and have not succeeded in signing into the visual studio application.
I had exactly the same problem, here is what I did:
a) Go in IE, click on settings wheel then Internet Options and Security tab.
b) Click on Custom level button (make sure you select Internet zone).
c) In Security Settings window, under Scripting I set Enabled for Active scripting.
After that Sign In should work. Even though Chrome is default browser, it seems that VS uses IE for sign in process.
Hope this helps!
There is another issue people are running into that is a bug with the login dialog. The login dialog is using a Web Browser control to login the user. By default it loads up "about:blank" as the URI. It then proceeds to try to execute some JavaScript (just ";") to verify it has permissions to do so. On some machines this is problematic because "about:blank" has been mapped to zone 0, or the Local Machine zone. When the JavaScript is executed MSHTML will check the zone of the URI and then the policy for executing scripts. By default the Local Machine zone is locked down, and all script executions result in a Query policy. What this means is if you're running in immersion mode (aka in Internet Explorer) you will get a message box asking if you want to execute the script. However, the Web Browser control used by VS 2013's "Sign In" dialog doesn't run MSHTML code in immersion mode, so the Query policy effectively equates to a Disallow policy. The bug here is someone in VS assumed "about:blank" resolves to the Internet zone, and when it resolves to the Local Computer zone you get this behavior.
The workaround is to remove "about:blank" zone mapping. Point regedit to this key:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains]
Remove the "blank" key.
Alternatively you can change the Local Machine Lockdown policy for executing scripts. The reg key for that is:
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
Set the "1400" DWORD value to 0.
There are many sites you need to list in your Trusted Sites. Following the trace of what the stupid, stupid login script does:
https://.visualstudio.com
https://app.vssps.visualstudio.com
https://.accesscontrol.windows.net
https://auth.gfx.ms
https://login.live.com
Only then was I able to log on to my FREE software.
Hi this is Albert from Microsoft. Just want to let you all know that this issue has been fixed in the upcoming Update 2 for Visual Studio 2013. Thanks for your patience while we figured this one out :)
Same problem "Browser is security restricted or JavaScript is disabled" here but the solution from #jic didn't work for me..
If you can and it is convenient for you this is a solution which worked for me:
I have created a new user/profile on my PC and for this user it was just working fine.
Before this action I have tried to make an user account which had this problem as:
Power user - didn't work
Administrator - didn't work as well
So the last solution in my case was a brand new user on the PC..
Here's what worked for me.
Open Control Panel, Internet Options.
First, I clicked the Security tab and turned security the security for the Internet zone to its minimum.
Next, click the Privacy tab, then click Advanced. Choose "Accept" for both types of cookies.
Of course you can change these all back after extending your VS trial.
you must change secure settings of iexplore for admin account. If logon by other account, you must start iexplore under admin account or logon under admin account, because you will get license after admin account.
Click on Start --> Run --> type cmd and click on OK.
Command Prompt will be opened. Then enter this command.
ipconfig /flushdns
and press Enter.
Now try to access https://app.vssps.visualstudio.com/Profile/View
It worked for me...
As I can not add a comment yet to the answer of CBGraham, I've to add this note over here:
The solution described from CBGraham worked for me (Thanks Graham). I had to add an additional link:
https://account.live.com
Then I opened the IE and tried to login to a Microsoft site. I left the IE window open and just clicked once again on the VS to login. Then it worked for me. Even with strong restrictions on the IE settings. While I'm surprised why someone should set down his security settings, just to register VS.

Where in the registry can I find the current setting of an IE8 policy?

I have set the following policy with gpedit in a Windows Server 2008 machine that has IE8:
I have a source that tells me that configuration resides in HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\NoExtensionManagement -- but that's a lie. There isn't even an Internet Explorer folder under Software\Policies\Microsoft.
Moreover, the same source says the setting is under "Computer Configuration\Network\Internet Explorer\Do Not Allow Users to enable or Disable Add-Ons" on gpedit. As you see above, that isn't true either.
OK, the "source" I'm talking about is the US Government: http://usgcb.nist.gov/usgcb/download_ie8.html -- namely, their IE8 OVAL definitions.
So, where in the registry is that setting?
It is an either/or. The policy can be implemented via the registry OR the GPO. You'll find your GPO where it is set in something like:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71DA9274-FD7B-4660-A801-B013570D3F5F}Machine\Software\Policies\Microsoft\Internet Explorer\Restrictions
or
HKEY_USERS\S-1-5-21-2090352725-1269969352-1905203885-2959\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{71DA9274-FD7B-4660-A801-B013570D3F5F}Machine\Software\Policies\Microsoft\Internet Explorer\Restrictions
though the GPO itself is stored on disk, and not the registry ... I think here:
%systemroot%\System32\GroupPolicy
As far as where you'll find various settings in gpedit - it does depend on your version of windows.
After getting hit with some unwanted intrusive piece of software, I couldn't reset the IE8 settings on my Windows XP machine (yes, I know how old that is). Found the problem - the "Control Panel" settings had an additional registry entry in HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
The zonemap under this registry key had 1803 disabled. That made three different entries for the same value in the registry. It wasn't IE8, it wasn't Group Policies. It was a rogue copy hidden in the HKLM that overrode other settings.
Symptom included that message "some settings controlled by Group Policy ..." Well, who's the group, exactly, on my tablet.
The Microsoft KB182569 is excellent. The only missing data was where to find the "unwanted" copy of zones.

HttpContext.Current.User.Identity.Name is Empty

I have a Silverlight application (using MVC) and when i'm building in visual studio, using Visual Studio Development center, there's no problem, the HttpContext.Current.User.Identity.Name has a Value
But when i'm using the same project with IIS 7.5 (i'm using Windows 7), HttpContext.Current.User.Identity.Name stays empty
Anyone who can help? Or knows where i can find the settings from the visual studio Development center, so i can check what's wrong in IIS?
I struggled with this problem the past few days.
I suggest reading Scott Guthrie's blog post Recipe: Enabling Windows Authentication within an Intranet ASP.NET Web application
For me the problem was that although I had Windows Authentication enabled in IIS and I had <authentication mode="Windows" /> in the <system.web> section of web.config, I was not preventing anonymous access. This last part was the key. You need to prevent anonymous access to ensure that the browser sends the credentials.
You can either configure IIS in Control Panel so that your site (or machine) uses Windows authentication and denies anonymous access or you can add the following to your web.config in the system.web section:
<authentication mode="Windows" />
<authorization>
<deny users="?"/>
</authorization>
These might resolve the issue(It did for me). In IIS Express change the project property values, "Anonymous Authentication" and "Windows Authentication". To do this, when project is selected, press F4 and then change these properties.
In case you are deploying it on IIS locally, make sure local machines "Windows Authentication" feature is enabled and "Anonymous Authentication" is disabled.
Refer to
https://grekai.wordpress.com/2011/03/31/httpcontext-current-user-identity-name-is-empty/
In addition to "answered Mar 28 '11 at 12:27Bryan Bedard"
In case that the solution doesn't work, you have to enable Windows Authentication in iss manager.
How to do that:
1.To start IIS Manager from the Run dialog box:
On the Start menu, click All Programs, click Accessories, and then click Run.
In the Open box, type inetmgr and then click OK.
2.In the Connections pane, expand the server name, expand Sites, and go to the level in the hierarchy pane that you want to configure, and then click the Web site or Web application.
3. Scroll to the IIS section in the Home pane, and then double-click Authentication.
4.In the Authentication pane, select Anonymous Authentication, and then click Disable.
In the Authentication pane, select Windows Authentication, and then click Enable.
Reference
Disabling all other options in authentication tab of iis except windows authentication resolved my issue.
Please check..
Steps:
Open iis in your machine
Select your application from the application pool
Click on authentication option
Disable all other option except windows authentication (Anonimous authentication should be disabled)
Please check this and let me know the feedback. It worked for me. hope it will work for you also..
I also had this problem recently. Working with a new client, trying to get a an old web forms app running from Visual Studio, with IISExpress using Windows Authentication.
For me, the web.config was correctly configured
However, the IISExpress.config settings file had:
<windowsAuthentication enabled="false">
The user account the developer was logged in was very new, so unlikely it had been edited.
Simple fix it turned out, change this to enabled=true and it all ran as it should then.
Also, especially if you are a developer, make sure that you are in fact connecting to the IIS server and not to the IIS Express that comes with Visual Studio. If you are debugging a project, it's just as easy if not easier sometimes to think you are connected to IIS when you in fact aren't.
Even if you've enabled Windows Authentication and disabled Anonymous Authentication on IIS, this won't make any difference to your Visual Studio simulation.
The browser will only detect your username if the IIS server is on the same domain and the security settings within your group policy allow it.
Otherwise you will have to provide it with credentials, but if it is not on the same domain, it will not be able to authenticate you.
Apart from all obvious reasons mentioned earlier, there might be another one: you didn't put an Authorize attribute on top of your controller, like that:
[Authorize(Roles = "myRole")]
[EnableCors(origins: "http://localhost:8080", headers: "*", methods: "*", SupportsCredentials = true)]
public class MyController : ApiController
At least that's what worked for me.
As #PaulTheCyclist says, If using IISExpress anonymous authentication is enabled by default, windows authentication is disabled.
This can be changed in what I'm sure used to be called PropertyPages (NOT right-click -> properties). Select the web project
Try enabling basic authentication and disabling the other authentications in IIS, then try launching the application. The application will ask for windows credentials. Enter the same and the app should be able to get the name under HttpContext.Current.User.Identity.Name.
I was facing this issue when authentication mode was not set while creating the project.
So It worked when created a new project with authentication set to windows mode in the initial settings.

Resources