Security #Windows Server Secure Boot playbook for certificates expiring in 2026

 

Windows Server Secure Boot playbook for certificates expiring in 2026

Learn about tools and options available to organizations to update Secure Boot certificates on Windows Server. Certificates begin expiring in June 2026. You must update them before that date to help keep your security posture. Many recent platforms already include the supported 2023 certificates in firmware. However, for the ones that need to be updated, you need to manage this process manually.

 

When will this happen: 

·     The tools are already available to help you to proactively inventory, monitor, and apply updated certificates to your Windows Server devices.

·     June 2026: The 2011 Secure Boot certificate authorities (CAs) begin expiring.

 

How this will affect your organization: 

Systems on the 2011 CAs after June 2026 are at risk of running on degraded security posture. To update these systems, please be proactive and follow our recommended approach.

 

What you need to do to prepare: 

Read complete guidance in Additional information for details on how to: 

1.  Inventory and prepare your environment.  

2.  Monitor and check your devices for Secure Boot status.  

3.  Apply any needed OEM firmware updates before updating certificates.  

4.  Plan and pilot Secure Boot certificate deployments.  

5.  Troubleshoot issues. 

 

here it is an interesting article with very detailed information

https://4sysops.com/archives/update-expiring-windows-secure-boot-certificates-now/

Windows Server Secure Boot playbook for certificates expiring in 2026
Update Secure Boot certificates on Windows Server and VMs before June 2026
Posted by
Labels: , , , , , ,

Windows 11/2025 #DoH (DNS over https)

DNS over https (DoH) is a protocol that permit to encrypt DNS queries and sending them over Https.

This protocol has been developed to override security concerns of DNS traffic.

Windows has supported DoH on the client side since Windows 11. While Windows 10 includes the underlying client support in later builds

The encryption operates at the Application Layer (Layer 7) of the OSI model and integrates directly into applications such as web browsers. This approach differs from traditional DNS, which transmits queries over UDP or TCP on port 53 without encryption, leaving them visible to ISPs, network operators, and potential attackers.

be aware about DNS over HTTPS (DoH) (better privacy)  (operate at 443 port more difficult to be detected vs DNS over TLS ( DoT) ( operates at the Transport Layer, using a dedicated port 853 and it is easily to be identified.

DoH verifies DNS server's identity and prevents impersonation attacks. The other advantage is DNS queries and not interceptable.

Microsoft introduced DoH resolver support for Windows DNS Server in the February 10, 2026, cumulative update for Windows Server 2025.

When you enable DoH resolver functionality on a Windows DNS Server, all queries received from clients and responses sent on port 443 are encrypted. However, this implementation has a significant limitation: queries sent by the Windows DNS Server to upstream DNS servers, such as conditional forwarders or authoritative servers, remain unencrypted on port 53.

The traditional DNS service on port 53 continues to operate alongside DoH, ensuring backward compatibility with clients that do not support the encrypted protocol.

So, on Windows 2025 you must install this cumulative update, and doH can be enabled through powershell

I would suggest to read fullo/original article about more interesting and useful details.

[Original/other articles

Enable DoH (DNS over HTTPS) in Windows Server 2025 DNS server, configure Windows 11 DNS clients

Posted by
Labels: , ,

Sophos #How to override ACS compatibility problem

If you try to install Sophos on O.S. that not support Azure Code Signing this will not receive Sophos updates and/or install it

KB5022661—Windows support for the Trusted Signing (formerly Azure Code Signing) program

In the past there was a build that fixed problem but is is no longer supported

October 12, 2021—KB5006669 (OS Build 14393.4704) - EXPIRED

to override problem you might arrange to download new Trusted CA Certificate ( Microsoft Identity Verification Root Certificate Authority 2020) that it is related to ACS from this repository:

PKI Repository - Microsoft PKI Services

start --> certmgr.msc --> local computer --> Trusted Root Certification Authorities --> Certificates

In this way Sophos installation works properly.



Posted by
Labels: ,

Extra IT #Leadership e gestione del cambiamento


Partendo dall’analisi di numerose situazioni problematiche reali, il testo offre indicazioni teorico-pratiche e soluzioni concrete per gestire al meglio il rapporto tra il manager e il personale. Analizzando temi come l’importanza di stimolare per sé e per gli altri il cambiamento e di sviluppare le proprie capacità manageriali a tutto campo, l’Autore definisce la figura del leader quale risorsa strategica in grado di guidare il personale verso l’eccellenza, in un percorso di miglioramento continuo

Parole dell'autore Cesare Sansavini

Sono diventato autore di libri casualmente, dopo un morso di un cane che mi aveva procurato una lunga degenza. La mia reazione all’immobilità fu quella di documentare le mie tante esperienze di vendita e trasformarle in una pubblicazione. Nacque così il mio primo libro, edito da Giunti, dal titolo “Dell’arte di vendere e di cos’è il marketing”. Il successo per un autore sconosciuto andò al di là di ogni aspettativa con oltre 100.000 copie vendute negli anni successivi.

Quel libro aprì la porta a numerose altre pubblicazioni, tutte caratterizzate dalla stessa metodologia comunicativa: scrivere libri originali che nascono dalla propria esperienza. Ho chiamato questo metodo Osservazione induttiva, riconoscendo che la più grande qualità umana è imparare dalla propria esperienza, osservando situazioni e comportamenti per trarne conclusioni applicabili ad altri contesti.

Questa capacità di uscire dagli schemi per introdurre soluzioni innovative ha portato alla nascita della collana manageriale Change Project.


https://www.changeproject.it/prodotto/leadership-e-gestione-del-cambiamento-edizione-2023/
 

Posted by
Labels: ,

Microsoft #Windows Server end of support Microsoft 365 Apps on Windows Server 2016, 2019, 2022, or 2025.

TOPIC: Microsoft 365 Apps (*) end of support (a.e. Word, Excel, Outlook ...) on Windows Server 2016, 2019, 2022, or 2025.

END OF SUPPORT DEADLINES until:

  • Windows Server 2025: October 2029
  • Windows Server 2022: October 2026
  • Windows Server 2019: October 2025
    • In the interest of maintaining security while customers complete their migrations to a supported configuration, Microsoft will continue providing security updates for Microsoft 365 desktop apps running on Windows Server 2019 for a total of three years, ending on October 10, 2028.(**)
  • Windows Server 2016: October 2025
    • In the interest of maintaining security while customers complete their migrations to a supported configuration, Microsoft will continue providing security updates for Microsoft 365 desktop apps running on Windows Server 2016 for a total of three years, ending on October 10, 2028. (**)
IMPACTS:
  1. Microsoft 365 Apps (*) will not be longer supported after previous deadlines  related to O.S. versions earlier mentioned (but it does not mean that they will stop immediately to work properly ) 
  2. These deadlined will affect Virtual Desktops environments such Citrix VDA and gold image...
(*) Word, Excel, Powerpoint, Outlook for email, OneNote, OneDrive, Teams, Sharepoint

[Original articles]

Microsoft 365 Apps migration from Windows Server

(**) Windows Server end of support and Microsoft 365 Apps 



https://www.linkedin.com/pulse/microsoft-windows-server-end-support-365-apps-2016-2019-mazzanti-olgre

Posted by
Labels: , , , , , , ,

Vmware #RVTools

Today I would like to discuss regarding RVTools that it can be downloaded here.

Thi is a lightweight but powerful Windows application used by VMware administrators to collect, analyze, and export detailed information about their vSphere environments. It connects to vCenter Server or directly to ESX/ESXi hosts and provides a comprehensive inventory of virtual machines, hosts, datastores, networks, snapshots, VMware Tools status, and much more. 


It has become something of an industry standard for quick audits, health checks, and documentation of VMware infrastructures. 

What RV Tools can do

RVTools gathers and displays a wide range of information, including:

  • VM inventory (CPU, memory, disk usage, network configuration)

  • Snapshots (including old or orphaned snapshots)

  • Datastore usage

  • VMware Tools and VM hardware versions

  • ESXi host details

  • vNIC and vDisk information

  • Zombie objects (disconnected NICs, stale CD-ROMs, etc.)

It’s especially useful for:

  • Audits and compliance checks

  • Capacity planning

  • Identifying misconfigurations

  • Exporting reports to Excel for documentation or management review

How it Works (High Level)


RVTools connects to vCenter or ESXi using read‑only credentials, making it safe for environments where you want visibility without risk. Typical workflow:
  • Install RVTools on a Windows machine.
  • Connect to vCenter/ESXi using a read‑only account.
  • RVTools collects data across dozens of categories.
  • Export results to Excel for reporting or analysis.

Download & Security Notes

RVTools is now maintained by Dell Technologies, and the only supported download location is Dell’s official site. This is important because older third‑party sites (like robware.net) are no longer updated.

Why It’s Popular

  • Extremely easy to use
  • No impact on production systems
  • Fast, comprehensive reporting
  • Ideal for troubleshooting and audits
  • Free to download and use
Posted by
Labels: ,
Subscribe to: Comments (Atom)