DEWIDT.ORG

23 September 2019

How to create a keytab file for Imprivata with Kerberos authenticating.

To use Kerberos authentication with Imprivata you to create KeyTab file which needs to be uploaded to the Imprivata appliance. Creating a keytab file can be time consuming if it is your time. There are tutorials from Microsoft like this one here. These are long and not written for Imprivata. This tutorial is s only for Imprivata.

To create a KeyTab file for Imprivata we need the following before we can start

- Working Active Directory
- Domain Admin account
- Working Imprivata Appliance
- Windows Client with Imprivata One Sign Agent installed
- Imprivata Admin account

Logon to a Windows Client which has an Imprivata client installed. Use your Domain admin credentials. Start a command prompt via ISXRunAs.exe

"c:\Program Files (x86)\Imprivata\OneSign Agent\ISXRunAs.exe" cmd.exe

Goto the OneSign folder and start ISXKerbUtil.exe

Enter the credentials of your Imprivata appliance.

In some scenarios this does not work.

There is a fix for this.

Logon to your Domain Controller and create a drive mapping to your Windows Client with the Imprivata agent. Start a command prompt and goto the OneSign Agent folder and start ISXkerbUtil.exe.

Enter the Imprivata appliance IP

Enter Imprivata account in UPN style.

Use a new password for the keytab file.

Succesfull created a keytab file.

29 October 2018

Intune with BitLocker on Hyper-V

Make sure your TPM Chip is working on your host machine.

Create a VM in Hyper-V.

Select Generation 2

Check if your VM has external network access

Choose install operating system later

Goto Settings of your VM

Goto security

Enable TPM and Click Apply.

Install your Operating system now.

If this happens, wait for your VM to start and click on Enhanced Session

Start Bitlocker

Turn Bitlocker on

Click next

Choose your option and click next

Start Encryption

Encryption is running. This can take some time to complete.

The error below occurs when a Generation 1 VM is used instead of Generation 2.

22 October 2018

How to enable Bitlocker on VM Workstation 14

Check if your Host machine has a Trusted Platform Module Enabled in your Device Manager.

Create new VM in VM Ware Workstation for Windows 10 64 Bit.
1. Dot not install the Operating System!
2. Goto Virtual Machine Settings
Enable UEFI and Enable Secure Boot

3. Goto Acces Control en click on Encrypt

4. Enter a secure password and click on Encrypt

5. Goto Hardware TAB and click on Add button

6. Select Trusted Platform Module and click on Finish.

7. Click on Ok and start installing your Windows 10 Operating system
Continue here when your Windows installation has finished.

8. Logon to your VM and choose enable bitlocker

9. Choose where to save your recovery key

10. Bitlocker is encrypting

11. Bitlocker is ready

03 October 2012

WIM2VHD for Windows 8!

Back in the days of Windows 7 I played arround with a script called WIM2VHD. After installing WAIK for Windows 7 on your machine you
could use a powershell script to create a working VHD file for you. This VHD file could be used for Native VHD Boot or Virtual PC. This worked
very could, the only disadvantange was the 2GB download of the latest WAIK. Now with Windows 8 and Convert-WindowsImage.ps1 there is no need to that.
After installing windows 8, there are only two things that you need. Get a copy of Convert-WindowsImage.ps1 from http://gallery.technet.microsoft.com/scriptcenter/Convert-WindowsImageps1-0fe23a8f
and have an ISO or WIM file from Windows Vista/7/8/Server 2008/2012 avaiable. Start the script with .\Convert-WindowsImage.ps1 -ShowUI and your off.

DISM 32 bit on Windows 8 64 Bit

Windows 8 has DISM included for management of your VHD or WIM files. There is no need for downloading the WAIK first.

I tried using it for updating my own drivers in an automatic way. If you have a Dell laptop, you can download a CAB file with all your drivers from Dell TechCenter
After downloading the file i learned that DISM on my Windows 8 64 Bit laptop is actually a 32 bit version. Why is this?