A Huntress Labs Security Case Study :
Huntress has been hunting malicious actors across 50,000+ user accounts for 1,500+ small businesses enrolled in their Managed Detection and Response (MDR) for Microsoft 365 product.
This is a repost from Huntress Lab’s Security Blog, where they outline three recent cases, and how MDR was able to protect their partner’s accounts. Euclid Networks will begin offering MDR / Microsoft 365 tenant protection in the near future – Contact us today to learn more!
We’ve run into the issue of virtualized Primary Domain Controllers (PDCs) on Windows Server 2016/2019/2022 that fail to properly sync their clocks with global NTP time servers. In the following, we’ll outline the problem and show you how we’ve resolved this IT service issue for our partners.
In a normal functioning domain, properly configured time services are critical to the stability of the network – all domain-joined Windows computers by default will sync their clocks with the PDC.
Without valid time settings, all clocks on your network can be off as much as 8-15 minutes, or more – at best making your users late for meetings – or at worst, teleporting your entire office into an alternate dimension. 0_0;;
To verify Windows Time settings, log on to your domain controller as an administrator, and open an elevated CMD prompt. Once in, the following commands are useful for diagnosing.
Force synchronizing the time ASAP : w32tm /resync /nowait
Check NTP configuration : w32tm /query /configuration
Display time source : w32tm /query /source
Display list of all configured NTP servers and their status : w32tm /query /peers
Display service status (EG : Is time being synced from a CMOS clock, or external NTP server?) : w32tm /query /status
To check your current clock’s offset from a global time server, you can run : w32tm /stripchart /computer:time.windows.com /dataonly which may display something like the following, showing a 39 second offset.
Once you’ve discovered you have a problem, you can force your PDC to grab its time from an external source using :
w32tm.exe /config /manualpeerlist: “us.pool.ntp.org 1.us.pool.ntp.org 2.us.pool.ntp.org 3.us.pool.ntp.org,0x8” /syncfromflags:manual /update and run the above stripchart command once again.
However, on a virtual machine, after running the w32tm /query /source command you may see that your server is still using the VM IC Time Synchronization Provider as the source.
To resolve this and set the time service manually on a Hyper-V VM you have to change the VMICTimeProvider registry value from 1 to 0 by using the following command, allowing you to set a manual time source : reg add HKLM\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\VMICTimeProvider /v Enabled /t reg_dword /d 0 – and restart your time service with net stop w32time then net start w32time.
After doing the above, check your strip chart again to validate your time settings. Much better!
Finally, re-verify you’ve set your PDC’s clock as authoritative for clients with : w32tm /config /reliable:yes – and you’re done! Client machines should sync in the next several minutes, or on next login.
PS – If you bork your configuration, you can always reset it to the default with net stop w32time, w32tm /unregister, w32tm /register, net start w32time – registering and unregistering may require a reboot.
If this helped you, please share, and comment below!
Microsoft announced recently that Windows 10’s End-of-Life date is set for October 14th, 2025. As a business owner, the practical impacts of this announcement can be difficult to sort out – but not to worry – Euclid Networks is here to help you sort it out!
October 14th, 2025 will will mark just over 10 years since Microsoft’s Windows 10 operating system was first introduced – we know, we know – we can’t believe it has been that long either. With the recent announcement of Windows 11 however, it’s important to get ahead of the game when planning your long term IT budget, and equipment upgrade paths.
The majority of our clients have moved on to Windows 10 for their OS, and are covered by our proactive patching and updating service – but for those who still haven’t, now is the time to make the switch. As Windows 10 and Windows 11 share the same “DNA”, upgrading from 10 to 11 promises to be much simpler than an upgrade from – for example, Windows 7, or Win XP.
Win 10 End-of-Life : What it means for your business
Once Windows 10 reaches its end-of-life, the operating system will no longer receive important security updates, or new features via patches. As it will have reached the end of its cycle, 3rd party software vendors will also begin phasing out their support for the operating system, meaning new versions of those programs will default to Windows 11 as their recommended platform.
As an IT support provider, we can’t stress enough how important keeping current on security updates is, for the protection of your business’ data, and overall network. The #1 avenue for malware and ransomware attacks is through outdated software. Outdated software can potentially cost your business tens, or hundreds of thousands of dollars in remediation and lost revenue.
Ransomware in 2020 : At a glance (source : Nationwide)
» The average enterprise ransom payment is $111,605.
» 205,280 organizations were affected by ransomware attacks in 2019.
» The average cost for victims of ransomware attacks to recover more than doubled in the final quarter of 2019. According to a new report from Coveware, a typical total now stands at $84,116. That’s a little over double the previous figure of $41,198.
Windows 11 : What’s New?
Start Menu : Windows 11 has a new, simplified Start menu. Live tiles are gone, replaced with a list of app icons and recent files. Documents you edit in Office apps on other devices—even devices that aren’t running Windows—will appear as recent files here, too, thanks to Microsoft 365. Don’t have Microsoft 365 yet? We can help – contact us today!
Multi-App & Multi-Monitor Support : Windows 11 also features “Snap Groups”, which helps organize your windows, as you multi-task. Selecting a single taskbar icon will now pull up a group of snapped apps. Also, when using Windows 11 on a tablet, windows that are side-by-side will automatically stack on top of each other when you change the device’s orientation.
Multiple monitors support is improving also, with a “new docking and undocking experience.” When you unplug a monitor, the windows on the monitor will minimize themselves rather than getting in the way. When you reconnect the monitor, Windows will automatically restore the windows to their original positions on that monitor.
Widgets and MS Teams on the Taskbar
Tighter integration with Microsoft 365 and Redmond’s cloud offerings, means integrations with its services like Microsoft Teams and Onedrive will be built directly into the Windows 11 task-bar. We’ve seen iterations of this pop up in the latest Windows 10 updates, but as MS moves forward, expect the benefits of using Microsoft’s cloud offerings for your business to increase!
& More!
Details are forthcoming, but stay tuned – Microsoft has planned to begin rolling out Windows 11 as soon as this fall – expect to begin seeing it on new devices soon.
About Euclid Networks
Euclid Networks is an IT support provider that brings a fresh, proactive approach to your business computing needs. We serve a wide variety of Atlanta area businesses, including Legal Firms, Healthcare Providers, Non-Profits, and Professional Services Providers.
Our experience in the technology industry and dedication to personalized service sets us apart. We’re real people, who care about tech support.
