This document provides an overview and agenda for a Kerberos survival guide presentation. The presentation will cover Kerberos logon process, accessing a web site using Kerberos, miscellaneous Kerberos information, and complex Kerberos configurations. It includes dependencies, service principal names (SPNs), and troubleshooting tools for Kerberos. The presentation aims to provide essential information about Kerberos without overcomplicating details.
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
SharePoint Saturday Kansas City - Kerberos Survival GuideJ.D. Wade
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
Deeper understanding of how Kerberos works . This understanding will work as platform to understand various attacks on it. It also show cases how symmetric key algorithm is used for confidentiality. Some references are from shaun harris CISSP books, primarily the components slide
An introduction to Kerberos technology. Find out how the negotiation process works and why it is considered secure. Learn what are Kerberos realms, how Kerberos authentication works and how authorization process looks like. Look through all the use cases. See how Kerberos is being used in a classical setting and in the HTTP world with SPNEGO protocol.
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
SharePoint Saturday Kansas City - Kerberos Survival GuideJ.D. Wade
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
Deeper understanding of how Kerberos works . This understanding will work as platform to understand various attacks on it. It also show cases how symmetric key algorithm is used for confidentiality. Some references are from shaun harris CISSP books, primarily the components slide
An introduction to Kerberos technology. Find out how the negotiation process works and why it is considered secure. Learn what are Kerberos realms, how Kerberos authentication works and how authorization process looks like. Look through all the use cases. See how Kerberos is being used in a classical setting and in the HTTP world with SPNEGO protocol.
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
If it were just BI, Kerberos, and you alone in a jungle, would you be able to survive the encounter? You will after you attend this once in a lifetime event! OK…in reality, if you come to this session, you will understand an important component you need to setup Microsoft Business Intelligence solutions with SharePoint and SQL. You will the learn basics of how Kerberos (an authentication protocol) works, when you want to use it, configuration tips, and what delegation is all about.
An in-depth guide to VDI infrastructure delivering the best desktop/BYOD experience for your developers and other external knowledge workers. We will compare Amazon Workspaces with classic approaches to solving this challenge, and share best-practices for securing and managing a real-world production environment.
Speaker: Brett Looney, Solutions Architect, Amazon Web Services
[Robert Vončina] With SharePoint 2016 there are a few new things that makes configuring SharePoint 2016 for BI a bit more challenging. This session will display how to configure your SharePoint 2016 environment for authentication delegation with Kerberos for different BI tools.
Microservices architecture is becoming a prominent design principle and a service development methodology, we have now started to see many microservices in production. Yet, security is a less concerned aspect, most of the time development teams are much focus on edge security but due to distributed and disposable nature of microservices, it's equally important to pay attention to securing service-to-service communication both during the transmission and sharing end-user context among services in order to cover vast attack surface.
The Skype for Business (Lync) apps are one of the ubiquitous aspect of the product. Mobility is cross platform (Android, IOS and Windows are supported), has specific requirements and (in Skype for Business) adds some specific limits for clients on authentication, security and features. As part of the default server features, mobility is now both easier and more critical to understand. In this session, we will see what has been made available for the mobile users and what will be released. Configurations, requirements and deployment suggestions will be explained for on-premises, Cloud and hybrid deployments
In Microsoft CSS, Setting up and Configuring Kerberos for MSBI is one of the top call volume generators which makes us realize there is definitely some gap in Understanding on how to setup and configure Kerberos for MSBI stack in a multi-server farm environment. In the session, we intend to explain and more importantly simplify the steps to setup Kerberos for SQL Server, SSAS, SSRS & Sharepoint along with the Demo of the issues which can occur based on real live experiences with troubleshooting and configuring for Customers.
Client certificate validation in windows 8Ashish Agrawal
Client certificate and token decryption in winRT apps.
* Decoding xml token
* Accessing local x509 certificates
* Certificate validation and decryption
* Certificate enrollment
Cloud Security Fundamentals - St. Louis O365 Users GroupJ.D. Wade
This session will provide key Microsoft cloud security standards which will allow you to maximize your organization's security posture using existing licenses, align with Microsoft's cloud security strategy, and reduce attack surface from legacy technologies. The adoption of core cloud security standards included in this discussion are how to establish single sign-on, how to only allow modern authentication, what are trusted identities and trusted devices, how to classify and protect content, and how to monitor and report on security and breaches. All of this discussion will be done in mind with usage occurring on a zero trust network.
What SharePoint Admins need to know about SQL-CinncinatiJ.D. Wade
Does you know there are numerous settings changes you should be making on your SQL Server for your SharePoint farm? Do you know there are settings in SharePoint that you should never change if you wish to maintain SQL performance? This session reviews how to properly setup and maintain SQL Server for a SharePoint farm. You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, and supported methods for providing high availability and disaster recovery.
Connected at the hip for MS BI: SharePoint and SQLJ.D. Wade
SQL Server has always been the foundation of the Microsoft Business Intelligence (BI) story. However, SharePoint has quickly moved into being the presentation layer for this important data. In this session, you will learn the many different options for combining SharePoint and SQL, the location of all the different pieces, how these pieces communicate, some licensing hints, and how Kerberos helps tie it all together.
What SQL DBA's need to know about SharePointJ.D. Wade
With the number of deployments of SharePoint exponentially growing every day, as a DBA, it is very likely you are going to have SharePoint databases on SQL Servers you support. This session reviews SharePoint strictly from the SQL Server perspective. You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, and supported methods for providing high availability and disaster recovery.
SharePoint Saturday St. Louis 2014: What SharePoint Admins need to know about...J.D. Wade
You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, and supported methods for providing high availability and disaster recovery.
SharePoint Saturday Kansas City - SharePoint 2013's Dirty Little SecretsJ.D. Wade
With over a year's experience deploying multiple SharePoint 2013 farms, I have found many things that you don't hear anyone talking about but are important. These are things buried in articles and blogs, and items I have run into during deployments. We will talk about things that effect setup, design, upgrade, and operation. Do you know about host named managed paths? Do you know how to quiesce the distributed cache before a server reboot? Did you know service application design guidance has changed for SP2013? Did you know workflow manager requires three instances to be highly available? Do you know how to make SharePoint 2013 able to search Lync 2013 instant messages? If not, come and learn these and more dirty little secrets.
SPS Kansas City: What SharePoint Admin need to know about SQLJ.D. Wade
You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, and supported methods for providing high availability and disaster recovery.
What SQL DBAs need to know about SharePoint-Kansas City, Sept 2013J.D. Wade
With the number of deployments of SharePoint exponentially growing every day, as a DBA, it is very likely you are going to have SharePoint databases on SQL Servers you support. This session reviews SharePoint strictly from the SQL Server perspective. You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, supported methods for providing high availability and disaster recovery, and the part SharePoint and SQL each play in the Microsoft Business Intelligence story.
What SQL DBAs need to know about SharePoint-Indianapolis 2013J.D. Wade
With the number of deployments of SharePoint exponentially growing every day, as a DBA, it is very likely you are going to have SharePoint databases on SQL Servers you support. This session reviews SharePoint strictly from the SQL Server perspective. You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, supported methods for providing high availability and disaster recovery, and the part SharePoint and SQL each play in the Microsoft Business Intelligence story.
What SQL DBA's need to know about SharePoint-St. Louis 2013J.D. Wade
With the number of deployments of SharePoint exponentially growing every day, as a DBA, it is very likely you are going to have SharePoint databases on SQL Servers you support. This session reviews SharePoint strictly from the SQL Server perspective. You will learn how SharePoint is optimized for SQL, how to properly manage and maintain the SharePoint databases, how to optimize the SQL configuration for SharePoint, what settings in SharePoint need to be changed or not changed to maintain SQL Server performance, supported methods for providing high availability and disaster recovery, and the part SharePoint and SQL each play in the Microsoft Business Intelligence story.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Building RAG with self-deployed Milvus vector database and Snowpark Container...Zilliz
This talk will give hands-on advice on building RAG applications with an open-source Milvus database deployed as a docker container. We will also introduce the integration of Milvus with Snowpark Container Services.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
9. Service Classes allowed by host
alerter clipsrv dnscache
http msiserver netman
policyagent rpc scardsvr
scm time wins
appmgmt dcom eventlog
ias mcsvc nmagent
protectedstorage rpclocator scesrv
seclogon trksvr www
browser dhcp eventsystem
iisad netdde oakley
rasman rpcss Schedule
snmp trkwks fax
cifs dmserver plugplay
min netddedsm
remoteaccess rsvp
spooler ups
cisvc dns
messenger netlogon
replicator samss
Tapisrv w3svc
10. Kerberos
•Benefits
•Delegated Authentication
•Interoperability
•More Efficient Authentication
•Mutual Authentication
•Reasons to Use
•Need Auditing at the Data Sources
•Data Sources contain Row Level Security
•Otherwise, DO NOT USE IT!
36. References
•Ken Schaefer’s Multi-Part Kerberos Blog Posts:
http://www.adopenstatic.com/cs/blogs/ken/archive/2006/10
/20/512.aspx
•What Is Kerberos Authentication?
http://technet.microsoft.com/en-
us/library/cc780469%28WS.10%29.aspx
•How the Kerberos Version 5 Authentication Protocol
Works
http://technet.microsoft.com/en-
us/library/cc772815%28WS.10%29.aspx
•Explained: Windows Authentication in ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/ff647076.aspx
37. References
•Kerberos Authentication Tools and Settings
http://technet.microsoft.com/en-
us/library/cc738673%28WS.10%29.aspx
•How To: Use Protocol Transition and Constrained
Delegation in ASP.NET 2.0
http://msdn.microsoft.com/en-us/library/ff649317.aspx
•Spence Harbar’s Blog
http://www.harbar.net
38. Housekeeping
• Follow SharePoint Saturday
Ozarks on Twitter @SPSOzarks
hashtag #SPSOzarks
• Stop by and thank our sponsors
for making this event possible!
• Fill out and turn in evaluation
forms to be eligible for the end-of-
day raffle. You must be present to
win.
• Don’t miss “This Modern Station”
tonight at Waxy O’Shea’s!
38 | SharePoint Saturday St. Louis 2012
43. •Kerberos is an open authentication protocol. Kerberos v5
was invented in 1993 at MIT.
•Authentication is the process of proving your identity to a
remote system.
• Your identity is who you are, and authentication is
the process of proving that. In many systems your
identity is your username, and you use a secret
shared between you and the remote system (a
password) to prove that your identity.
•User password is encrypted as the user key. User key is
stored in credentials cache. Once the logon session key is
received, the user key is discarded.
•Service password is encrypted as the service key.
•KDCs are found through a DNS query. Service registered
in DNS by DCs.
44. •Showing detail behind what is happening inside of KDC
but for day-to-day, use can just remember KDC
•Another reason for simplification: encryption upon
encryption upon encryption…just remember it is encrypted
•This is a Windows-centric Kerberos presentation
•Load balanced solutions need service account
•All web applications hosted using the same SPN have to
be hosted with the same account
•Use A records, not CNAME records
45. •Terms
•Key Distribution Center (KDC) – In Windows AD, KDC
lives on domain controllers (DC), KDCs share a long term
key across all DCs.
•KDC security account database – In Windows, it is Active
Directory
•Authorization Service (AS) – part of the KDC
•Ticket Granting Service (TGS) – part of the KDC
•Ticket Granting Ticket (TGT) - A user's initial ticket from
the authentication service, used to request service tickets,
and meant only for use by the ticket granting service.
Keeps the user from having to enter password each time a
ticket is requested.
46. Tickets
•Ticket Granting Ticket (TGT)
•A user's initial ticket from the authentication service
•Used to request service tickets
•Meant only for use by the ticket-granting service.
•Service ticket for the KDC (service class = krbtgt)
•Service Ticket
•Enables the ticket-granting service (TGS) to safely
transport the requester's credentials to the target
server or service.
48. •Troubleshooting
• Have user logon and logoff if they don’t regularly:
TGTs are only renewable for so long and then they
expire (7 day default), then password has to be re-
entered.
• Remember that authenticators contain the current
time. Check for time sync issues.
49. •Common Issues
• Missing SPN
• Duplicate SPN
• SPN assigned to wrong service account
• Times are out of sync
• Client TGT expired (7 days)
• IE and non-default ports
50. •Request TGT (Remember there is even more complexity)
1. User (client) logs into workstation entering their
password.
2. Client builds an authentication service request
containing the user’s username (KPN), the SPN of the
TGS, and encrypts the current time using the user’s
password as an authenticator.
3. Client sends these three items to the KDC.
4. KDC get user’s password from AD, decrypts time and
verifies it is valid.
5. AS generates a logon session key and encrypts with
the user’s password. AS generates a service ticket
which contains a logon session key and the user’s KPN
encrypted with the AS shared key. This is a special
service ticket called a Ticket Granting Ticket (TGT).
51. •Request TGT (Remember there is even more complexity)
6. KDC sends both to the client.
7. Client decrypts logon session key using its password
and stores the logon session key in cache. The client
stores the TGT in cache.
52. •Access Service (Remember there is even more complexity)
1. User (client) encrypts the current time using the logon
session key in cache creating an authenticator and
sends the authenticator, the user’s KPN, the name of
the target service (SPN), and the TGT to the TGS.
2. TGS decrypts the TGT using its shared key to access
the logon session key. The logon session key is used to
decrypt the authenticator and confirms the time is valid.
3. TGS extracts the user’s KPN from the TGT. TGS
generates a service session key and encrypts the
service session key using the logon session key. TGS
uses server session key to generate service ticket and
encrypts it using service’s password.
4. TGS sends service session key and the service ticket
to the client.
53. •Access Service (Remember there is even more complexity)
5. Client decrypts service session key using cached logon
session key, adds current time (as well as other items),
and encrypts with the service session key to create an
authenticator.
6. Client sends ticket and authenticator to remote server
which runs service.
7. Service decrypts service ticket accessing the server
session key and the KPN. Using the service session
key, the service decrypts the authenticator and confirms
the current time is valid. A Windows access token is
generated
8. (Optional) If client requests mutual authentication,
service encrypts current time using the service session
key creating an authenticator and sends to the client.
9. Clients decrypts authenticator and validates time.
54. Troubleshooting Tools
• Patience – Test methodically and
• Knowledge - Know your Forests, Domains, Trusts,
Functional Levels…get a basic lay of the land.
• Always test from a different machine than the web
server or domain controller!
• SetSPN
• Windows Security Logs
• Windows 2008 ADUC
• Kerbtray
• Netmon and Fiddler
• IIS Logs and IIS7 Failed Request Tracing
• Kerberos Logging
• Event Logging and/or Debug Logs
55. Common Issues that break Kerberos
• Times are out of sync – authenticators contain
current time
• Missing SPN
• Duplicate SPN
• SPN assigned to wrong service account
• IIS Providers are incorrect (For IIS 5 or 6, see
http://support.microsoft.com/kb/215383)
• IIS 7 – remember Kernel mode authentication and
check settings
• Client TGT expired (7 days expiration – have user
logon and logoff, no reboot required)
• IE and non-default ports