Author: Sander Berkouwer

On Tuesday, August 13, 2013 Microsoft, in its monthly Patch Tuesday, released MS13-066, a Security Bulletin addressing an issue with Active Directory Federation Services. This security update resolves a privately reported vulnerability in Active Directory Federation Services (AD FS). reveal information pertaining to the service account used by AD FS. An attacker could then attempt … Continue reading "MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (Important)"

A while ago, I wrote a blogpost on the requirements you’d need to meet to take advantage of Active Directory features in Windows Server 2003 through Windows Server 2008 R2. Since Windows Server 2012 was released almost a year ago, it’s time to look at the requirements for Active Directory features in Windows Server 2012.

Last week marked Windows NT’s 20 year anniversary. Last week also marked the 40th birthday of the Volkswagen Passat. You wouldn’t want to be stuck with any of these technologies in their first incarnations today, but I’m proud to be using the 10th incarnation of Windows NT (My Dell Precision 4700 with Windows 8) and … Continue reading "Proud to be using Windows NT and Volkswagen Passat technology"

I have written a lot about Active Directory Domain Controllers and Hyper-V in this series. So far you’ve seen recommendations on host configuration, guest configuration, security and converting physical Active Directory Domain Controllers to virtual ones. Today, I’m covering anti-affinity.

Security and practicality often clash, especially with legacy software in the mix. Legacy software is painful from a security point of view. If you want to know how painful, keep on reading this blogpost. It features legacy functionality, unsupported software and security holes the size of Jupiter.

Although we’ve seen presentations on Pass the Hash attacks for years, now is a good time to actually make good on that New Year’s resolution to start hardening your Active Directory environment against these, and other related attacks. Roughly six months ago, Patrick Jungles, a Security Program Manager working with Microsoft’s Trustworthy Computing group in … Continue reading "Security Thoughts: Pass the Hash and other Credential Theft"

In version 1.0.6385.12 of the Windows Azure Directory Synchronization tool (or DirSync for short) Microsoft introduced the ability for administrators to synchronize password(hashe)s to Azure Active Directory. I’ve blogged about the DirSync tool in the past, when the 32bit tool was deprecated, and today, with the Password Sync functionality, I feel I have good reason … Continue reading "Five Things you should know about using DirSync with Password Sync"

As I’ve written before, Microsoft has made significant strides on making Active Directory Domain Controllers safe(r) to virtualize in Windows Server 2012. Sometimes, however, you encounter a situation that makes all that progress seem to disappear. Microsoft, last week, has released KnowledgeBase Article 2853952, describing such a situation.

One of the new features in Active Directory Domain Services in Windows Server 2012 is Virtualization-safe(r) Active Directory. This feature makes it easier and safer to deploy and manage virtual Domain Controllers through the VM-GenerationID capability of the hypervisor platform.