Last week, Microsoft introduced KnowledgeBase article 2878821, discussing some strange behavior on a domain-joined Windows Server 2012-based Remote Desktop Virtualization host. When such a host is added to a domain and the default domain policy is applied, the option to select a physical GPU used for RemoteFX (within Hyper-V settings) appears to be unavailable.
Earlier this week, during the September 2013 Patch Tuesday, Microsoft has released a new Active Directory-related security bulletin: MS13-079. With the third Active Directory-related Security bulletin this year, (after MS13-066 and MS13-032) Microsoft is sure having its hands full on patching the vulnerabilities found in these technologies.
When you regularly check the website of the UK Virtual Machine User Group (VMUG), you might have noticed that they have a series of meetings coming up in Manchester, Leeds and London. Now, when you scroll through on the details of the Leeds meeting on October 1, 2013, you might notice a couple of familiar … Continue reading "I will be speaking at the UK VMUG Meeting in Leeds"
Microsoft has issued KnowledgeBase article 2845152 to help administrators overcome a problem they might experience while using the Network Connectivity Assistant with a Windows Server 2012-based DirectAccess server and IPv4-only DNS Servers and Active Directory Domain Controllers. A hotfix is available for the DirectAccess Server.
On Tuesday, August 13, 2013 Microsoft, in its monthly Patch Tuesday, released MS13-066, a Security Bulletin addressing an issue with Active Directory Federation Services. This security update resolves a privately reported vulnerability in Active Directory Federation Services (AD FS). reveal information pertaining to the service account used by AD FS. An attacker could then attempt … Continue reading "MS13-066 Vulnerability in Active Directory Federation Services Could Allow Information Disclosure (Important)"
A while ago, I wrote a blogpost on the requirements you’d need to meet to take advantage of Active Directory features in Windows Server 2003 through Windows Server 2008 R2. Since Windows Server 2012 was released almost a year ago, it’s time to look at the requirements for Active Directory features in Windows Server 2012.
I have written a lot about Active Directory Domain Controllers and Hyper-V in this series. So far you’ve seen recommendations on host configuration, guest configuration, security and converting physical Active Directory Domain Controllers to virtual ones. Today, I’m covering anti-affinity.
Although we’ve seen presentations on Pass the Hash attacks for years, now is a good time to actually make good on that New Year’s resolution to start hardening your Active Directory environment against these, and other related attacks. Roughly six months ago, Patrick Jungles, a Security Program Manager working with Microsoft’s Trustworthy Computing group in … Continue reading "Security Thoughts: Pass the Hash and other Credential Theft"
In version 1.0.6385.12 of the Windows Azure Directory Synchronization tool (or DirSync for short) Microsoft introduced the ability for administrators to synchronize password(hashe)s to Azure Active Directory. I’ve blogged about the DirSync tool in the past, when the 32bit tool was deprecated, and today, with the Password Sync functionality, I feel I have good reason … Continue reading "Five Things you should know about using DirSync with Password Sync"
As I’ve written before, Microsoft has made significant strides on making Active Directory Domain Controllers safe(r) to virtualize in Windows Server 2012. Sometimes, however, you encounter a situation that makes all that progress seem to disappear. Microsoft, last week, has released KnowledgeBase Article 2853952, describing such a situation.