Although we’ve seen presentations on Pass the Hash attacks for years, now is a good time to actually make good on that New Year’s resolution to start hardening your Active Directory environment against these, and other related attacks. Roughly six months ago, Patrick Jungles, a Security Program Manager working with Microsoft’s Trustworthy Computing group in … Continue reading "Security Thoughts: Pass the Hash and other Credential Theft"
Category: 1113
1113
Common Challenges when Managing Active Directory Domain Services, Part 5: (Accidental) Misconfiguration
A lot of organizations run Active Directory Domain Services as their Identity and Access Management (IAM) solutions. Their Domain Controllers unlock access to the simplified view on the organization’s processes, structure and systems, so people can perform the jobs they were hired to do. Just when you thought your Active Directory environment couldn’t get any … Continue reading "Common Challenges when Managing Active Directory Domain Services, Part 5: (Accidental) Misconfiguration"
10 Things you need to be aware of before deploying Dynamic Access Control
Microsoft introduced Dynamic Access Control (DAC) as its claims-based authorization solution. It’s revolutionary, because it enables admins to more granularly control access to file resources, based on attributes of objects in Active Directory, like department, manager and country, instead of through an elaborate and obscure group membership structure and static Access Control Lists (ACLs) on … Continue reading "10 Things you need to be aware of before deploying Dynamic Access Control"
Common Challenges when Managing Active Directory Domain Services, Part 4: Attribute Integrity
Using Active Directory Domain Services as the solid foundation of your Identity and Access Management (IAM) strategy, results in common challenges for most organizations I meet. While the first three parts of this series have focused on objects and links between objects in the Active Directory database. Today, I want to talk about more ethereal … Continue reading "Common Challenges when Managing Active Directory Domain Services, Part 4: Attribute Integrity"
KnowledgeBase: Incorrect results when you run AD Windows PowerShell Cmdlets on a Windows Server 2012 or Windows Server 2008 R2-based Domain Controller
Windows Server 2008 R2 and Windows Server 2012-based Domain Controllers (as well as Windows 7 and Windows 8 management workstations with the Remote Server Administration Tools installed) offer the built-in ability to manage Active Directory through PowerShell. Windows 7 and Windows Server 2008 R2 offer 76 Active Directory Management PowerShell Cmdlets and 15 Active Directory … Continue reading "KnowledgeBase: Incorrect results when you run AD Windows PowerShell Cmdlets on a Windows Server 2012 or Windows Server 2008 R2-based Domain Controller"
Common Challenges when Managing Active Directory Domain Services, Part 3: Performance
Domain Controllers are the backbone of many networking environments in many organizations. Unavailability and a lack of performance of these servers quickly escalates into numerous helpdesk calls and employee disgruntlement. Many admins opt to beef up Domain Controllers with larger amounts of RAM, more processor power and more capable networking interface cards (NICs). Another avenue … Continue reading "Common Challenges when Managing Active Directory Domain Services, Part 3: Performance"
Common Challenges when Managing Active Directory Domain Services, Part 2: Unnecessary Complexity and Token Bloat
A lot of organizations run Active Directory Domain Services as their Identity and Access Management (IAM) solutions. Their Domain Controllers unlock access to the simplified view on the organization’s processes, structure and systems, so people can perform the jobs they were hired to do. Now, not every organization acknowledges the importance of an up to … Continue reading "Common Challenges when Managing Active Directory Domain Services, Part 2: Unnecessary Complexity and Token Bloat"
Active Directory Services and PowerShell manageability
As you might be aware, every Microsoft server product has the requirement to be manageable through PowerShell and System Center. The PowerShell requirement is formulated as part of the Common Engineering Criteria (CEC). With PowerShell available as a version 3 product (and part of Windows Server 2012) it’s time to see how the teams, responsible … Continue reading "Active Directory Services and PowerShell manageability"
Best Practices for Securing Active Directory
Today, Microsoft has released a document, detailing the Best Practices for Securing Active Directory Domain Services. The document contains 22 best practice recommendations to assist organizations in enhancing the security of their Active Directory installations. By implementing these recommendations, organizations will be able to identify and prioritize security activities, protect key segments of their organization’s … Continue reading "Best Practices for Securing Active Directory"
KnowledgeBase: You cannot use redirusr.exe and redircmp.exe in the Windows Server 2008 DFL on Windows Server 2008
In the past years, I’ve found many systems and many errors. Today, I’m sharing behavior in Microsoft Windows Server that had me frown and chuckle. A bug in Active Directory code I’ve been grateful for, since it illustrates the nature of software. Note: This behavior has not been publicized in the Microsoft KnowledgeBase (yet). In … Continue reading "KnowledgeBase: You cannot use redirusr.exe and redircmp.exe in the Windows Server 2008 DFL on Windows Server 2008"