KnowledgeBase: Windows Hello for Business satisfies Smartcard is required for interactive logon requirements

One of the main strategies for securing privileged accounts in Active Directory Domain Services seems to enable the Smartcard is required for interactive logon option on members of the Domain Admins security group. Typically, that required deploying (virtual) smartcards, but there is a far easier way that is currently being wildly adopted: Windows Hello for … Continue reading "KnowledgeBase: Windows Hello for Business satisfies Smartcard is required for interactive logon requirements"

You may encounter authentication issues after installing the November 2021 Cumulative updates

While installing updates is one of the basic information security measures, many organizations hold off on installing updates for Windows Server within 48 hours. This month, we saw another reason why it’s a smart idea to test updates in pre-production environments before deploying them to production domain controllers. After installing the November 2021 cumulative and/or … Continue reading "You may encounter authentication issues after installing the November 2021 Cumulative updates"

KnowledgeBase: You receive EventID 16990 or 16991 when users create or modify computer objects

One of the more recent issues you might encounter, when you create or modify computer objects and/or (group) managed service accounts in Active Directory is errors on your domain controllers with event ID 16990 or 16991 with source Directory-Services-SAM in the System event log. The situation You run an Active Directory forest with Domain Controllers … Continue reading "KnowledgeBase: You receive EventID 16990 or 16991 when users create or modify computer objects"

Four Active Directory Elevation of Privilege vulnerabilities were addressed in the November 2021 Updates

When looking at the November 9th, 2021 updates today, I noticed four updates that specifically address vulnerabilities in Active Directory Domain Services. These vulnerabilities affect domain controllers at the heart of many networking infrastructure environments.   About the vulnerabilities Four vulnerabilities were addressed: CVE-2021-42278 Active Directory Domain Services Elevation of Privilege Vulnerability CVE-2021-42278 is a … Continue reading "Four Active Directory Elevation of Privilege vulnerabilities were addressed in the November 2021 Updates"

From the field: The Case of Raising the DFL to make all fail-over clusters inaccessible

Troubleshooting stories from the field are the best. That’s why I like writing them down. Although, sometimes they might appear as straight cases of schadenfreude, I feel there are lessons to be learned for anyone, if you’re willing to look closely and listen carefully. This week I experienced an issue at a customer, when they … Continue reading "From the field: The Case of Raising the DFL to make all fail-over clusters inaccessible"

Three Active Directory vulnerabilities were addressed in the October 2021 Updates

When looking at the October 12th, 2021 updates today, I noticed three updates that specifically address vulnerabilities in Active Directory Domain Services and DNS. These vulnerabilities affect domain controllers at the heart of many networking infrastructure environments. About the vulnerabilities Three vulnerabilities were addressed: CVE-2021-40460 RPC Runtime Security Feature Bypass Vulnerability CVE-2021-40460 is a vulnerability … Continue reading "Three Active Directory vulnerabilities were addressed in the October 2021 Updates"

Teasing the Second Edition of my Active Directory Administration Cookbook

With the General Availability of Windows Server 2022, everybody looks at the learning community to get up to speed with Microsoft's latest and greatest Windows Server operating system (OS). From that perspective, I'm happy to announce that I started work on the Second Edition of my Active Directory Administration Cookbook.   What's changing? Here's what … Continue reading "Teasing the Second Edition of my Active Directory Administration Cookbook"

I'm presenting a webinar with Randy Franklin Smith and Netwrix

This Tuesday at 6 PM CEST, I'm presenting a webinar with Randy Franklin Smith's Ultimate Windows Security and Netwrix on ten best practices to securing Active Directory and Azure AD. About Randy Franklin Smith Randy Franklin Smith is an internationally recognized expert on the security and control of Windows and Active Directory security who specializes … Continue reading "I'm presenting a webinar with Randy Franklin Smith and Netwrix"

Admins that have upgraded to Azure AD Connect v2 are at risk of running out of date and insecure installations

Admins that have bit the bullet on Azure AD Connect v2 are now eating the sour grapes of that decision, as Microsoft doesn't offer Automatic Upgrades on any of the v2 builds released to date. About Azure AD Connect v2 Azure AD Connect is Microsoft’s free Hybrid Identity bridge product to synchronize objects and their … Continue reading "Admins that have upgraded to Azure AD Connect v2 are at risk of running out of date and insecure installations"

Hardening SMB on Domain Controllers, Step 3: Disabling SMB Null sessions

Server Message Block (SMB) is a critical component for any Microsoft-oriented networking environment. That’s why hardening SMB is one of the critical steps in securing Active Directory Domain Controllers. In the first part of this series, I’ve shown you how to report on incoming SMB connections on your Active Directory Domain Controllers. Now, let’s put … Continue reading "Hardening SMB on Domain Controllers, Step 3: Disabling SMB Null sessions"