Previously, I discussed the differences and commonalities for WorkPlace Join and Domain Join. Today, I would like to discuss the differences and commonalities between two very similar and yet widely different remote access technologies: WorkPlace Join and DirectAccess. Let’s start with the characteristics these two technologies have in common: WorkPlace Join and DirectAccess are … Continue reading "WorkPlace Join vs. DirectAccess"
Category: Active Directory Federation Services
Active Directory Federation Services
Update your Federation Servers with MS14-077 to patch CVE-2014-6331 (Important)
During the November 2014 Patch Tuesday, Microsoft has released Security Bulletin MS114-077, that describes how a vulnerability in Active Directory Federation Services (AD FS) could allow unintentional information disclosure and how you can fix this by installing the security update that is part of KB3003381 on your Active Directory Federation Servers, including proxies. About MS14-077 … Continue reading "Update your Federation Servers with MS14-077 to patch CVE-2014-6331 (Important)"
Configuring the maximum amount of devices colleagues can Workplace Join
We’ve discussed the WorkPlace Join functionality in Active Directory Federation Services in Windows Server 2012 R2 (and up) and the accompanying Registered Device objects in Active Directory Domain Services, and we’ve looked into granularly granting and revoking access to WorkPlace Join by specifying Issuance Authorization Rules for the Device Registration Services (DRS) and configuring the … Continue reading "Configuring the maximum amount of devices colleagues can Workplace Join"
Configuring the inactivity time-out for WorkPlace-joined Devices
When we discussed the WorkPlace Join functionality in Active Directory Federation Services in Windows Server 2012 R2 (and up) and the accompanying Registered Device objects in Active Directory Domain Services, you might have gotten the feeling that the directory might get cluttered with Registered Devices. Microsoft has built in a feature in the Device Registration … Continue reading "Configuring the inactivity time-out for WorkPlace-joined Devices"
Granularly permitting or denying the right to WorkPlace Join devices based on group membership
Previously, we’ve looked at the WorkPlace Join functionality in Active Directory Federation Services (AD FS) in Windows Server 2012 R2 (and up) and the accompanying Registered Device objects in Active Directory Domain Services (AD DS). When WorkPlace Join is enabled for a networking environment, by default anyone has the right to WorkPlace Join devices, by … Continue reading "Granularly permitting or denying the right to WorkPlace Join devices based on group membership"
WorkPlace Join vs. Domain Join
Yesterday, we discussed WorkPlace Join and the msDS-Device object. Over the past months, these technologies sparked conversations with several people, some of which have very strong opinions on the exclusivity of domain join and a passion for loosely-coupling devices to Active Directory. This conversation could best be titled WorkPlace Join versus Domain Join. I’ll use … Continue reading "WorkPlace Join vs. Domain Join"
Speaking at ITPRO | DEV Connections Greece again
Last year, I was invited to speak at ITPro | DEV Connections Greece. That was great fun, so we were delighted to see this years organization asking Adnan and me to send in some session proposals for this years event. Even better was seeing our proposals accepted. As a bonus: Our buddy Peter also got … Continue reading "Speaking at ITPRO | DEV Connections Greece again"
KnowledgeBase: ADFS authentication issue for Active Directory users when extranet lockout is enabled
Active Directory Federation Services (AD FS) in Windows Server 2012 R2 is a vastly improved version of Active Directory Federation Services found in previous versions of Windows Server. One of its features, however, might prove extremely counter-productive and counter-intuitive to its feature name and normal behavior in a certain scenario. The situation Active Directory … Continue reading "KnowledgeBase: ADFS authentication issue for Active Directory users when extranet lockout is enabled"
KnowledgeBase: Windows Server 2012 R2-based AD FS Proxy consumes 100% CPU
As part of the May 2014 Update Rollup, Microsoft has released an update for Windows Server 2012 R2-based Active Directory Federation Services (AD FS) Proxies, consuming 100% CPU. This leads to rejected logons and slow performance for colleagues trying to authenticate to the Active Directory Federation Services (AD FS) infrastructure. The situation The Active … Continue reading "KnowledgeBase: Windows Server 2012 R2-based AD FS Proxy consumes 100% CPU"
KnowledgeBase: Colleagues with IE get Windows prompts when authenticating to AD FS behind TMG, forms-based authentication when using Chrome or FireFox
Today, a colleague came up to me to ask me a question on a weird situation he encountered while troubleshooting an Active Directory Federation Services (AD FS) implementation at a customer site. Note: We didn’t implement this situation, but after solving this challenge, we gave some great pointers to get the environment sorted. The … Continue reading "KnowledgeBase: Colleagues with IE get Windows prompts when authenticating to AD FS behind TMG, forms-based authentication when using Chrome or FireFox"