Skip to Content

Category Archives: Group Policy

Group Policy

Windows Server 2016’s November 2018 Quality Update brings several Active Directory fixes

Written on December 6, 2018 at 11:33 AM, by

Windows Server 2016’s November 2018’s Cumulative Quality Update, bringing the OS version to 14393.2639, offers a fix for an issue with Group Policy and a fix for an issue you might be experiencing on your Windows Server 2016-based Domain Controllers.        About Windows Server 2016 Updates Microsoft issues two major updates each month for Windows […]

Passing Microsoft Exam 70-742: Identity with Windows Server 2016

Written on October 4, 2018 at 12:39 PM, by

There is a good and free way to prepare for Microsoft exam 70-742: Identity with Windows Server 2016. In the past years, I conducted webinars that can serve as a primer on Active Directory. They are not and were never intended as the sole sources of preparation for the exam. Instead, I hope you conceived […]

I’m presenting an Active Directory 101 course with Netwrix

Written on August 24, 2018 at 10:59 PM, by

I know from my own experience – the importance of Active Directory and its security can never be overestimated. So, I’ve teamed up with Netwrix to bring you an easy yet extensive update for your knowledge of Active Directory management and security principles. Therefore, this September, I’m hosting three consecutive webinars on Active Directory Domain […]

Security Thoughts: Vulnerability in Group Policy could allow elevation of privilege(MS61-072, KB3163622, CVE-2016-3223)

Written on June 15, 2016 at 8:38 AM, by

Yesterday, Microsoft released update 3163622 as part of its June 2016 Patch Tuesday to address an important vulnerability that affects Group Policy on Windows 10.   About the vulnerability The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target […]

Security Thoughts: Microsoft Local Administrator Password Solution (LAPS, KB3062591)

Written on May 2, 2015 at 6:39 PM, by

As you might recall, Microsoft offered a solution to systems administrators to set the local administrator password on domain-joined devices using Group Policy Preferences, but ended the solution, almost a year ago, when the encoding mechanism was decoded and an attack was created towards this vulnerability (CVE-2014-1812).   Introducing LAPS Yesterday, Microsoft introduced version 6 […]

Vulnerabilities in Group Policy could allow security policy bypassing (MS15-011, MS15-014, CVE-2015-0008, CVE-2015-0009)

Written on February 11, 2015 at 10:20 PM, by

For its February 2015 Patch Tuesday on Tuesday February 10, Microsoft has released two security bulletin to address issues in Group Policy that would allow an attacker using a Man-in-the-middle (MitM) approach to bypass security policies, by forging packets sent by Domain Controllers.   The situation In many organizations, Group Policies are used to centrally […]

Security Thoughts: Passwords in Group Policy Preferences (CVE-2014-1812)

Written on May 23, 2014 at 11:36 AM, by

Last week, Microsoft released Security Bulletin MS04-025, including guidance and an update that resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Active Directory Group Policy preferences are used to distribute passwords across the domain – a practice that could allow an attacker to retrieve and decrypt the […]

New features in Active Directory Domain Services in Windows Server 2012, Part 9: Connected Accounts

Written on September 4, 2012 at 4:45 PM, by

Windows 8 and Windows Server 2012 are cloud-optimized Operating Systems. One of the areas where this is visible is the ability to connect domain accounts to Microsoft accounts (formerly known as Windows Live IDs). In this blogpost I’ll show you how this functionality works and how you can disable this functionality altogether or granularly with […]