After January’s Azure Multi-Factor Authentication Server version 220.127.116.11 release, over the weekend, Microsoft released version 18.104.22.168 of its on-premises Azure Multi-Factor Authentication Server with a lot of performance improvements and other fixes. While the changes mentioned in the change log aren’t world shocking, this release should alleviate much of the problems you might have with … Continue reading "Azure Multi-Factor Authentication Server 22.214.171.124 with lots of improvements"
The last couple of months, I have actively worked together with Veeam to profile their excellent Veeam Explorer for Active Directory and to help people get more out of their current investments in on-premises Active Directory Domain Services. One of the projects we’ve worked on is a whitepaper that details what’s new in Active Directory … Continue reading "Whitepaper: What’s New in Active Directory Domain Services since Windows Server 2008 R2"
Active Directory is a family of products. Besides the commonly known Active Directory Domain Services and Certificate Services siblings, the family consists of the Active Directory Lightweight Directory Services, Rights Management Services and Federation Services. The latter received a major overhaul in Windows Server 2012 R2. One of the new features offered by Active Directory … Continue reading "New features in Active Directory Domain Services in Windows Server 2012 R2, Part 5: WorkPlace Join and Registered Device objects"
Managing an on-premises Active Directory Domain Services infrastructure through the Graphical User Interface (GUI) can get daunting. And boring. Luckily, for most repetitive tasks you can resort to the command line, or in more recent versions of Windows Server to PowerShell. Windows Server 2012 already comes equipped with PowerShell Cmdlets to manage your Active Directory … Continue reading "New features in Active Directory Domain Services in Windows Server 2012 R2, Part 4: PowerShell Cmdlets"
As we’ve dived into the Protected Users security group, we’ll dive into Authentication Policies and Authentication Policy Silos today, as these latter two features are greatly intertwined with the functionality of the Protected Users group and have much in common. But, as we’ll find out, Authentication policies and authentication policy silos also differ greatly from … Continue reading "New features in Active Directory Domain Services in Windows Server 2012 R2, Part 3: Authentication Policies and Authentication Policy Silos"
With Windows Server 2012 R2 and Windows 8.1, Microsoft introduced a feature in Active Directory Domain Services called the Protected Users group. You can use it to limit the availability of outdated authentication protocols, weak encryption algorithms and delegation to sensitive user accounts. Interesting stuff, but I feel there’s some things you should know about … Continue reading "Ten things you need to be aware of before using the Protected Users Group"
In Active Directory, all Domain Controllers are equal, but some are more equal than others. As you gain experience in managing networking environments, you’ll find the same principle is true for user accounts: all user accounts are equal, but some are more equal than others… For instance, some colleagues to whom these accounts belong, require … Continue reading "New features in Active Directory Domain Services in Windows Server 2012 R2, Part 2: Protected Users"
Microsoft has invested three years of development time in Windows Server 2012 and has introduced a slew of Active Directory features, including claims-based authorization to files and folders, a new licensing solution, safe virtualization, Kerberos armoring, cross-forest KCD and group MSAs. I’ve published a whitepaper on this stuff last year. Hot on the heels of … Continue reading "New features in Active Directory Domain Services in Windows Server 2012 R2, Part 1: Introduction"
I’ve written about Pass-the-Hash (PtH) attacks before. Today, I’m writing on the cleanup mechanisms to remove lingering password(hashe)s from Windows, that Microsoft has introduced with Windows 8.1 and Windows Server 2012 R2. These mechanisms help protect against Pass-the-Hash (PtH) attacks.
Last night, during SuperBowl XLVIII, a version of Windows 8.1 Update 1 was, inadvertently, released to the web. While this release focuses on the integration between Windows Phone and Windows for the desktop, laptop and tablet, it also features a slew of User Interface (UI) improvements for those still on the fence on The New … Continue reading "A first look at Windows 8.1 Update 1 (build 9600.16596)"