Security Thoughts: Passwords in Group Policy Preferences (CVE-2014-1812)

Last week, Microsoft released Security Bulletin MS04-025, including guidance and an update that resolves a publicly disclosed vulnerability in Microsoft Windows. The vulnerability could allow elevation of privilege if Active Directory Group Policy preferences are used to distribute passwords across the domain – a practice that could allow an attacker to retrieve and decrypt the … Continue reading "Security Thoughts: Passwords in Group Policy Preferences (CVE-2014-1812)"

When you lose a bet…

People who know me, know me as a guy who likes to motivate people with random bets. It’s not intrinsic motivation, but it’s the kind of motivation that gets things done. A few weeks ago, I made a bet with a couple of colleagues. These colleagues were competing in the Winter 2014 worldwide PowerShell Scripting … Continue reading "When you lose a bet…"

Why I don’t like the Quest Active Directory PowerShell Cmdlets

Many Active Directory admins use and like the Quest Active Directory PowerShell Cmdlets, that are part of the free ActiveRoles Management Shell for Active Directory. They have been freely available since 2007 and have been the long trusted scripting companion for many. I am not one of them. It’s nothing personal. Let me explain.   … Continue reading "Why I don’t like the Quest Active Directory PowerShell Cmdlets"

Options that are only available when you promote Windows Server 2012 to a Domain Controller with PowerShell

The new Domain Controller Promotion process in Windows Server 2012 with the Active Directory Domain Services Configuration Wizard, is a nice new way to promote Windows Server 2012-based hosts to Domain Controllers, since it enables: Remote promotion of Windows Server 2012-based hosts to Domain Controllers Promotion of a group of Windows Server 2012-based hosts to … Continue reading "Options that are only available when you promote Windows Server 2012 to a Domain Controller with PowerShell"

Reusing a Role Installation XML file in Windows Server 2012 to install the Active Directory Domain Services Role

Ranging from multi-server management to over 2400 PowerShell Cmdlets, Windows Server 2012 delivers on the promise of standards-based management and automation capabilities. Part of the new Domain Controller Promotion process is installing the Active Directory Domain Services role onto a stand-alone or member server. This activity needs to be completed before the new Active Directory … Continue reading "Reusing a Role Installation XML file in Windows Server 2012 to install the Active Directory Domain Services Role"

New features in Active Directory Domain Services in Windows Server 2012, Part 8: Group MSAs (gMSAs)

Back in Windows Server 2008 R2, Managed Service Accounts (MSAs) solved the problem of unsecure service accounts. Managing them was a nightmare, even if you knew what you were doing. Now, In Windows Server 2012, Microsoft addresses a couple of these challenges This blogposts shows how.

New features in Active Directory Domain Services in Windows Server 2012, Part 4: New PowerShell Cmdlets

With Windows PowerShell Scripting being one of the requirements in the current Common Engineering Criteria (CEC), all Microsoft server products need to comply with having Windows PowerShell scripting support. In Windows Server 2012, Active Directory Domain Services expands beyond the 76 Active Directory Management PowerShell Cmdlets and 15 Active Directory Provider PowerShell Cmdlets found in … Continue reading "New features in Active Directory Domain Services in Windows Server 2012, Part 4: New PowerShell Cmdlets"