Security Thoughts: Vulnerability in Netlogon could allow remote code execution (MS16-076, KB3167691, CVE-2016-3228)

Yesterday, Microsoft released update 3167691 as part of its June 2016 Patch Tuesday to address an important vulnerability in Windows Server’s Netlogon functionality, allowing remote code execution on all supported Windows Server versions. About the vulnerability A vulnerability has been detected, that could allow remote code execution if an attacker with access to a Windows … Continue reading "Security Thoughts: Vulnerability in Netlogon could allow remote code execution (MS16-076, KB3167691, CVE-2016-3228)"

Security Thoughts: Vulnerability in Group Policy could allow elevation of privilege(MS61-072, KB3163622, CVE-2016-3223)

Yesterday, Microsoft released update 3163622 as part of its June 2016 Patch Tuesday to address an important vulnerability that affects Group Policy on Windows 10.   About the vulnerability The vulnerability could allow elevation of privilege if an attacker launches a man-in-the-middle (MiTM) attack against the traffic passing between a domain controller and the target … Continue reading "Security Thoughts: Vulnerability in Group Policy could allow elevation of privilege(MS61-072, KB3163622, CVE-2016-3223)"

Security Thoughts: Vulnerability in DNS Server could allow remote code execution (MS16-071, KB3164065, CVE-2016-3227)

Yesterday, Microsoft released update KB3161951 as part of its June 2016 Patch Tuesday to address a critical use after free vulnerability that affects DNS Servers running Windows Server 2012, Windows Server 2012 R2 and Windows Server 2016 Technical Previews.   About the vulnerability A remote code execution vulnerability exists in Windows Domain Name System (DNS) … Continue reading "Security Thoughts: Vulnerability in DNS Server could allow remote code execution (MS16-071, KB3164065, CVE-2016-3227)"

Knowledgebase: You receive Event-ID 1539 and ‘This device does not allow its write-caching setting to be changed’ warnings on virtualized Generation 2 Domain Controllers

When I was in training as an Active Directory admin, I was taught that the disk(s) where the Active Directory database and Active Directory transaction logs reside are automatically configured with write-back caching disabled. Today, roughly 15 years later, I found out that although my teacher was right, things have changed and might be counter-intuitive … Continue reading "Knowledgebase: You receive Event-ID 1539 and ‘This device does not allow its write-caching setting to be changed’ warnings on virtualized Generation 2 Domain Controllers"

Video: Running highly-sensitive Domain Controllers on Hyper-V and Azure

Active Directory Domain Controllers hold the keys to your kingdom. So how do you virtualize these castles of identity, without compromising on the requirements of your organization? In this session, Raymond Comvalius (Windows Expert – IT Pro MVP) and Sander Berkouwer (Directory Services MVP) give best practices for hardening, backing up, restoring and managing virtualized … Continue reading "Video: Running highly-sensitive Domain Controllers on Hyper-V and Azure"

Advances in Active Directory since Windows Server 2003

In six months time, on July 14 2015, Microsoft ends the extended support for Windows Server 2003. After 11 years and 6 months (Windows Server 2003 became generally available on May 28th, 2003) the plug is pulled on updates to the product and the support information on TechNet, MSDN and its KnowledgeBase. Running Active Directory on Operating … Continue reading "Advances in Active Directory since Windows Server 2003"

KnowledgeBase: Windows Server 2012 R2-based AD FS Proxy consumes 100% CPU

As part of the May 2014 Update Rollup, Microsoft has released an update for Windows Server 2012 R2-based Active Directory Federation Services (AD FS) Proxies, consuming 100% CPU. This leads to rejected logons and slow performance for colleagues trying to authenticate to the Active Directory Federation Services (AD FS) infrastructure.     The situation The Active … Continue reading "KnowledgeBase: Windows Server 2012 R2-based AD FS Proxy consumes 100% CPU"

KnowledgeBase: You cannot log on as a local administrator when you restart in Directory Services Repair Mode

As part of the May 2014 Update Rollup, Microsoft has fixed a problem that I hope has not been bugging any Active Directory Admin… On Windows Server 2012 and Windows Server 2012 R2-based Domain Controllers, an issue was identified that blocks access to the Directory Services Restore Mode (DSRM).   The situation On Windows Server … Continue reading "KnowledgeBase: You cannot log on as a local administrator when you restart in Directory Services Repair Mode"

KnowledgeBase: Colleagues with IE get Windows prompts when authenticating to AD FS behind TMG, forms-based authentication when using Chrome or FireFox

Today, a colleague came up to me to ask me a question on a weird situation he encountered while troubleshooting an Active Directory Federation Services (AD FS) implementation at a customer site. Note: We didn’t implement this situation, but after solving this challenge, we gave some great pointers to get the environment sorted.   The … Continue reading "KnowledgeBase: Colleagues with IE get Windows prompts when authenticating to AD FS behind TMG, forms-based authentication when using Chrome or FireFox"

Virtualization-safe(r) Active Directory in VMware environments, Part 2

In the first post of this series, I’ve shown how to uncover the VM-GenerationID, the random value that unlocks all that Windows Server 2012 Active Directory Domain Services magic, on VMware’s vSphere and Workstation virtualization solutions. Today, I’m showing you how to interpret this value and how this value might be different between versions of … Continue reading "Virtualization-safe(r) Active Directory in VMware environments, Part 2"