Introduction One of the recommendations to protect privileged accounts from credential theft is to prevent administrative accounts from exposing credentials to unsecure computers, on this post I will show you how to protect administrative accounts using Authentication Policies and Silos. Definition A quick definition from Microsoft web site.Authentication policy silos and the accompanying policies provide … Continue reading Protect Administrative Accounts with Authentication Policies and Silos
Category: Active Directory
AppLocker – Part 2
Introduction:In the previous blog we looked at the two paths, "whitelisting" and "blacklisting", you could follow implementing AppLocker. In this blog I will look at the AppLocker Rules, Rule Conditions and how to enforce them.NB. The Application Identity service is required to run for AppLocker to function. This can be configured in a GPO to … Continue reading AppLocker – Part 2
AppLocker – Part 1
Introduction:AppLocker has been around for a few years and whilst the concept is very simple, the implementation can get very complex. In this series of blogs, I will look at AppLocker rules and the implementation of these rules . Blacklisting vs WhitelistingThe first decision you face to decide if your organization can benefit from deploying … Continue reading AppLocker – Part 1
Field Notes: The case of the stopped Azure AD Connect synchronization – stale Internet proxy server
This is a continuation of a series on Azure AD Connect. In this blog post, I cover a specific case where an export to Azure AD fails due to stale Internet proxy settings configured on the server running Azure AD Connect. I go through various tools, some of which we have covered in our previous … Continue reading Field Notes: The case of the stopped Azure AD Connect synchronization – stale Internet proxy server
Field Notes: Azure AD Connect – Attribute-based Filtering
This is a continuation of a series on Azure AD Connect. I recently covered using domain/OU and group filtering options that are available in Azure AD Connect to help control which objects are synchronized to Azure AD. I also took a closer look in group filtering, which is not recommended for use in production. Another … Continue reading Field Notes: Azure AD Connect – Attribute-based Filtering
Field Notes: Azure AD Connect – Group Filtering Gotchas
This is a continuation of a series on Azure AD Connect. In the previous blog post, we looked at filtering options that can be used to control which objects are synchronized from on-premises directories to Azure AD - domain, OU and group filtering. I would like take a closer look at group filtering here, and … Continue reading Field Notes: Azure AD Connect – Group Filtering Gotchas
Downgrading Active Directory Domain and Forest Functional Levels (Part 3)
Introduction In part 2 of the series we've successfully lowered the Forest Functional Level (FFL) and Domain Functional Level (DFL) to Windows Server 2008. The demonstration was completed in a forest where the Active Directory Recycle Bin was not enabled. In this final part of the series, I will first raise the functional levels back … Continue reading Downgrading Active Directory Domain and Forest Functional Levels (Part 3)