Due to the COVID-19 outbreak, most employees are now working from home. Many of these employees are not making use of any VPN solutions to connect to the corporate network. Some of the most frequent questions we receive since the shift to remote work are related to secure channel / machine account password changes.
Category: Active Directory
Re-mapping large number of printers with PowerShell
Recently, one of our bigger clients had request to migrate from old to new Print servers. This task also involved re-mapping printers on user side. So far the printers had been mapped manually and in the company with 10000+ users and over 1000 print queues spread over 3 Print servers this would be very difficult … Continue reading Re-mapping large number of printers with PowerShell
Field Notes: Error when changing DNS replication scope
Introduction Way back when your AD integrated DNS zone data lived inside of the naming context in AD (next to your users and computers) you could protect it from accidental deletion just like any other object. But this can cause a problem years later when you want to move these zones to their own application … Continue reading Field Notes: Error when changing DNS replication scope
Understanding Microsoft Security Baselines and Applying Them – Part 2
Importing the Security Baselines into AD easily The easiest method of importing all the settings into AD is a script that is included with the baselines, its stored beneath the Scripts folder named "Baseline-ADImport.ps1". Baseline-ADImport.ps1 Imported GPO's in AD In the image above you can see everything that is imported with the Security Baseline for … Continue reading Understanding Microsoft Security Baselines and Applying Them – Part 2
Field Notes: Azure MFA and SSPR combined registration now Generally Available
As organizations are asking employees to work from home to slow the spread of COVID-19, it’s even more important that users are registered for MFA and SSPR. We want to make it easier for remote workers to keep their accounts secure.
Deploy Azure Advanced Threat Protection (ATP)
In this post I will take you through the steps to deploy Azure ATP in your on-premise Active Directory to detect and investigate threats in your environment.
Create a Group Managed Service Account (gMSA)
I have been using Group Managed Service Accounts (gMSA) more frequently and decided to post a refresher on the creation of gMSA accounts. I still find that customers are not making use of these service accounts and use standard accounts with fixed passwords instead. In this blog I will highlight the benefits of using a gMSA account and show the steps to create and update a gMSA account
Understanding Microsoft Security Baselines and Applying Them – Part 1
What are security baselines? Why do I need them? Security Baselines are published by various companies however I will focus strictly on Microsoft Security Baselines, and how to apply them safely in your environment. Microsoft Security Baselines are created to give our customers a benchmark and to utilize the latest features possible, while also guiding … Continue reading Understanding Microsoft Security Baselines and Applying Them – Part 1
Getting Ready for LDAP Channel Binding & LDAP Signing Changes on March 10 Windows Update
In this blog post, we will deal with March 10 Windows Update and its expected changes regarding LDAP Channel Binding and LDAP Signing. What is LDAP Signing? Is it safe to configure Channel Binding Token? And how can I be sure that LDAP clients will continue to work properly after installing the update? Let's try to answer all of these questions.
Microsoft Edge: Viewing applied policies
The new Microsoft Edge browser based on Chromium was released in January 2020. Unlike the original Edge browser, which is only available for Windows 10, the new Microsoft Edge Chromium based browser can be installed on Windows 7/8/8.1/10 and is also available for MacOS. Microsoft Edge is ready for business and has dedicated deployment resources … Continue reading Microsoft Edge: Viewing applied policies