Protect Administrative Accounts with Authentication Policies and Silos

Introduction One of the recommendations to protect privileged accounts from credential theft is to prevent administrative accounts from exposing credentials to unsecure computers, on this post I will show you how to protect administrative accounts using Authentication Policies and Silos. Definition A quick definition from Microsoft web site.Authentication policy silos and the accompanying policies provide … Continue reading Protect Administrative Accounts with Authentication Policies and Silos →

AppLocker – Part 2

Introduction:In the previous blog we looked at the two paths, "whitelisting" and "blacklisting", you could follow implementing AppLocker. In this blog I will look at the AppLocker Rules, Rule Conditions and how to enforce them.NB. The Application Identity service is required to run for AppLocker to function. This can be configured in a GPO to … Continue reading AppLocker – Part 2 →

AppLocker – Part 1

Introduction:AppLocker has been around for a few years and whilst the concept is very simple, the implementation can get very complex. In this series of blogs, I will look at AppLocker rules and the implementation of these rules . Blacklisting vs WhitelistingThe first decision you face to decide if your organization can benefit from deploying … Continue reading AppLocker – Part 1 →

Field Notes: The case of the stopped Azure AD Connect synchronization – stale Internet proxy server

This is a continuation of a series on Azure AD Connect. In this blog post, I cover a specific case where an export to Azure AD fails due to stale Internet proxy settings configured on the server running Azure AD Connect. I go through various tools, some of which we have covered in our previous … Continue reading Field Notes: The case of the stopped Azure AD Connect synchronization – stale Internet proxy server →

Field Notes: Azure AD Connect – Attribute-based Filtering

This is a continuation of a series on Azure AD Connect. I recently covered using domain/OU and group filtering options that are available in Azure AD Connect to help control which objects are synchronized to Azure AD. I also took a closer look in group filtering, which is not recommended for use in production. Another … Continue reading Field Notes: Azure AD Connect – Attribute-based Filtering →

Field Notes: Azure AD Connect – Group Filtering Gotchas

This is a continuation of a series on Azure AD Connect. In the previous blog post, we looked at filtering options that can be used to control which objects are synchronized from on-premises directories to Azure AD - domain, OU and group filtering. I would like take a closer look at group filtering here, and … Continue reading Field Notes: Azure AD Connect – Group Filtering Gotchas →

Downgrading Active Directory Domain and Forest Functional Levels (Part 3)

Introduction In part 2 of the series we've successfully lowered the Forest Functional Level (FFL) and Domain Functional Level (DFL) to Windows Server 2008. The demonstration was completed in a forest where the Active Directory Recycle Bin was not enabled. In this final part of the series, I will first raise the functional levels back … Continue reading Downgrading Active Directory Domain and Forest Functional Levels (Part 3) →