Browse by Tags

All Tags » Security   (RSS)

Testing a Credential Provider

Weeks ago I blogged about how single sign on and credential providers work and a scenario you can run into with them. One reader faced a slightly different scenario but was able to apply that topic toward getting his issue resolved. He had installed a Read More...
Posted Friday, July 10, 2009 4:43 PM by Tim Springston | 0 Comments

Important Security Bulletin

I wanted to do a quick post on an important security bulletin. It’s Microsoft Security Bulletin MS09-018 – Critical . This security update is to address a vulnerability in Active Directory. I’m pasting the Executive Summary below, but I highly recommend Read More...
Posted Tuesday, June 09, 2009 3:21 PM by Tim Springston | 0 Comments

Thoughts on Single Sign On and Credential Providers

We use the term single sign on (SSO) to describe a variety of behaviors in Windows and other applications where the result is simply to prevent the user from being prompted to provide their credentials again and again; to ideally enter their credentials Read More...
Posted Tuesday, May 26, 2009 11:35 AM by Tim Springston | 0 Comments

When Smartcard Logon Doesn't

Authentication is entering every facet of our lives nowadays. It is common to have multiple passwords: passwords for work, home email, and Internet websites to name a few. It’s easy to have a lot of different passwords, and equally easy to use only one Read More...
Posted Monday, April 06, 2009 9:48 AM by Tim Springston | 0 Comments

Downgrade "Attack"? A little more info

I decided that we needed some more detail and to give a walk through scenario on this downgrade attack deal I mentioned a while back in a blog post . As a recap, a customer called in after noticing the events below appearing intermittently but repeatedly-and Read More...
Posted Friday, March 20, 2009 10:56 AM by Tim Springston | 1 Comments

Tabula Rasa

I was well and truly stumped a few months ago. I joke that once a year I am flat out wrong, and rarely do I have nothing to say on a subject. The 'once a year I may be flat out wrong' statement may be true simply because after 15 years in the IT industry Read More...
Posted Wednesday, January 14, 2009 8:15 AM by Tim Springston | 0 Comments

Scary Sounding Errors

We have a temporary role in CSS where support folks will help out in supporting prerelease (also known as beta) software.   I’ve worked a couple of Windows betas, and it’s a great experience.   I mention this since I remember a few Read More...
Posted Friday, December 12, 2008 9:44 AM by Tim Springston | 1 Comments

Rumpo Venatus

The five or six people who have read my little bio snippet on Technet read that I like to play video games-specifically Xbox 360 games. I was doing just that the other night-playing Fallout 3-when my wife walked into the study to ask for help with all Read More...
Posted Friday, October 31, 2008 11:07 AM by Tim Springston | 1 Comments
Filed under:

Why! Won't! PAC! Validation! Turn! Off!

A while back I wrote a blog post regarding PAC (Privilege Attribute Certificate) validation in Microsoft Kerberos. We’ve had enough interest in this lately, particularly around the idea of disabling it, that it seemed like a good idea to post about this Read More...
Posted Monday, September 29, 2008 8:00 AM by Tim Springston | 2 Comments

2008 Web Enrollment and Version 3 Templates

Certificate Services in Server 2008 has had a lot of changes and enhancements. Some are obvious and documented well, and others are not obvious and not so well documented. Case in point is an additional aspect of Server 2008 certificate web enrollment. Read More...
Posted Monday, June 30, 2008 4:00 PM by Tim Springston | 1 Comments

Trusted For Delegation in Services for User (S4U)

A while back I did a blog post regarding the user interface and settings for configuring a service account correctly to allow the more complex Kerberos delegation scenarios to take place. I recently had a customer issue I helped with that gave a good Read More...
Posted Friday, May 09, 2008 11:20 AM by Tim Springston | 1 Comments

ADMT and Server 2008

Whenever we release a new product or suite of products we at Microsoft want to ease the adoption of it. For that reason we’ve released tools and scripts over the years to help our customers out. We’ve typically given these as free downloads from the internet, Read More...
Posted Monday, March 10, 2008 9:09 AM by Tim Springston | 5 Comments
Attachment(s): ADMT Mixed Env Matrix.mht

Question about AD authentication, Put In Context

Occasionally I am contacted with specific questions or topics people would like to hear more about. This post is a reply to one of those. Here’s the question: My question is what are the impact when I change the logon workstation property of a user account Read More...
Posted Friday, March 07, 2008 8:34 AM by Tim Springston | 1 Comments

What's in a name?

Have you ever heard the Shakespeare paraphrased saying “a rose by any other name is still a rose?”. Well, the same holds true for objects in AD. Not that we have “rose” class objects, but the point being that simply renaming an object doesn’t really fundamentally Read More...
Posted Wednesday, February 27, 2008 9:09 AM by Tim Springston | 1 Comments

The FEK, AES and FIPs: Acronym Heaven!

I’ve had several blog posts about the improved security in Windows Vista and Server 2008, particularly around cryptography. Here’s one more, albeit a short one. This post is about how, generally, Encrypted File System (EFS) works using Advanced Encryption Read More...
Posted Monday, February 04, 2008 10:14 AM by Tim Springston | 0 Comments
More Posts Next page »
 
Page view tracker