Browse by Tags
All Tags »
Security (RSS)
Ned here again. Windows 7 and Windows Server 2008 R2 introduce a long sought feature known as NTLM blocking. This prevents NTLM from being used for authentication. IT works in both a send or receive mode, and allows you to create exceptions. There’s currently
Read More...
It’s Randy again, here to discuss LDAP security. Lightweight Directory Access Protocol is an interface used to read from and write to the Active Directory database. Therefore, your Active Directory Administration tools (i.e. AD Users and Computers , AD
Read More...
Chris here again. This is part of a five part series. In Part I, I will cover design considerations, and planning for deploying a PKI. When implementing a PKI planning is the most important phase, and you can prevent a lot of issues by properly planning
Read More...
The Group Policy security client side extension can distribute security descriptors on files and registry keys. This extension is difficult to troubleshoot because it is considerably durable when it comes to failures. In most situations, it completes
Read More...
Background Windows uses the concept of a security descriptor to allow or deny security principals (user or groups) access to specific resources. A security descriptor is a data structure that contains: The memory location of a security identifier of a
Read More...
Ned here again. If you are at all interested in security, here is a must-read: Microsoft Security Intelligence Report volume 6 (July - December 2008) This covers trends and perspectives on: Software vulnerabilities (both in Microsoft software and in third-party
Read More...
Ned here again. After a few years of supporting Active Directory, nearly everyone runs into an issue with AdminSdHolder . This object and its AD worker code is used by Domain Controllers to protect high-privilege accounts from inadvertent modification
Read More...
Hi, this is Amit from the Directory Services team and I am going to discuss a Group Policy setting which is now available in XP SP3 & 2003 SP2. Whenever we logon to a Windows workstation, we always see a previously logged on user; we might want to
Read More...
Greetings DS blog readers, Todd here. I wanted to talk a little about the Negotiate security support provider (SSP) and how there are times when it will intentionally use NTLM rather than Kerberos. [ And if that’s not interesting, keep reading anyway
Read More...
Ned here again. In the course of using Windows, it is occasionally useful to be someone besides… you. Maybe you need to be an Administrator temporarily in order to fix a problem. Or maybe you need to be a different user as only they seem to have a problem.
Read More...
Hello everyone, Scott Goad here, and today I want to take a few minutes and talk about a recent case where we fail to log security settings from the Default Domain Policy. In this case, we had a small environment with 2 domain controllers, one holding
Read More...
Hi, David here again. You might be familiar with Security Templates that we use in Windows 2000 and 2003. The template is sort of the master set of security settings that we apply to a server when you either set it up or configure it using the Security
Read More...
Hi. Jim here from DS here with a follow up to my SDDL blog part I. At the end of my last post I promised to dissect further the SDDL output returned by running the CACLS with the /S switch on tools share as follows: Here is the output exported to a .txt
Read More...
Hi. Jim from DS here to tell you more than you ever wanted to know about the Security Descriptor Definition Language (SDDL). Windows uses SDDL in the nTSecurityDescriptor. The SDDL defines string elements for enumerating information contained in the security
Read More...
