Browse by Tags

Tagged Content List
  • Blog Post: Auditing Password and Account Lockout Policy on Windows Server 2008 and R2

    Ned here again. Let’s talk about auditing your domain for changes made to Password and Account Lockout policies. Frankly, it’s a real pain in the neck to figure out Password and Account Lockout auditing and there are legacy architectural decisions behind how this all works, so I’ll...
  • Blog Post: Tracking a Remote File Deletion Back to the Source

    Ned here again. A long time ago, I blogged about how to track down file deletions in FRS and DFSR. At the end I casually mentioned that auditing should be used if you really want to see who deleted a file from a server. It’s not as easy as simply turning on some security policy, so today I will...
  • Blog Post: One-Stop Shop for Auditing in Windows Server 2008 and Windows Vista

    Hi, Ned here again. I am frequently asked by customers (and Microsoft employees!) where they can get to all the useful Windows Server 2008 and Windows Vista audit information. Unlike some of our other components, there’s no clear portal site on TechNet or MSDN that gives you everything in one fell...
  • Blog Post: Global Object Access Auditing is Magic

    Hi folks, Ned here again. I mentioned this once in a Friday Mail Sack but today I circle around and explain a well-hidden security feature added in Windows 7 and Windows Server 2008 R2: Global Object Access Auditing Oh boy, auditing! I bet you are excited! What is it and how to enable it ...
  • Blog Post: Special Groups Auditing via Group Policy Preferences

    Ned here again. Today I’m going to talk about a new feature of Windows Server 2008 and Windows Vista called Special Groups auditing . While we’re in here, I’ll run through how we can use the new Group Policy Preferences (GPP) client-side extensions to make deploying this fast and easy...
  • Blog Post: Friday Mail Sack – Limping In Edition

    Hi there world. It’s been a particularly gnarly week: not too many questions that most people would find relevant, plus it was just crazy busy (stupid Windows 7 and R2, being all popular and whatnot, leads to a lot of USMT work for me… D-: ). Hence – late posting with not much sirloin...
  • Blog Post: Friday Mail Sack: Shut Up Laura Edition

    Hello again folks, Ned here for another grab bag of questions we’ve gotten this week. This late posting thing is turning into a bad habit, but I’ve been an epileptic octopus here this week with all the stuff going on. Too many DFSR questions though, you guys need to ask other stuff! Let’s...
  • Blog Post: Friday Mail Sack: Walking Tall Edition

    Hello folks, Ned here again. After a week in Las Colinas Texas, the blog migration, and Jonathan’s attempted coup, we are still standing. Since I’m sure your whole day has been designed around this post I won’t keep you waiting. RODC WAN down behavior DFSR and the PDCE RPC...
  • Blog Post: Cool Auditing Tricks in Vista and 2008

    Hi, Ned here again. Today I’m going to show some interesting new features of Auditing in Windows Vista and Windows Server 2008 that can be used for troubleshooting problems or seeing what’s happening in your environment. I’ll be building upon some of the basic information Dave Beach...
  • Blog Post: One stop Audit shop for ADAM and ADLDS

    Hello, Linda Taylor here, I am an Escalation Engineer in the Directory Services support team in the UK. I do a lot of work with ADAM and ADLDS. One of frequent subjects for questions for ADAM/ADLDS is around auditing. We have lots of very good documents on TechNet about ADAM and ADLDS which briefly mention...
  • Blog Post: “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works”

    Warren here. In Windows Server 2003 we introduced the lastLogontimeStamp attribute. Administrators can use the lastLogontimeStamp attribute to determine if a user or computer account has recently logged onto the domain. Using this information administrators can then review the accounts identified and...
  • Blog Post: Friday Mail Sack: Ride ‘Em Cowboy Edition

    Howdy partners, Ned here. This week we talk event logs, auditing, NTLM “fallback”, file server monitoring, and SCOM 2007 management pack dissection. It was a fairly quiet week for questions since everyone is off for vacation at this point, I reckon. That didn't mean it wasn't crazy at work...
  • Blog Post: Friday Mail Sack: Beard-Seconds Edition

    Hiya folks, Ned here again. This week we talk: DC DNS A Records and Web Servers Forwarding Security event log subscriptions Domain password filters Auditing NTLM vs NTLMv2 on Win2003 Programmatically determining if UNC is DFS namespace DFSR and Excel Shared Workbooks DFS, DC,...
  • Blog Post: Introducing Auditing Changes in Windows 2008

    Hi, Dave here. Auditing is a wonderful tool and we highly recommend that everyone use it on their servers. It can really help out with diagnosing problems and determining the root cause, and of course with protecting your servers and your network. However, over-auditing your servers can be a bad thing...
  • Blog Post: Where’s my file? Root cause analysis of FRS and DFSR data deletion

    Hi, Ned here. In the Directory Services support space here at Microsoft, we are often contacted by customers for disaster recovery scenarios. We’re also brought in for deeper forensic analysis of what lead to a problem. Today we’re going to talk about a situation that covers both: A...
  • Blog Post: Friday Mail Sack – It’s About To Get Real Edition

    Hello Terra, it’s Ned here again. Before I get rolling, a big announcement: On May 16th all the MSDN and TechNet blogs are being migrated to a new platform. This will get us back in line with modern blogging software, and include new features, better search, more user customization, and generally...
  • Blog Post: Friday Mail Sack: The Gang’s All Here Edition

    Hi folks, Ned here again with your questions and our answers. This is a pretty long one; looks like everyone is back from vacation, winter storms, and hiding from the boss. Today we talk Kerberos, KCC, SPNs, PKI, USN journaling, DFSR, auditing, NDES, PowerShell, SIDs, RIDs, DFSN, and other random goo...
  • Blog Post: Friday Mail Sack: Anchors Aweigh Edition

    Hiya folks, Ned here again. I finally have an editor that allows anchors on all the questions, so I am adding a quasi “table of contents” for these posts that allow easier navigation and linking. I’ll retrofit all the old mail sack articles too… eventually. This week we discuss...
  • Blog Post: Getting the Effective Audit Policy in Windows 7 and 2008 R2

    Ned here again folks. We introduced granular auditing in Windows Vista and a few years later we released Advanced Audit Policy Configuration . Legacy Windows audit policy didn’t go away, of course. To make things interesting, all of this can be configured through domain policy, local policy, multiple...
  • Blog Post: Friday Mail Sack: Barbados Edition

    Hello world, Ned here again. I’m back to write this week’s mail sack – just in time to be gone for the next two weeks on vacation and work travel . In the meantime Jonathan and Scott will be running the show, so be sure to spam the heck out of them with whatever tickles you. This week...
  • Blog Post: Friday Mail Sack: “Who am I kidding, more like Monthly” Edition

    Hi folks, Ned here again with another tri-weekly Friday Mail Sack. This time we talk service auditing, trust creation, certificates and USMT, SYSVOL migration with RODCs, DFS stuff, RPC and firewalls, virtualization, and the zombie corpse of FRS. Shoot it in the head! Trusts prompting for credentials...