An Infrastructure Geek Floating in a Sea of UberCoders

I Have Not Fallen Off the Face of the Earth. Not Yet, Anyway.

2012-07-18T01:13:00Z

Me, and My...Blog As I've noted previously, I'm a terrible, terrible blogger. It's not that I don't have content for this blog, mind you. It's that I have a whole pile of it backed up, waiting to be polished and published. However, before I can post any of it, I have to do things like build virtual machines that I can use for demonstration purposes, take screenshots, polish text, dig up informational links, make sure that the things I suggest are properly vetted, do everything with appropriate...(read more)

"Admin Free" Active Directory and Windows, Part 2- Protected Accounts and Groups in Active Directory

2011-06-23T20:19:00Z

I am a terrible blogger when it comes to timeliness and consistency of post intervals. I admit it. All I can say is, it has been a busy summer. I actually have a half-dozen posts queued up for publication, but each needs to be scrubbed and fleshed out before I post them, so even though I may be slow to get them out, please know that there are definitely more in this series. In the "Don't do as I do" category... All screenshots and text examples provided in this post were captured on a Windows...(read more)

"Admin Free" Active Directory and Windows, Part 1- Understanding Privileged Groups in AD

2011-06-23T17:55:00Z

Admin-Free Active Directory If You Haven't Been Hacked, You May Not Be Looking Closely Enough Clearly, I am not the most conscientious blogger, as can be observed by the lack of any posting regularity here. This is in part due to the fact that for the past few years, the team on which I work has been busy helping compromised customers respond to a specific class of attacks known as Advanced Persistent Threat (APT) attacks. Because there is much debate in the security community about what is...(read more)

Lost all of your Zune DRM'd songs?

2010-04-23T03:32:00Z

So, it turns out that if you don't sign into the Zune marketplace for 30 days, all of your DRM'd content expires. I got a new 64 GB Zune HD recently and couldn't figure out why it was loading so slowly. I usually just sync my Zunes when I'm home, because my work laptop (which travels with me) runs Windows Server 2008 R2 and I never thought it was a big deal to just synch with one of my personal machines when I was home. Despite the fact that I subscribe to the marketplace on a quarterly basis...(read more)

Publishing Delta CRLs on IIS 7

2008-12-29T17:07:00Z

If you have migrated or upgraded the sites on which you host your CA CRLs and delta CRLs to IIS 7, you may have noticed a (rather frustrating when you're experiencing it) new behavior. IIS 7 will, by default, reject requests containing double escape characters (for example, files containing a "+" sign in the name, such as delta CRLs). While this is a valid, standards-based security feature, the end result is that your clients cannot retrieve delta CRLs from an IIS 7-hosted site unless you change...(read more)

Virtualized Offline CAs

2008-10-16T00:27:00Z

First, the warnings: 1. Sometimes I am a bit of a salmon, meaning that I have a tendency to swim upstream, metaphorically speaking. More specifically, I like to take current thoughts around "best practices" and pick them apart to see if they actually make sense as a best practice. One of my favorite words is "specious". A specious argument is one that seems to make sense on the surface, but when actually evaluated, turns out not to make so much sense, after all. 2. Anything I say in this blog...(read more)