What is the state of your delegation? Have you a documented and recent report over the permissions in your Active Directory? Have you granted permissions on the relevant OU's in the past and left it like this ever since?? Maybe it’s time to take a look again to see what’s actually delegated in Active Directory? Things you probably find when re-visiting the permissions: Permissions given to users or groups that does not exist anymore. Permissions set to high up in the OU structure...

During the evening yesterday my daughter wanted to read some E-books on her new Windows RT slate. She wanted to borrow an E-Book from our local library in Sweden. I was expecting this to be an easy task and gladley tried to find a download link for Windows RT at the library hompage. I found every type of possiblity to read it on different types of Operating System, exept the Windows RT. The main issue is that the main E-library system is using books protected with EPUB with DRM protection from Adobe. As the...

Do you or did you back in the days use your own code or a third party tool to create user accounts that did not update the userAccountControl attribute after the account was created? Well then there's a change you might have accounts in your domain that are allowed blank passwords or even worse have accounts with blank passwords! Why? Because user objects are allowed using blank passwords by default when created, something that must be handled afterwards. Unless that's in line with your security policy...

In Windows Server 2012 there is a new service called DS Role Service. This is used for the promotion and demotion of the AD DS. This service is created due to a change in how the Domain Controllers are setup. The Domain Controller is now a Role in the same way as DHCP or DNS. This creates a need for a separate service handling the Promotion and Demotion of domain controllers. This DS Role Service has it startup set to manual, as it will only be used for the Promotion. If you set this service startup to Disable...