Select Page
Tough Questions Answered: Can I disable RC4 Etype for Kerberos on Windows 10?

Tough Questions Answered: Can I disable RC4 Etype for Kerberos on Windows 10?

Today I want to share with you a direct experience from the field. One customer received from the security team the request to disable the RC4 ETYPE (Encryption Type) for Kerberos for the windows 10 Clients, so the support team ... continue reading
cliusr-1.png

So what exactly is the CLIUSR account

From time to time, people stumble across the local user account called CLIUSR and wonder what it is, while you really don’t need to worry about it; we will cover it for the curious in this blog. The CLIUSR account ... continue reading
Tough Questions Answered: How to add multiple values to a GPO with a listbox.

Tough Questions Answered: How to add multiple values to a GPO with a listbox.

Recently I have received a support request from a Customer that need to add multiple value to a GPO. Lets dive into the details. ENVIRONMENT The customer installed a new third party application is his client environment (Windows 10), this ... continue reading
PAW deployment guide

PAW deployment guide

First published on TECHNET on Apr 30, 2018 After running the PAW TAP program on the solution explained in this blogpost , I received tons of interests and great feedback. While the team is investigating on a plan, a lot ... continue reading

Default Code Integrity policy for Windows Server

First published on TECHNET on Mar 10, 2018 After Windows Defender Application Control (WDAC, formerly known as Code Integrity) was released in Windows Server 2016, I wrote a blog post on it, it was a very effective way to do ... continue reading
PAW host buildout

PAW host buildout

First published on TECHNET on Oct 17, 2017 Continuing with the PAW series, in this blog post, I'd like to share the details of what we are planning to configure the host. I'd love to hear your thoughts, feedback about ... continue reading
Join Host Guardian Servers to an existing bastion forest

Join Host Guardian Servers to an existing bastion forest

First published on TECHNET on Mar 07, 2017 Shielded VM prevents unauthorized access from the host. To achieve this security assurance, there must be a role separation between the fabric admins (who manage the Guarded Hosts) and the HGS admins ... continue reading
Recommendations for deploying the latest Attack surface reduction rules for maximum impact

Recommendations for deploying the latest Attack surface reduction rules for maximum impact

The keystone to good security hygiene is limiting your attack surface. Attack surface reduction is a technique to remove or constrain exploitable behaviors in your systems. In this blog, we discuss the two attack surface reduction rules introduced in the ... continue reading
Securing Applications with Least Privileged Service Accounts

Securing Applications with Least Privileged Service Accounts

___________________________________________________________________________________________________________________________ IMPORTANT ANNOUNCEMENT FOR OUR READERS! AskPFEPlat is in the process of a transformation to the new Core Infrastructure and Security TechCommunity, and will be moving by the end of March 2019 to our new home at https://aka.ms/CISTechComm (hosted at ... continue reading
Windows Server 101: Understanding Third Party Security Configuration Baselines

Windows Server 101: Understanding Third Party Security Configuration Baselines

Windows Server 2016 comes reasonably secure “out of the box”. But it’s important to remember that while the server is reasonably secure, not every security control that is can be configured for Windows Server 2016 (and the more recently released ... continue reading