Group Policy

First Issuance manual, with automated renewals

Hey all Rob Greene again. Seems like I have been on this PKI kick lately, and today is not going to be any different. Occasionally, I will get a customer who must get certificates issued for things like Web sites, and they must have custom Subject Alternative Name (SAN) DNS values on the issued certificate.  […]

First Issuance manual, with automated renewals Continue Reading

Windows Insider build 26090 brings small changes for SMB

Heya folks, Ned here again. We continue to make SMB changes to Windows vNext and Windows Server 2025 based on customer feedback and last mile work. With the release of Windows 11 Insider Preview Build 26090 (Canary and Dev Channels), we have a few more small ones. Some of these were based on Insider feedback from customers –

Windows Insider build 26090 brings small changes for SMB Continue Reading

SMB client encryption mandate now supported in Windows Insider

Heya folks, Ned here again. Beginning in Windows 11 Insider Preview Build 25982  (Canary Channel) and Windows Server Preview Build 25997, SMB now supports requiring encryption of all outbound SMB client connections. With this new option, administrators can mandate that all destination servers support SMB 3.x and encryption, and if missing those capabilities, the client won’t connect. This

SMB client encryption mandate now supported in Windows Insider Continue Reading

Speaking in Ciphers and other Enigmatic tongues fresh content update!

First published on TechNet on Dec 08, 2015 Hi! Jim Tierney here again to talk to you about Cryptographic Algorithms, SCHANNEL and other bits of wonderment. My original post on the topic has gone through yet another rewrite to bring you up to date on recent changes in this crypto space. So, your company purchases

Speaking in Ciphers and other Enigmatic tongues fresh content update! Continue Reading

Stop Worrying and Love the Outage, Vol II: DCs, custom ports, and Firewalls/ACLs

This is the first article in a series: Stop Worrying and Love the Outage, Vol I: Group Policy and Sharing Violations Stop Worrying and Love the Outage, Vol II: DCs, custom ports, and Firewalls/ACLs Hello, it’s Chris Cartwright from the Directory Services support team again.  This is the second entry in a series where I

Stop Worrying and Love the Outage, Vol II: DCs, custom ports, and Firewalls/ACLs Continue Reading

Windows Server Advanced Auditing Policies

Security auditing is a methodical examination and review of activities that may affect the security of a system. In the Windows Server and Active Directory environments, security auditing is the features and services that log and review events for specified security-related activities. Hundreds of events occur as the Windows operating system and the applications that

Windows Server Advanced Auditing Policies Continue Reading

More Speaking in Ciphers and other Enigmatic Tongues with a focus on SCHANNEL hardening.

Hi! Jim Tierney here again to talk to you about Cryptographic Algorithms, SCHANNEL and other bits of crypto excitement. I have elucidated at length on this topic in this post which had been updated a few years back to the aptly titled, Speaking in Ciphers and other Enigmatic tongues…update! I am creating this brand-new piece

More Speaking in Ciphers and other Enigmatic Tongues with a focus on SCHANNEL hardening. Continue Reading

Stop Worrying and Love the Outage, Vol I: Group Policy and Sharing Violations

Hello! Chris Cartwright here from the Directory Services support team.  Recently, we have seen an uptick in cases related to sharing violations when processing or editing group policies.  Most of these issues are caused by locks on policy-related files within the SysVol share, from either security products or environmental conditions.  Security product mitigations are already

Stop Worrying and Love the Outage, Vol I: Group Policy and Sharing Violations Continue Reading

KRB_AP_ERR_BAD_INTEGRITY

First cousin once removed to KRB_AP_ERR_MODIFIED Most anyone who would be interested in reading an article like this has very likely encountered the error, KRB_AP_ERR_MODIFIED. This error tells us one thing: The account secret (aka password hash) that is being used to decipher the ticket cannot decipher the ticket. The most common reasons are: The

KRB_AP_ERR_BAD_INTEGRITY Continue Reading

The Twelve Days of Blog-mas: No.5 – The Endpoint Management Jigsaw

Happy Tuesday – You’re back for more, I see? Most orgs (hopefully) have a well-developed ‘practice’ around Endpoint management, combining people, process and technology to deploy, configure, operate and support a fleet of devices that adhere to corporate policy.  This has been a main-stay of endpoint IT Pros for decades. As IT Pros, whether we like

The Twelve Days of Blog-mas: No.5 – The Endpoint Management Jigsaw Continue Reading