Intermittent Mail Sack: Must Remember to Write 2013 Edition

Hi all, Jonathan here again with the latest edition of the Intermittent Mail Sack. We’ve had some great questions over the last few weeks so I’ve got a lot of material to cover. This sack, we answer questions on: Issues upgrading DFSR hub servers to Windows Server 2012 AD FS Sign-out behavior Dynamic Access Control… Read more

Purging Old NT Security Protocols

Hi folks, Ned here again (with some friends). Everyone knows that Kerberos is Microsoft’s preeminent security protocol and that NTLM is both inefficient and, in some iterations, not strong enough to avoid concerted attack. NTLM V2 using complex passwords stands up well to common hash cracking tools like Cain and Abel, Ophcrack, or John the… Read more

Is this horse dead yet: NTLM Bottlenecks and the RPC runtime

Hello again, this is guest author Herbert from Germany. It’s harder to let go of old components and protocols than dropping old habits. But, I’m falling back to an old habit myself…there goes the New Year resolution. Quite recently we were faced with a new aspect of an old story. We hoped this problem would… Read more

Friday Mail Sack: Beard-Seconds Edition

Hiya folks, Ned here again. This week we talk: DC DNS A Records and Web Servers Forwarding Security event log subscriptions Domain password filters Auditing NTLM vs NTLMv2 on Win2003 Programmatically determining if UNC is DFS namespace DFSR and Excel Shared Workbooks DFS, DC, Delegation, and Domain Admins Other nonsense Start the word punching! Question… Read more

Friday Mail Sack: Anchors Aweigh Edition

Hiya folks, Ned here again. I finally have an editor that allows anchors on all the questions, so I am adding a quasi “table of contents” for these posts that allow easier navigation and linking. I’ll retrofit all the old mail sack articles too… eventually. This week we discuss – eh – let’s have the… Read more

Friday Mail Sack: Gargamel Edition

Hi folks, Ned here again. This week we talk about 10 reasons not to use list object access dsheuristics, USMT trivia nuggets, poor man’s DFSDIAG, how to get network captures without installing a network capture tool, and some other random goo. Oh yeah, and friggin’ Smurfs. The downsides to List Object Access dsheuristics USMT differential… Read more

Friday Mail Sack: LeBron is not Jordan Edition

Hi folks, Ned here again. Today we discuss trusts rules around domain names, attribute uniqueness, the fattest domains we’ve ever seen, USMT data-only migrations, kicking FRS while it’s down, and a few amusing side topics. Scottie, don’t be that way. Go Mavs. Creating trusts between forests with duplicate names Enforcing sAMAccountName uniqueness The biggest domain… Read more

Friday Mail Sack: Barbados Edition

Hello world, Ned here again. I’m back to write this week’s mail sack – just in time to be gone for the next two weeks on vacation and work travel. In the meantime Jonathan and Scott will be running the show, so be sure to spam the heck out of them with whatever tickles you…. Read more

Friday Mail Sack: Newfie from the Grave Edition

Heya, Ned here again. Since this another of those catch up mail sacks, there’s plenty of interesting stuff to discuss. Today we talk NSPI, DFSR, USMT, NT 4.0 (!!!), Win2008/R2 AD upgrades, Black Hat 2010, and Irish people who live on icebergs. Faith and Begorrah! NSPI max sessions per user DFSMGMT.MSC compatibility in mixed environments… Read more