Friday Mail Sack: Now with 100% more words

Hi folks, Ned here again. It’s been nearly a month since the last Mail Sack post so I’ve built up a good head of steam. Today we discuss FRS, FSMO, Authentication, Authorization, USMT, DFSR, VPN, Interactive Logon, LDAP, DFSN, MS Certified Masters, Kerberos, and other stuff. Plus a small contest for geek bragging rights. Clickity… Read more

What does DCDIAG actually… do?

Hi folks, Ned here again. I recently wrote a KB article about some expected DCDIAG.EXE behaviors. This required reviewing DCDIAG.EXE as I wasn’t finding anything deep in TechNet about the “Services” test that had my interest. By the time I was done, I had found a dozen other test behaviors I had never known existed…. Read more

Friday Mail Sack: No Redesign Edition

Hello folks, Ned here again. Today we talk PDCs, DFSN, DFSR, AGPM, authentication, PowerShell, Kerberos, event logs, and other random goo. Let’s get to it. PDCE and user auth DFSR full mesh recommendations Access Denied when delegating Kerberos Clearing Event Logs en mass Where to install AGPM Using Authentication Mechanism Assurance without MS PKI The… Read more

Friday Mail Sack: Newfie from the Grave Edition

Heya, Ned here again. Since this another of those catch up mail sacks, there’s plenty of interesting stuff to discuss. Today we talk NSPI, DFSR, USMT, NT 4.0 (!!!), Win2008/R2 AD upgrades, Black Hat 2010, and Irish people who live on icebergs. Faith and Begorrah! NSPI max sessions per user DFSMGMT.MSC compatibility in mixed environments… Read more

Friday Mail Sack: Saturday Edition

Ned here. As you may have noticed, it is not Friday. You may also have noticed that this post is awesome and packed with many weeks of delayed content goodness. This notice may extend to the fact that I have no life. You notice a lot, don’t you smarty? I cannot imagine someone looking less… Read more

Friday Mail Sack: Walking Tall Edition

Hello folks, Ned here again. After a week in Las Colinas Texas, the blog migration, and Jonathan’s attempted coup, we are still standing. Since I’m sure your whole day has been designed around this post I won’t keep you waiting. RODC WAN down behavior DFSR and the PDCE RPC encryption in DFSR Windows 7 and… Read more

Auditing Password and Account Lockout Policy on Windows Server 2008 and R2

Ned here again. Let’s talk about auditing your domain for changes made to Password and Account Lockout policies. Frankly, it’s a real pain in the neck to figure out Password and Account Lockout auditing and there are legacy architectural decisions behind how this all works, so I’ll make sure to cover all the bases. This… Read more

NTLM Blocking and You: Application Analysis and Auditing Methodologies in Windows 7

Ned here again. Windows 7 and Windows Server 2008 R2 introduce a long sought feature known as NTLM blocking. This prevents NTLM from being used for authentication. IT works in both a send or receive mode, and allows you to create exceptions. There’s currently very little documentation on this new capability, so I am going… Read more

Internet Explorer behaviors with Kerberos Authentication

Hey Rob here again, I thought that I would share with you some of the things that we see where Internet Explorer Kerberos authentication fails. It is important to understand the default behavior of Internet Explorer and its support for Kerberos authentication so that you don’t start ripping out your hair (can’t speak to what… Read more

SQL Bulk Insert – Access is Denied

Hey all, Mark from DS again. I have found that numerous cases have been opened where Microsoft customers are upgrading from SQL 2000 to SQL 2005. After the upgrade they were attempting to run a bulk insert statement either in the Enterprise Manager or the Management Studio application and getting an “Access is denied” error… Read more