Speaking in Ciphers and other Enigmatic tongues…update!

Hi! Jim Tierney here again to talk to you about Cryptographic Algorithms, SCHANNEL and other bits of wonderment. My original post on the topic has gone through yet another rewrite to bring you up to date on recent changes in this  crypto space. So, your company purchases this new super awesome vulnerability and compliance management… Read more

SHA1 Key Migration to SHA256 for a two tier PKI hierarchy

Hello. Jim here again to take you through the migration steps for moving your two tier PKI hierarchy from SHA1 to SHA256. I will not be explaining the differences between the two or the supportability / security implementations of either. That information is readily available, easily discoverable and is referenced in the links provided below…. Read more

Configuring Change Notification on a MANUALLY created Replication partner

Hello. Jim here again to elucidate on the wonderment of change notification as it relates to Active Directory replication within and between sites. As you know Active Directory replication between domain controllers within the same site (intrasite) happens instantaneously. Active Directory replication between sites (intersite) occurs every 180 minutes (3 hours) by default. You can… Read more

AskDS is 12,614,400,000,000,000 shakes old

It’s been four years and 591 posts since AskDS reached critical mass. You’d hope our party would look like this:  But it’s more likely to be: Without you, we’d be another of those sites that glow red hot, go supernova, then collapse into a white dwarf. We really appreciate your comments, questions, and occasional attaboys…. Read more

I’ll take NDES in the DMZ, for 1000 Alex

Hello. Jim here yet again to talk to you about deploying Windows Server 2008 R2 with the Network Device Enrollment Services (NDES) role in a secure perimeter network. Let’s consider the scenario. You have an internal PKI hierarchy consisting of an Offline Root Certificate Authority (CA), a policy CA, and an issuing CA. You want… Read more

Speaking in Ciphers and other Enigmatic tongues…

NOTE: This post has been completely revised and updated since its initial release in 2011.  Please see the newer version of this post here: http://blogs.technet.com/b/askds/archive/2015/12/08/speaking-in-ciphers-and-other-enigmatic-tongues-update.aspx Hi! Jim here again to talk to you about Cryptographic Algorithms, SChannel and other bits of wonderment. So, your company purchases this new super awesome vulnerability and compliance management software… Read more

Troubleshooting Credential Roaming

Hi. Jim here again from Directory Services with a follow up to my Understanding Credential Roaming blog post. To review, credential roaming makes it possible to roam the user’s credentials in a manageable, secure manner that is ultimately transparent to the user. What follows is a deeper dive into the inner workings of Credential Roaming…. Read more

Certs On Wheels: Understanding Credential Roaming

Hi. Jim here again from the Directory Services team. Today I will break down some of the core components of credential roaming and how it functions. To secure critical transactions such as signing, encrypting, and decrypting e-mail or authenticating identity, many environments rely on certificates. The user certificates and the associated private keys are linked… Read more

Network Properties in a hurry

Hi. Jim from DS here again to show you how to quickly access the properties of your network interface cards via a custom desktop shortcut. In my previous blog post I put together a lovely “at a glance” reference to launching administrative and system tools from the command line and START – RUN. In Windows… Read more

The Security Descriptor Definition Language of Love (Part 2)

Hi. Jim here from DS here with a follow up to my SDDL blog part I. At the end of my last post I promised to dissect further the SDDL output returned by running the CACLS with the /S switch on tools share as follows: Here is the output exported to a .txt file: “D:AI(D;OICI;FA;;;BG)(A;;FA;;;BA)(A;OICIID;FA;;;BA)(A;OICIID;FA;;;SY)(A;OICIIOID;GA;;;CO)(A;OICIID;0x1200a9;;;BU)(A;CIID;LC;;;BU)(A;CIID;DC;;;BU)”… Read more