Secure Administrative Workstations

Hi All. This Jerry Devore a Midwest PFE back after a long hiatus from blogging. If you thumb through the owner’s manual of your car you will find a maintenance schedule section.  There you can see how often the manufacture suggests you should change your engine oil, flush your radiator fluid and replace various filters. … Read more

Six Audit Mistakes Everyone Seems To Make With Windows Server

Hi, this is Richard Sasser 'Rick', MCM, Red shirted dude (security guy). This might seem like old data, but you’d be surprised how many people looked at Security Auditing in Windows Server 2008 and 2008R2, saw that the old policies applied, and subsequently just checked the box and moved forward. Auditing changed. Auditing changed a… Read more

How to Save the DNS Cheese. Protect AD-Integrated DNS Zones from Accidental Deletions

As a quick follow on to our recent post about DNS deletion auditing, here's an ounce of prevention for you – well actually about 3 tons worth – courtesy of Brent Whitlow, Bryan Zink and your blogger-de jure, Hilde. Our co-workers, peers and others 'out there' have covered this but we wanted to get our own 'variation… Read more

Who Moved the DNS Cheese? Auditing for AD-Integrated DNS Zone and Record Deletions

Something just happened. Something big. The wheels are falling off the enterprise. People can’t log in. “The XYZ domain is not available. Please try again later.” Outlook is endlessly prompting folks for credentials. No one can print. Many can’t even get an IP address. Mission-critical apps are erroring out left and right. The Helpdesk phone… Read more

Audit Membership in Privileged Active Directory Groups. A Second Look.

Some months ago, I shared a PowerShell script to enumerate the membership of privileged groups (including membership in nested groups) and report membership as well as password ages. Like most scripts, it works well in most environments, but has some limitations. One glaring limitation that I’ve found, for example, is that it searches for privileged… Read more

Who Moved the AD Cheese?

Sometimes, we Microsoft engineers get called into a ‘forensics’ type situation to help a customer try to answer the “W” questions – where someone (WHO?) did something (WHAT?) at some point (WHEN?) in Active Directory (AD) or some other aspect of a Windows infrastructure. Usually, if we get the call, the change had a big (sometimes… Read more