Local Administrator Password Solution (LAPS) Implementation Hints and Security Nerd Commentary (including mini threat model)

Hi, Jessica Payne from Microsoft Enterprise Cybersecurity Group’s Global Incident Response and Recovery team guest starring on the Platforms PFE blog today. Credential theft is a major problem in the security landscape today. Matching local administrator passwords in an environment often contribute to that problem and are a popular target for bad guys. Far more… Read more

Finding Pesky Stale DNS SRV Records

  Good day to you all – Dougga here with a simple post today using tools you know.   Stale DNS SRV records are common due to no scavenging on DNS zones and each zone has to be setup correctly to have this happen. So, I have often found the "contoso.com" setup correctly, but the… Read more

Using PowerShell for Message Analyzer Text Log Parsers

Using PowerShell for Message Analyzer Text Log Parsers Hi Everyone, Brandon Wilson here with you again to discuss how to use PowerShell to generate parsed data output for log files for Message Analyzer (otherwise known as .matp files). Today we will focus on the text log parsers available as of Message Analyzer 1.3.1, so depending… Read more

How To Provide Feedback On Windows Server

Hey y’all, Mark here. Today is a national holiday in the USA which means technically, for me, Dante from Clerks would say, “I’m not even supposed to be here today!” That being said we had a real quick thing to share out with you. Have you ever thought to yourself, “I wish Windows Server did… Read more

How to Force a Diagnostic Memory Dump When a Computer Hangs

Matthew Reynolds here. My job is to make Windows sing (figuratively) in large enterprises. If you have a machine which freezes you may need to generate a memory dump in order to find the cause. If you can generate the memory dump before calling Microsoft support you might speed up your diagnosis. Use this technique… Read more

Guidance on Deployment of MS15-011 and MS15-014

Hi, my name is Keith Brewer and many of you will know of me from my other Active Directory related posts. A few folks have recently approached me about the recent security updates (The other week we released MS15-011 & MS15-014). Most of the questions were general in nature but a few were specifically in… Read more

Six Audit Mistakes Everyone Seems To Make With Windows Server

Hi, this is Richard Sasser 'Rick', MCM, Red shirted dude (security guy). This might seem like old data, but you’d be surprised how many people looked at Security Auditing in Windows Server 2008 and 2008R2, saw that the old policies applied, and subsequently just checked the box and moved forward. Auditing changed. Auditing changed a… Read more

A 5 Second Boot Optimization If You’ve Disabled IPv6 on Windows Client and Server by setting DisabledComponents to 0xFFFFFFFF

Hey, y’all, Mark back with some new info on two of my favorite topics, IPv6 and Slow Boot Slow Logon (SBSL). If you’ve disabled IPv6 long ago this post is one you’ll want to pay attention to. Let’s dig in and get you up to speed. What’s Microsoft Recommend Setting for IPv6? The long standing… Read more

LSASS Crashing, CNF Objects May Be the Cause

Hey y’all, Mark back with a rare but hard-to-troubleshoot problem where CNF or conflict mangled NTDS Settings objects cause LSASS to crash on Active Directory domain controllers. The goal of this article is to create some awareness and have you install preventative fixes in the hopes of keeping both of our phones from ringing. What… Read more

Domain and DC Migrations: How To Monitor LDAP, Kerberos and NTLM Traffic To Your Domain Controllers

Hi everyone Adrian Corona here, this time I’d like to talk about a scenario that I get asked about a lot: Domain / Domain Controller Migrations. A very (if not the most) important piece of a successful migration is to know when there’s a system or application still using your domain services before decommissioning your… Read more