PKI: which templates are built-in and which are from my company?

A colleague asked me a question on behalf of his customer. They were doing a discovery in a rather messy PKI environment and the question arose: which templates are standard (default), and which ones were created manually? Hopefully they have a good naming convention to make this immediately obvious, but otherwise a deeper look is needed. After…


Step-By-Step: Migrating Active Directory FSMO Roles From Windows Server 2012 R2 to 2016

With Windows server 2016 was released for public (GA), many businesses are working on migrating their services to the new offering. This post will walk you through the steps needed to migrate Active Directory FSMO roles running on Windows Server 2012 R2 to Windows Server 2016 Active Directory. The same steps are valid for migrating…


PKI: which templates are published where?

Windows Server has two kinds of Certificate Authorities: Standalone and Enterprise. This strangely named difference really only means one thing: an Enterprise CA can (must) use templates for certificates it issues. Using templates you enforce standards for your private certificates, and enable desirable features like autoenrollment. A template exists as an object in the Configuration…


Disable SMB v1 in Managed Environments with Group Policy

The following is a brief summary recent SMB v1 vulnerabilities, ransomware and an enterprise approach to disabling SMB v1 via Group Policy. Why SMB v1 Isn’t Safe (September 16, 2016) Ned Pyle wrote a blog post in September of 2016 on why SMBv1 isn’t safe where he stated that if your clients use SMB1, then…

31

Privileged Access Management – demystified

  Today’s topic: Privileged Access Management (PAM) Just in Time Administration demystified Coming with Microsoft Server 2016, we offered a new optional feature for Active Directory: the ‘Privileged Access Management Feature’. The new feature is only available with Domain Controllers OS >= Windows Server 2016. Privileged Access Management Feature consists of two parts: Privileged Access…


Hilfreiche Tipps: Performance-Tuning bei Windows Server 2016

Es kann durchaus vorkommen, dass sich die Standard-Einstellungen eines Server-Systems von den Business-Anforderungen unterscheiden. Es könnte zum Beispiel vorkommen, dass das System einen möglichst niedrigen Energieverbrauch oder eine sehr geringe Latenz haben sollte. Für diese Sonderfälle bei den Einstellungen einer Server-Umgebung stellt Microsoft die sog. Performance Tuning Guidelines für Windows Server 2016 zur Verfügung. Diese…


The well-known SID -1000

It is not every day that you discover a new well-known SID, but today I got mine. I know… if I just discovered a well-known SID it can hardly be well-known, can it? Let me explain. If you have been around the (Windows) block a few times, you will know what a SID is: a security…


Virtueller Mai: Wissen tanken bei Webinaren und virtuellen Konferenzen

Wertvolle Informationen, Best Practices, spannende Einblicke und das bequem vom Schreibtisch oder der Couch aus – diese Möglichkeit haben bieten verschiedene Webinare und virtuelle Konferenzen von Microsoft im Laufe des Mai. Thematisch beschäftigen sich die Online-Veranstaltungen mit den unterschiedlichsten Technologien und Konzepten, angefangen bei Microsoft Azure über SQL Server bis zu Dynamics 365.   5….


Bliżej chmury publicznej – synchronizacja lokalnego Active Directory z Azure Active Directory/Office 365 przy wykorzystaniu narzędzia Azure AD Connect

Wstęp Organizacje, które posiadają lokalną usługę katalogową Active Directory i planują uruchomić usługę  Office 365 muszą podjąć decyzję na temat sposobu uwierzytelniania swoich użytkowników do usługi Office 365. Na dzień pisania artykułu tj. 14.04.2017 firma Microsoft proponuje trzy rodzaje uwierzytelniania: uwierzytelnianieza pomocą kont założonych tylko i wyłącznie w Office 365. Obiekty przechowywane w Azure AD/O365…