God mode on Windows 8

It’ s summer, you’re bored enough to start reading random newsletters and then you pick up something useful. Create a folder on your Surface desktop with the name GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} Open The folder for a surprise…   …this incidentally also works on Windows 7.  


Fiddling with ADFS – end the infinite authentication loop

While working at a customer site the other day I was reminded of an article by Eric Lawrence on why you sometimes start seeing endless pop-up windows asking for credentials when using Fiddler to decrypt HTTPS traffic during troubleshooting. In short; If the web server has Extended Protection for Authentication enabled then it detects that…


TPM-CSP Autoenrollment failing with 0x8010002e SCARD_E_NO_READERS_AVAILABLE

We’re attempting to enroll for certificates using a TPM chip on a laptop – it fails when autoenrollment is involved but works when done manually via the MMC.   According to http://msdn.microsoft.com/en-us/library/bb905527.aspx on the Smart Card Resource Manager service: “By default, the service is configured for manual mode. Smart card reader driver authors must configure the…


ADCS has become site-aware in Windows Server 2012

One of the largely unheralded big new features of Active Directory Certificate Services is that it can now be configured to be site-aware! This is accomplished by following the detailed steps that are described on the ADCS Wiki link below. The short version is however as follows: set the CA to detect which AD site it is in by running the following…


XP and W2k3 Clients are by default unable to enroll from W2k12 CA servers

RPC Packet-level Authentication is by default turned on in Windows 2012 CA’s. This can also be turned on in W2k8+ but defaults to off there. …..   From http://technet.microsoft.com/library/hh831373 When a certificate request is received by a certification authority (CA), encryption for the request can be enforced by the CA via the RPC_C_AUTHN_LEVEL_PKT, as described…


Windows 8 shortcut keys

For the last couple of months I’ve been running with the Windows 8 Consumer Preview on my laptop. Besides having to resist the urge to swipe the startup screen (which would be a nice feature even on a standard laptop) the biggest challenge has been to map my previous activities to the Metrofied interface. However, the…


Enrollment from Windows XP clients against Windows 8 CA server failing

When a certificate request is received by a certification authority (CA), encryption for the request can be enforced by the CA via the RPC_C_AUTHN_LEVEL_PKT flag, as described in MSDN article Authentication-Level Constants (http://msdn.microsoft.com/library/aa373553.aspx). On Windows Server 2008 R2 and earlier versions, this setting is not enabled by default on the CA. On a Windows Server…


Windows 8 features

The Win8 Product Teams have started blogging about new features in the upcoming Windows 8 release.  Windows 8 Server:Microsoft Server and Cloud Platform Bloghttp://blogs.technet.com/b/server-cloud/archive/tags/windows+server+8/ Windows 8 Client:Building Windows 8http://blogs.msdn.com/b/b8/ Not so much out there for  public details on the new Windows 8 Active Directory features so far unfortunately.Best bet for the impatient AD admin is…