God mode on Windows 8

It’ s summer, you’re bored enough to start reading random newsletters and then you pick up something useful. Create a folder on your Surface desktop with the name GodMode.{ED7BA470-8E54-465E-825C-99712043E01C} Open The folder for a surprise…   …this incidentally also works on Windows 7.  

3

Fiddling with ADFS – end the infinite authentication loop

While working at a customer site the other day I was reminded of an article by Eric Lawrence on why you sometimes start seeing endless pop-up windows asking for credentials when using Fiddler to decrypt HTTPS traffic during troubleshooting. In short; If the web server has Extended Protection for Authentication enabled then it detects that…

0

TPM-CSP Autoenrollment failing with 0x8010002e SCARD_E_NO_READERS_AVAILABLE

We’re attempting to enroll for certificates using a TPM chip on a laptop – it fails when autoenrollment is involved but works when done manually via the MMC.   According to http://msdn.microsoft.com/en-us/library/bb905527.aspx on the Smart Card Resource Manager service: “By default, the service is configured for manual mode. Smart card reader driver authors must configure the…

0

ADCS has become site-aware in Windows Server 2012

One of the largely unheralded big new features of Active Directory Certificate Services is that it can now be configured to be site-aware! This is accomplished by following the detailed steps that are described on the ADCS Wiki link below. The short version is however as follows: set the CA to detect which AD site it is in by running the following…

1

XP and W2k3 Clients are by default unable to enroll from W2k12 CA servers

RPC Packet-level Authentication is by default turned on in Windows 2012 CA’s. This can also be turned on in W2k8+ but defaults to off there. …..   From http://technet.microsoft.com/library/hh831373 When a certificate request is received by a certification authority (CA), encryption for the request can be enforced by the CA via the RPC_C_AUTHN_LEVEL_PKT, as described…

1

Windows 8 shortcut keys

For the last couple of months I’ve been running with the Windows 8 Consumer Preview on my laptop. Besides having to resist the urge to swipe the startup screen (which would be a nice feature even on a standard laptop) the biggest challenge has been to map my previous activities to the Metrofied interface. However, the…

0

Enrollment from Windows XP clients against Windows 8 CA server failing

When a certificate request is received by a certification authority (CA), encryption for the request can be enforced by the CA via the RPC_C_AUTHN_LEVEL_PKT flag, as described in MSDN article Authentication-Level Constants (http://msdn.microsoft.com/library/aa373553.aspx). On Windows Server 2008 R2 and earlier versions, this setting is not enabled by default on the CA. On a Windows Server…

0

Windows 8 features

The Win8 Product Teams have started blogging about new features in the upcoming Windows 8 release.  Windows 8 Server:Microsoft Server and Cloud Platform Bloghttp://blogs.technet.com/b/server-cloud/archive/tags/windows+server+8/ Windows 8 Client:Building Windows 8http://blogs.msdn.com/b/b8/ Not so much out there for  public details on the new Windows 8 Active Directory features so far unfortunately.Best bet for the impatient AD admin is…

1