Detecting port availability and blockage: Part 2, The Trace

Note: For Part 1 of this blog, “The players”, Click Here So, back to our scenatio and detecting port blocking. A little copy and paste from Part 1: Nature of blocked ports Port blocking is a somewhat secret event to tracing, but there are some very easy methods to determine if this is happening. Let’s…


Detecting port availability and blockage: Part 1, The Players

Note: For Part 2 of this blog, “The trace”, Click Here In a recent blog “Welcome to the domain, just kidding”, I referenced RPC port 135 was being blocked as the root cause for why the computer could join the domain, and then the trust was broken. So, the question remains: How do you detect…


Protecting from Accidental Deletion (or not)

An interesting conversation came up today regarding the Active Directory feature “Protect from accidental deletion”. What does this actually mean? So, the good news is that any object in AD, being OUs, users, groups, you name it – If it’s important to you or your organization, you can go into the Object tab (advanced features)…


SCCM: For those nasty incremental collections

One feature that is easily misunderstood in SCCM is one of “incremental updates to collections”, which is this innocent little box: “Use incremental updates for this collection”. What I have noticed over time is that many customers use this as “Standard Operating Procedure” and hurt server performance by applying this to all collections they create….


Welcome to the domain. Just kidding.

I ran across a strange issue recently in regards to joining a server to the domain, so I hope this helps someone else running into the issue. Problem statement: A routine, run of the mill domain join of a server. The account was pre-populated (or not, wouldn’t matter) in Active Directory. Upon joining the domain,…


Demystifying the UNC Hardening Dilemma

Had an interesting issue come up today, and wanted to break it down a bit for my own understanding. A customer had a domain running DCs in Server 2008 R2 with a 2008 Forest and Domain Functional Level. Nothing wrong with this configuration as it is supported as of today, but was curious how hardening…


The classic “Whodunit”: Who removed IIS?

I had a recent issue where a customer’s SCCM Distribution Point came up non-functional. Upon looking at the IIS logs, it appeared that the DP was missing components until just recently. So, how did we find our suspect, who did this? There’s a couple places to check: ACT I: The Event Logs The log to…