Smart Card Logon Enforcement – Long Edition!

Hey everyone – it’s been a while since the last post with so much going on in IT; the boom of the cloud, security breaches/incidents, new products, etc.  Wanted to take a little time to talk about something that hit my desk again recently and most folks in the DoD and other spaces wind up…


OCSP Responder Signing Certificate from a Stand Alone CA + Configs

Hello All, Recently I came across a scenario that required a manually enrolled and assigned OCSP signing certificate for the online responder service and configurations, and wanted to share a couple things on this topic.  So today I’m going to talk about manually requesting an OCSP signing certificate from a stand-alone CA, and some PowerShell…


Was a Smart Card Used for Logon?

Hello All, This has been discussed before and it recently hit my desk again.  Though the information is out there it seems most of it is a bit dated, circa 2007 and 2012.  The preferred method (for the majority) is to search the security event logs on domain controllers to make this determination and/or provide smart card usage…


Smartcard Authentication with Outlook 2016

Hello Everyone, Just wanted spread the word for those that have been banging their heads on the keyboard with trying to use Smartcard authentication with Outlook 2016.  Microsoft recently released an update for Outlook 2016 then enables this functionality that we enjoyed with previous versions.  There is a two stage process here to resolve this…


MSFT OCSP Responder + New DoD Configs!

Hello All, wanted to jump in with a quick post on updating the Microsoft OCSP revocation providers for some new DoD certificate authorities that have been commissioned.  This is based on my post a while back on setting up our OCSP responder with DoD configurations here.  There are roughly about 20 or so new revocation configurations that…


MIM-CM 2016 + Virtual Smart Card Modern App Part I

Hello All and Happy New Year!  I hope everyone is recharged from a most excellent holiday season!  I'm back with another security focused topic, virtual smart cards and also taking a look at MIM CM 2016 to life cycle the credential.  The threat landscape today is more fluid and dynamic then ever before and organizations are…


Windows 10 Cheat Sheet Compilation!

Hello all, I hope your summer is going well!  As you know Windows 10 is here and has hit general availability!!  With that in mind I wanted to put out a few quick things that may be helpful to get the gears turning for testing and evaluation of Windows 10.  Windows 10 Build 10240 is…


Duplicate Outlook Lists After Office 2013 Upgrade (KB3054855)

Hello everyone, I hope all is well.  I wanted to share an interesting issue that we’ve been working on for quite some time.  I say we because I can’t leave out Randy a Senior Escalation Engineer with CSS and the Office team in helping to resolve this issue. Those of you who still might be…


Suite B Public Key Infrastructure Part III

Hey everyone, I'm back to grinding it out again! Here's another one for your "suite-tooth."  We've covered installing and configuring a Suite B Offline Root CA, and also issuing end-entity key agreement and digital signature certificates in accordance with RFC 5759 from an offline Root CA.  Let's go over the scenario of a two tier suite B…


Suite B Public Key Infrastructure Part II

Hello all, hopefully it was a good week in IT!  Lots going on this week in the field; most notably the Surface Pro 3 UEFI update that Ty posted about earlier!  This is certainly a welcome addition, especially for those who don’t seem to have good luck pxe-booting the SP3 or who are doing lots…