Take Control Over AD Permissions and the AD ACL Scanner Tool

What is the state of your delegation? Have you a documented and recent report over the permissions in your Active Directory? Have you granted permissions on the relevant OU’s in the past and left it like this ever since?? Maybe it’s time to take a look again to see what’s actually delegated in Active Directory?…


Step-by-step walkthrough: Installing an Operations Manager 2012 Gateway

  Step-by-step walkthrough: installing an Operations Manager 2012 Gateway Server To make this document, I installed 3 test servers; the evaluation image of Windows Server 2008 R2 can be downloaded from the Microsoft site here: http://technet.microsoft.com/en-us/evalcenter/dd459137.aspx This installation was done on a generation 1 Core i7 portable with 1 SSD drive and 8GB of memory….


PowerShell: Malware detection and tracking of new autoruns

Old Project realized A month ago I reinstalled one of my PC's and thought of a project I started but never finished many years ago. It was when I found out about autorunsc.exe , one of the many awesome tools from the Sysinternals suite and the creator Mark Russinovich, when I thought of an idea…

14

Forensics: Active Directory ACL investigation

A Couple of Sensitive Spots Active Directory are full of delegated rights and permissions that grant privileges to security principals (User, Group Managed Service Account, Group and Computer Objects). Some permissions are more sensitive than others and should be kept only for privileged accounts such as for Tier 0 administrators (Read about the credential tier model…

13

Do You Allow Blank Passwords In Your Domain?

Do you or did you back in the days use your own code or a third party tool to create user accounts that did not update the userAccountControl attribute after the account was created? Well then there’s a change you might have accounts in your domain that are allowed blank passwords or even worse have…

9

Failed to read %PROCESSOR_ARCHITECTURE environment variable from Win32_Environment WMI class

For those wanting to get rid of the SCCM MP error (introduced in the latest version 6.0.6000.3) “Failed to read %PROCESSOR_ARCHITECTURE environment variable from Win32_Environment WMI class”, there is a hotfix available now: http://support.microsoft.com/kb/2692929 More information, as always, can be found on Kevin Holman’s blog: http://blogs.technet.com/b/kevinholman/archive/2011/09/30/mp-update-new-configmgr-2007-mp-version-6-0-6000-3-resolves-top-issues.aspx   HTH, Danny    


How to get DRM protected E-Books to be able to be read on a Windows 8 RT device

During the evening yesterday my daughter wanted to read some E-books on her new Windows RT slate. She wanted to borrow an E-Book from our local library in Sweden. I was expecting this to be an easy task and gladley tried to find a download link for Windows RT at the library hompage. I found…

2

Finding an Attribute’s Property Set

Attributes vs Property Set If you are granting access on an attribute level it’s most likely you end up with long lists of Access Control Entries (ACEs) on objects in Active Directory. This will lead to database growth, the NTDS.dit will get bigger. It will also lead to degrading performance of you Domain Controller when…

2

Controlling CSP selection during autoenrollment through the pKIDefaultCSPs attribute

We want to enable autoenrollment for our Bitlocker installations but want to allow clients without TPM’s to enroll from the same certificate template as backup. The pKIDefaultCSPs attribute in certificate templates contains a numbered list of CSP’s that are valid for enrollments against that template. The numeric value determines the priority so if you populate…


Access denied on C:, even though you have given the user Full Control

Overview One of my customer was in the process of migrating away from Windows XP. As a part of this work, the customer was verifying application compatibility. During the testing of applications, they discovered that 2 applications that are business critical for the customer were having issues with file creations. These issues are counted as…

1