Tip of the Day: Using DNSSEC with DNS Zone Scopes

Today’s tip… QUESTION Does anyone know whether the DNS ZoneScopes used by DNS Policy can be signed and DNSSEC enabled? Looking at the DNSSEC related DnsServer PowerShell cmdlets it appears that they do not support the -ZoneScope parameter. As this is the only way to manipulate ZoneScope settings it seems to indicate that signing scopes…

0

Tip of the Day: Azure Reverse DNS

In the beginning of June, the Azure team published new and updated documentation for reverse DNS. There are 3 new pages: Overview, explaining what reverse DNS is, why it’s used, how it works, and the high-level scenarios supported in Azure Detailed guidance on hosting reverse DNS zones in Azure Detailed guidance on managing reverse DNS…

0

Tip of the Day: Windows 10 S FAQ

We interrupt late week’s rundown of top Defrag Tools episodes to bring you something I found in my inbox: You may or may not have heard buzz around Windows 10 S.  If you haven’t, Windows 10 S is a specific configuration of Windows 10 Pro that offers a familiar, productive Windows experience that’s streamlined for…

0

Tip of the Day: The Best of Defrag Tools - Debugging the Network Stack

Today’s tip… C’mon, you know you’ve long dreamt of having the Ninja skills to debug the network stack!  I mean, who hasn’t?  Well now you can grasshopper.  Simply watch the following very special Defrag Tools episode: Defrag Tools #177 – Debugging the Network Stack In this episode of Defrag Tools, Chad Beeder is joined by…

1

Tip of the Day: The Best of Defrag Tools - Windows Internals 7th Edition Part 1

Today’s tip… This week we celebrate the best of “Defrag Tools”, a fantastic Channel 9 series packed with useful and timely information. In episode #177 Defrag Tools, Andrew Richards and Chad Beeder are joined by Alex Ionescu and Pavel Yosifovich, authors of the Windows Internals 7th Edition Part 1 book to talk about history of the Windows Internals…

0

Tip of the Day: SvcHost Service Refactoring in Windows 10 v1703

Today’s tip… The Service Host (svchost.exe) is system process capable of hosting multiple Windows services. Using this shared-service process, numerous Windows services can share a single process, reducing overall resource consumption.  The service-host groups are determined by combining the services with matching security requirements. For the services critical to network and internet connectivity this translates…

1

Tip of the Day: Azure MFA cloud based protection for on-premises VPNs is now in public preview!

Today’s Tip… Azure MFA provides a hybrid multifactor authentication solution for Windows 10 VPN. Using a first-party auth extension, an on-premises NPS server provides the primary auth, forwarding RADIUS-encrusted REST calls to an Azure MFA tenant for the secondary authentication. Read More At: https://blogs.technet.microsoft.com/enterprisemobility/2017/02/06/azure-ad-news-azure-mfa-cloud-based-protection-for-on-premises-vpns-is-now-in-public-preview/

0

Tip of the Day: Creators Update (v1703) - Establishing a VPN Connection from the Network Flyout

When launched from the VAN, VPN connections on Windows 8.1 could be completed in as few as two clicks. In Windows 10 however, the number of steps regressed to as many as five to seven clicks. Windows 10 v1703 (Creators Update) improves the user experience by including UI enhancements reducing the number of steps required…

0

Tip of the Day: Enhanced Security Administrative Environment (ESAE) Architecture

Today’s Tip… Wonder what ever happened to Domain Isolation using IPsec? Well, that is so last decade! Let me introduce you to the ESAE Administrative Forest Design Approach practiced by Microsoft’s Cyber Security Services Team. Securing Privileged Access: https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/securing-privileged-access

0

Tip of the Day: DNS Recursion Policies

Today’s Tip… Previous DNS Policy tips discussed two uses for Query Resolution Policy; Location Aware Response policies for authoritative queries, and Selective-Filtering for non-authoritative queries. Those are just two from the list of potential policy scenarios and I’m itching to share information on policy processing behaviors and troubleshooting, but feel compelled to share just one…

0