What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR?
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR? https://video2.skills-academy.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr FFL & DFL: Windows Server…
Generic unknown status in pkiview after migration Active Directory Certificate Services from Windows Server 2008R2 to Windows 2019.
Follwing below given Link from MS we migrated 2 tier PKI hierarchy from windows 2008 R2 to Windows 2019. https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/ba-p/697674 Migration…
How to disable MFA for a single user
How can I disable MFA for a single user in Azure
How do I set the CSP and HSTS for an Azure app?
I have created an Azure app and use a custom domain to access it. However, when putting the URL through our cyber security process, it came back that the CSP and HSTS needs to be updated. I cannot find where in Azure to update the security headers. Where…
Final check before Fully Block NTLM for all Domain
Dear PPL, I would like to set our Default Domain Policy "Restrict NTLM: Incoming NTLM Traffic" to Deny All Accounts. Before I do it, I have enabled Auditing Logs, can see some devices or services are still using NTLM, for example, Win10…
Active Directory Certificate Services - Migrate from W2K8R2 to W2K19 Server - In-place upgrade
Hi My setup: ADCS and PKI services on domain joined (I know! I know, it shouldn't be domain joined) VM running on W2K8R2 I need to get out of W2K8R2 and the plan is to do an in-place upgrade to W2K12R2 and then to W2K19 When doing the in-place…
How to change days before password expires notice
I'm looking for a way to change the number of days before notifying users of password expiration from the default of 5 to some other number. I've found a web posting that references: Default Domain Policy (or Default Domain Controller Policy?) >…
Need some help to target the Group Policy to enable the NTLM audit?
I must audit any computers still using NTLM v1 in my AD Domain. Do I need to enable these group policies for all Windows servers and workstations in my AD Domain or just the Domain Controllers? Computer Configuration\Windows Settings\Security…
April Security update breaks MSMQ on Windows Server,
This patch will to break MSMQ in any current Windows Server version, Example KB5036896 installed on Windows Server 2019 Get "not implemented" error after patching. ErrorNumber: '-2147467263' Source: 'MSMQTransaction' Raised 'Unhandled…
FeatureSettingsOverride multiple value entries
Hello, i am looking to apply a patch to disable downfall mitigation. i am looking to amend the FeatureSettingsOverride value to "33554432" as per recommendations. However, FeatureSettingsOverride value is already set as "72" in order…
Block NTLM and NTLMv2 totally, only enable Kerberos
Dear PPL. I would like to totally shut down NTLMv2 in our Domain. I would like only Kerberos as our Accounts Authentications. Should I just change GPO of Default Domain Policy on AD: Network security: Restrict NTLM: Incoming NTLM traffic: to Deny All…
RDS with network segmentation
Hi, We have an environment that is not connected to the internet. This environment contains Windows Servers 2022 and Windows client 10/11. To be able to access this environment remotely, we have to use Cisco VPN and when the VPN is connected we do a RDP…
Fix Root AD CA certificate on Win Server 2022 for Apache Tomcat 9 website not loading?
We setup a Windows Active Directory Certificate Authority on our Windows Server 2022 and issued a certificate for an Apache Tomcat 9 server website. When a user accesses the website, logging in with a valid AD logon, the website will show the website…
CA Web enrollment(certsrv) behind VIP , load balancer
Hello Team, Is it a good recommendataion to move the CA WEB Enrollment role behind VIP , load balancer? I am getting an error while using the CA WEB Enrollement behind VIP , I am unable to request a certificate using…
Remote Credential Guard double-hop issue after server 2022 upgrade
we upgraded two of our jump/admin servers from server 2019 to server 2022. one was installed fresh, the other one was upgraded via inplace upgrade. now mstsc /remoteguard no longer works correctly, we seem to run into a kerberos double-hop issue. …
LDAP over SSL on a RODC only (how to)
Hi I have a "basic" question. Customer has 2x RODC in a separated environment, which is direct connected to the On_Prem domain controllers (all 2016) Firewall ports are configured and open. The RODC setup was done without any issues. …
what are Microsoft security recommendation for Microsoft Entra
hello, We are setting up a Microsoft Enterprise tenant; what basic recommendations can we make to make it more secure? Like we know, we like to implement MFA,CA ,PIM ,Audit log anything apart for this specially from IAM side security. Thanks Richa
Procedure for enabling and configuring the LDAPs feature for the existing Domain Controllers globally.
I need to globally configure the LDAPS feature in over 20 on-premises Domain Controllers/Global Catalogs to support new security software integration. My existing AD Domain controllers are Windows Server 2016 with Windows Server 2016 FFL/DFL. What steps…
Effective Mail Security applications for Exchange 2019 on-prem
I currently use Symantec Mail Security for Microsoft Exchange on our on-prem Exchange 2019 environment but am looking for a new product. The environment is not connected to the Internet, but on a large stand alone network and I initially wondered if…