LSA Auditing
Hi All I have the following requirement to enable (Enforce LSA Auditing) through GPO on all my servers. I have an OU with a couple of test VMs, and I have created a GPO and enabled the two policies below: Computer Configuration > Administrative…
AD assessment tools
Are there any recommended reporting tools that you can use to scan your Active Directory setup and configuration and get a report of problems/risks/non recommended settings to address?
Event log failure 4625 (brute force attack)
I am receiving constant 4625 event log failures in my machine every 10 minutes. The machine lies under the firewall with RDP enabled in it. When I try to check the account name and domain, it is showing as I mentioned in the example i.e If the audit…
AD default domain password policy advice
I am trying clarify some of specific settings within a domain password policy (settings report was produced based on Get-ADDefaultDomainPasswordPolicy). For info - there are no additional fine grained password policies in operation which may supersede…
Can I revoke an SSL certificate using API calls towards the AD-CS?
Hello, I have very little experience with Windows Servers and even less with AD-CS. In our company we use AD-CS to issue certificates for all services, including Linux machines. At the moment the process is manual, but we need to automate it using…
What is the Maximum size of a EventMessage or Event Data in Event Viewer. For Security channel and other channels System, Direcory Service.
What is the maximum size of a single event in Event viewer? Event message maximum length and a Event's size in kb? Does it vary for Security channel and System/ Directory Server channels?
How do I install SSL/TLS cipher suite for Biztalk server2009
Hi, Recently my connections from Biztalk to an external financial system started failing with the message A message sent to adapter "WCF-Custom" on send port "SP_IMOS_AP_HEAD_TO_OCI_AP_HEAD" with URI…
Renew AD Root certificate - How to?
Hi Everyone, I need to renew my root certificate and I don't have a clue how to do this correctly. My DC's are 2012 R2 and 2019 and my AD DFL and FFL are: Windows Server 2012 R2, clients are all W10 and servers mostly 2008 and above and a tiny…
Notification or Alerts for MFA setting
Hi Everyone Could we setup an alert when a MFA method is added, changed or deleted in Microsoft account setting security option?
Enabling Windows Firewall logging only without enabling the profiles?
I'm looking for information on the ports and protocols that the Windows server currently uses as a baseline before enabling the Windows Firewall profiles. I aim to enable the built-in firewall on each of my Production Windows Servers without causing a…
CredUI selects wrong Smartcard certificate
Hi Community, I experience an issue, that not the certificate I would expect according to the "Filter duplicate logon certificates" Group Policy is shown by CredUI when the certificate was issued using the certreq.exe command. If I issue…
Azure AI Video Indexter:Will it use my video uploaded as samples for Training?
Hi I plan to use "Azure AI Video Indexter" to add tags, and identifies scenes in video. I concern that my video uploaded may use to train the AI, as training sample. I concern my personal info may be used as answer from AI. Is there any page…
request/approval of new AD user accounts
What are your procedures when it comes to the requesting and approving new user accounts (e.g., new employees, new consultants etc) in your active directory? I have seen a variety of processes; some have standardised e-forms that integrate with the…
if you split security into tiers as per RBAC and the same human person needs multiple accounts does each account consume an azure licence
Microsoft recommends splitting on prem and hybrid assets into tiered access T0 T1 and T2 to facilitate RBAC (role based access control). The principle being that t0 logons are never mixed with t1 logons to minimise any breach. If, therefore, an admin…
Bought a new used laptop, old user still signed in cant sign on
hello bought a new used laptop it's a KUU Yepbook 2The old user didn't sign off. I can see her picture, her name.Its asks for a PIN, password or finger
Password incorrect when import certificate on server 2012
Hello, I trying to import a new certificate in server 2012 and says password incorrect, but the passworsd is correct. I have no problems importing this certificate on server 2019. I have seen in some forums that the problem is that 2012 does not…
Is Microsoft downplaying support for ECC certificates?
Hi folks, does anyone have any insight into this statement Microsoft's trusted root program requirements page that was updated in Feb? Signatures using elliptical curve cryptography (ECC), such as ECDSA, are not supported in Windows and newer Windows…
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR?
What are the benefits of the existing single forest AD Domain to convert or upgrade the AD Domain Controllers from FRS to DFSR? https://learn.microsoft.com/en-us/windows-server/storage/dfs-replication/migrate-sysvol-to-dfsr FFL & DFL: Windows Server…
Generic unknown status in pkiview after migration Active Directory Certificate Services from Windows Server 2008R2 to Windows 2019.
Follwing below given Link from MS we migrated 2 tier PKI hierarchy from windows 2008 R2 to Windows 2019. https://techcommunity.microsoft.com/t5/itops-talk-blog/step-by-step-migrating-the-active-directory-certificate-service/ba-p/697674 Migration…
How to disable MFA for a single user
How can I disable MFA for a single user in Azure