Windows Server 2008 R2 Domain Controller NOT logging EventID 4740
EventID 4740 (account lockout) is not being logged to the event viewer. When searching through the security log there are none to be found. Having accounts locked out and no logging is driving me nuts....
View ArticleWorkstations being Issued incorrect SUB CA templates
Hi ThereI current have two Sub Ca with the below templates assigned to it.Sub1 – Web, Workstation Sub2 – WorkstationThe issue I’m having is, when a new workstation is added to the domain, it randomly...
View ArticleChange default key size on non Domain joined CA.
Hello,I have one standalone non domain joined CA I would like to change the default key size of all issued certs to 2048. Since it is a stand along, there are no AD template to modify. Can this be...
View ArticleHow can I get a list of users with reset password ability?
We are trying to tighten our security, but thanks to the environment we are in this is a bigger task than it should be. As part of this I have been asked to get a list of users who have the ability to...
View ArticleSSL Certificate Issues in Windows Server 2003
I have a 2003 R2 SP2 Standard server. I have a certificate issued by a trusted CA. The certificate opens and displays the "The integrity of this certificate cannot be guaranteed. The certificate may be...
View ArticleAdvanced Audit Policy - Default / Recommended settings
I am aware that this is a "how long is a piece of string question" but here we go...For a single domain - single subnet - single site environment, but wanting to keep some information for monitoring...
View Articleproblem with criticality of key usage extension
Hi everybody, I'm instaling a subca and I'm submitting the request to a standalone CA. I need to make the key usage extension of the subca certificate critical, to do so after I submitted the request,...
View ArticleCertificate Authority, downloading Active X control
Hello,My CA is in Windows Server 2003 R2 Enterprise Edition SP2. The versión of CA is 5.2.I have the Windows Certificate server configurated in that server with a MMC 3.0, and also vía...
View ArticleGroup Policy issues
I set the following option on several servers: Allow users to connect remotely using Terminal Services -I wanted to limit the users that were able to access the server through RDP but in the process of...
View ArticleBest Time For Performing CA Migration and It's Affects
We're getting set to migration our Root CA from Windows 2003 to Windows 2012 R2. Our office is busy pretty much 24x7 and we're trying to perform the migration at the least impactful time.We're...
View ArticleClik here to view.
Network Positioning of a Windows Server 2012 R2 Direct Access & VPN Server
HiI'm in the process of creating a new active directory forest with a single domain using AD.Contoso.com to use the Microsoft example. The reason I have decided on AD.XXXXXXXXX.com is to get way from...
View ArticleRemove None Inheriting Permissions
Hello,Am working on cleaning up the permissions of a file server am using NTFS Permissions Reporter to view all the permissions, I have made sure that the permissions I require are inheriting down to...
View ArticleOCSP Responder configured with 3rd Party CA's
I am trying to gather information on how to configure Microsoft OCSP Responder with 3rd Party Certificate Managers like RSA RCM. There are a few install steps that are specific for AD CS and OCSP and...
View ArticleAppLocker allows unsigned apps to start using a publisher rule?
Hi all,I am looking at deploying AppLocker policies to prevent unauthorized software from being executed. I have created a test lab (fully patched W2K8 R2 SP1) for this purpose but have hit the...
View ArticleAllow multiple users access to local encrypted files but prevent Admin's from...
We have an scenario where we need multiple users to store and access files locally on a RDS server, but the administrators cannot ever have access to them, nor reconfigure the system to make this so....
View ArticleCA Clusters
With Windows Server 2012 or 2012 R2, is it possible to create a CA cluster at the main location with two nodes (Active/passive) and place a third node at a remote location for site failover? I seem to...
View ArticlePassword policy set
Hi,I want to set password policy for all logins.In sybase we can use sp_passwordpolicy sp_passwordpolicy {“set” | “clear” | “list”}, policy_option, option_valueIf we enable this, it will applicable to...
View ArticleImpersonateLoggedOnUser() or SetThreadToken() and ERROR_BAD_IMPERSONATION_LEVEL
Despite all the warnings about how it is not possible to elevate a thread to an elevated administrator in Windows 2008 R2, I have been able to start a process as a normal user, call LogonUser(), and...
View ArticleNTFS Permissions on Home Folder changing to allow everyone automatically
Hi, We have below scenario. Installed Windows server 2008 R2 standard in one server. Provided "Everyone" access to one of the drive called (H:) on server, but have provided an individual...
View ArticleWindows Explorer (explorer.exe) crashed frequently and can not login to...
I tried to login to my Windows Server 2008 (R2 Enterprise) but always see this message: "Windows Explorer has stopped working"and an APPCRASH event in Event Viewer.I followed this guide here:...
View Article