Password days reset?
Last year the password minimum password age was removed to accommodate an application roll out, and now we would like to get it back to 90 days. If I set it to 90 days, then I suspect most users will...
View ArticleCertificate validity period:
We are running a Enterprise CA under Windows 2008 R2. I configured Computer Certificate Templates and configured Autoenrollment, everything is working as expected except the validity period of the...
View ArticleHow to Prevent LM Hash from Being Saved in Memory
Hi, my company is looking to improve security in our mixed Server 2003 & Server 2008 R2 environment by protecting against pass the hash attacks. We are in the process of implementing 15-character...
View Articlesecure UDP 500 on 2003 R2
I have a 2003 R2 server running an IPSec policy to secure a few ports between client/server. The IPSec policy works fine, however I've noticed that the server has opened UDP 500 for IKE which does...
View ArticleCreating IPsec filter list to encompass port range
This was previously posted to Platform Network, but I have removed it there, since I did not receive replies:Hello,I am aware that I can either use an IPsec policy, or the newer Windows Firewall with...
View ArticleNot able to connect to PEAP-MSCHAPv2
I am not sure if this has been asked before. But anyway, here goes: Our Corporate Wireless is a EAP with PEAP-MSCHAPv2. The authentication is from a Windows Server 2008. This server presents the Server...
View ArticleIPSEC tunnel Server-to-Server Windows 2008 R2 problems
Hi to all ,I'm trying to implement IPSEC Tunnel between two Windows 2008 R2 Server . I have two different subnets and firewall between them Subnet 1 : 192.168.0.0/24Subnet 2 : 172.16.0.0/24There is...
View ArticleVery confused on authenciation concepts : EAP, PEAP, EAP-MSCHAPv2, ...
Hi,Yes, I'm really confused on some authentication concepts. I tried to do learn each of the possible VPN technologies (PPTP, L2TP/IPSEC, SSTP, IKEv2). Things alway start happily, until I get the...
View ArticleStuck on MBAM install on SQL Server
Hi, I am trying to install all 3 components of MBAM SQL server compents on 1 SQL server.Wehn I run the MBAM install on SQL server I dont ever see install complete after I select the domain...
View ArticleUsing certificate OID's to authenticate WiFi users.
Hello All,I am trying to sort out some issues with certificate OID's in our PKI environment. The background is we are in production with our wifi using EAP-TLS. Everything is working great and has been...
View ArticleDeleting directories that won't delete
When deleting large directories some subdirectories have files and folders that have failed to inherit domain administrator ownership. When attempting to delete the directories you simply get a message...
View ArticleEFS
Hi All,I have a Windows 2003 Domain controller which is also a CA.I have configured auto enrollment and EFS DRA in GPO (domain controller).One of my client is using laptop (Windows XP SP3) and he was...
View ArticleRisks associated with Single forest single domain infra
Dear All ,We have setup an active dir infra with single domain and single forest (FSMO) , just curious to know why this setup is usually not recommended ?throw ur views
View ArticleServer 2008 R2 Certificate Services
We currently have a windows server 2003 Domain but i am looking to install a server 2008 R2 2 teir PKI infrastructure. Our Forest root domain is empty and the Cert servers will be installed in a child...
View ArticleNeed to upgrade RDP on windows 2003 SP2 from ver 6.0 to 6.1
In response to a security audit, I need to close RDP vulnerability "Remote Desktop Protocol - man in the middle attacks" on our windows 2003 SP2 servers currently running RDP 6.0.6001 , and therefore...
View Article"Almost Administrator" Local Group .... What is configurable?
Can anyone refer to any documents on what is and is not configurable when creating a Local groups privileges? Here is my dilemma: We are looking to deploy a custom group to all of the Servers in our...
View ArticleTightening control / Regulation on local member server Administrators in...
So I know I ask this question every few years. "Delegate to AD" is the typical answer. So this year I am going to go into full explination mode; and I prefer this to be more of a discussion....
View ArticleKerberos Constrained Delegation (KCB) and Read Only DCs (RODC)
gday all,We have configured a RODC in our DMZ as per the Microsoft Whitepaper.http://technet.microsoft.com/en-us/library/dd728035(v=ws.10).aspx We have a TMG server in our DMZ that is joined to the...
View ArticleA Problem With My Network authentication
At one point of time I was able to use my work's WiFi from my notebook, but recently trying to sign-in with my work's user name and account; it will not let me, but on my phone it will. I keep...
View ArticleError. Renew SubCA certificate. Offline root CA
In infrastructure:offline rootCA (Windows server 2012, workgroup)SubCA (windows server 2012, domain)I need to renew certificate for SubCA. I have reg.file.When I try to submit a new request on RootCA I...
View Article