Posted in Security TechEd Video

Keeping your company secure using Group Policy

In this TechEd session I presented at TechEd New Zealand 2014 I covered some of the changes with Group Policy preferences recently as well as some of the new Group Policy improvements you can do to protect yourself against Pass the Hash attacks. Unfortunately at the end one of my Demo’s did not work however I actually did get it to work only a…

Continue Reading...
Posted in News

Updated: Windows 8.1 Update and Windows Server 2012 R2 Update Administrative Templates ADMX/ADML pack

Update: I had discovered that this original ADMX template were missing some Internet Explore 11 Group Policy settings. As a result the ADMX/ADML pack has now been re-released but can be downloaded using the same link below. Microsoft has just released the Administrative Templates (ADMX/ADML) files that allow you to configure their newest Group Policy Administrative Template setting for Windows…

Continue Reading...
Posted in TechEd Video

How to use Internet Explorer 11 Enterprise Mode with Group Policy

The session that myself and Chris Jackson (a.k.a. AppCompatGuy) at TechEd New Zealand 2014 has now been published. So for your viewing pleasure I have embedded the video below: This session covers Internet Explorer 11 with Enterprise Mode and how you can use Group Policy to manage the feature to enable you to migrated to the latest version of IE…

Continue Reading...
Posted in News

Internet Explorer ActiveX Blocking Group Policy

Microsoft has just released a patch MS14-051 (https://support.microsoft.com/kb/2976627) for Internet Explore on Windows 7 and Windows 8 that allows IT Admins to block out of date ActiveX controls from running in the browser. This move aligns IE with other browsers that actively block out of date version of plug-ins such as Java but is still very similar to the ActiveX…

Continue Reading...
Posted in Security Tutorials

How to remove cPassword values from Active Directory

With the recent MS14-025 security patch Microsoft has removed the ability to configure passwords in Group Policy Preferences via the User Interface. However this update does not remove the password value from AD nor does it stop the value being applied to computers/users. So, if you have apply MS14-025 and you have also implemented another way of managing the local…

Continue Reading...
Posted in Tutorials

How to set the Local Administrator account to a Random Password

As per my previous blog post Microsoft has release MS14-025 that blocks the ability to configure passwords using Group Policy Preferences. However as part of the guidance they have also published a PowerShell script that allows you to set a random password to the user local admin account. This blog post show you how you can use this script (bad…

Continue Reading...
Posted in Tutorials

How to enable WinRM via Group Policy

The Windows Remote Management (a.k.a. WinRM) interface is a network service that allow remote management access to computer via the network. It’s used  frequently as a conduit to allow remote management of computer via PowerShell. As a result WinRM is enabled by default on Windows Server 2012 to enable the Server Manager tool but it is not enabled for Windows client…

Continue Reading...
Posted in News Tutorials

Group Policy Preferences Password Behaviour Change – MS14-025

A number of month ago I did a blog post explaining why the use of passwords (a.k.a. cPasswords)  in  Group Policy Preferences was such a bad idea ( see Why Passwords in Group Policy Preference are VERY BAD). Well Microsoft have now taken the additional steps and now release a new hot fix for Group Policy Management Console that explicitly…

Continue Reading...