Category: Security
How to stop local administrators from bypassing Group Policy
Before I begin this article might be, for some of you, this will be well know information and it might all seem rather logical. But I continue to see questions being asked on forums as how as a Group Policy administrator can I prevent my users with local admin making a specific change or installing software/drivers on their own computer. The short answer is you…
Vulnerability in Group Policy Fixed with MS15-011 & MS15-014
Today Microsoft published hotfix MS15-011 and MS15-014 that addressed a potential issues that could allow an man in the middle attack on computer. This vulnerability affected system that could be compromised by a man in the middle or what I like to call a “Coffee Shop Attack”. The summary is that by interfering with the traffic that is being sent…
Keeping your company secure using Group Policy
In this TechEd session I presented at TechEd New Zealand 2014 I covered some of the changes with Group Policy preferences recently as well as some of the new Group Policy improvements you can do to protect yourself against Pass the Hash attacks. Unfortunately at the end one of my Demo’s did not work however I actually did get it to work only a…
How to remove cPassword values from Active Directory
With the recent MS14-025 security patch Microsoft has removed the ability to configure passwords in Group Policy Preferences via the User Interface. However this update does not remove the password value from AD nor does it stop the value being applied to computers/users. So, if you have apply MS14-025 and you have also implemented another way of managing the local…
Why Passwords in Group Policy Preference are VERY BAD
A long time ago did a blog post explaining how to use the Group Policy Preferences Local Users setting to manager the password of the local accounts. This post explained how to do it in a way that minimised the exposure of the password in Active Directory (see How to use Group Policy Preferences to change account Passwords ) for…
Out Now: Security Compliance Manager v2.5 Beta
Microsoft has just released Security Compliance Manager v2.5 beta https://connect.microsoft.com/site715/program2682 along with a heap of new security baseline for you to use to compare against your environment. In case you are not familiar with SCM then it is a great product from Microsoft that consolidates all the best practice for their software with in-depth explanation for each setting. Notably this…
Out Now: Microsoft Security Compliance Manager v2
Microsoft has made available the final version Microsoft Security Compliance Manager v2 available for download. In case you don’t already know SCM is a great security analysis tool for your Microsoft products that works great with Group Policy but also with SCCM Desired Configuration Management (DCM) and Security Content Automation Protocol (SCAP). If you want to learn more about SCM…
Out Now: Microsoft Security Compliance Manager v2 CTP
If you were waiting to get your hand on the CTP of Microsoft Security Compliance Manager v2 after I wet your appetite in my previous blog post. I am happy to report that it is now avaialbe for download and the instructions to download i can be found at http://blogs.technet.com/b/secguide/archive/2011/03/10/scm-v2-ctp-available-to-download.aspx In case you did miss my previous post about the…
