Keeping your company secure using Group Policy

In this TechEd session I presented at TechEd New Zealand 2014 I covered some of the changes with Group Policy preferences recently as well as some of the new Group Policy improvements you can do to protect yourself against Pass the Hash attacks. Unfortunately at the end one of my Demo’s did not work however I actually did get …

Continue reading ‘Keeping your company secure using Group Policy’ »

How to remove cPassword values from Active Directory

With the recent MS14-025 security patch Microsoft has removed the ability to configure passwords in Group Policy Preferences via the User Interface. However this update does not remove the password value from AD nor does it stop the value being applied to computers/users. So, if you have apply MS14-025 and you have also implemented another …

Continue reading ‘How to remove cPassword values from Active Directory’ »

Why Passwords in Group Policy Preference are VERY BAD

A long time ago did a blog post explaining how to use the Group Policy Preferences Local Users setting to manager the password of the local accounts. This post explained how to do it  in a way that minimised the exposure of the password in Active Directory (see  How to use Group Policy Preferences to …

Continue reading ‘Why Passwords in Group Policy Preference are VERY BAD’ »

Out Now: Security Compliance Manager v2.5 Beta

Microsoft has just released Security Compliance Manager v2.5 beta https://connect.microsoft.com/site715/program2682 along with a heap of new security baseline for you to use to compare against your environment. In case you are not familiar with SCM then it is a great product from Microsoft that consolidates all the best practice for their software with in-depth explanation …

Continue reading ‘Out Now: Security Compliance Manager v2.5 Beta’ »

Out Now: Microsoft Security Compliance Manager v2

Microsoft has made available the final version Microsoft Security Compliance Manager v2 available for download. In case you don’t already know SCM is a great security analysis tool for your Microsoft products that works great with Group Policy but also with SCCM Desired Configuration Management (DCM) and Security Content Automation Protocol (SCAP). If you want …

Continue reading ‘Out Now: Microsoft Security Compliance Manager v2’ »