Podcast: RunAs Radio with myself and Richard Campbell

I recently recorded a podcast with Richard Campbell to talk about some of the latest changes with Group Policy especially around passwords in Group Policy Preference and mitigations for Pass The Hash. We then talk about some of the things we would like to see in the next version of Windows regarding security. You can …

Continue reading ‘Podcast: RunAs Radio with myself and Richard Campbell’ »

How to remove cPassword values from Active Directory

With the recent MS14-025 security patch Microsoft has removed the ability to configure passwords in Group Policy Preferences via the User Interface. However this update does not remove the password value from AD nor does it stop the value being applied to computers/users. So, if you have apply MS14-025 and you have also implemented another …

Continue reading ‘How to remove cPassword values from Active Directory’ »

How to set the Local Administrator account to a Random Password

As per my previous blog post Microsoft has release MS14-025 that blocks the ability to configure passwords using Group Policy Preferences. However as part of the guidance they have also published a PowerShell script that allows you to set a random password to the user local admin account. This blog post show you how you …

Continue reading ‘How to set the Local Administrator account to a Random Password’ »

Group Policy Preferences Password Behaviour Change – MS14-025

A number of month ago I did a blog post explaining why the use of passwords (a.k.a. cPasswords)  in  Group Policy Preferences was such a bad idea ( see Why Passwords in Group Policy Preference are VERY BAD). Well Microsoft have now taken the additional steps and now release a new hot fix for Group …

Continue reading ‘Group Policy Preferences Password Behaviour Change – MS14-025’ »

Why Passwords in Group Policy Preference are VERY BAD

A long time ago did a blog post explaining how to use the Group Policy Preferences Local Users setting to manager the password of the local accounts. This post explained how to do it  in a way that minimised the exposure of the password in Active Directory (see  How to use Group Policy Preferences to …

Continue reading ‘Why Passwords in Group Policy Preference are VERY BAD’ »