Posted in Security TechEd Video

Keeping your company secure using Group Policy

In this TechEd session I presented at TechEd New Zealand 2014 I covered some of the changes with Group Policy preferences recently as well as some of the new Group Policy improvements you can do to protect yourself against Pass the Hash attacks. Unfortunately at the end one of my Demo’s did not work however I actually did get it to work only a…

Continue Reading...
Posted in Security Tutorials

How to remove cPassword values from Active Directory

With the recent MS14-025 security patch Microsoft has removed the ability to configure passwords in Group Policy Preferences via the User Interface. However this update does not remove the password value from AD nor does it stop the value being applied to computers/users. So, if you have apply MS14-025 and you have also implemented another way of managing the local…

Continue Reading...
Posted in News Tutorials

Group Policy Preferences Password Behaviour Change – MS14-025

A number of month ago I did a blog post explaining why the use of passwords (a.k.a. cPasswords)  in  Group Policy Preferences was such a bad idea ( see Why Passwords in Group Policy Preference are VERY BAD). Well Microsoft have now taken the additional steps and now release a new hot fix for Group Policy Management Console that explicitly…

Continue Reading...
Posted in Security

Why Passwords in Group Policy Preference are VERY BAD

A long time ago did a blog post explaining how to use the Group Policy Preferences Local Users setting to manager the password of the local accounts. This post explained how to do it  in a way that minimised the exposure of the password in Active Directory (see  How to use Group Policy Preferences to change account Passwords ) for…

Continue Reading...
Posted in News Tip

Internet Explorer 11 Group Policy Preferences

With the release of Internet Explorer 11 from Microsoft for Windows 7 I have seen a number of question asking where are the Group Policy Preferences are for this new version of the browser? The good news is that the current Internet Explorer 10 Group Policy Preferences officially supported see http://support.microsoft.com/kb/2898604 . This works as the default version checking goes…

Continue Reading...
Posted in News

IP Address Range filter for Item Level Targeting is broken in Windows 8

I have just come across an issue with the Group Policy Item Level Targeting feature in Windows 8 with relation to the IP Address Range filter option. Namely that computers in an IP Address range are evaluations are not passed even though they are within the IP Address range… Update: This is a confirmed bug with Windows 8 According the…

Continue Reading...
Posted in TechEd Video

TechEd 2012 Video: How to Get Rid of Your Logon Scripts the Easy And Free Way

The second recording of my three session I presented at TechEd NZ 2012 has now been published on the Channel 9 web site (Microsoft, not Australia TV). Essentially this is my Group Policy Preferences session and is one I have done many times before. Certainly this was my highest rated session at about position #30 out of 180 session for…

Continue Reading...
Posted in Tutorials

How to use Group Policy to configured INI files

INI Files are one of those things that most administrators probably still need to mange in your environment due to one of those (crapy) apps that still not made the jump to registry keys. This is were there INI feature of Group Policy Preferences can be a great help in managing these files. What is really great about this option…

Continue Reading...