Month: April 2010

CCF 2009 simple architecture

I’ve been working with CCF the last days, CCF you say what is that? Well its a product from Microsoft that can be used to enhance the experience of users when working with multiple applications that require the same input. Say we have a call center with many applications. When a customer calls the agent asks for your zip code or address. Then you state your problem and the agent needs to open a different program and re-enter your zip code, then the company needs to send you a package and for that application he again needs your address details.. annoying for you (every time the agent asks you for your creds and even more annoying for the call center agent since he/she has to type the same info multiple times.

So CCF can help you with that..it requires a lot of programming to integrate all the apps, but it could be worth it.. are you designing CCF? are you interested in the architecture.. check out this post …

Read more

IIS & Kerberos Kernel Mode

A new post about kerberos.. indeed some techno stuff nobody seems to understand but is very important for security. A new feature in Windows 2008 IIS7 is the kernel mode support, what does it do, and more important how can it help you?

Read more

Whoopsie, here we go again.. antivirus kills Windows

Once in a while, antivirus companies create a new signature file that kinda stops the entire system instead of just the virus..

It’s like the docter amputates the heart of the patient, just to cure a brooze

Congratulations McAffee this time:

Problem
Blue screen or DCOM error, followed by shutdown messages after updating to the 5958 DAT on April 21, 2010.
Solution
WARNING: If you have not done so already, do NOT download the 5958 DAT and disable all automatic pull and update tasks.

Selective authentication

When creating a forest trust, each domain within the trusted forest becomes trusted. While this is sometimes not desired it is possible to limit the scope by implementing selective-authentication. It is possible to only allow authentication between those domains you want by granting the allowed to authenticate right to only those domains objects.

Read more

Windows 2008R2 features part VI: Managed Service Accounts – delegation

In a previous entry I’ve explained how you can run services under the new Managed  Service Account. Say now that we want to use this service account in combination with Kerberos and the account needs to be trusted for delegation. We set an SPN to it, but in the Active Directory Users and Computers, we seem to be unable to find the trusted for delegation option.. Let’s take a closer look at these accounts once they have been created, to do this we’ll be using ldp.exe

Read more