Author: rzomerman
-
RDS Gateway through WAP
I’ve been trying to get RDS Gateway to work behind my WAP proxy server which is included in Windows Server 2012 R2 and v.Next version. While it is possible to implement ADFS based authentication based on the URL: http://technet.microsoft.com/en-us/library/dn765486.aspx But what if we wanted to publish the simple RDS Gateway on our backend server for…
-
Azure VPN with Checkpoint FW
In this post, how to configure a Site2Site VPN connecting using a Checkpoint firewall. [EDIT: The instructions below are for R77, which is a really old version. I’m currently writing the instructions for the R80.20 version, but it seems it’s a bit harder to get the S2S tunnel up and stable.. certainly on my PPPOE…
-
Geo-Clustering
Geo Clustering exists in many options, and dependent highly on the requirements and technical capability. This post is to discuss some options and things to consider before deploying any geo-cluster. Data GEO- Redundancy The first dependency in clustering is storage capability. Data from the workload in the cluster will be written to disk and that…
-
FIM/BHOLD reports
So all documentation on BHOLD informs you there are “out of the box” reports available.. none of the articles show which reports they are.. so here they are..
-
Change UPN (based on Primary Email) based on SMTP: in proxy addresses
So there are numerous scripts out there for setting the UPN of a user to match the Windows Email Address.. you can even do that in a single command (Powershell).. but would it not be better to actually read the primary e-mail address from the ProxyAddresses? .. so the following script will help you with…
-
Data Offloaded Transfers – ODX
As we are seeing more and more Windows 2012 based Clouds and services.. I wanted to alert you to the following technology which is becoming more and more available in backend storage systems (and Windows 2012): ODX If you are implementing Hyper-V, File services or any other Windows Server 2012 with a backend SAN…
-
Mitigating attacks on your Active Directory network
Microsoft released a new whitepaper this week that gives an insight in why you should protect your privileged accounts. One of the techniques described is the PassTheHash attack which is a sophisticated attack but fairly easy to execute. These attacks have been seen in the “field” and are being used today. If you work with…
-
Back to the future…
Did your AD jump back to the year 2000 during the past weekend? .. This could have happened if you are syncing your time with the USNO.NAVY.MIL, as they apparently had a disruption on the 19th. see http://tycho.usno.navy.mil/ntp.html But if time jumped back on your AD, you’re in trouble.. and the way to get…
-
MBAM – Install guide – tips
So as promised.. the install guide.. or at least some small tips as the installation is not that hard.. First of all, we are going to use a three server architecture. One server for the databases, one for the administration and monitoring and a group policy server. To start, we need to create some groups…
-
Microsoft BitLocker Administration & Monitoring – intro
Why we should BitLocker (or any other drive encryption) should be clear. A stolen laptop is only worth as much as the retrievable data on it + the value of the laptop. In large enterprises this could be millions of dollars, but for personal use this could lead to embarrassment or worse. But enterprises seem…
-
2FA via the cloud – Cryptocard
So many of you probably have been wondering what type of 2FA I am using for my tests. Instead of setting up internal servers, dealing with encryption keys and various tokens, I stumbled upon a cloud service that handles all of this for you. Now before we dive into the “commercial” part (although I did…