Author: rzomerman

  • SharePoint to retrieve data from two LDAP directories

    So no posts for a long time, been busy though.. and the latest addition to this blogpost is about SharePoint. Who would have thought.. In my case the customer wanted to enrich the User profiles that came from Active Directory with Novell attributes that where in a central identity store. While SharePoint is capable of…

  • Office 365… where to get your information

    So this post is more of an advertisement.. Office 365, the latest version of BPOS (Business Productivity Suite Online) is in beta stage at the moment and more enterprises decide to go for it. It is based on Exchange 2010, Lync (new OCS), SharePoint 2010 and lots more.. My colleagues have decided to create a…

  • Windows Firewall through policies + SCM

    So everybody should enable firewall policies in order to keep their environment secure. Best practice is to manage the firewalls through policies.. keep a default policy to enable the firewall and do not allow incoming connections.. then based on server role add exceptions and ports. That way, each server added to the domain is secured…

  • CCF 2009 simple architecture

    I’ve been working with CCF the last days, CCF you say what is that? Well its a product from Microsoft that can be used to enhance the experience of users when working with multiple applications that require the same input. Say we have a call center with many applications. When a customer calls the agent…

  • IIS & Kerberos Kernel Mode

    A new post about kerberos.. indeed some techno stuff nobody seems to understand but is very important for security. A new feature in Windows 2008 IIS7 is the kernel mode support, what does it do, and more important how can it help you?

  • Whoopsie, here we go again.. antivirus kills Windows

    Once in a while, antivirus companies create a new signature file that kinda stops the entire system instead of just the virus.. It’s like the docter amputates the heart of the patient, just to cure a brooze Congratulations McAffee this time: Problem Blue screen or DCOM error, followed by shutdown messages after updating to the 5958 DAT…

  • Selective authentication

    When creating a forest trust, each domain within the trusted forest becomes trusted. While this is sometimes not desired it is possible to limit the scope by implementing selective-authentication. It is possible to only allow authentication between those domains you want by granting the allowed to authenticate right to only those domains objects.

  • Windows 2008R2 features part VI: Managed Service Accounts – delegation

    In a previous entry I’ve explained how you can run services under the new Managed  Service Account. Say now that we want to use this service account in combination with Kerberos and the account needs to be trusted for delegation. We set an SPN to it, but in the Active Directory Users and Computers, we…

  • Cross Forest Authentication NTLM

    So we’ve seen how a trust is setup, and how we can manipulate the domain controllers involved, can we do the same for authentication traffic? The answer would be yes, but why is it a yes, and how is the main question. While many believe WINS or LMHOSTS can help us on external (non-forest) trusts,…

  • Creating trusts (as follow up to…)

    So I was wondering the following, how do all the domain controllers know that the trust is established, since (see previous post) we cannot accurately say which domain controller is being used.. When we have the same problem with user passwords, the PDC gives the vote whether the password (just changed) for the user is valid. The…

  • Cross Forest Authentication part 2 – Creating trusts

    In part of the the forest authentication blog post, we’ve seen that a particular path is used depending on Kerberos or NTLM authentication. We’ve also seen that domain controllers rely on other domain controllers of the forest to find the right domain (and thus object in the AD). The question now is, which domain controller…

  • Server Core + network bindings

    When you want to control the bindings on a network card in Server Core (2008R2), your stuck with the registry editor. So how do you A: know what binding you want to remove, B: where to locate it, C: to disable it.. A is easy.. you want to remove, File and Printer Sharing, Client for…