asteroza + directory   107

Trying to improve LDAP, preferably not AD where CN is the keying. Founded by a ex-MS guy who hated being one of 5 guys with the exact same name at MS?
office365  profile  identity  management  addon  AD  active  directory  windows  LDAP 
9 weeks ago by asteroza
Controlling Google Chrome Web Extensions for the Enterprise
People need to start whitelisting chrome extensions, because things are getting out of hand...
google  chrome  ADMX  GPO  AD  active  directory  group  policy  template  enterprise  security  management  sysadmin  tips  tricks 
december 2018 by asteroza
Security Focus: Analysing 'Account is sensitive and cannot be delegated' for Privileged Accounts – PoSh Chap
Apparently this setting helped to stop a NotPetya analog (NCC group's EternalGlue neutered red team worm using techniques from EternalBlue and mimikatz and bloodhound) from running rampant and capturing the domain admin account via token impersonation. There may be drawbacks however...
windows  active  directory  AD  security  domain  admin  token  delegation  NotPetya  EternalBlue  sysadmin  tips  tricks 
december 2018 by asteroza
4964(S) Special groups have been assigned to a new logon. (Windows 10) | Microsoft Docs
Throwing important AD users into a special security audit group will raise security events in the event log to allow easier tracking. Useful for exploring an environment where people have hard coded certain accounts or registered a task/service with an inappropriate account
windows  AD  active  directory  special  user  login  audit  security  group  event  log  hacking  pentesting  defense  WEFFLES 
november 2018 by asteroza
Windows Server 2012: Group Managed Service Accounts | Ask Premier Field Engineering (PFE) Platforms
Quit running tasks as system, run them as NETWORK SERVICE or use these gMSA's if you have a 2012 AD domain
windows  AD  active  directory  security  privilege  delegation  limited  account  group  managed  service  scheduled  task 
november 2018 by asteroza
ryanries/PassFiltEx: First commit
password filter for AD to add additional password restrictions on things like a custom password blacklist
windows  AD  active  directory  custom  bad  password  filter  blacklist  sysadmin  security  tips  tricks 
june 2018 by asteroza
Windows Server version 1709 no longer supports FRS
Old AD's that use FRS for sysvol replication block new server promotion
windows  AD  active  directory  SYSVOL  FRS  replication  sysadmin  tips  tricks  2016  domain  controller  promotion 
march 2018 by asteroza
Using a blockchain concept to get over the PGP key directory server hump.
security  blockchain  keychain  identity  authentication  key  PKI  directory  cryptography  PGP  SSH  GPG  Delicious 
april 2014 by asteroza
Active Directory Protection | Identity Theft Detection | Aorato™
Active Directory protection software, that looks for irregular logon or authentication behavior compared to learned profiles of users. Since AD stuff gets more exposed as you federate to outside services, squelching attacks by finding anomalous authentication behavior becomes more important.
DAF  AD  directory  services  application  firewall  dynamic  learning  behavioral  anomaly  detection  profiling  security  software  Delicious 
january 2014 by asteroza
Glynx Private Room
Interesting, but not open source kinda kills it...
persona  communication  realtime  directory  p2p  2.0  identity  Glynx  Delicious 
april 2012 by asteroza
Domain Controller Appliance - Drop-in PDC replacement | TurnKey Linux Virtual Appliance Library
Might be useful as an emergency PDC, but it isn't clear how you would merge with an existing domain...
VM  virtual  appliance  active  directory  PDC  samba  Delicious 
august 2011 by asteroza
BoxCryptor :: On-the-fly Encryption for cloud storage
Simple virtual drive setup that basically does realtime encryption. Real files sit on some local disk directory, show as unencrypted files on virtual drive. This solves the dropbox privacy problem by encrypting files before dropbox uploads them (dropbox would be syncing the encrypted real directory). Though Dropbox will hate you for it since that destroys their ability to dedup.
virtual  encrypted  disk  software  windows  mac  OSX  linux  directory  sync  security  encryption  cloud  storage  support  tools  utilities  sysadmin  alternative  dropbox  EncFS  Delicious 
june 2011 by asteroza
Time synchronization may not succeed when you try to synchronize with a non-Windows NTP server in Windows Server 2003
Full line would be

w32tm /config /manualpeerlist:",0x8" /syncfromflags:manual /update
force  windows  active  directory  domain  controller  external  NTP  time  source  client  mode  sync  Delicious 
march 2011 by asteroza
« earlier      
per page:    204080120160

related tags

2.0  3.0  3d  account  active  ad  addon  addressbook  admin  administrator  ADMX  advice  agent  agentless  alternative  anime  anomaly  apache  app  AppGate  apple  appliance  application  archive  assessment  asset  attack  audit  auditing  authentication  authority  authorization  Azure  backdoor  bad  based  behavioral  BigData  bitcoin  blacklist  block  blockchain  blocker  blocking  blog  bloodhound  blueteam  book  boundary  breakout  brute  business  CA  canary  capital  capture  catalog  Centeris  certificate  change  cheatsheet  check  chrome  circular  client  cloud  CMS  CNC  collection  command  communication  community  comparison  compliance  computer  configuration  consulting  contact  contacts  content  control  controller  controls  copy  CoSoSys  cracking  crawler  credentials  cryptography  CSVDE  custom  cutting  daemon  DAF  data  DC  Debian  defense  delegation  Delicious  Dell  demo  deny  design  detection  development  DFSR  digital  direct  directory  disk  DNS  domain  download  drivers  dropbox  DSinternals  dump  dynamic  earth  economy  education  emoji  employee  EncFS  encrypted  encryption  endpoint  engine  english  englishOK  enterprise  entrepreneur  EPS  ESOE  EternalBlue  evaluation  event  exchange  exploit  export  extensions  external  extrusion  fabber  fabbing  fabricator  fake  federated  file  filesystem  filter  finance  firewall  folder  force  forest  forum  free  freeIPA  freeware  FRS  fsniper  FullArmor  geronimo  Glynx  google  government  GPG  GPO  graph  group  guide  guideline  hacking  hard  hash  hashcat  home  honeytoken  howto  humor  hunter  IAM  IBM  identification  Identify  identity  IdM  import  inbound  industry  information  infosec  integrated  integration  interface  internet  internet-of-things  intranet  intrusion  inventory  iPhone  japan  japanese  java  JohntheRipper  join  JtR  junction  kerberos  kereberos  key  keychain  lab  language  LAPS  laser  lateral  launcher  ldap  LDIF  learning  lifehacker  Likewise  limited  line  link  links  linux  list  listing  local  locator  lock  lockout  log  logging  logic  login  logon  LXACML  mac  malware  managed  management  manager  manual  manufacturing  map  matchmaker  merchant  method  METI  microsoft  middleware  migration  mimikatz  ministry  mission  mode  monitor  monitoring  movement  multitenant  NAC  name  neo4j  network  NetWrix  NotPetya  NTFS  NTLM  NTP  OASIS  observation  office  office365  offline  old  older  on  online  open  OpenID  openldap  opensource  OSX  OWASP  p2p  pass  password  PC  PDC  pentesting  permission  persona  PGP  PKI  point  policy  PolicyPortal  port  portal  powershell  prevention  printer  printing  privilege  product  profile  profiling  programming  project  promotion  proxy  quality  R2  Radiant  radius  realtime  recon  redhat  redirect  redirection  redteam  reference  removal  replication  report  reporting  research  resource  Responder  restaurant  review  roaming  routing  SaaS  samba  SAML  SASL  satellite  scanner  scheduled  schema  script  scripts  sdesign  search  seccurity  SecureItEasy  security  seeder  server  service  services  setup  shell  Shibboleth  shop  showcase  sign  signon  single  single-sign-on  size  SMB  software  source  space  special  Squid  SSH  SSL  SSO  starup  statistics  storage  store  subbed  support  swing  symbolic  symlink  sync  synchronization  sysadmin  sysinternals  system  SYSVOL  task  technology  template  test  TGT  theory  ticket  time  tips  token  tokyo  tols  tomcat  tools  trade  training  travel  treemap  tricks  tripwire  trust  tutorial  tutorials  unicode  USB  user  utilities  utility  VC  venture  version  virtual  virtualization  Vista  visualization  VM  VPN  vulnerability  web  webapp  webdev  WEFFLES  WinDirStat  windows  windwos  wireless  workshop  XACML  Xcopy  XP 

Copy this bookmark: