Using gMSA for Task scheduler and Service account scenario?
Based on: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/service-accounts-group-managed I'm trying to implement the gMSA for the following scenario: Task Scheduler account Service account (Failover Cluster, SQL Server, ADFS,…


Patch CVE-2013-3900 MS13-098 WinVerifyTrust
Hi, I found WinVerifyTrust Signature Validation Vulnerability on the weekly report of a Windows Server 2019. I applied the solution described in https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 but It didn't work, even after the…
+92 country code not supported
Hi microsoft support i am unable to add my number for Two step verification against my microsoft ID
SMB Signing not required vulnerability
This regarding below fixes where I need difference between the two fixes and clarifications: As per the below article, Once I updated Microsoft network server: Digitally sign communications (always). value as Enabled the vulnerability is not seen in…
Using gMSA for replacing the Task Scheduler service account?
What steps should I follow to change the current Task Scheduler service account from using the regular AD Account in the format of CORP\service.account to a gMSA? When I try to change it manually by double-clicking on the task, it prompts for the…

PKIVIEW shows OCSP error on Location#1
I have discovered the hard way that certificates with RSA1 are no longer working for some things, and soon may not work for anything. My original CA was set up well over 10 years ago with RSA1 on server 2008 (I think. Might have been server 2003) and…
Windows server 2012 or 2022 OCSP request hashAlgorithm using sha256
I wanted to know if there is a way of configuring a Windows server 2012 or 2022 that is running a CA responder to accept OCSP request hashAlgorithm using (sha256). I know the RFC standard is to use SHA1. The reason is that I have a cisco firewall and…
Online Responder (OCSP) request with hashAlgorithm SHA256, response unauthorized (6)
Hi! We faced with the problem of OCSP role on Windows Server 2019 (I also tried to rise the same role on our test Windows Server 2025 with the same result). We started updating our old Cisco devices to a new firmware and our remote vpn spokes lost their…
Windows CA WebEnrollement certificate problems
We are using a Windows Server 2012 R2 as Windows CA for our Windows 10 environment. Certificates are getting automatically enrolled through GPO which is great, unless you get Mac devices in your environment. To get them the required User and Machine…
How to set PowerShell eventlog max size in a GPO
Hi there. I need to set the PowerShell event log in Windows max size in a GPO. I allready got the Eventlog Max size for: Application, Security, Setup, and System down in the: "Windows Components/Event Log Services" area My google foo has…

How to disable SeImpersonate Privilege for a user having local Service rights ?
Currently i am using Apache Tomcat under Local user (say as TestUser) created from edit local user and groups. But when i log on using TestUser to Apache Tomcat Service, it automcaticallly assigns Local service rights to TestUser, which also enables…

EnableCertPaddingCheck
Hello, The WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck) recently started appearing on my Windows 10 machines. I've read that the solution is to add the following to the registry …

Network device enrollment using elliptic curve keys
Does anybody know if someone have successfully implemented NDES/MSSCEP together with EC (Elliptic Curve) keys, hence not RSA keys? Is there any well documented guides out there? The NDES/MSSCEP service itself must use certificates (the CEP Encryption…
What are the steps and procedure to use gMSA as the Windows Server Service Account?
After creating the gMSA using the below PowerShell, how can I successfully replace the services in all of my Windows Server Application servers? New-ADServiceAccount -Name New-gMSA -DNSHostName Mydomain.com -PrincipalsAllowedToRetrieveManagedPassword…


Notification or Alerts for MFA setting
Hi Everyone Could we setup an alert when a MFA method is added, changed or deleted in Microsoft account setting security option?
Third Party Certifcate
Hi All i was referring the below article, i want to raise a request using HashAlgorithm sha256 https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/enable-ldap-over-ssl-3rd-certification-authority is the below syntax correct and…
Win Server 2025: unable to activate PIN or Fingerprint sign-in options.
Hello to all. I have a bit of a problem, I would really appreciate your expertise. I have installed a standalone Win Server 2025 LTSC Preview Build 26052, which was successfully updated to Build 26063.1 through Windows Update, on a pretty old but…
User Client Access License (CAL)
Hi community, I have purchased Microsoft Windows Server 2025 - 1 User Client Access License (CAL) With SKU: DG7GMGF0PWHT-0002 and i want to know is it possible to install it on Windows server 2022 datacenter and if it possible i want to know the way by…
Cannot add Fibre CHannel Adapter to Windows Server 2012 VM on Hyper-V SecuritySecurityOptOut
Hi, i am trying to add a Fibre Channel adapter on a windows server 2012 machine running in hyper-v on Windows 11 pro. I am getting the error "Failed to add resources. Cannot modify property. Failed to add resources (Virtual Machine ID xxxxxxx)…
CPU & RAM usage by the Antimalware Service Executable/Windows defender Antivirus Service
Hello, Is there a way to limit the CPU & RAM used by the Antimalware Service Executable/Windows Defender Antivirus Service. I saw a CPU Limit which is set to 20 but it has no effect on this service. 2023-07-12_15-02-30 VIPEIVCOR01 Task Manager.jpg Is…