Block NTLM and NTLMv2 totally, only enable Kerberos
Dear PPL. I would like to totally shut down NTLMv2 in our Domain. I would like only Kerberos as our Accounts Authentications. Should I just change GPO of Default Domain Policy on AD: Network security: Restrict NTLM: Incoming NTLM traffic: to Deny All…
How to change days before password expires notice
I'm looking for a way to change the number of days before notifying users of password expiration from the default of 5 to some other number. I've found a web posting that references: Default Domain Policy (or Default Domain Controller Policy?) >…
April Security update breaks MSMQ on Windows Server,
This patch will to break MSMQ in any current Windows Server version, Example KB5036896 installed on Windows Server 2019 Get "not implemented" error after patching. ErrorNumber: '-2147467263' Source: 'MSMQTransaction' Raised 'Unhandled…
LDAP over SSL on a RODC only (how to)
Hi I have a "basic" question. Customer has 2x RODC in a separated environment, which is direct connected to the On_Prem domain controllers (all 2016) Firewall ports are configured and open. The RODC setup was done without any issues. …
what are Microsoft security recommendation for Microsoft Entra
hello, We are setting up a Microsoft Enterprise tenant; what basic recommendations can we make to make it more secure? Like we know, we like to implement MFA,CA ,PIM ,Audit log anything apart for this specially from IAM side security. Thanks Richa
Need some help to target the Group Policy to enable the NTLM audit?
I must audit any computers still using NTLM v1 in my AD Domain. Do I need to enable these group policies for all Windows servers and workstations in my AD Domain or just the Domain Controllers? Computer Configuration\Windows Settings\Security…
Procedure for enabling and configuring the LDAPs feature for the existing Domain Controllers globally.
I need to globally configure the LDAPS feature in over 20 on-premises Domain Controllers/Global Catalogs to support new security software integration. My existing AD Domain controllers are Windows Server 2016 with Windows Server 2016 FFL/DFL. What steps…
Get-MgDirectoryOnPremiseSynchronization : Insufficient privileges to complete the operation as the Global Administrator?
What are the additional required permissions on top of the Global Administrator to execute the below read only command? Connect-MgGraph -Scopes OnPremDirectorySynchronization.ReadWrite.All Get-MgDirectoryOnPremiseSynchronization The error I am…
Effective Mail Security applications for Exchange 2019 on-prem
I currently use Symantec Mail Security for Microsoft Exchange on our on-prem Exchange 2019 environment but am looking for a new product. The environment is not connected to the Internet, but on a large stand alone network and I initially wondered if…
Credential Validation Audit Failure -Event ID 4776 - MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 - Error Code: 0xc000006a/0xC0000234
Hello all, thanks for reading and attempting to help, I have been having an ongoing issue for the past month or so with having my account get locked multiple times throughout the day due to error listed in the title. Every time it happens I go check…
Delegate Control Wizard reports
Does the Delegate Control Wizard in AD allow an auditor to view which permissions have already been 'delegated' within AD/a domain? Or is it purely for delegating new permissions? If it does not, how exactly could you determine where such permissions…
Certificate is not valid - Issuer: MS-Organization-Access
Hi, On several Servers, I have certificates where the certificates are listed as: Issued to: 0882ac7e-3ff6-4231-a45b-5a654aa4303f Issued by: MS-Organization-Access SCOM reports these as "Certificate is invalid". Chain Details: ---…
How to implement tiering model in Microsoft Entra
Hello, Microsoft recommends the tiering model for AD that we implemented. is there any tiering model concept that Microsoft recommends for designing Microsoft Entra so we can implement it in new tenant . incase no tiering model recommended the…
SSO to get into Outlook account
I cannot seem to figure out how to do this, or if it's even possible. I am the admin of our Azure. I am trying to set up an SSO into our Outlook accounts. As in, when someone signs into Outlook, they are taken to another screen to authenticate them. I'm…
How to disable MFA for a single user
How can I disable MFA for a single user in Azure
How to handle a SEC_I_RENEGOTIATE received in TLS 1.3 Negotiation
I have a client application that uses SCHANNEL to negotiate TLS 1.1 and TLS 1.2 which has worked for years. I recently changed to use SCH_CREDENTIALS and it still works for TLS 1.2 (and I presume TLS 1.1) on Windows 10. When run on Windows 11, it…
What is the best security method to secure our data and credentials?
What should be the best security programs or techniques to save my data from cyberattacking and cyber bullying?
TLS 1.3 using SChannel - DecryptMessage Failed with CONTEXT EXPIRED
Team, Do we have example client/server programs in C/C++ for implementing TLS 1.3 using SChannel? DecryptMessage() function first initial call return SEC_I_RENEGOTIATE and when we reinitiate the connection it get expire and connection close. If you…
Auditing NTLMv1
Hi, I have enabled NTLM auditing to discover any use of NTLMv1. As I understand I can look for events under Applications and Services Log\Microsoft\Windows\NTLM I do see the following events but not sure if there is NTLMv1 traffic blocked here. From the…