No support for Protected Users in Microsoft Entra Domain Services?
I have been loooking into mapping best practices about configuring hardening / tiering model from on-premises Active Directory to Microsoft Entra Domain Services (MEDS). I'm well aware that MEDS is NOT a replacemenet for AD DS and have many restrictions and missing features, but that does not stop me from wanting to make it as secure as possible for member servers to be joined to. Since MEDS is a PaaS in Azure, deployed from within Azure and managed in another way than Active Directory, of course there are different ways of implementering a good tiering model. In my study I wanted to see if I could enable Protected Users feature (join users to Protected Users Group). However I find this group to be present but not possible to add members to (feature greyed out). I have a member server in the MEDS instance and have installed AD DS Tools. My user is member of AD DDS Administrators group. I would like to know if anyone have some knowledge on the subject to share?How to Reset Windows Server 2008 R2 Administrator Password?
I am struggling to reset the administrator password on my Windows Server 2008 R2 machine. Unfortunately, I do not remember the password and cannot access the system. I have tried use a password reset disk or access the built-in administrator account, but have been unsuccessful thus far. I am worried about losing access to critical files and applications as a result of being unable to log in. Therefore, I am seeking advice and guidance on the most effective and secure way to reset administrator password for Windows Server 2008 R2. I am hoping that other forum members who have encountered similar issues in the past can share their experiences and offer tips and solutions. Thanks.
ACPI/INTC1085 driver is not installed
Hello. I have a server platform ASUS RS300-E12-RS4 with Intel(R) Xeon(R) E E-2478. After installation microsoft hyper-v server 2019 and install all drivers from asus site, i have 1 not installed device. ACPI\INTC1085\2&DABA3FF&1 driver "INTEL_Serial_IO_V30.100.2237.26.zip" not compatible for this device. BIOS version is 0803 BMC version is 1.0.9 The support of the hardware manufacturer could not help me, they recommended to contact the OS manufacturer.feature Installation Error
I am facing this issue in Windows Server 2019 STD. i am also tried to solve this issue to select sources\sxs path from the OS media but still i am getting the same error. Mistakenly i have removed .Net framework from this server and after that i am facing this issue. please help me to solve this issue.
Configure Certificate for LDAPS and Others
Hi, Thought I already posted this question but can't locate it now, so I guess it didn't work. Let's try again... I've been asked to setup secure LDAP on our network, and this is something completely new to me. I've been searching around for tutorials and have found some but none of them go into how to create the certificate using Certificate Services. I have been searching but all I'm finding is information on how to install a certificate authority, but that's as far as they go. What I've learned so far is that we have a Certificate Authority (CA) and an Intermediate Authority (IA), all installed by an ex-colleague, who didn't leave any notes or instructions on how to use them. I have learned somethings, like the CA should be protected and is powered down, I guess you power it up when you need it? And when I look in Certificates on our Domain Controller, I see a certificate under Local Computer\Personal\Certificates but it was issued by the CA, not the IA and it expired last summer. Not sure how to go about renewing it or creating a new one from the IA. If someone can point me in the direction of an easy-to-follow tutorial on how to manually create certificates, I'd appreciate it. So far, I'm not having any luck finding one. Thanks in advance!Certificate based Authentication and KB5014754
Hello community, we have an AD CS that issues certificates to users and computers. How do we achieve automatic certificate mapping? According to KB504754, strong certificate mapping is to be done. Currently, AD computer/user certificates are being used, and no mapping has been configured. Will this continue to work?
RDP Web Access MFA
This has got to be a stupid question but here goes. We use Remote Desktop Services to deliver remote desktops and apps to external parties. We have MFA setup on the launching of the published app or desktop. However, the initial login to the RD Web Access portal (remote.whitehavencoal.com.au) is not MFA enabled and vulnerable to password guessing. I was able to successfully exploit this. The MSP who set this up claims it’s not possible to put MFA on the initial RDP Web Access portal. I find that very hard to believe given MFA is so prevalent and recommended by everyone including Microsoft on everything. Could you help me either confirm this weakness or point me to a solution.
Hyper-V VMConnect failing after hardening crypto
I run Hyper-V locally on my laptop for testing and evaluation of various systems and services for my company. The laptop is running Win10, AMD Ryzen processor, 40GB RAM. The Hyper-V install had been running fine for a long while, but I just recently updated my crypto settings on my laptop (stopped the use of legacy/insecure ciphers, locked to TLS 1.2 and disabled older versions, etc.) and suddenly I can't connect using the Hyper-V VMconnect console to my VM's anymore. Reference: Setup Microsoft Windows or IIS for SSL Perfect Forward Secrecy and TLS 1.2 | Hass - IT Consulting A sample of the error I'm getting - pop up window as the VMConnect console is being spun up: An authentication error has occurred One or more of the parameters passed to the function was invalid My local EventViewer / Custom Views / ServerRoles / Remote Desktop Services1 channel has the follow error message crop up: RDPClient_SSL: An error was encountered when transitioning from TsSslStateHandshakeInProgress to TsSslStateDisconnecting in response to TsSslEventHandshakeContinueFailed (error code 0x80004005). Seems to indicate that the VMConnect service is relying on some kind of SSL/TLS handshake to negotiate a secure connection but that it can't agree on the terms? Any ideas? Other than the obvious reversion back to the weaker crypto state :)
Defender for Serever on RDP Session Host
Hi all, I have a simple question that rises during considerations about a security concept. Is it enough to secure a RDP Session Host with Microsoft Defender for Server Plan 2? Or do I have to secure the single RDP sessions as well? The question behind that is: Is the Defender for Server able to secure the interactions and all the app-data (e.g. Mails) for all users? Thanks!
