Active Directory

Compare GPO Settings to Security Best Practices Using the New Microsoft Security Configuration Toolkit

Microsoft has released a set of tools that allow security administrators to compare current GPO settings against Microsoft best practices. The Microsoft Security Configuration Toolkit enables enterprise security administrators to effectively manage their enterprise’s Group Policy Objects (GPOs).  Using the toolkit, administrators can compare their current GPOs with Microsoft-recommended GPO baselines or other baselines, edit them, store them in GPO backup file format, and apply them via a domain controller or inject them directly into testbed hosts to test their effects Download: Microsoft Security Compliance Toolkit 1.0

Microsoft’s Windows 10 Patch Again Tuesday Brings New GPO Setting

Microsoft today has rolled out new updates for Windows 10 versions 1803, 1709, 1703, and 1607. Among the slew of fixes included in the updates, Microsoft has also developed a new Group Policy setting that should help customers with PCs that have difficulty with network connections. New setting… Adds a new Group Policy setting called “Enable Windows to soft-disconnect a computer from a network”. This determines how Windows will disconnect a computer from a network when it determines that the computer should no longer be connected to the network. If enabled, Windows will soft-disconnect (disconnection is not immediate or abrupt) a computer from a network. If disabled, Windows disconnects a computer from a network immediately. If not configured, the default behavior is soft-disconnect. ...

Office 365 Groups Gains the Ability to Enforce Company-consistent Group Names

Microsoft is rolling out a new function for Office 365 Groups to allow companies to help make sense of the group names being created by end-users. Office 365 Groups is a valuable feature that gives users the ability to connect with like-minded or collaborative partners for corporate projects, business, and community. But, due to the ability to generate groups, the group names can become unruly. Azure AD Naming Policy for Office 365 Groups is now generally available and contains two rules that can be applied: Prefix-suffix naming policy You can define prefixes or suffixes that are then added automatically to enforce a naming convention on your groups (for example, in the group name “GRP_JAPAN_My Group_Engineering”, GRP_JAPAN_ is the prefix, and _Engineering is the suffix). Custom blocked wo...

5 Key Office 365 Migration Reminders

Microsoft wants your migration to Office 365 to go as smoothly as possible.  They’ve spent a great deal of time working on making it a streamlined process with fewer errors to worry about.  Recently Microsoft released a new Hybrid Agent public preview that is part of the Office 365 Hybrid Configuration Wizard and allows you to choose between an Exchange Classic Hybrid Topology and an Exchange Modern Hybrid Topology.  Learn more about this new Hybrid agent here. Prior to making the move to Office 365, I like to give a few recommendations depending on the size of your organization and the current configuration with your on-premises Exchange environment.  Here are 5 reminders: Revise Legacy Domains:  Many organizations are still working off legacy domain design that goes back nearly a s...

Microsoft’s Administrative Templates for Windows 10 1809 Now Available

With Windows 10 1809 back on track to deliver to the masses after being paused due to critical bugs, Microsoft is also now releasing the administrative templates for this Windows version. Group Policy tools use Administrative template files to populate policy settings in the user interface. This allows administrators to manage registry-based policy settings. Download: Administrative Templates (.admx) for Windows 10 October 2018 Update (1809)    

Microsoft Updates the Azure Active Directory Connect Health Agent

For those running Azure AD services on-premises, Microsoft has developed an installable agent to report on the health of the identity services. The agent is installed on servers. Azure AD Connect Health helps monitor and gain insight into your on-premises identity infrastructure. It offers you the ability to view alerts, performance, usage patterns, configuration settings and much more. This is accomplished using an agent that is installed on the targeted servers. Microsoft has now refreshed the tool for those that are already using it. For those not already using the agent, its free to download and install. Download: Azure Active Directory Connect Health Agent Required platforms and software… Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, W...

Clearing Active Directory User Attributes Using PowerShell

You might have need to remove or clear certain user attributes in Active Directory. Here’s a couple examples of how to do that: Set-ADUser -homePhone $null -or- Set-ADUser -clear -homePhone To remove multiple attributes, use a comma… set-ADUser -clear homePhone, StreetAddress, givenName Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in Dallas, Texas in 2018!

Can SCCM Configuration Baselines Replace GPOs?

Upfront I’ll state that Active Directory (AD) Group Policy Objects (GPO) are great for what they were originally designed to do: manage foundational settings on a large number of users/computers. Since their original release, there have been some great advancements, such as Group Policy Preferences (GPP), WMI Filtering, and the ability to easily extend with ADMX files. There are also some features that were introduced, and remain today, that should have gone by the wayside a long time ago: logon/logoff scripts, MSI deployments, automatic home drive mapping, to name a few. Where many companies run into issues is around the over-use/incorrect use of GPOs. Behaviors such as creating a new GPO to manage a single application’s settings, creation of Organization Units (OU) specifical...

Microsoft Delivers New Azure AD Sign-in Experience to Public Preview

The march continues to move Active Directory and AD logins to the Microsoft cloud. Today Microsoft has announced the new login experience is available for public preview. The new UI offers a couple changes: The login is consistent now for Azure AD and other Microsoft identity solutions. According to Microsoft research, providing a two page login system (one screen for user name, a subsequent screen for password) ensures better success for signing in.   The new experience is currently opt-in only, but Microsoft plans to make a full cutover to the new design in September.   Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

5 Tips to Improve Password Security in Active Directory

Sponsored The Windows Active Directory password policy has remained pretty much the same for over 18 years. Meanwhile, hackers have found sophisticated methods such as dictionary and brute-force attacks to blast through weak passwords. Many security experts have advocated against the use of the default Windows password policy. In his white paper titled “Thwarting hackers with better Active Directory password policies,” Active Directory MVP Derek Melber talks about how there are significant limitations and security issues in AD password policies. If you are still using one, then you have a serious security problem. So how can you improve password security? Based on my personal experience and interactions with security experts, here are a few tips that you should follow to boost password sec...

DirSync and Azure AD Sync Support Ends on April 13, Upgrade to Azure AD Connect Quickly

Today Microsoft has taken to its blog to remind customers that… Today, we are confirming that DirSync and Azure AD Sync will reach end of Support as planned on April 13, 2017. Since the original announcement on April 13, 2016, Microsoft says that 35,000 customers have already migrated. DirSync will stop accepting connects on December 31, 2017 – so there’s time to upgrade. Upgrade information: How to transition to Azure AD Connect Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

Azure Active Directory Core Skills Jump Start

Constantly resetting customer passwords? Want to extend your on-premises Active Directory? Join us to explore Azure Active Directory (Azure AD) as we kick off our Enterprise Mobility Core Skills series, arming you with key knowledge to enable enterprise mobility management and to prepare your environment for Windows 10. Looking for an awesome, no-nonsense technical conference for IT Pros, Developers, and DevOps? IT/Dev Connections kicks off in San Francisco in 2017!

  • 1
  • 2