Microsoft Active Directory Certificate Services [AD CS] Installation

Microsoft Active Directory Certificate Services [AD CS] provides a platform for issuing and managing public key infrastructure [PKI] certificates. On top of securing application and HTTP traffic the certificates that AD CS provides can be used for authentication of computer, user, or device accounts on a network.

Continue Reading

Active Directory Ports

In the series of posts this month we’ve been looking at network ports relevant to security administrators. This note explores the ports used for Active Directory (AD) communications, which is a topic particularly relevant for allowing AD traffic across a firewall. For instance, you may be wondering which ports to open to allow AD replication across internal subnets, or to allow an AD member server on a screened subnet to authenticate to a domain controller on another subnet.

Continue Reading

SCCM: Step by Step Walk-through Setup

Introduction

The environment used for setting up System Center Configuration Manager is a two server farm with one server acting as the Domain Controller and the second one will act as the SCCM Server with SQL Server 2016 installation. We will install SCCM on the same server as SQL Server for the time being. We can also extend the set up to a stand-alone SCCM server and SQL Server. The installation of SCCM is primarily divided into two sections:

  • Prerequisite installation
  • System Center Configuration Manager Installation
Continue Reading

Step by Step How to Installing and Configuring AD RMS in Windows Server 2016

Introduction

Active Directory Rights Management Services (AD RMS) Data leakage is the unauthorized transmission of information – either to people within the organization or people outside the organization – who should not be able to access that information. One of the major advantages of using AD RMS over other security features such as NTFS permission is that AD RMS permission travels along with the documents.

AD RMS integrates with existing Microsoft products and OS including Windows Server, Exchange Server, SharePoint Server, Microsoft Office Suite and Microsoft Azure.

AD RMS can protect data in transit and at rest. For example, AD RMS can protect documents that are sent as email messages by ensuring that a message cannot be opened even if it is accidentally addressed to the wrong recipient.

Continue Reading

Configuring and using Windows Deployment Services (WDS)

Windows Deployment Services (WDS) is a really interesting tool from Microsoft. It allows an administrator to remotely deploy Windows operating systems to machines booting from a network adapter.

In environments with a high number of clients WDS can be very useful, a new computer can be formatted just plugging the Ethernet, without any physical support like Windows DVDs or USB drives.

Continue Reading

How to Setup And Configure DNS Role on Windows Server 2016

Domain Name System (DNS), defined in several Request for Comments (RFC)documents, performs a single task: translating user-friendly hostnames to IPv4 or IPv6 addresses. The DNS serverin Windows Server 2016 works the same basic way as it does in Windows Server 2012 R2. However, the Windows Server engineering team added some worthwhile enhancements, including DNS policies and Response Rate Limiting (RRL).

Continue Reading

Certificate (password-less) based authentication in WinRM

This week the WinRM ruby gem version 1.8.0 released adding support for certificate authentication. Many thanks to the contributions of @jfhutchi and @elpetak that make this possible. As I set out to test this feature, I explored how certificate authentication works in winrm using native windows tools like powershell remoting. My primary takeaway was that it was not at all straightforward to setup. If you have worked with similar authentication setups on linux using SSH commands, be prepared for more friction. Most of this is simply due to the lack of documentation and google results (well now there is one more). Regardless, I still think that once setup, authentication via certificates is a very good thing and many are not aware that this is available in WinRM.

This post will walk through how to configure certificate authentication, enumerate some of the “gotchas” and pitfalls one may encounter along the way and then explain how to use certificate authentication using Powershell Remoting as well as via the WinRM ruby gem which opens up the possibility of authenticating from a linux client to a Windows WinRM endpoint.

 

Continue Reading

Deploying Skype for Business 2015, including Edge and Reverse Proxy Servers

I was given the task of deploying a full-blown on-premise deployment of Skype for Business Server 2015 for a small company. The deployment also included an Edge Server and a Reverse Proxy server (IIS with ARR). In this blog post I’ll discuss the deployment process in general, and also the problems (and solutions) that were discovered during/after the deployment. I’ll end the post with some check-up/misc. information.

Continue Reading

Repadmin – Active Directory Replication Tools

In this post, we’ll learn about Repadmin command, it’s the Active Directory Replication Tools used to check Active Directory replication between Active Directory Domain Controller. Repadmin is a command line tool introduced by Microsoft in Windows Server 2003 R2 and still actively used in latest version of Microsoft e.g. Windows Server 2012 R2, etc to replicate AD data. In the old post, we already learned the steps to promote a Domain Controller using PowerShell command.

Continue Reading