Microsoft Active Directory Certificate Services [AD CS] provides a platform for issuing and managing public key infrastructure [PKI] certificates. On top of securing application and HTTP traffic the certificates that AD CS provides can be used for authentication of computer, user, or device accounts on a network.
In the series of posts this month we’ve been looking at network ports relevant to security administrators. This note explores the ports used for Active Directory (AD) communications, which is a topic particularly relevant for allowing AD traffic across a firewall. For instance, you may be wondering which ports to open to allow AD replication across internal subnets, or to allow an AD member server on a screened subnet to authenticate to a domain controller on another subnet.
The environment used for setting up System Center Configuration Manager is a two server farm with one server acting as the Domain Controller and the second one will act as the SCCM Server with SQL Server 2016 installation. We will install SCCM on the same server as SQL Server for the time being. We can also extend the set up to a stand-alone SCCM server and SQL Server. The installation of SCCM is primarily divided into two sections:
- Prerequisite installation
- System Center Configuration Manager Installation
Active Directory Rights Management Services (AD RMS) Data leakage is the unauthorized transmission of information – either to people within the organization or people outside the organization – who should not be able to access that information. One of the major advantages of using AD RMS over other security features such as NTFS permission is that AD RMS permission travels along with the documents.
AD RMS integrates with existing Microsoft products and OS including Windows Server, Exchange Server, SharePoint Server, Microsoft Office Suite and Microsoft Azure.
AD RMS can protect data in transit and at rest. For example, AD RMS can protect documents that are sent as email messages by ensuring that a message cannot be opened even if it is accidentally addressed to the wrong recipient.
DHCP is used to dynamically assign IP addresses to client machines. This tutorial is written to help you to install and configure DHCP on Windows Server 2016. Once you have followed this article, go ahead with creating scopes and start leasing out IP addresses (which I have documented in another article).
Windows Deployment Services (WDS) is a really interesting tool from Microsoft. It allows an administrator to remotely deploy Windows operating systems to machines booting from a network adapter.
In environments with a high number of clients WDS can be very useful, a new computer can be formatted just plugging the Ethernet, without any physical support like Windows DVDs or USB drives.
Domain Name System (DNS), defined in several Request for Comments (RFC)documents, performs a single task: translating user-friendly hostnames to IPv4 or IPv6 addresses. The DNS serverin Windows Server 2016 works the same basic way as it does in Windows Server 2012 R2. However, the Windows Server engineering team added some worthwhile enhancements, including DNS policies and Response Rate Limiting (RRL).
This week the WinRM ruby gem version 1.8.0 released adding support for certificate authentication. Many thanks to the contributions of @jfhutchi and @elpetak that make this possible. As I set out to test this feature, I explored how certificate authentication works in winrm using native windows tools like powershell remoting. My primary takeaway was that it was not at all straightforward to setup. If you have worked with similar authentication setups on linux using SSH commands, be prepared for more friction. Most of this is simply due to the lack of documentation and google results (well now there is one more). Regardless, I still think that once setup, authentication via certificates is a very good thing and many are not aware that this is available in WinRM.
This post will walk through how to configure certificate authentication, enumerate some of the “gotchas” and pitfalls one may encounter along the way and then explain how to use certificate authentication using Powershell Remoting as well as via the WinRM ruby gem which opens up the possibility of authenticating from a linux client to a Windows WinRM endpoint.
I was given the task of deploying a full-blown on-premise deployment of Skype for Business Server 2015 for a small company. The deployment also included an Edge Server and a Reverse Proxy server (IIS with ARR). In this blog post I’ll discuss the deployment process in general, and also the problems (and solutions) that were discovered during/after the deployment. I’ll end the post with some check-up/misc. information.
In this post, we’ll learn about Repadmin command, it’s the Active Directory Replication Tools used to check Active Directory replication between Active Directory Domain Controller. Repadmin is a command line tool introduced by Microsoft in Windows Server 2003 R2 and still actively used in latest version of Microsoft e.g. Windows Server 2012 R2, etc to replicate AD data. In the old post, we already learned the steps to promote a Domain Controller using PowerShell command.