ProTips

Category for various tips and tricks

0

MDI–Assign & Verify Permissions To Deleted Objects Container

Posted on by Rhoderick Milne [MSFT]
Granting Permissins to Deleted Objects Containter for MDI

In Active Directory, the Deleted Objects container is a hidden location where objects reside temporarily after they have been deleted, before they are fully removed by the tombstone or recycle bin process. This container plays a critical role in object recovery and directory hygiene.  By default, permissions on it are limited and the container itself is often overlooked since it is out of sight.

Th… Read the rest “MDI–Assign & Verify Permissions To Deleted Objects Container”

0

Time To Stop Using The Legacy Azure MFA & SSPR Portal

Posted on by Rhoderick Milne [MSFT]
Legacy Azure MFA Portal - Time To Migrate

In today's threat landscape, passwords alone are no longer sufficient to protect access to cloud systems. Enter Multifactor Authentication (MFA): a security mechanism that requires users to present two or more independent validation factors—typically something you know (e.g. password), something you have (e.g. a mobile authenticator or hardware key), or something you are (e.g. biometric data)—befo… Read the rest “Time To Stop Using The Legacy Azure MFA & SSPR Portal”

1

Using PowerCfg To Set Server Power Plan From Command Line

Posted on by Rhoderick Milne [MSFT]
Set Power Plan Via Command Line

Being able to automate and set Power Plan options via the command is useful for both automation and tasks on Server Core.  We can use powercfg.exe to control power plans - also called power schemes - to use the available sleep states, to control the power states of individual devices, and to analyze the system for common energy-efficiency and battery-life problems.

Below are multiple examples of the … Read the rest “Using PowerCfg To Set Server Power Plan From Command Line”

0

Stale DNS Server Blocking Captive Portal Or Simply Inaccessible

Posted on by Rhoderick Milne [MSFT]
Stale DNS Server Entries Causing Issues On Windows 10 and 11

It’s always DNS.  That’s the typical mantra when troubleshooting AD issues.

But what about a fully updated Windows 10/11 machine totally ignoring the DNS server it was told to use via DHCP?  Yes, that unfortunately was a recent problem.  On the machine it appeared to have the public Google DNS server (8.8.8.8) stuck.  Regardless of what network the machine connected to, it ignored the DNS server as… Read the rest “Stale DNS Server Blocking Captive Portal Or Simply Inaccessible”

0

Quick Tip – Easily Allow JIT to Azure VMs In A Resource Group

Posted on by Rhoderick Milne [MSFT]
Azure Portal Connect to VM

Controlling connections to Azure VMs using the just in time (JIT) policy of Microsoft Defender for Cloud (MDC) certainly improves the overall security of the Azure resource.  However, then having to enable JIT on a given VM runs into issues pretty quickly.

Azure Portal Too Permissive

Who thought it was a great idea to have “All configured IPs” as the default option? No thanks – I do not want to enab… Read the rest “Quick Tip – Easily Allow JIT to Azure VMs In A Resource Group”

0

Quick Tip – Easily Start All Azure VMs In A Particular Resource Group

Posted on by Rhoderick Milne [MSFT]
Quick Tip Easily Start Azure VMs Using Azure Cloud Shell

Manually starting up lab VMs is painfully slow, and since many organisations will implement management policy to auutomatically shut them down to save costs you may find yourself powering them on a lot...

While you can set up automated tasks to power them on, not all really need to be running every day.  For example, I always want the DC's running so they are able to maintain replication and there … Read the rest “Quick Tip – Easily Start All Azure VMs In A Particular Resource Group”

0

Kerberos Issues November 2022

Posted on by Rhoderick Milne [MSFT]
Kerberos Issues November 2022

The November 8, 2022 and later Windows updates address a  security bypass and elevation of privilege vulnerability with Authentication Negotiation by using weak RC4-HMAC negotiation.

This update will set AES as the default encryption type for session keys on accounts that are not marked with a default encryption type already.

To help secure your environment, install the Windows update that is dated … Read the rest “Kerberos Issues November 2022”

0

Check If AD FS WSTrust Endpoint Enabled

Posted on by Rhoderick Milne [MSFT]
Check WSTrust Endpoint Configuration

Active Directory Federation Services (AD FS) uses endpoints to provide access to features.  There are a series of different endpoints which each serve a different purpose from password reset, publishing federation metadata or multiple web services protocols.  It is important to ensure that only the required features are actually enabled, and also if those features are to be made available internal… Read the rest “Check If AD FS WSTrust Endpoint Enabled”

0

WordPress Linux Web App Poor Performance

Posted on by Rhoderick Milne [MSFT]
Azure Create WordPress App Service

Having to host, upgrade and manage WordPress is not really my main job.  The various posts over the years will provide a small clue that other things take up most of my time and are my day job.  Life was certainly easier when TechNet was still around as a dedicated team ran the MSDN and TechNet blog platforms and provided all of the infrastructure support.  All I had to do was write the posts.

Alas… Read the rest “WordPress Linux Web App Poor Performance”

0

Why Can’t I Search For Content In TechNet and MSDN Blogs?

Posted on by Rhoderick Milne [MSFT]
TechNet Blogs Yeeted

There was a time when every obscure error code, undocumented quirk, and tricky deployment scenario in the Microsoft ecosystem had an answer, and more often than not you would find it on the MSDN or TechNet blogs. Written by Microsoft engineers, product teams, and MVPs who lived and breathed the technology, these posts were not marketing gloss. They were raw, detailed, and practical.  The kind of c… Read the rest “Why Can’t I Search For Content In TechNet and MSDN Blogs?”