Items related to Windows in general
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) are protocols that provide secure communications. Today several versions of these protocols exist, and not all of them are considered secure by Microsoft or other security companies.
Schannel is a Security Support Provider (SSP) that implements the SSL, TLS and Datagram Transport Layer Security (DTLS) Internet standard authentication pro… Read the rest “TLS Musings”
The below post initially stemmed from an Exchange Risk Assessment which noted that all of the customer's Exchange servers were missing critical Windows updates. The customer's security team were slightly upset as they believed (mistakenly) that all assets were properly updated. This was not the case. When we looked into the details, the monthly Windows Server 2012 R2 updates had been failing to… Read the rest “Unable to Install Windows Updates or Windows Components”
After preparing AD and installing the first Windows Server 2019 DC into an existing AD environment, it was noted that there were unresolved SIDs listed at the root of the domain. This was corelated to the AD 2019 upgrade as permissions had been audited and cleaned up prior due to previous issues in the environment. Previously all DCs were Windows Server 2012 R2 with all updates installed.
After r… Read the rest “Unresolved RID 526 and 527 After ADPrep”
One issue when cutting over services or performing datacentre disaster recovery operations consists of three little letters - DNS.
DNS records have a time to live (TTL) and depending on the zone file configuration, it could be several hours or even measured in days. So if a record was changed, this means that in normal run state clients would continue to connect to the old IP rather than the new I… Read the rest “Windows 10 FlushDNS”
January 2020 is going to be a very important month. There are multiple large and important products which will exit out of their extended support lifecycle phase. The list includes Exchange 2010.
We reviewed this a year ago, to provide additional warning and notification as many customers still run Exchange 2010 on-premises. For those who are not in the middle of upgrade or migration activities t… Read the rest “Save The Date – End of Exchange 2010 Support–T Minus 1 Year”
With my customer facing role, there are lot of demonstrations to enterprise customers. Manually reverting machines back to the initial starting point for the next demo can be time consuming and error prone.
One example of this is clearing out the contents on Window's Credential Manager. There is no option to do a block select to delete multiple entries at once. Worse still is that Modern Authent… Read the rest “Script to Clear Credman”
In current versions of Windows the venerable snipping tool (snippingtool.exe) has been updated with improved functionality.
This is the Snipping Tool from a Windows 7 lab machine:
Clicking on Options we see:
The below were taken from my Windows 10 build 1803 machine. Note that there are now additional buttons present.
Specifically the Mode and Delay b… Read the rest “QuickTip–Delay Functionality In Windows Snipping Tool”
The below is an issue which caused this week’s customer a little stress. They wanted to review the current AD FS configuration, but were not able to successfully run the Get-AdfsPropeties cmdlet.
The Get-AdfsProperties cmdlet would generate the error below.
For make most glorious benefit of search engines:
Get-AdfsProperties : ADMIN0120: The client is not authorized to access the endpoint net.tcp://… Read the rest “Get-AdfsProperties Error ADMIN0120”
As part of troubleshooting a recent Windows Server 2016 AD FS issue, I wanted to take a look at the database using SQL Server Management Studio (SSMS). In order to successfully connect there are a couple of gotchas to note as the database used was the Windows Internal Database (WID). This is the default AD FS 2012 R2 and 2016 deployments. There is no SQL management interface and the correct con… Read the rest “Connect to AD FS 2016 WID Using SQL Server Management Studio”
Previously Exchange 2010 was not supported with Windows Server 2016 Domain Controllers. The support position was discussed in the Exchange Support For Windows Server 2016 post back in 2016. This was a challenge for organisations who still had Exchange 2010 deployed yet wanted to move forward with AD DS upgrades so that they could take advantage of the newer AD features. While people would try … Read the rest “Exchange 2010 Support For Windows Server 2016 Domain Controllers”