In a previous blog post, we covered how to migrate to Windows Local Administrator Password Solution (LAPS). With Windows LAPS deployments gaining traction, it’s important to review configuration items and implement policies that can harden your endpoints and mitigate attacks from bad actors. Secret encryption, secret history, access control list (ACL) monitoring, and more play […]
6 Tips to Harden Your Windows LAPS Deployment Read More »
Windows Local Administrator Password Solution (LAPS), now integrated into the OS, is the replacement for Microsoft LAPS, which was a separate installation. Windows LAPS is a native, built-in solution with increased functionality and security features. It also provides an emulation mode to help you migrate from legacy LAPS. Now is the time to migrate to
Migrating to Windows LAPS Read More »
Active Directory (AD) domain controllers (DCs) have been around since Windows 2000. At that time, virtualization was in its infancy and almost every server was physical. And many of those servers weren’t even housed in a typical datacenter or server closet. Virtualization started to take off in the early to mid-2000s. It enabled the use
Virtual Machine Generation ID with Active Directory Domain Controllers Read More »
If you work in a higher education environment, there exists a set of standards that must be implemented to allow students and faculty to collaborate on projects at other schools or to use higher education specific services. One of these standards is the eduPerson schema, which provides storage for widely used education-specific attributes about a
Deploying the eduPerson Schema to Active Directory Read More »
In a previous blog post, we discussed taking advantage of Entra (formerly Azure Active Directory) Application Proxies to allow access to on-premises applications without a dependency on traditional tools such as a VPN. That blog includes a few great points that should be highlighted again. For example, in most organizations an Entra Application Proxy: Sounds
In my previous blog post we reviewed why time synchronization is important, as well as proper time synchronization configuration of domain controllers (DCs) holding the Primary Domain Controller Emulator (PDCe) role. We were able to properly configure Network Time Protocol (NTP) settings through the use of Windows Management Instrumentation (WMI) filters and Group Policy. Like
Network Time Protocol Configurations: A Deeper Dive Read More »
Active Directory (AD) is still the predominant identity and management platform for tens of thousands of organizations worldwide. Larger organizations with hundreds to even thousands of applications continue to rely on AD, even as they transition to a cloud-first or AD-minimized environment. The reason? Unraveling all the AD-related technology and applications an organization has invested
Active Directory Forest Recovery: Plan to Eliminate Downtime Read More »
Are you tired of seeing the Windows Admin Center (WAC) prompt from Microsoft Windows Server Manager (as shown in Figure 1) and not knowing what to do about it? Do you want to evolve your management experience beyond RDP? If you’re reading this blog, the answer to both of those questions is likely yes. Most
How to Build a Tier 0 Windows Admin Center Instance Read More »
Passwords have long been the de facto authentication mechanism for identities. Length and complexity plagued us as we struggled to produce an acceptable password that we could easily remember and type when prompted. Although we’re moving closer to a passwordless and much more secure world, for now, we must still create these memorable, complex dinosaurs
How to Implement Microsoft Entra Password Protection for a More Secure Environment Read More »
You may recall that in March 2020 Microsoft was planning to configure a couple of Lightweight Directory Access Protocol (LDAP) security settings on behalf of its customers. The company ended up not pulling the trigger, even though vulnerabilities still exist with the default implementation of LDAP. These security holes allow man-in-the-middle (MITM) attacks and replay
Get Started With LDAP Security Read More »
Ravenswood Technology Group is based in Chicago, IL but with customers around the world. We help companies, universities, and other organizations with less than 100 employees to over 500,000 build secure, hybrid infrastructure that enable their users to work from anywhere.
[Recent Blog Posts]
[Expertise]
© Ravenswood Technology Group, LLC
