Prevent "Fat Fingered" deletion of OU objects. Fat fingered administration is one of the main causes of OU deletion and subsequent “Authorative Restores” and the associated aggravation. In Windows Server 2008/2008R2 in Active Directory Users and Computers there is a check box titled “Protect Container from accidental deletion”, this check box sets two ACES to prevent, … Continue reading Prevent “Fat Fingered” deletion of OU objects.
Active Directory - Cosmetic Forestry Over the past year the media have reported on banks and companies facing impending doom; government bailouts and other measures to ensure the global economy does not implode. As a result many mergers and aquisitions have occured and IT departments are now facing multiple challenges. One such scenario may be: A manager who during … Continue reading Active Directory: Cosmetic Forestry
Active Directory Domain Controllers only support teamed network cards in a "Fail on Fault" configuration and not in a load balanced configuration. To quote Microsoft from the Windows Server System Reference Architecture (WSSRA): "The second way to protect against a network failure is to configure each domain controller with two separate network cards. Each card … Continue reading Top Tip:Active Directory Domain Controllers and teamed network cards.
All Windows Operating systems in my opinion should run antivirus and malware software, which should be regularly updated to counteract the threat that malicious code can pose. Many corporations in my experience simple install the anti-virus application; then configure the virus signature updates and believe that that they are done - but there is a small oversight - certain … Continue reading Windows antivirus exclusions
If you have upgraded your Active Directory from Windows 2000 to Windows Server 2003 SP1, 2008 or 2008R2 (or if you installed a pristine Windows 2003/2003 R2 forest), there is a high probability that you have overlooked updating the Active Directory Tombstone Lifetime from 60 days to the new default of 180 days. The tombstone … Continue reading Active Directory: Tombstone Lifetime – Set it to the correct value.
A recent experience at a client and a subsequent call from Microsoft PSS highlighted a possible cause for "Slow Log off from Windows 7 and Windows Vista of between 5-10 minutes" Insight: Early Active Directory designs often consisted of an Empty root domain for a multitude of reasons - but primarily for separation of Forest … Continue reading Slow Logoff from Windows 7 and Windows Vista
This document explains the interdependencies between Active Directory Domain Services (AD DS) and Public Key Infrastructure (PKI) related to Homeland Security Presidential Directive 12 (HSPD-12) smart card logon. Topics concerning the Federal PKI Common Policy Root certificate, Extended Key Usage (EKU) requirements and validation of Personal Identity Verification (PIV) authentication certificates for smart card logon … Continue reading Active Directory: Domain Services (AD DS) and Public Key Infrastructure (PKI) related to Homeland Security Presidential Directive 12 (HSPD-12) smart card logon.