In this tutorial, I will explain how to change the password of the KrbTgt account. Before explaining how to change the password of this account, I will give you some explanations. Who is krbtgt? The krbtgt account is a disabled service account in the Active Directory, which is used for the distribution of Kerberos Tickets, …
If you’re used to connecting to Windows servers, you may have noticed that Server Manager opens every time, although handy, this tends to “slow” the login and is intrusive especially when you don’t need it. I will explain how to disable its automatic opening. If you have already closed it, open the server manager. Click …
In this tutorial, we will address a security point on an Active Directory environment, which is the domain joining of computers. What you need to know (some administrators don’t know this), all domain users can join a computer to a domain, they can even join up to 10 computers. Domain administrators have no limit as …
In this tutorial, I will explain how to force DNS registration of computers by Group Policy (GPO) in an Active Directory environment. Maintaining a clean, up-to-date DNS (Active Directory) zone is not easy, especially with dynamic computer registration. The first step is the activation of automatic cleaning, but it happens that once this is activated, …
In this “troubleshooting”, I will explain how to remove the Remote Installation Services settings that are configured on the Default Domain Policy. On Active Directory domains, which were created with an older version of Windows Server (2003), User settings are configured (Policies / Windows Settings / Remote Installation Services / Client Installation Wizard Options). Custom …
Deduplication is a feature that saves disk space on a volume by grouping identical sectors together. It is not recommended to enable deduplication on volumes hosting databases, virtual machines, and even WSUS. Before implementing this technology, check that your backup software is compatible. Example: With Veeam to restore files from a volume where deduplication is …
In this tutorial, I will show you how to install SSH server (OpenSSH) on Windows Server 2019/2022. As of Windows Server 2019, the OpenSSH server is a native additional feature. For previous versions of Windows Server a tutorial is available here: OpenSSH client and server – installation on Windows Server 2012R2 and 2016 Using an …
In this tutorial, I will tell you how to harden password security with Lithnet Password Protection for Active Directory. Lithnet Password Protection for Active Directory is a free utility that installs on domain controllers, which will allow us to increase password security with: Create a forbidden password dictionary, also taking into account the replacement of …
In this “how to” tutorial, I will show you how to add a DNS zone on a Windows DNS server. Open the DNS console On a server where the DNS role is installed, open the DNS Manager administrative console. Add a DNS zone in direct lookup zones In the left panel, right-click on Direct search …
You want to increase the security level of your Active Directory environment, but historically the option: User cannot change password was enabled. The script below allows you to modify this option in bulk on your entire directory or just one UO.