Active Directory Right Management Services: Installation and Configuration

protected document

Introduction AD RMS (Active Directory Right Management) is a Windows Server service that provides extended rights management for certain files. The system is similar to the DRM protection that protects intellectual property. In internal use, AD RMS extends NTFS security rights by limiting actions on a Word file by preventing the printing or saving of …

Read more



GPO: Managing Windows Firewall Rules

firewall rule added

Presentation In this tutorial, we will see how to add rules to the Windows Firewall using Group Policy. For information, the Windows Firewall has been implemented in the Windows operating system with service pack 2 (SP2) of Windows XP. It is now part of the system and some functionalities like DirectAccess requires that it be …

Read more



DNSSEC: Sign a DNS Zone with Windows Server

DNSSEC (Domain Name System Security Extensions) is an extension of the DNS protocol that adds security to the DNS protocol by signing the records by a public / private key system. This extension allows the client to verify that the response received is valid and has not been changed by a man-in-the-middle attack. This extension …

Read more



Windows Backup: installation and configuration

Overview Windows Backup

Presentation Windows Server includes a feature (Windows Backup) that allows you to perform full system backups or a portion of it. It can be used to back up virtual machines, SQL Server databases, file server … It is recommended to use a hard disk dedicated to backups to have incremental backups, in case of user …

Read more



LAPS – Securing Local Administrator Accounts

Wizard install

LAPS (Local Administrator Password Solution) is a free solution provided by Microsoft that allows the security of workstations. LAPS allows for each computer in OR to randomly generate a password for the local Administrator account and store it in an Active Directory attribute (ms-Mcs-AdmPwd). It ‘relies on the SID of the account which is structured …

Read more



Setting up a read-only domain controller – RODC

Introduction In this article, we are going to have how to set up a read-only domain controller (RODC). This type of controller, as the name suggests, is read-only, so it can not change user attributes or even add objects. There are several implementation scenarios for this type of domain controller, here are two that I …

Read more



AD FS: installation and configuration of an SSO and directory federation portal

Form login

Introduction In this article, I propose to discover the AD FS and Proxy (WAP) roles. As part of the preparation for the 70-742 certification, I embarked on the mock-up of an infra. What’s this ? ADFS and the proxy that accompanies it can put several things in place: Prerequisites For the realization of this tutorial …

Read more



Sophos XG: installation on Hyper-V

Login page

In this tutorial, we will have how to install a Sophos XG firewall on a virtual machine with Hyper-V. For this article, I used the Sophos XG home version which is available for free. Prerequisites Download the ISO firewall on the site sophos and recover the license key that will be sent by email. Create a …

Read more



Sophos XG: secure emails

Portail user

Introduction In this tutorial, we will see how to secure emails with a Sophos XG firewall. The firewall offers two modes of operation for filtering emails: MTA : the firewall will act as an SMTP relay Legacy : it will be placed in transparent mode, which we will see in this tutorial. In both modes …

Read more



Network share: enable enumeration based on access EBA

Active EBA

Introduction The access-based enumeration allows to display in a network share, only folders and files whose use has at least a right of reading. Other documents and folders will be hidden. Enabling this feature will increase the CPU resource consumption on the file server because at each access this will check what should be displayed. …

Read more