In this tutorial, we will see how to enable automatic session locking after an inactivity period by GPO in an Active Directory environment. This group policy helps increase security, as many users do not lock their session when they leave their workstation. The settings that we are going to configure apply to Users. Enable automatic …
Presentation of authentication policies With Windows Server 2012R2 and the new ADAC (Active Directory Administration Center) administration console, Microsoft has added authentication policies that provide an additional layer of security. In the summary of authentication policies will allow or not to allow a user logs on to a desktop or server, or vice versa control …
File Server Resource Manager Overview In this tutorial, I will introduce the File Server Resource Manager FSRM, which is a feature of the File Server role. FSRM allows several things at the file server level: Quota application on a folder Automatic tasks on folders and files (automatic archiving of unopened files from xxxx) Storage report …
Introduction AD RMS (Active Directory Right Management) is a Windows Server service that provides extended rights management for certain files. The system is similar to the DRM protection that protects intellectual property. In internal use, AD RMS extends NTFS security rights by limiting actions on a Word file by preventing the printing or saving of …
Presentation In this tutorial, we will see how to add rules to the Windows Firewall using Group Policy. For information, the Windows Firewall has been implemented in the Windows operating system with service pack 2 (SP2) of Windows XP. It is now part of the system and some functionalities like DirectAccess requires that it be …
DNSSEC (Domain Name System Security Extensions) is an extension of the DNS protocol that adds security to the DNS protocol by signing the records by a public / private key system. This extension allows the client to verify that the response received is valid and has not been changed by a man-in-the-middle attack. This extension …
Presentation Windows Server includes a feature (Windows Backup) that allows you to perform full system backups or a portion of it. It can be used to back up virtual machines, SQL Server databases, file server … It is recommended to use a hard disk dedicated to backups to have incremental backups, in case of user …
The following script allows you to force the password change at the next logon. Tip: Run the script at night, if the password date has expired, users will have to make the change as soon as the script runs.
LAPS (Local Administrator Password Solution) is a free solution provided by Microsoft that allows the security of workstations. LAPS allows for each computer in OR to randomly generate a password for the local Administrator account and store it in an Active Directory attribute (ms-Mcs-AdmPwd). It ‘relies on the SID of the account which is structured …
Introduction In this article, we are going to have how to set up a read-only domain controller (RODC). This type of controller, as the name suggests, is read-only, so it can not change user attributes or even add objects. There are several implementation scenarios for this type of domain controller, here are two that I …