Microsoft Active Directory is arguably one of the most attacked resources that you can run on-premises. The reason for this is that it stores the “keys to the kingdom.” Everything identity related on-premises and even in hybrid-joined cloud environments... Read More
Active Directory - Technical
Categories
How to communicate a new password policy to your end users
Rolling out a new password policy without a communication plan is a recipe for disaster. You want to avoid a situation where all end users are prompted to change their passwords without understanding what they’re doing or why –... Read More
How to set up the key components of a password policy in Active Directory
Once you’ve planned out a new password policy, it’s time to put it into practice by setting the right configurations within your Active Directory. If you’re still at the planning stage, we’d recommend checking out our strategy tips for... Read More
How to recover a deleted Active Directory object
Most organizations today are still running Active Directory on-premises as their identity and access management solution. Many businesses are also synchronizing it with cloud directories as part of a hybrid configuration. Recovering Active Directory and deleted objects is an... Read More
Scripting new user onboarding with First Day Password
One common question we have received regarding Specops First Day Password is how to bulk enroll users. Many of the organizations or industries we work with, for example education, onboard several new users or employees at specific intervals. The... Read More
Best practice guide for rolling out Specops Password Policy
Rolling out a new password policy without a plan is a recipe for disaster. You want to avoid a situation where all end users are prompted to change their passwords at the exact same time – triggering chaos for... Read More
Microsoft transitions NTLM to Kerberos in Windows to boost security
Windows authentication is a process that’s been around for decades. Unsurprisingly, attackers often target this authentication mechanism, preying upon weaknesses and vulnerabilities as they crop up. To help secure Windows authentication, Microsoft recently announced it was deprecating reliance on... Read More
Default account lockout policies in Windows 11
Windows 11 is the newest and generally most secure operating system in the Windows family. In the newest iteration of Windows, there are default account lockout policies that exist to mitigate RDP and other brute force password vectors. Why... Read More
PowerShell scripts to force password change for all users after a security incident
There’s plenty to do in the aftermath of your organization suffering a security incident. Anything that can make your job quicker without compromised security is a bonus. After a confirmed or even suspected security breach, it’s often advised to... Read More
How to delegate password reset permissions in Active Directory
Least privilege access is a crucial part of security that protects against overprovisioning user permissions. Even with IT technicians, and junior administrators, this needs to be considered when configuring permissions in the environment. A case in point is helpdesk... Read More