Welcome to Dirteam.com/ActiveDir.org Blogs Sign in | Join | Help

in Search

Browse by Tags

All Tags » Directory servi... » Security
Showing page 1 of 2 (15 total posts)
  • Kerberos and non-standard port number

    Kerberos in Windows Operating System is around for about 10 years and it is still causing problems and for many people it is like black magic voodoo. In most cases organizations and people in it are not aware that it is now working until it problem will occur on a surface with some application not working or reports not being displayed on MOSS web ...
    Posted to Tomek's DS World (Weblog) by tomek on December 20, 2009
  • userPassword

    One of my friends PFE has asked me a question regarding userPassword attribute in directory which was related to some behavior he was observing in customer environment. We had a little chat about it and then I thought that maybe other has such questions as well so … here’s a topic for a blog.  Behavior my friend was observing was related to ...
    Posted to Tomek's DS World (Weblog) by tomek on November 22, 2009
  • Where to put SSL certificate for LDAP …

    Protecting LDAP traffic with SSL is a good idea, especially if in network environment some applications are (ab)using LDAP as authentication protocol. Some explanation of abusing word – LDAP never was designed as authentication protocol (like Kerberos is). Its name states it clear “DIRECTORY ACCESS PROTOCOL”. However because it is simple to use ...
    Posted to Tomek's DS World (Weblog) by tomek on June 17, 2009
  • Critical vuln in MIT Kerberos implementation

    This isn't something which is in line with my day to day work, however this is something which may affect many organizations so I've decided to add my blog to list of sties which will duplicate this information. Secunia has reported critical vulnerability in MIT Kerberos implementation which can result in remote code execution, DoS or information ...
    Posted to Tomek's DS World (Weblog) by tomek on March 24, 2008
  • Schema extensions for Vista new features

    Vista introduces several new functionality and few of then (to be specific two) requires our AD environment to get prepared through schema extension. These schema extension needed to run new Vista's features will be part of LH schema, but LH is still somewhere behind the horizon and we have to take care about it by ourselves. Two new ...
    Posted to Tomek's DS World (Weblog) by tomek on December 4, 2006
  • Office 2007 ADM templates

    Microsoft has published on Downloads Office 2007 ADM templates for downloads. As Office 2007 will be launched soon and may start to show up in our networks maybe it is worth to take a look at ADM possibilities before this will happen.
    Posted to Tomek's DS World (Weblog) by tomek on November 11, 2006
  • MIIS newbie tales - Export password attribute with Extensible MA

    Today I had a little chat on e-mail with Alex Tcherniakhovski which was about following topic: how to create export only attribute with Extensible MA to set initial password for newly provisioned account? (OK, this wasn't exactly such topic but this is what it was about :) ). So problem is: we are provisioning new account to some ...
    Posted to Tomek's DS World (Weblog) by tomek on October 3, 2006
  • Disable simple bind without SSL on ADAM

    Today on ActiveDir.org ~Eric pointed out interesting feature in ADAM which allows ADAM administrator to configure ADAM instance to reject simple bind attempts on ports without SSL. To do this one have to edit properties of CN=Directory Service,CN=Windows T,CN=Services,CN=Configuration,CN={<GUID>} object and set RequireSecureSimpleBind ...
    Posted to Tomek's DS World (Weblog) by tomek on September 24, 2006
  • Auditing directory changes aka "Who deleted this object"

    Some question were raised by few peoples about directory object auditing - mostly in a context of question "Who deleted the object?" - so I've decided to give this topic a little space. Windows 2000\2003 provides us with auditing mechanism which can be used also to track changes for Active Directory objects. Probably this isn't ...
    Posted to Tomek's DS World (Weblog) by tomek on September 21, 2006
  • Auditing policy changes misunderstanding

    This topic is probably familiar for most of peoples who are playing with Windows systems for a while, but maybe some newbie will get here so here’s the post. Today I responded in some thread on Polish web portal regarding how to audit changes in GPOs and why audit policy changes setting is not doing this as it should be? The answer to ...
    Posted to Tomek's DS World (Weblog) by tomek on August 21, 2006
1 2 Next >
Powered by Community Server (Personal Edition), by Telligent Systems