Windows Server: Disabling SSL 3.0, TLS 1.0, and TLS 1.1
May17

Windows Server: Disabling SSL 3.0, TLS 1.0, and TLS 1.1

KB ID 0001675 What are these protocols? Both SSL and TLS are cryptographic protocols designed to secure communications over a network (remember the internet is just a network). Originally we had SSL version 1 and version 2. But they were, (to be honest) ‘a bit bobbins’ and full of security holes, so never really took off. Version 3 however did and was widely supported. The problem with version 3 was, (again) that was also ‘bobbins’....

Read More
Windows Server – Schedule a Reboot
Mar02

Windows Server – Schedule a Reboot

KB ID 0001321  Problem Back in the day we just used the ‘At’ command to schedule a reboot, but starting with Server 2012 that was stopped! If you try it now you will see the following; The AT command has been depreciated. Please use schtasks.exe instead Solution (The Quick Way) Execute the following command (change time and data accordingly); schtasks /create /tn “Scheduled Reboot” /tr “shutdown /r /t 0” /sc once /st...

Read More
Group Policy: Item-Level Targeting
Feb08

Group Policy: Item-Level Targeting

KB ID 0001654 Problem Yesterday I wrote a post about Deploying a ‘Mapped’ Drive to a couple of users using Group Policy. This received a comment that was basically ‘Why not simply use Client Targeting?’ To be fair that’s a good point, I was using a Group Policy Preference and they can be specifically targeted. So here’s how to do that. Solution If you do not already have one, create a group for your...

Read More
Apply Group Policy To a Security Group
Feb07

Apply Group Policy To a Security Group

KB ID 0001653 Problem On EE this morning someone asked how to map a drive to only two users, so that wherever they logged in, they got their mapped drive. Seemed like a good Idea for a post so here you go; Solution If you do not already have one, create a group for your users. Add the users, (as appropriate). On a Domain Controller > Administrative Groups > Locate the OU that contains your users (Note: if your users are in...

Read More
Get Ready for LDAPS Channel Binding
Jan28

Get Ready for LDAPS Channel Binding

KB ID 0001645 Problem I have written about Enabling LDAPS a long time ago, but it’s a subject that’s about to become important again, so I’ll revisit the subject. Microsoft are about to ‘enforce’ LDAPS authentication against their domain controllers, in the March 2020 round of updates. Now delayed until second half of 2020. What does that mean? Well lookups against LDAP will now need to be secure, (i.e....

Read More
Windows Server – Change Your Password in an RDP Session (Send Ctrl+Alt+Del)
Jan21

Windows Server – Change Your Password in an RDP Session (Send Ctrl+Alt+Del)

KB ID 0001183  Problem Colleague: Windows Server, Where’s Windows Security gone? Me: Eh? Colleague: Windows Security! Me: What are you trying to do? Colleague: I want to change my password and I can’t send a Ctrl+Alt+Delete to the remote server. Well I know that pressing Crtl+Alt+Delete would let you change your password like so; I wasn’t aware that in Server 2008 and earlier if you were connected via RDP you got a...

Read More