Microsoft Exchange and Active Directory Blog
It should be known by now that support for Windows Server 2008 (also for R2) and Windows 7 will end on January 14, 2020. There will therefore be no more security updates for these Windows versions. Support for Exchange Server 2010 was extended by Microsoft in September 2019 to 13.10.2020, but this does not include the operating system. ... Read more
I admit it. In one of my test environments, I've now been caught out too. I've forgotten the password... But it's actually a good thing, because I can see if the good old workaround via "Utilman" still works. The good news: Yes, it still works! Here again the way how ... Read more
Configuring SCHANNEL settings for SSL 3.0 and TLS 1.0, for example, is possible under Windows using the registry. For a larger number of servers or computers, however, group policies are more suitable for configuration, so I have created corresponding templates that make the settings in the registry. Foreword The group policies record changes to the registry ... Read more
In these two articles, I already presented a way to protect Windows file servers from Locky and other ransomware: https://www.frankysweb.de/windows-fileserver-vor-ransomware-crypto-locker-schuetzen/ https://www.frankysweb.de/windows-fileserver-vor-ransomware-schuetzen-update/ Tobbi has also implemented the idea for Netapp Filer: http://www.tobbis-blog.de/netapp-ontap-fileserver-gegen-ransomware-abschotten/ But there are still the clients, from which most of the danger emanates. The faster the computers are identified that are infected with ... Read more
Ransomware such as Crypto Locker or Locky and other names are becoming more and more of a plague. Only in a few cases is it possible to restore the encrypted data. Without a backup, the damage can quickly become very extensive. Since the Trojans usually start encrypting data from a client and in doing so ... Read more
Today there is another useful PowerShell script that can be used to add remote users to local groups on servers or computers. The script expects a CSV file with computer names and then processes the list. The CSV file must be formatted as follows: An example is included in the archive. The first 5 lines ... Read more
The Windows CA is able to send mails to inform about processes. For example, when the service is stopped or started. However, it is not easy to configure manually. I have therefore slightly modified a script from the Technet so that it also works if the CA has not yet issued any certificates. Simply ... Read more
From 01.01.2016, Microsoft will declare SSL certificates with SHA1 as the hash algorithm invalid. Web servers or services that use certificates with SHA1 will therefore trigger certificate warnings in the user's browser. Therefore, SHA1 certificates should be replaced slowly but surely. In order for an internal CA to issue certificates with SHA256 (SHA2), the CA must ... Read more
I hate it when applications are started automatically when I log on to a system, including the server manager. If you don't want the server manager to start automatically when you log on, you can either deactivate the corresponding task in the task scheduler or apply a GPO to all servers: To do this, simply create a new GPO on a domain controller. Read more
In the last part of this series of articles, we will deal with the publication of certificates and revocation lists via HTTP. Part 1 and part 2 can be found here: https://www.frankysweb.de/server-20082012-pki-installieren-teil-1/ https://www.frankysweb.de/server-20082012-pki-installieren-teil-2/ First create a new share on the server that will later deliver the revocation lists and certificates via HTTP. I have created the share in the last ... Read more
