Microsoft Exchange and Active Directory Blog
Part 1 of this article series has already presented measures to improve the security of the Active Directory. The next articles are now dedicated to the implementation of these measures within an existing Active Directory using an example environment. This article will first deal with the Admin Host. Introduction The fictitious company "FrankysWebLab" can be used as an example here. Read more
Sophos UTM can now automatically request and renew certificates from Let's Encrypt. This function is particularly useful for web server protection (WAF). The certificate for the various WAF services is thus managed by the UTM and renewed accordingly before it expires. I have already received several requests from people who would like to use the ... Read more
Microsoft has announced the Exchange 2019 Sizing Calculator. As with Exchange 2016 and earlier versions, this is an Excel file that can be used to calculate the hardware requirements for new Exchange 2019 installations. Unfortunately, the Sizing Calculator cannot be downloaded, but will be delivered together with the upcoming CU2 ... Read more
In January, I already wrote an article about problems with the Outlook connection to Exchange during the migration. In this new article I would now like to mention a few more common causes of problems. DNS server is not a DC During the coexistence of the Exchange servers, it can happen that users cannot transfer mails between the ... Read more
The following e-mail has reached me and if you ask so nicely, I owe you an answer: Dear Frank, I have the following problem: Users in our Exchange organization should not be able to adjust their address book entry themselves. This means editing "Options - General - My account", where they could change e.g. address, telephone number, etc. I have ... Read more
To increase security within the Active Directory, small organizational measures in conjunction with free tools are usually sufficient. Many widespread attack vectors can at least be significantly curbed with a few small changes and fairly simple measures. The word "attacker" often appears in the following article, but "attacker" does not necessarily mean a ... Read more
Especially in larger and above all older Active Directory environments, a large number of authorizations and delegations accumulate over time. These often include authorizations with orphaned SIDs, for example if the user has already been deleted but the ACL still exists. Many people are familiar with these orphaned SIDs from file servers and their authorization structure. In order to ... Read more
Sophos has released a new update for UTM 9.6. The update raises the version of the UTM to 9.602-3. The following issues are fixed with the update: [NUTM-9877]: [Access & Identity] Configurable RADIUS timeout for L2TP over IPsec [NUTM-10728]: [Access & Identity] Race condition on configuration change of RED device [NUTM-10190]: [Basesystem] CVE-2018-15473: OpenSSH ... Read more
Attractive dashboards can be created with many different applications, such as Kibana and Grafana. However, dashboards can also be created directly with PowerShell. Ironman Software offers the "Powershell Universal Dashboard" module for this purpose. The Community Edition can be used free of charge and has only a few restrictions compared to the Enterprise Edition. Here is an overview ... Read more
Microsoft has recently released .NET Framework 4.8, which will also be delivered promptly via Windows Update. However, .NET Framework 4.8 should not currently be installed on Exchange Servers. Exchange Server only supports certain .NET Framework versions depending on the update status. .NET Framework versions not supported by Exchange cause trouble from time to time (see here and ... Read more
