Group Policy Blog

Performing a Denial of Service on AD–How Hard Is it Really?

I was motivated to write this post based on a vendor blog that I read recently, that talked about ways to maliciously perform what amounted to a denial of service attack on AD. Ostensibly the post was designed to sell software, which I don’t begrudge, but it got me thinking–how easy is this to do, … Read More.

Protecting Active Directory–Making AD and Group Policy Less “Visible” to Attackers

A couple of weeks ago, I gave a webinar for Semperis, on the topic of protecting AD from attackers. I presented 5 tips on the things you can do within your AD and Windows environments, to protect against “information exposure” that might allow an attacker to find paths of higher privilege within your AD environments. … Read More.

Sick of WannaCry? Don’t Read This…

I saw a humorous tweet today that said something to the effect that the number of blog posts about the recent “WannaCry” ransomware attack have now exceeded the number of infected machines. I am loathe to add truth to that saying, but I, of course, have something to say about it, so here we go… … Read More.

Group Policy as Malware Delivery System

While the title to this post may sound a bit scary or ominous, the subject of this post is definitely real. A fellow IT guy whom I’ve known for many years, alerted me to a situation he came across in an IT shop he was helping. Namely, the customer’s computers got infected with a ransomware virus, which … Read More.

Security Fun: Bloodhound, MS16-072 and GPO Discoverability

I had a chance to attend my first BlackHat/Defcon conference last week in Las Vegas. I also attended the very excellent BSides conference, happening concurrently. Besides being shaken to my core from the skills demonstrated during the week :-), I got a chance to see some excellent talks related to Windows security and some super … Read More.

MS16-072 – GP Permissions and an overview

Hello Group Policy fans enthusiasts happy people! Darren and I had a quick discussion about his script to remediate the problems created by applying MS16-072 and GP processing. Read Darren’s previous post for context but here is a recording of our discussion. Have a good day and happy troubleshooting! Kevin

Auditing Security Access Changes on Critical Windows Servers

Here’s the scenario: You’ve got some Windows servers that contain critical customer data–it might be customer records,  or PCI (Payment Card Industry) data, or just a critical system on your network. You rightly use Group Policy Restricted Groups policy or similar, to control access to those servers. That Group Policy controls which users or groups … Read More.

Video on Group Policy Preference Password Remediation

Just a quick follow up to my previous post on Group Policy Preference password remediation–our very own Kevin Sullivan posted a great video walkthrough of the problem and our tool for remediating these passwords. Enjoy! Darren  

Remediating Group Policy Preference Passwords

A little over two weeks ago, the United State Computer Emergency Readiness Team (US-CERT) issued a bulletin calling for admins to take action on an old issue that I’ve covered extensively in the past. The issue relates to the fact that there are several areas within Group Policy Preference (GPP) that used to allow you to enter user … Read More.

“Secure by Default” and Hardening Your Windows Configurations

I had a good email conversation last week with someone on the PowerShell team at Microsoft, in the wake of the release of our Desired State Configuration CSE. The gist of his question was around how users could protect the configuration information held within the DSC documents that got deployed via Group Policy. He mentioned … Read More.