Group Policy Blog

Elevating AD Domain Access With Write Access on the Domain NC Head

With this post and my last post, I guess I’m on a path of finding interesting ways to “break” AD. The last post related to AD denial of service and this one relates to an interesting way to get to privileged access on AD by gaining what would seem to be completely unrelated access on … Read More.

Performing a Denial of Service on AD–How Hard Is it Really?

I was motivated to write this post based on a vendor blog that I read recently, that talked about ways to maliciously perform what amounted to a denial of service attack on AD. Ostensibly the post was designed to sell software, which I don’t begrudge, but it got me thinking–how easy is this to do, … Read More.

Protecting Active Directory–Making AD and Group Policy Less “Visible” to Attackers

A couple of weeks ago, I gave a webinar for Semperis, on the topic of protecting AD from attackers. I presented 5 tips on the things you can do within your AD and Windows environments, to protect against “information exposure” that might allow an attacker to find paths of higher privilege within your AD environments. … Read More.

How To Think About Windows Group Policy–An Infrastructure Architect’s Take

Long before I got into the software business, and even during that time, I was first and foremost, an IT guy. I have spent nearly 20 years of my 30+ years in technology in IT–mostly in large organizations. Much of that time, I worked as an infrastructure architect, focusing on how to maintain and improve … Read More.

Take the Group Policy Usage Survey!

All- Over the past few years, I’ve sent out a survey to the general population looking at trends in Group Policy usage. I’ve updated the survey for this year and it is now live and ready for your responses. It should take only about 5 minutes or less to complete, but if you have a … Read More.

New Version of the Group Policy GPMC PowerShell Module

One of the very first freeware projects I undertook when I started SDM Software, was to build a PowerShell snap-in (yes, they were called snap-ins back then) for Group Policy. That was back in 2007, long before Microsoft had their own Group Policy module (<cough> a total ripoff of ours <cough>). Anyway, it’s been several … Read More.

“Hip” New Active Directory-Azure AD Conference Coming!

If you‘ve been in the Microsoft infrastructure scene for a while, you probably remember the original NetPro Directory Experts Conference (DEC). DEC was THE conference to be at if you were an AD guy–or looking to improve your skills. Legends in the space like Joe Richards (of joeware.net fame), Dean Wells (now of Microsoft), Guido … Read More.

Removing Extra Registry Settings from GPOs

I recently had someone ask if there was a way to get rid of those pesky “Extra Registry Settings” that sometimes appear in a GPO settings report in GPMC. You know, the ones that look like this:             These settings arise within the Administrative Templates section of the GPO’s namespace … Read More.

GPO Migrator 1.6 is Here–Make Quick Work of GPO Migrations and Reorganizations!

We’re happy to announce the general availability of GPO Migrator 1.6. GPO Migrator is SDM Software’s product for allowing “drag and drop” migration and reorganization of settings across GPOs. Whether you’re doing a domain clean-up or a migration or consolidation into a new AD domain, GPO Migrator greatly reduces the time and effort required to … Read More.

A New, Old Threat: Dealing with AD and Group Policy Information Exposure

Delegation–A Blessing or a Curse? I’ve been wanting to sit down and write this blog post about AD information exposure for a couple of weeks now, and am finally finding the time to do so. For those of you who follow my blog, you know that I posted nearly a year ago after a visit … Read More.