RSS

Tag Archives: Windows Server 2008

Microsoft – Resources to get more familiar with Active Directory Federation Services (ADFS)

Nowadays more and more work, communication and collaboration involves multiple external parties. This can involve by example employees, customers, partners, suppliers, cloud providers/platforms/applications.

This means it is becoming increasingly important to have proper authentication and authorization methods in place for single sign on (SSO) so users can be more productive. Besides the ease-of-use It can also lead to better security.

Microsoft’s Active Directory Federation Services (ADFS) will make this possible. For more information on ADFS, here are some resources. Keep in mind though that while some information may be outdated, it will give you a broad idea of the concept and the inner workings. The current version of ADFS in Windows Server 2012 is 2.1 , while Windows Server 2008 uses 2.0

PS: Microsoft is moving more and more towards claims based authentication. Examples include Windows Server 2012 Dynamic Access Control and also SharePoint 2013 that has switched to claims based authentication by default now.

If you have some other resources that might be useful, please let me know so I can add them as well.

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Security – Java releases update for major Java vulnerability

Last sunday I warned about a major vulnerability in Java.

It wasn’t expected that Java would come have an update available this quickly, but it is good that they did. So be sure to update to Java 7 Update 11 : http://java.com

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Security – Major Java vulnerability, don’t become a victim

[EDIT 14-01-2013]

Oracle release Java 7 Update 11 to fix this security issue. Be sure to update: http://java.com/

[EDIT]

Normally when I read about security vulnerabilities, I don’t really get a sense of urgency.

With the current Java vulnerability however, I do feel like people have to act quick because there are so many respected companies and even countries actively taking action:

Apparently this vulnerability is actively being exploited already and Oracle hasn’t released a Java fix yet. You might want to consider a combination of the options below:

Personally I like the way FireFox is handling the issue because it blocks by default, but allows users to easily override this behavior for specific sites. Also I’m getting quite fed up with all these Java security vulnerabilities lately :(

I’d like to know what you’ll be doing. Have you or are you going to disable Java ? Which methods will you use ? Why ?

 

Tags: , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

PowerShell – Determine which Active Directory objects are protected from accidental deletion

In yesterday’s post I showed some commands to protect all or specific Active Directory objects from accidental deletion.

In some situations (by example preparing for a change) you might want to know which objects are protected from accidental deletion and which are not. Also when multiple people make changes in an Active Directory it might prove difficult to keep track of the changes.

To determine the protection status of AD objects, I use a script that checks the ACL of the AD Object. When Everyone is explicitly Denied access, it is protected from accidental deletion.

 

Tags: , , , , , , , , , , , ,

PowerShell – Protect Active Directory objects from accidental deletion

In a previous blog post I explained how to enable the Active Directory Recycle Bin which allows you to restore deleted active directory object.

But even though it’s great to be able to restore objects, it is even better to prevent accidental deletion. What accidental deletion basically does, is modify the permissions on an AD object to Deny Everyone so you won’t be able to delete it by accident.

More information about protection from accidental deletion can be found in “Preventing Unwanted/Accidental deletions and Restore deleted objects in Active Directory” and “Windows Server 2008 Protection from Accidental Deletion“.

In Windows Server 2012 with all the new cmdlets, it has become much easier to enable protection from accidental deletion.

By example, you could use these commands:

#Get-ADobject class names
get-adobject -filter * | select objectclass | group objectclass

#Protect specific AD object classes from accidental deletion
get-adobject -filter * | where{($_.ObjectClass -eq “container”) -or ($_.ObjectClass -eq “organizationalunit”) -or ($_.ObjectClass -eq “user”) -or ($_.ObjectClass -eq “group”) -or ($_.ObjectClass -eq “computer”)} | Set-ADObject -ProtectedFromAccidentalDeletion $true

#Protect all AD organizational units from accidental deletion
Get-ADOrganizationalUnit -filter * | Set-ADOrganizationalUnit -ProtectedFromAccidentalDeletion $true

#Protect all AD objects from accidental deletion
Get-ADobject -filter * | Set-ADObject -ProtectedFromAccidentalDeletion $true

 

Tags: , , , , , , , , , , , , , ,

 
Follow

Get every new post delivered to your Inbox.

Join 862 other followers

%d bloggers like this: