Tiered Admin Model

So, I know I’ve been quiet on here for a while! But that hasn’t stopped work behind the scenes. I’ve been working away on GPOs that adhere to the MS best practices. Granted, I could just use the secure baselines but where’s the fun in that?! In preparation for this, which I will add to […]

Deploy & Configure AGPM

In this post, we deploy Advanced Group Policy Manager, configure it to use a Group Managed Service Account and use least privileged models to restrict the service account permissions.

Enable Recycle Bin & Get ready for GMSA

Before we get too deep in to configuring our nice domain service, we will enable a useful feature. The Recycle Bin. This allows us to quickly and easily restore an object we accidentally delete. Enabling the recycle bin just requires a forest functional of 2008 R2 or higher. We provisioned full 2016 so lets enable […]

NetBIOS and SMB1 – Kill them with fire

With the recent attacks of WannaCry and NotPeyta, SMB1 has been shown to have the security features of a chocolate fire guard. NetBIOS Name resolution is the equivelant of shouting for Bob in a room of people and accepting the first person who replies “Yes thats me!” Given we are putting together a nice secure […]