Modern Deployment IT Blog

Real-world IT Guides and Experiences from the Field

Security

WiFi MS-CHAPv2 Connection Limitations Using Credential Guard

Nathan (moderator) / / Filed Under: Credential Guard, SecureBoot, Security, Windows 10 /

Recently when working with a customer during an SCCM Windows 10 pilot, the customer reported issues with the Wi-Fi connection. The customer suspected the newly developed SCCM task sequence was at fault. Their previous SCCM Windows 10 task sequence was working fine. In short, the issue was not related to the new SCCM task sequence. Rather, the fact Credential Guard was enabled with the NEW task sequence was the “issue”. This blog post “WiFi MS-CHAPv2 Connection Limitations Using Credential Guard” highlights the findings and why Credential Guard should remain ENABLED and UAT testing should include security feature testing.

[Read more…] about WiFi MS-CHAPv2 Connection Limitations Using Credential Guard

Require Startup TPM+PIN for Bitlocker Encryption | Enterprise Security

Nathan (moderator) / / Filed Under: Bitlocker, MBAM, MBAM 2.5 SP1, Security, TPM 2.0 /

Recently, I read an excellent blog post about how a security firm outlined how they could extract the Bitlocker keys from a TPM 1.2 or TPM 2.0 device. This brute force penetration attack (test) was possible because the Bitlocker OS drive did not have a startup PIN enabled but simply a Bitlocker encrypted volume. Denis Andzakovic with Pulse Security (based in New Zealand) detailed how he was able to use open source and logic analyzer tools to extract the VMK (Volume Master Key) to ultimately decrypt the drive.

[Read more…] about Require Startup TPM+PIN for Bitlocker Encryption | Enterprise Security

Windows Server 2019 – Active Directory Installation Beginners Guide

Nathan (moderator) / / Filed Under: Active Directory, Infrastructure, Security, Windows Server 2016, Windows Server 2019 /

This Windows Server 2019 Active Directory installation beginners guide will provide step-by-step illustrated instructions to create a NEW AD forest, DNS and DHCP services. In addition, I will reference the security recommendations from Microsoft and StigViewer for new Domain Controllers that can be used for server security hardening. Sure you can use a Hydration Kit or other tools to automatically create a domain, DNS, DHCP, and SCCM ConfigMgr server. However, learning from the ground up helps to re-enforce Microsoft concepts and is a great way to learn and troubleshoot using a separate environment. Building a development AD environment is also good to test Windows 10 group policy settings, newer Windows 10 releases, SCCM OSD, Azure cloud services and more.

This blog post can also be used for Server 2016 since the Forest and Domain Functional levels are the same.

[Read more…] about Windows Server 2019 – Active Directory Installation Beginners Guide

Have Questions? Find Us On Social Media

Privacy Policy - Terms and Conditions