Recently when working with a customer during an SCCM Windows 10 pilot, the customer reported issues with the Wi-Fi connection. The customer suspected the newly developed SCCM task sequence was at fault. Their previous SCCM Windows 10 task sequence was working fine. In short, the issue was not related to the new SCCM task sequence. Rather, the fact Credential Guard was enabled with the NEW task sequence was the “issue”. This blog post “WiFi MS-CHAPv2 Connection Limitations Using Credential Guard” highlights the findings and why Credential Guard should remain ENABLED and UAT testing should include security feature testing.[Read more…] about WiFi MS-CHAPv2 Connection Limitations Using Credential Guard
Require Startup TPM+PIN for Bitlocker Encryption | Enterprise Security
Recently, I read an excellent blog post about how a security firm outlined how they could extract the Bitlocker keys from a TPM 1.2 or TPM 2.0 device. This brute force penetration attack (test) was possible because the Bitlocker OS drive did not have a startup PIN enabled but simply a Bitlocker encrypted volume. Denis Andzakovic with Pulse Security (based in New Zealand) detailed how he was able to use open source and logic analyzer tools to extract the VMK (Volume Master Key) to ultimately decrypt the drive.[Read more…] about Require Startup TPM+PIN for Bitlocker Encryption | Enterprise Security
Windows Server 2019 – Active Directory Installation Beginners Guide
This Windows Server 2019 Active Directory installation beginners guide will provide step-by-step illustrated instructions to create a NEW AD forest, DNS and DHCP services. In addition, I will reference the security recommendations from Microsoft and StigViewer for new Domain Controllers that can be used for server security hardening. Sure you can use a Hydration Kit or other tools to automatically create a domain, DNS, DHCP, and SCCM ConfigMgr server. However, learning from the ground up helps to re-enforce Microsoft concepts and is a great way to learn and troubleshoot using a separate environment. Building a development AD environment is also good to test Windows 10 group policy settings, newer Windows 10 releases, SCCM OSD, Azure cloud services and more.
This blog post can also be used for Server 2016 since the Forest and Domain Functional levels are the same.[Read more…] about Windows Server 2019 – Active Directory Installation Beginners Guide