Recently, I read an excellent blog post about how a security firm outlined how they could extract the Bitlocker keys from a TPM 1.2 or TPM 2.0 device. This brute force penetration attack (test) was possible because the Bitlocker OS drive did not have a startup PIN enabled but simply a Bitlocker encrypted volume. Denis Andzakovic with Pulse Security (based in New Zealand) detailed how he was able to use open source and logic analyzer tools to extract the VMK (Volume Master Key) to ultimately decrypt the drive.[Read more…] about Require Startup TPM+PIN for Bitlocker Encryption | Enterprise Security
This Windows Server 2019 Active Directory installation beginners guide will provide step-by-step illustrated instructions to create a NEW AD forest, DNS and DHCP services. In addition, I will reference the security recommendations from Microsoft and StigViewer for new Domain Controllers that can be used for server security hardening. Sure you can use a Hydration Kit or other tools to automatically create a domain, DNS, DHCP, and SCCM ConfigMgr server. However, learning from the ground up helps to re-enforce Microsoft concepts and is a great way to learn and troubleshoot using a separate environment. Building a development AD environment is also good to test Windows 10 group policy settings, newer Windows 10 releases, SCCM OSD, Azure cloud services and more.
This blog post can also be used for Server 2016 since the Forest and Domain Functional levels are the same.[Read more…] about Windows Server 2019 – Active Directory Installation Beginners Guide