U.S. Indictment of Sandworm Highlights the Importance of Protecting Active Directory
The latest development in the 2017 NotPetya Attack saga should be a reminder for organizations that it only takes a handful of cybercriminals to take down all of your operations. Last week, the US Department of Justice announced charges including computer fraud and conspiracy against six hackers of the cybercriminal group known ... Read More
Your Zero Trust Strategy Depends on Active Directory Integrity
The exponential increase in remote work caused by the COVID-19 crisis has ricocheted across the IT landscape. Within a matter of days, corporate IT faced an unprecedented 180-degree turn in its client networking model. Organizations that treated remote work as a rare exception suddenly found themselves almost entirely remote. According ... Read More
Your Zero Trust Strategy Depends on Active Directory Integrity
The exponential increase in remote work caused by the COVID-19 crisis has ricocheted across the IT landscape. Within a matter of days, corporate IT faced an unprecedented 180-degree turn in its client networking model. Organizations that treated remote work as a rare exception suddenly found themselves almost entirely remote. According ... Read More
Hypervisor DC Snapshots Are No Substitute for Proper Active Directory Backups
Most organizations have virtualized some or all their AD domain controllers. Virtualized DCs have their advantages, but they also introduce risks that didn’t exist with physical servers. One of these risks is the temptation to use hypervisor snapshots (a point-in-time VM image) for AD backups. Don’t. Let’s be clear: even ... Read More
Hypervisor DC Snapshots Are No Substitute for Proper Active Directory Backups
Most organizations have virtualized some or all their AD domain controllers. Virtualized DCs have their advantages, but they also introduce risks that didn’t exist with physical servers. One of these risks is the temptation to use hypervisor snapshots (a point-in-time VM image) for AD backups. Don’t. Let’s be clear: even ... Read More
Upgrading to WS2016/2019? Consider a Safety Net for AD
A colleague here at Semperis recently looped me into a conversation with the manager of a large Active Directory environment running on Windows Server 2008 R2. With end of support for Windows Server 2008 and 2008 R2 coming up soon (officially January 14, 2020), planning is well underway for upgrade ... Read More
Should you upgrade to Active Directory 2016…or stay where you are?
Should you upgrade your existing AD forest to Windows Server 2016 Active Directory (aka AD 2016), or should you leave it where it is? Despite the focus and activity around adopting cloud services today, the fact remains that Active Directory continues to underpin it all. In addition to longstanding dominance ... Read More
Azure AD Password Protection: The Cloud Security Service your Active Directory Needs Now
Microsoft has finally provided a service that mitigates the single most critical password-related security risk in the enterprise today: common passwords. You should kick the tires on this new Active Directory capability today, so you can deploy it as soon as it reaches general availability. This is a long post; ... Read More
Kerberos at the Company Party
Back in 1999, I wrote a book on Windows 2000 Server in general, and Active Directory in particular. I try not to look back at what I wrote about AD back then compared to what I know now, but I remain fond of a passage that explained how the Kerberos ... Read More
