Domain Auditing for Microsoft AD/GP

This post is brought to you as short and sweet as possible. The following is written to provide guidance and transparency for those seeking out simplistic answers to complex compliance requirements. With expensive paid solutions such at Netwrix requiring setup time and hardware requirements. I'm here to tell you there's…

DUO MFA for RADIUS VPN Connections

This covers implementation for MFA via firewall VPN connections using RADIUS for authorization. 1.) Log into your DUO admin panel and create an application for RADIUS.2.) Install the DUO Auth Proxy client on the server you wish to use to submit the RADIUS requests from. You'll specify the Integration…

Nano Server 2016 Image Creation

I recently took a dive into Nano Server 2016 and it's capabilities. I figured I'd share my findings and explain how to get exposure and setup a Nano Server.You'll need:Nano Server Image Builder https://www.microsoft.com/en-us/download/details.aspx?id=54065 Server 2016 Media: https://www.…

PXE Boot Surface MDT/WDS

This is a simple how-to for booting Surface Pro 4's to PXE. This guide utilizes both PXE and UEFI on a MDT/WDS setup.Verify the following DHCP roles are configured on the correct DHCP server scope:066 Boot Server Host Name: IP of MDT/WDS Server 067 Bootfile Name:…

Security Practices to Preach

This document is intended for readers with some experience in information technology.Defensive Security is a critical and effective way of thinking. In this post we'll cover it from a domain perspective aka corporate network. I'll go over each proposed layer of security and how to protect yourself as well…

Windows 10 Privacy Hardening

I've been asked by colleagues to write down my process for hardening windows systems and share. Many of these people have extensive backgrounds in UNIX, but aren't familiar with Windows environments. This post isn't for any reason other than to make you aware of what you're being mined for. It's…

Windows 2016 Domain Controller Setup

This guide assumes you have a hyper-visor and VMs and/or physical boxes to support this setup. This guide uses fresh install of Server 2016 fully patched up for reference.Install the following roles by opening up server manager and enabling the following:Active Directory Domain Services DHCP Server DNS…

MSSQL .BAK Encryption

This post goes over TSQL commands to setup and test encrypted backups for MSSQL. Commands provided are intended to be ran on both a Source and Target instance. These should be ran using an SA account to avoid permission issues. If storage paths don't work, just use c:\temp\ and…

Selenium Setup in Visual Studio

This is a generalized guide for configuring Selenium on Windows.Create a directory named Selenium under C:\Copy the directory downloaded from http://docs.seleniumhq.org/download/ in this example I'm setting up the Java specific package.Within IE set all Security Zones to the same protection levelAdd wildcards for…

Chocolatey w/ PsExec for Patch Management

This post covers through deploying Chocolatey to enterprise network devices. The idea is to have a solution for 3rd party product patching that's both free and incredibly efficient. To start you'll need domain admin privileges and just a couple minutes.First, we'll need psexec installed on one machine within the…