Most
of my training's are delivered online – they’re convenient to you and me in our
busy schedules. But I have to make time
for The Experts
Conference (TEC) because its one of the few conferences where you can get
actual Active Directory training.
I’ll be delivering two training sessions, one of which is a
keynote session, on Active Directory security.
I’ll also be at the Experts Bar taking 1:1 questions. I hope you consider attending for the
training, the peer networking, and engaging with the other great AD and Office
365 security experts and Microsoft MVPs that will be in attendance.
Here are the abstracts for both of my sessions (and, yes,
these are CPE eligible sessions). If you like, be sure to register before April
30th for a $300 savings in registration.
Recent Security Features in Active Directory You Probably Aren’t Using
Over the past several years Microsoft has added many new
Active Directory security features, but I find that many
organizations aren’t using them. There are many reasons for this,
such as how sometimes Microsoft introduces a new capability but doesn’t
immediately make it easy-to-implement via the GUI or PowerShell. By the
time that happens, we tend to have forgotten about the capability in the
day-to-day grind of AD management.
In this session at TEC, I will introduce you to these
capabilities in Active Directory, show you how they work and help you determine
if you should start using them to deal with security threats in your
environment.
Here’s a partial list of what he will cover:
- Password
Setting Objects – fine grained password policy without multiple
domains
- Authentication
Silos – a very important way to protect against Pass-the-Hash
- Dynamic
Access Control – escape from countless access control lists on each
folder
- Global Object
Access Audit Policy – define audit policy centrally
- Group
Managed Service Accounts (and plain-old Managed Service Accounts) –
stop managing service account passwords
- Domain
Controller Virtualization and Cloning – fast but reliable DC
deployment in the virtual environment
- Active
Directory Administrative Center PowerShell History Viewer – See how
to automate any task you perform in the GUI
Understanding
Windows Security Log Events Generated by Active Directory Domain Controllers vs
Other Endpoints
There
is no central audit log for Active Directory. Instead, AD records any
relevant events affecting Active Directory in the local Security Log of
which ever Windows Server domain controller where the event happens to
occur. On top of this distributed log (i.e. fractured), the wording
of many events in the security log is confusing. Some events specifically
refer to Active Directory or “domain controller” even when the event is
strictly a local workstation or member server affair.
In
addition, some categories of events, while logged on both domain
controllers and non-domain controllers, have very different
implications. For instance, a failed Account Logon event may or
may not be significant on a domain controller while it’s almost always
important on member servers and workstations.
In this session at TEC, I will help you
understand how the context of security log events has a great impact on their
implication. This is a technical eye-opening event that you do not want
to miss.
Also
look for more Birds-of-a-Feather sessions with our experts and your peers to
have a casual conversation around such topics as:
- Active
Directory disaster recovery
- Microsoft
Teams
- IT
Integration for Mergers and Acquisitions
- And more
Remember
to register for The Experts Conference at this link.