-
Licensing your Entra Administrator accounts for email is a common practice to ensure you are across service health updates, user, security and billing alerts but by doing this it introduces security risks and additional costs for mailbox licensing. As a best practice, privileged accounts should remain isolated from unnecessary communication channels to minimise vulnerabilities or […]
-
Over the years I’ve come across a number of different environments with many running Active Directory in many different states. Replication is an important part of ensuring that your AD environment is healthy and highly available to service end users. I’ve compiled some notes around Active Directory Replication commands and gathering information. Firstly, just give […]
-
I was recently doing a new FortiGate deployment for a customer and one of the requirements included setting up Deep Packet SSL Inspection for their users. The customer already has an Internal CA so we generated a certificate for the FortiGate to use for encryption and clients already trusted the certificate as it was part […]
-
One thing I like to get going whenever taking on a new tenant or client is the password protection features. By Default, Entra already has some password protection for your cloud users which detects and blocks known weak passwords such as password and password123 or qwerty as well as looking at well-known passwords that are […]
-
So I’m working on getting all of our external systems connected into the CrowdStrike Next-Gen SIEM as part of our internal Falcon Complete tenancy. Following the documentation in the CrowdStrike portal, getting and installing the Log Collector and setting up the connector were a pretty straightforward affair. I’ve got a Windows VM setup as a […]
-
I was recently decommissioning an old file and print server and one of the final tasks on our list was moving printers from one to another. It’s been a while since I’ve done this using vanilla print management, but happy to know there is now an import/export wizard for Printers. Since the source is 2019 […]
-
I was recently helping out a colleague in implementing and testing some new conditional access policies around Geo Blocking and we wanted to understand if what we had setup was going to work. Traditionally this can be quite difficult depending on your scenarios, however Microsoft have recently introduced What If, so that you can test […]
-
I have a usb of Ventoy in my everyday carry, it has Windows, Linux and Recovery images and has saved my bacon a number of times over the years. In my lab environment outside of the VM Host it can often be difficult to get exactly what I need loaded quickly, especially when my bag […]
-
One of our FortiWeb clients is releasing a new app and they’ve requested us to block IPs not associated with Australia. There are a number of ways we can achieve this whether it’s via the FortiWeb, a FortiGate in front or other methods. In this instance, we’ll be using the FortiWeb IP Protection feature. This […]
-
So I’ve known about PingCastle and Purple Knight for a little while now and have used them for on-premises audits and Azure AD audits a while back. I recently stumbled on Maester which is a testing framework that can be used to automate testing for your Entra environment. I finally had some time to give […]
-
Quick one but I’ve spent a bit of time today cleaning up the backend and loaded a new theme. I’ve also started to clean-up older articles to make sure the fit with the new theme and block editor of WordPress (as I’ve continued to use the “classic” style for quite some time). More articles and […]
-
We have a customer who has a few back office staff in the Philippines and we need to get them around a Geo-Block for a particular website they need as part of their role. The customer has a split-tunnel SSL-VPN in the AWS Sydney Region, we can look to route the traffic via the SSL-VPN […]
-
Despite all the things people say about Connectwise, I still hold ScreenConnect or Connectwise Control close to my heart as one of the best support and remote access tools out there. It’s light, friendly and easy to use for support staff and end users and just gets the job done. I look after our own […]
-
An old draft I’ve had for a while, just posting for posterity and safe keeping. So I’ve done a few upgrades to my VM Host machine and decided to go up to Windows Server 2016, once installed and at the desktop, I found my onboard LAN port wasn’t coming up, so I downloaded the driver […]
-
Vendors tend to lock down the type of transceivers you can use on their SFP/SFP+ and QSFP ports. They do this for a number of reasons but mainly in the spirit of support and quality (which I can understand). there are a number of guidelines around agreed upon by networking vendors that fall under Multi-Source […]
A Windows System Admin's Blog
Covering Server Administration, Endpoint Management, Scripting and Network Management