I just wanted to write a short piece on: Credential Guard: Protect Windows from pass-the-hash and pass-the-ticket attacks. But then I started digging more into it and sort of fell down the rabbit hole. Basically I’m what you would call a blue teamer. And I love my role! Sure, I’ve tried my hand at capture-the-flag and…
Welcome to Part 2 of a planned four-part series! Part 1: Security Identifiers (SIDs) and Object Permissions in Windows Part 2: Security Identifiers (SIDs) and how to understand them (you’re reading this it now!) Part 3: Converting Azure Object IDs in Azure into Security Identifiers (SIDs) Part 4: Security Identifiers (SIDs) and User Rights Management In Part 1 we…
We’re going over two things today. Kind of. On top of learning how to Ingest Policy Templates (ADMX) into Intune Force Installing Microsoft Defender Browser Protection on Google Chrome AND we’ll do that by building on what we learned in the GroupPolicy Administrative Templates (ADMX): What are they? How are they used? Andwhat if I need…
…And analyzing GPO readiness for imports and migrations! …and For Those Who Wanna Learn to Do Other Stuff Good Too! This post is meant as both a stand-alone guide but also as a Part 2 for Running CIS Assessments for Hardening (grome.dev). Well, kind of. I could have sworn I’d already done a write-up on how to…
Not too long ago, when a new device got dropped off at IT, we’d have to go through the manual process of setting it up for the user – sometimes this was sped up by using images. Depending on your organizations workflow and what needed to be install, it would sometimes take a while before…
Credential Guard is a component of Microsoft’s Virtualization-based Security Suite (VBS). With the help of the hypervisor, it protects the hashes of the credentials cached in RAM from attackers. And it is super simple to enable using Intune or Group Policy! So how does Credential Guard work? After successfully logging on to Active Directory, Windows…
Today we’re going to be looking at Network address translation (NAT) networking in Hyver-V. This should particularly useful if you’re coming from my quick ‘n dirty homelab guides about setting up and Doman Joining the brand new Windows 10 and Windows Server VMs you set up Hyper-V! Let’s get going! So, what’s NAT? A public IP address is required to access…
As helpful as wizards like Intune Security Baselines are useful for greenfields and inexperienced admins, those needing a little umph in their setups (especially those admins used to on-premise GroupPolicy Administrative Templates) found Intune’s offerings lacking – forced to use CSP policies and custom OMA-URIs like in the example above. The settings catalogue aims…
Security baselines are intended to make it easier to configure security-related settings in Windows or Edge. They are available from Microsoft as Group Policy packages, or they can be configured through the interfaces for mobile device management such as Intune. In my opinion, they are mainly intended for clients who have limited experience with Intune and/or security, i.e.,…
Group Policy Administrative Templates are registry-based policy settings and provide an XML-based structure for defining the display of administrative template policy settings in the Group Policy Editor. Now I know the name of this blog is Thomas’ head in the cloud so why all the focus on on-premise tech? It’s because understanding how these templates…