Active Directory | Raving Roo

Use WMI Filter To Apply Group Policy To IP Subnet

David K. Sutton — Mon, 04 Jan 2016 01:13:31 +0000

Using a WMI filter, you can apply a group policy based on the client’s TCP/IP subnet. 1. In Group Policy Management, right-click the WMI Filters folder and click New. 2. Name your new WMI policy, give it a description if you wish. 3. Click the Add button, leave the Namespace at the default setting “root\CIMv2”...
Read On...

The post Use WMI Filter To Apply Group Policy To IP Subnet first appeared on Raving Roo.

How To Create And Manage Password Settings Objects (PSO)

David K. Sutton — Wed, 23 Dec 2015 19:45:09 +0000

With Windows Server 2008, Microsoft introduced Fine-Grained Password policies which utilizes a new Active Directory object called Password Settings Object (PSO). These objects allow you to more easily create and assign password policies to subsets of users, albeit with a bit of an unpolished implementation method compared to the old method via group policy (GPO). If...
Read On...

The post How To Create And Manage Password Settings Objects (PSO) first appeared on Raving Roo.

Windows File Share Permissions – Allow: Read, Write, Delete – Deny: List

David K. Sutton — Thu, 25 Jun 2015 20:59:53 +0000

Let’s say you have an application that has a flat file repository for files attached to records. In other words, the application uses a simple Windows share for its file repository. And all users of this application need the ability to read, write, and delete files in this directory, but given the sensitive nature of...
Read On...

The post Windows File Share Permissions – Allow: Read, Write, Delete – Deny: List first appeared on Raving Roo.

PowerShell: Compare Membership Of Two Active Directory Groups

David K. Sutton — Sat, 06 Sep 2014 00:37:06 +0000

At my company we have a web filtering solution (McAfee Web Protection) where we use Active Directory groups assigned to specific web filtering policies. Even though these groups are not supposed to have duplicate user accounts, over time, with multiple people administering them, that is exactly what has occurred. I needed a quick way to compare...
Read On...

The post PowerShell: Compare Membership Of Two Active Directory Groups first appeared on Raving Roo.

Active Directory Shadow Groups: How To Automatically Add OU Users To Security Groups

David K. Sutton — Mon, 20 May 2013 21:59:31 +0000

Remember Novell? Remember NDS or eDirectory as it later became known? NDS might be mostly dead, in favor of AD (Active Directory), but NDS did have many advantages over AD, and one of them was the ability to assign rights (permissions) via OU membership. Want to give users in a specific OU access to a...
Read On...

The post Active Directory Shadow Groups: How To Automatically Add OU Users To Security Groups first appeared on Raving Roo.

Active Directory: Account Lockout Policy – Think Twice Before Applying

David K. Sutton — Thu, 16 May 2013 21:20:14 +0000

The Account Lockout Policy in Active Directory is not what it seems. Oh sure, at first glance it appears simple enough. Set a threshold, set a counter, and when that threshold is tripped in the allotted time, account locked out. What could be simpler right? Well, as with most things in IT, what should be simple isn’t....
Read On...

The post Active Directory: Account Lockout Policy – Think Twice Before Applying first appeared on Raving Roo.

Active Directory: Workstation Logon Restrictions (Log On To)

David K. Sutton — Tue, 14 May 2013 23:08:43 +0000

I think the “Log On To” setting within the Account tab of an Active Directory user could easily be overlooked. As simple as this setting is, it’s very easy to forget about it in favor of something more elaborate when attempting to restrict user access to specific computers. Let’s say you want to allow a...
Read On...

The post Active Directory: Workstation Logon Restrictions (Log On To) first appeared on Raving Roo.