Great article “Best Practice: Group Policy for WSUS” by Alan Burchill. Also see his two part AD/Group Policy series: Best Practice: Active Directory Structure Guidelines – Part 1 Best Practice: Group Policy Design Guidelines – Part 2
Great article “Best Practice: Group Policy for WSUS” by Alan Burchill. Also see his two part AD/Group Policy series: Best Practice: Active Directory Structure Guidelines – Part 1 Best Practice: Group Policy Design Guidelines – Part 2
The one post of mine that has garnered the most hits had to do with LastLogonTimeStamp. A post from Ask the Directory Services Team entitled “The LastLogonTimeStamp Attribute” – “What it was designed for and how it works” provides a…
Veterans Day is the day set aside to thank and honor ALL those who served honorably in the military – in wartime or peacetime. In fact, Veterans Day is largely intended to thank LIVING veterans for their service, to acknowledge…
Account auditing for group membership changes Six minute video by Dana Epps will show you how to quickly configure account auditing using the domain security policy and then use free Microsoft tools like EventCombMT to quickly query across all your…
I had the need a few weeks ago to determine the logon and logoff times of users of our system. Fortunately we have the Windows server event logs captured. They are sent to a syslog server using NTsyslog and we created a basic…
Two recent editions of TechNet Magazine included excellent articles on Deploying EFS. Part 1 is here and Part 2 is here. I recently came across the article Prevent data theft with Windows Vista’s Encrypted File System (EFS) and BitLocker which…
Many of the scripts I use to produce reports on active directory accounts utilize the UserAccountControl flag. Microsoft KB article 305144 documents how to use the UserAccountControl flags to manipulate user account propertiess to manipulate user account properties. You can…
My research that lead me to the lastLogonTimestamp attribute also lead me to http://www.joeware.net/win/free/all.htm and the OldCmp utility. There are a number of potentially useful utilities but I’ve just used OldCmp (http://www.joeware.net/win/free/tools/oldcmp.htm). Using the utility I found a number of…
While doing some research on determining the last time a user logged in to a domain, I came across the lastLogonTimestamp attribute: Prior to Windows Server 2003, determining the last time a user logged on to the domain was somewhat…
I have had occasion recently to run scripts to query Microsoft Server 2003 Active Directory to determine which accounts have “password never expires”, “user can’t change password”, and the like. I dabble in scripting off and on and tend to…