Accurate time in a domain environment is essential for authentication between clients and servers to work correctly. Kerberos v5 protocol requires a tolerance of less than 5 minutes, anything more than this and you will get authentication errors.
I’ve recently been investigating a a server who’s time leaped 28 days into the future! So wanted to start auditing the Windows Time service to see what made the change.
So in this blog post I’ll show you how to enable Windows Time service auditing.
For the next couple of posts I’ll be looking into AD security and auditing. In this article we’ll look at how to use Get-ADUser to list all recently created accounts.
With the increasing number of cyber attacks, security is at the top of most IT departments agenda. There are many checks you can perform to make sure AD is safe and secure, and that only valid or approved modifications have been made to user accounts. I’ll look at AD auditing in a future post, but this will be a handy snippet of PowerShell to help you identify recently created AD accounts, and a bonus bit of code to identify recently modified accounts!
BitLocker Drive Encryption is the technology in Windows 10 which can encrypt your hard disk drive and keep your data safe. It will usually require you to enter a pin/usb key/certificate to allow access to the encrypted hard disk drive.
But how do you check the status of BitLocker on your computer?
I’ve been working on a simple PowerShell command today to import into our endpoint management solution so we can alert on disks with low diskspace. It’s been a while since I’ve dabbled with PowerShell, and it reminded me just how flexible it is and much I love it!
So I thought I would walk you through the evolution of the command I ended up with.
Having taken a sabbatical over the summer I’m back and have a little bit of catching up to do! In my absence Microsoft Press have been busy this summer with a number of free ebooks which look like they will be really useful to the seasoned IT professional. Continue reading →