Microsoft Intune CSP for Google Chrome DISA STIG

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS), deeply involved in a project to configure Intune for managing AADJ laptops with a Federal customer’s use. Been working a lot lately with 'hardening' the laptops following DISA STIGs. As a result I've developed a few Intune CSPs and security baselines to … Continue reading Microsoft Intune CSP for Google Chrome DISA STIG

MBAM: EventID 112 and Kerberos Encryption Types

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS). I was working with a customer recently to help migrate their Microsoft BitLocker Administration and Monitoring (MBAM) front-end server to Server 2019, and ran into an issue that isn't related to Server 2019 in particular, but instead the new security posture the … Continue reading MBAM: EventID 112 and Kerberos Encryption Types

Intune: Export Policies for Comparison

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS), deeply involved in a current project to configure Intune for a customer's use. As with many of your customers, mine found themselves in a situation where they needed to get a secure 'remote' working solution in place quickly due to the COVID-19 … Continue reading Intune: Export Policies for Comparison

SCOM: MSSQLServer Event ID 28005

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory, but also dabbles with all things Systems Center. Recently, while implementing SCOM 2019 in a customer's environment, I ran into an issue when trying to install agents; the discovery wizard would never complete the 'discovery' process. After making … Continue reading SCOM: MSSQLServer Event ID 28005

AD: Nitty Gritty of Fine-Grained Password Policies

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. Fine-Grained Password Policies (FGPP) have been around for a while, but in my experience with various customers, they aren't used often, if at all. This post is an attempt to simplify them, provide some details and list some … Continue reading AD: Nitty Gritty of Fine-Grained Password Policies

AD: Domain controllers – discover what you’ve got

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. During an engagement with a customer a couple of years ago, I needed to identify some info regarding their domain controllers. They were in the process of deploying System Center Operations Manager (SCOM) at the time, but it … Continue reading AD: Domain controllers – discover what you’ve got

AD: Discover what you’ve got

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory. I wrote a really basic script that will scour your domain and return some valuable information regarding its configuration. There are probably several things in the script that could be done differently and if I was to go … Continue reading AD: Discover what you’ve got

AGPM: The case of the missing GPT.ini file – a possible workaround

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS) specializing in Active Directory, amongst other technologies, including Advanced Group Policy Manager (AGPM). Have you ever deployed a GPO via AGPM only to experience either of the two situations? EventID 1058 (GroupPolicy) in a client’s System log or The follow message when … Continue reading AGPM: The case of the missing GPT.ini file – a possible workaround