Core Infrastructure and Security Blog
Copied!
Home
Options
2,198
Paul Bergson on 12-04-2019 02:12 PM
2,301
wallenc on 11-26-2019 01:08 PM
1,649
Zoheb Shaikh on 11-19-2019 06:22 AM
1,345
Stanislav Belov on 11-12-2019 11:00 PM
2,222
SteveMat on 11-11-2019 02:27 PM
8,973
Alan La Pietra on 11-04-2019 06:26 AM
399
Sean Leonard on 11-01-2019 03:23 PM
431
Joe_Zinn on 11-01-2019 03:22 PM
524
Joe_Zinn on 11-01-2019 03:22 PM
438
Joe_Zinn on 11-01-2019 03:22 PM
335
Sean Leonard on 11-01-2019 03:21 PM
336
Joe_Zinn on 11-01-2019 03:21 PM
315
Joe_Zinn on 11-01-2019 03:21 PM
333
Joe_Zinn on 11-01-2019 03:20 PM
340
Joe_Zinn on 11-01-2019 03:20 PM
502
Joe_Zinn on 11-01-2019 03:20 PM
745
Joe_Zinn on 11-01-2019 03:20 PM
1,400
Joe_Zinn on 11-01-2019 03:20 PM
1,874
Joe_Zinn on 11-01-2019 03:20 PM
322
AMARSIGLIA on 11-01-2019 03:20 PM
347
Joe_Zinn on 11-01-2019 03:20 PM
311
ktackett on 11-01-2019 03:17 PM
299
AMARSIGLIA on 11-01-2019 03:12 PM
315
ktackett on 11-01-2019 03:12 PM
308
AMARSIGLIA on 11-01-2019 03:09 PM
293
ktackett on 11-01-2019 03:08 PM
303
ktackett on 11-01-2019 03:08 PM
291
ktackett on 11-01-2019 03:07 PM
354
ktackett on 11-01-2019 03:05 PM
297
AMARSIGLIA on 11-01-2019 03:02 PM
Latest Comments
@Ricoli610My tests confirm your remarks:DC: LDAP server signing requirement: None (default) means ldapserverintegrity registry value 1DC: LDAP server signing requirement: Required means ldapserverintegrity registry value 2(and not 0 and 1 as expected, which is confusing) This would mean that the pre...
0 Likes
@Paul Bergson; Great Article, my organization has moved to using InTune for BitLocker management and reporting, and it works spectacularly well. However, one thing your article leaves out that we had to learn the hard way: As a Hybrid-Join tenant, BitLocker will only escrow the BitLocker key to AD O...
0 Likes
@Alan La Pietra @ChadWst Thank you for all the additional information and links.Just flagging up that I've tried changing the Domain controller: LDAP server signing requirements setting in the DDCP from None to Required and this changed the ldapserverintegrity registry entry from 1 to 2 (below HKLM\...
0 Likes
Adding some other information Important to point out: LDAP over TLS/SSL communication are already signed as TLS would detect any modification of the payload as it can't be decrypted. The behavior for LDAP simple binds and LDAP simple binds through SSL are as follows: LDAP simple binds are rejected I...
0 Likes
@Alan La Pietra -- Another follow-up to your response. Up til this point I have considered LDAP signing and LDAP CBT mutually exclusive. Is this accurate? For example, could we disable LDAP signing=REQUIRED and move forward with CBT = 1? These changes dont have to be done together right?
0 Likes