Core Infrastructure and Security Blog
Copied!
Home
Options
799
Stanislav Belov on 11-12-2019 11:00 PM
1,719
SteveMat on 11-11-2019 02:27 PM
4,206
Alan La Pietra on 11-04-2019 06:26 AM
154
Sean Leonard on 11-01-2019 03:23 PM
203
Joe_Zinn on 11-01-2019 03:22 PM
283
Joe_Zinn on 11-01-2019 03:22 PM
180
Joe_Zinn on 11-01-2019 03:22 PM
105
Sean Leonard on 11-01-2019 03:21 PM
109
Joe_Zinn on 11-01-2019 03:21 PM
104
Joe_Zinn on 11-01-2019 03:21 PM
105
Joe_Zinn on 11-01-2019 03:20 PM
110
Joe_Zinn on 11-01-2019 03:20 PM
154
Joe_Zinn on 11-01-2019 03:20 PM
436
Joe_Zinn on 11-01-2019 03:20 PM
520
Joe_Zinn on 11-01-2019 03:20 PM
433
Joe_Zinn on 11-01-2019 03:20 PM
98
AMARSIGLIA on 11-01-2019 03:20 PM
102
Joe_Zinn on 11-01-2019 03:20 PM
100
ktackett on 11-01-2019 03:17 PM
90
AMARSIGLIA on 11-01-2019 03:12 PM
94
ktackett on 11-01-2019 03:12 PM
90
AMARSIGLIA on 11-01-2019 03:09 PM
86
ktackett on 11-01-2019 03:08 PM
87
ktackett on 11-01-2019 03:08 PM
88
ktackett on 11-01-2019 03:07 PM
97
ktackett on 11-01-2019 03:05 PM
85
AMARSIGLIA on 11-01-2019 03:02 PM
84
AMARSIGLIA on 11-01-2019 03:02 PM
95
AMARSIGLIA on 11-01-2019 03:02 PM
87
AMARSIGLIA on 11-01-2019 03:01 PM
Latest Comments
I was able to find a Mac that I put in our isolated test network. In that environment, I set the DC GPO for "Domain Controller: require signing", the domain GPO to "Network Client: require signing". On the DC GPO I created the Registry entry for "LDAP Channel Binding = 1". I successfully tested usin...
0 Likes
ajm-b, yes that would be great. We'll be holding off on the domain controllers until February so I'll have some time. We do have a closed off test network and we may be able to test some Macs there. I don't know too much about Macs and I'm never one who joins them to the domain, but I had been under...
0 Likes
@CFS3RD, as I understand it "Require Signing" only has to do with non-TLS 389, it doesn't come into play with 636 binds. We have plenty of macs here - if you wanna hit me up in about a month I can probably tell you how it went.
0 Likes
Hyper-V virtual machines will be offered the microcode updates from Microsoft Update (assuming the CPUID matches) however the host is what really needs to be updated as it's payload is passed through to the virtual machines. From a Windows Server 2016 Virtual Machine: They are classified as "Updates...
1 Likes
For our third party applications and our OSX member computers that use LDAP over SSL (port 636), will they continue to communicate successfully with the domain controllers set to Require Signing? It sounds like they will fail. In that case we'll never be able to set it to Require Signing. Related, I...
0 Likes