Core Infrastructure and Security Blog
Copied!
Home
Options
863
Stanislav Belov on 11-12-2019 11:00 PM
1,766
SteveMat on 11-11-2019 02:27 PM
4,342
Alan La Pietra on 11-04-2019 06:26 AM
169
Sean Leonard on 11-01-2019 03:23 PM
212
Joe_Zinn on 11-01-2019 03:22 PM
293
Joe_Zinn on 11-01-2019 03:22 PM
192
Joe_Zinn on 11-01-2019 03:22 PM
116
Sean Leonard on 11-01-2019 03:21 PM
118
Joe_Zinn on 11-01-2019 03:21 PM
113
Joe_Zinn on 11-01-2019 03:21 PM
113
Joe_Zinn on 11-01-2019 03:20 PM
118
Joe_Zinn on 11-01-2019 03:20 PM
168
Joe_Zinn on 11-01-2019 03:20 PM
508
Joe_Zinn on 11-01-2019 03:20 PM
600
Joe_Zinn on 11-01-2019 03:20 PM
506
Joe_Zinn on 11-01-2019 03:20 PM
111
AMARSIGLIA on 11-01-2019 03:20 PM
114
Joe_Zinn on 11-01-2019 03:20 PM
110
ktackett on 11-01-2019 03:17 PM
98
AMARSIGLIA on 11-01-2019 03:12 PM
103
ktackett on 11-01-2019 03:12 PM
100
AMARSIGLIA on 11-01-2019 03:09 PM
95
ktackett on 11-01-2019 03:08 PM
99
ktackett on 11-01-2019 03:08 PM
97
ktackett on 11-01-2019 03:07 PM
107
ktackett on 11-01-2019 03:05 PM
94
AMARSIGLIA on 11-01-2019 03:02 PM
93
AMARSIGLIA on 11-01-2019 03:02 PM
105
AMARSIGLIA on 11-01-2019 03:02 PM
96
AMARSIGLIA on 11-01-2019 03:01 PM
Latest Comments
I was able to find a Mac that I put in our isolated test network. In that environment, I set the DC GPO for "Domain Controller: require signing", the domain GPO to "Network Client: require signing". On the DC GPO I created the Registry entry for "LDAP Channel Binding = 1". I successfully tested usin...
0 Likes
ajm-b, yes that would be great. We'll be holding off on the domain controllers until February so I'll have some time. We do have a closed off test network and we may be able to test some Macs there. I don't know too much about Macs and I'm never one who joins them to the domain, but I had been under...
0 Likes
@CFS3RD, as I understand it "Require Signing" only has to do with non-TLS 389, it doesn't come into play with 636 binds. We have plenty of macs here - if you wanna hit me up in about a month I can probably tell you how it went.
0 Likes
Hyper-V virtual machines will be offered the microcode updates from Microsoft Update (assuming the CPUID matches) however the host is what really needs to be updated as it's payload is passed through to the virtual machines. From a Windows Server 2016 Virtual Machine: They are classified as "Updates...
1 Likes
For our third party applications and our OSX member computers that use LDAP over SSL (port 636), will they continue to communicate successfully with the domain controllers set to Require Signing? It sounds like they will fail. In that case we'll never be able to set it to Require Signing. Related, I...
0 Likes