Core Infrastructure and Security Blog
Copied!
Home
Options
765
Stanislav Belov on 11-12-2019 11:00 PM
1,690
SteveMat on 11-11-2019 02:27 PM
4,179
Alan La Pietra on 11-04-2019 06:26 AM
149
Sean Leonard on 11-01-2019 03:23 PM
197
Joe_Zinn on 11-01-2019 03:22 PM
279
Joe_Zinn on 11-01-2019 03:22 PM
176
Joe_Zinn on 11-01-2019 03:22 PM
101
Sean Leonard on 11-01-2019 03:21 PM
105
Joe_Zinn on 11-01-2019 03:21 PM
99
Joe_Zinn on 11-01-2019 03:21 PM
100
Joe_Zinn on 11-01-2019 03:20 PM
106
Joe_Zinn on 11-01-2019 03:20 PM
150
Joe_Zinn on 11-01-2019 03:20 PM
397
Joe_Zinn on 11-01-2019 03:20 PM
481
Joe_Zinn on 11-01-2019 03:20 PM
394
Joe_Zinn on 11-01-2019 03:20 PM
94
AMARSIGLIA on 11-01-2019 03:20 PM
98
Joe_Zinn on 11-01-2019 03:20 PM
97
ktackett on 11-01-2019 03:17 PM
87
AMARSIGLIA on 11-01-2019 03:12 PM
91
ktackett on 11-01-2019 03:12 PM
87
AMARSIGLIA on 11-01-2019 03:09 PM
82
ktackett on 11-01-2019 03:08 PM
82
ktackett on 11-01-2019 03:08 PM
84
ktackett on 11-01-2019 03:07 PM
93
ktackett on 11-01-2019 03:05 PM
82
AMARSIGLIA on 11-01-2019 03:02 PM
81
AMARSIGLIA on 11-01-2019 03:02 PM
92
AMARSIGLIA on 11-01-2019 03:02 PM
84
AMARSIGLIA on 11-01-2019 03:01 PM
Latest Comments
I was able to find a Mac that I put in our isolated test network. In that environment, I set the DC GPO for "Domain Controller: require signing", the domain GPO to "Network Client: require signing". On the DC GPO I created the Registry entry for "LDAP Channel Binding = 1". I successfully tested usin...
0 Likes
ajm-b, yes that would be great. We'll be holding off on the domain controllers until February so I'll have some time. We do have a closed off test network and we may be able to test some Macs there. I don't know too much about Macs and I'm never one who joins them to the domain, but I had been under...
0 Likes
@CFS3RD, as I understand it "Require Signing" only has to do with non-TLS 389, it doesn't come into play with 636 binds. We have plenty of macs here - if you wanna hit me up in about a month I can probably tell you how it went.
0 Likes
Hyper-V virtual machines will be offered the microcode updates from Microsoft Update (assuming the CPUID matches) however the host is what really needs to be updated as it's payload is passed through to the virtual machines. From a Windows Server 2016 Virtual Machine: They are classified as "Updates...
1 Likes
For our third party applications and our OSX member computers that use LDAP over SSL (port 636), will they continue to communicate successfully with the domain controllers set to Require Signing? It sounds like they will fail. In that case we'll never be able to set it to Require Signing. Related, I...
0 Likes