Core Infrastructure and Security Blog
Copied!
Home
Options
824
Stanislav Belov on 11-12-2019 11:00 PM
1,745
SteveMat on 11-11-2019 02:27 PM
4,266
Alan La Pietra on 11-04-2019 06:26 AM
164
Sean Leonard on 11-01-2019 03:23 PM
210
Joe_Zinn on 11-01-2019 03:22 PM
290
Joe_Zinn on 11-01-2019 03:22 PM
188
Joe_Zinn on 11-01-2019 03:22 PM
112
Sean Leonard on 11-01-2019 03:21 PM
115
Joe_Zinn on 11-01-2019 03:21 PM
111
Joe_Zinn on 11-01-2019 03:21 PM
111
Joe_Zinn on 11-01-2019 03:20 PM
116
Joe_Zinn on 11-01-2019 03:20 PM
164
Joe_Zinn on 11-01-2019 03:20 PM
479
Joe_Zinn on 11-01-2019 03:20 PM
568
Joe_Zinn on 11-01-2019 03:20 PM
477
Joe_Zinn on 11-01-2019 03:20 PM
106
AMARSIGLIA on 11-01-2019 03:20 PM
109
Joe_Zinn on 11-01-2019 03:20 PM
106
ktackett on 11-01-2019 03:17 PM
96
AMARSIGLIA on 11-01-2019 03:12 PM
100
ktackett on 11-01-2019 03:12 PM
97
AMARSIGLIA on 11-01-2019 03:09 PM
92
ktackett on 11-01-2019 03:08 PM
96
ktackett on 11-01-2019 03:08 PM
94
ktackett on 11-01-2019 03:07 PM
104
ktackett on 11-01-2019 03:05 PM
91
AMARSIGLIA on 11-01-2019 03:02 PM
90
AMARSIGLIA on 11-01-2019 03:02 PM
101
AMARSIGLIA on 11-01-2019 03:02 PM
93
AMARSIGLIA on 11-01-2019 03:01 PM
Latest Comments
I was able to find a Mac that I put in our isolated test network. In that environment, I set the DC GPO for "Domain Controller: require signing", the domain GPO to "Network Client: require signing". On the DC GPO I created the Registry entry for "LDAP Channel Binding = 1". I successfully tested usin...
0 Likes
ajm-b, yes that would be great. We'll be holding off on the domain controllers until February so I'll have some time. We do have a closed off test network and we may be able to test some Macs there. I don't know too much about Macs and I'm never one who joins them to the domain, but I had been under...
0 Likes
@CFS3RD, as I understand it "Require Signing" only has to do with non-TLS 389, it doesn't come into play with 636 binds. We have plenty of macs here - if you wanna hit me up in about a month I can probably tell you how it went.
0 Likes
Hyper-V virtual machines will be offered the microcode updates from Microsoft Update (assuming the CPUID matches) however the host is what really needs to be updated as it's payload is passed through to the virtual machines. From a Windows Server 2016 Virtual Machine: They are classified as "Updates...
1 Likes
For our third party applications and our OSX member computers that use LDAP over SSL (port 636), will they continue to communicate successfully with the domain controllers set to Require Signing? It sounds like they will fail. In that case we'll never be able to set it to Require Signing. Related, I...
0 Likes