Home Windows Server

Windows Server Security

9 Conversations

Latest Activity

Custom List Message Item

Hi All,


I have a question; I am looking to take a relatively flat network and carve it up a bit - creating some new VLANS and separating server and client endpoints, etc. (with NG firewalls, and so on...)


Anyway... I am curious how folks are dealing with

... Read More
2 Replies

Before answering this question, I think it best to ask what goal you are accomplishing by doing this?  The answer can be taylored to that specific goal.

We are looking at options for having our servers autoenroll for certifcates using the computer template.  We have a 2-tier setup with an offline root and an enterprise sub CA joined to our main domain.  I am able to get autoenrollment working for our main

... Read More
2 Replies

Hi Keith.

Excellent that you have a tiered CA structure!

To your issue with enrolling untrusted computers, I would like to raise the concern that autoenrollment's security

... Read More

Hi. We want to purchase a product to collect eventlogs from all our Domain Controllers. We have tested Microsoft own "log shipping" and it is not what we are looking for.

So I want to know if anyone have an implementation/product that they can recommend.


... Read More
2 Replies

Hi Jesper.

I understand and share your concern regarding installing an agent on the servers.

While agentless implementations do not have the potential problems of updating

... Read More

Hi Jesper, can you please elaborate on the issue with the Microsoft log shipping?


You might also want to check out the Microsoft Operations Management Suite (does inclu

... Read More

Does it support other HSM (eg. Thales) for shielded VM's or is Bitlocker our only option?

2 Replies
Shielded VM supports HSM connected to the Host Guardian Service. The Shielded VM itself is encrypted using BitLocker with a key that reside inside a virtual TPM. The virt... Read More
From the Tech Ed only bitlocker

 This days MFA is getting more and more popular so I  was wondering why not add new feature to Windows family so when server boots Bitlocker could be unlocked not by network but by MFA

What do you think would this be even possible ?

2 Replies
Thanks for your suggestion! Feel free to submit your feature idea to Windows Server UserVoice, located here: https://windowsserver.uservoice.com/forums/295047-general-feedback Read More

Hi All,


Sharing a blog post I wrote about JEA for DNS Server 





Read More
0 Reply

I have 3 backed RDP servers where users seem to randomly get printers so I attempted to create a group and a GPO to add a default printer but it is not working. Any ideas?

3 Replies
Hi Lance what does "backed" mean, typo?

We definitely need more details on what "isn't working". But I'll make some assumptions based on your wording.

It's seems like your ... Read More
Need more details. Are you using traditional RDP where the users are getting a full desktop and interacting with that desktop? If so, is that the user environment that yo... Read More

As a lot of you will know Windows Server 2016 is officially launching next week at Microsoft Ignite.  Learn about the sessions for Ignite, and get video previews of some of the new features in Windows Server 2016 that help prevent attacks and detect suspi

... Read More
0 Reply

There are several improvements in term of security in Windows Server 2016, you may see list of improvements on:




What other improvements you l

... Read More
0 Reply