Category Archives: Group Policy

How to enable Active Directory auditing

Despite Active Directory having been around for more than 10 years, I still find new implementations proceeding without directory service access auditing enabled.  For me, auditing of who does what, where and when in your directory is crucial information.  I can’t fully fathom why Microsoft doesn’t have it enabled with some sensible defaults out of the… Read More »

FIPS Cryptography causes slow RDP session

I’ve recently been looking at Microsoft’s Security Compliance Manager 3.0.  SCM allows provides a rich set of server-role-based security baselines for deployment using either GPO or SCCM.  This latest version includes baselines for Windows Server 2012.  After deploying the “WS2012 Domain Controller Security Compliance 1.0” baseline settings via GPO into my lab environment I found RDP sessions to… Read More »

The Net Accounts Command

You probably know this, but for some reason I only found out about it when someone showed it to me the other day.  Anyway, in the interests of sharing…. A really quick way to find the domain password and account lockout policy is to run the following from a CMD prompt: net accounts The output… Read More »

Powershell 2.0 Script to Backup GPOs

  A little while back I posted a Powershell 1.0 script to backup all the GPOs in a domain.  Now that Powershell 2.0 is available together with the Group Policy module it is much easier to script Group Policy tasks.  The attached script is basically a re-write of my previous script, but now using the… Read More »

PowerShell GPMC scripts

  The other day I had a need to configure scheduled backups of GPOs to file on a Windows Server 2008 Domain Controller.  Aha (I thought), I’ve done this before using the BackupAllGPOs.wsf script that is included along with a whole bunch of other handy scripts when you install the Group Policy Management Console (GPMC). … Read More »

10 Active Directory Bad Habits

  I encounter a fair number of AD implementations as part of my work.  Some are good, some bad and some just plain ugly.  Here’s a more or less random collection of bad habits that I see quite regularly and some tips on how to avoid and/or kick them. 1.  Poor or missing Active Directory… Read More »