Group policy can be daunting. I'm sure I've shared other people's frustrations when just simply looking for a particular setting. There's been countless times when I wished I could just do a search on the whereabouts of a particular setting. At least, these spreadsheets are searchable:
http://www.microsoft.com/en-us/download/details.aspx?id=25250
Welcome. Here you will find information on technical subject matter that I love or despise, as well as practical information you may find handy in your own troubleshooting experiences. Questions and comments are always welcome.
Monday, September 24, 2012
Tuesday, September 11, 2012
RANTS & RAVES: Fingerprint Reader Software by UPEK
I have my reservations about fingerprint readers. This article about how the UPEK software stores a users passwords in a very insecure way, serves to make me more wary about anything that stores passwords.
http://blog.crackpassword.com/2012/08/upek-fingerprint-readers-a-huge-security-hole/
Fortunately, the silver lining I'm pulling out of this story rests with the great advantage of using disk encryption such as BitLocker. If the disk is encrypted, then the not so securely stored password for the fingerprint reader turns out the encrypted just by virtue of being stored on the same disk. If you've got multiple drives or volumes, then make sure that the separate drives are encrypted too.
Lesson learned before I get into any trouble.
http://blog.crackpassword.com/2012/08/upek-fingerprint-readers-a-huge-security-hole/
Fortunately, the silver lining I'm pulling out of this story rests with the great advantage of using disk encryption such as BitLocker. If the disk is encrypted, then the not so securely stored password for the fingerprint reader turns out the encrypted just by virtue of being stored on the same disk. If you've got multiple drives or volumes, then make sure that the separate drives are encrypted too.
Lesson learned before I get into any trouble.
Labels:
authentication,
encryption,
fingerprint,
rants,
raves,
security
TIPS & TRICKS: Active Directory Users & Computers Filtering
Handy little LDAP query to filter users who have not changed passwords after a certain date (in this case, September 5th) (all one line):
Here are the steps to run the filter:
(&(objectCategory=user)(pwdLastSet>=129913020000000000)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
Here are the steps to run the filter:
- In ADUC, click on Set Filtering options icon
- click "Create custom", then Customize button
- click on Advanced tab, then enter (or copy/paste) LDAP query:
- (&(objectCategory=user)(pwdLastSet>=129913020000000000)(!(userAccountControl:1.2.840.113556.1.4.803:=2)))
- then click OK button, then OK again to close Filter Options
- In OU list at left, navigate to your OU, which will now show only users who have changed password since cutoff time.
- 129913020000000000 = number of 100 nanosecond intervals since Jan 1, 1601 to 9/5/2012 12:00 AM.
- (!(userAccountControl:1.2.840.113556.1.4.803:=2)) is a bitwise operation to exclude disabled users.
- If you want to return to seeing all users and objects, you need to clear the filter, by clicking on Set Filtering options icon, then click "Show all types of objects"
- You can reverse the query to see users who haven't changed password yet, by changing the query string >= to <=
Labels:
Active Directory,
filtering,
ldap,
passwords,
query,
tips and tricks
Subscribe to:
Posts (Atom)