Category: Microsoft

Associating the DNIe with Active Directory users and authenticating with SmartCard

In this document we will see how we can associate the digital certificates of the DNIe with SmartID (Electronic ID card) with the user accounts in our Active Directory, It is ideal for authenticating our employees without a username and password, of course, we can later associate it with the rest of the services we need, if we have access via the web, Citrix… we'd just need a card reader on each piece of equipment and you're good to go, It could even be used to put a device at the front door in the office to validate physical entry, Time Management… all through smart card-based authentication.

Using ThinStation to Reuse Computers as a Thin Client

I've been working with this kind of wonder for a long time, It is an ideal for companies, Incredible savings of all kinds, The use of thin client philosophy in an organization. In this document we will see a free project that allows us to use any computer and convert it into a light computer or thinclient. There are other Linux distributions that are also based on this philosophy, And this seems to me to be the best, since it has a lot of packages that we can add to the posts and people who contribute.

Installing and configuring Microsoft Forefront Protection 2010 for Exchange Server

Microsoft Forefront Protection 2010 for Exchange Server (FPE) is the Edge Protection Server for a Microsoft Exchange organization 2010, where we can manage all the blocking of incoming mail in order to reject unwanted emails either by the condition we configure (Anti SPAM), since it provides us with 5 Anti-Antivirus Definition Engines from Different Manufacturers! We will also avoid anti-malware, We have the possibility of extensive configuration from a console that is easy to manage, We also have an information area that is also quite cool. And manageability with PowerShell, of course! This server must be the one that collects external mail and sends it to our organization, the ideal is to mount it on the server that is in the DMZ totally isolated from our organization and on the server with the Edge Transport function.

Using Microsoft IT Environment Health Scanner to diagnose our Active Directory

Today we see a utility called Microsoft IT Environment Health Scanner, it will help us to diagnose our Microsoft environment, at the Active Directory level. First we will install it and see the number of tests it performs, indicating the status of them. In addition, if we have any problem, it will propose a document from the KB of the Microsoft Support website. It's important, as it can serve as support before making any migration or major change, knowing the state of everything.

Installing certificates for our users via GPO

In any organization, Our users need certificates to access certain websites, whether for your own authentication or on behalf of your company. The most normal thing is that it is? install the certificate on the computer with the logged-in user, which is a manual process and that we have to take into account when a new person enters the organization, or when we have to renew a certificate, We have to do this process as many times as necessary. Well, we can use the directives of our Active Directory to assign certificates to users fully automatically.

How to renew Exchange self-signed certificates 2007

This article shows a task that we will have to perform in our Microsoft Exchange organization 2007, as the services offered by Exchange use certificates to ensure connectivity, whether internal or external communication. In principle, once we have installed Exchange Server 2007, The certificates you generate for each service will last us a year, so before they expire we will have to renew them, We will detect this with events in the Event Viewer, or directly due to a drop in said service.

How to renew Exchange self-signed certificates 2010

In Exchange 2010 It is well known that in order to communicate securely, each Microsoft Exchange Server service uses a secure connection using certificates; these certificates ensure the IMAP connection (Internet Message Access Protocol), POP (Post Office Protocol), SMTP (Simple Mail Transfer Protocol), IIS (Internet Information Services) and UM (Unified Messaging). And we will take special care to keep them renewed or valid. On Exchange Server 2007 this renewal process was carried out with three commands in PowerShell and now they have implemented the possibility of doing it through a wizard!

Installing an Exchange in the DMZ 2010 with the perimeter transport function

If we have a Microsoft Exchange Server organization already deployed on our network and we want to give it more security, we may deploy an Exchange server in the DMZ or DMZ with the intent not to directly expose our Exchange servers on the LAN to the internet. Microsoft has a role or function called Edge Transport function that will allow us to filter spam, as well as antivirus or create transport rules.

RODC Password Replication Policy

The Password Replication Policy (PRP) indicates which user credentials will be cached on the Read Only Domain Controller (RODC) based on Windows Server 2008 o Windows 2008 R2. This is necessary when we have delegations in our company and we want to put an RODC in the delegations with the functions that we are interested in and also allows users to authenticate in these DCs and the authentication process is faster since no traffic is generated by the WAN with this type of traffic.

New Windows 2008 R2: Offline domain join

Otra de las novedades que trae Windows 2008 R2, es la posibilidad de unirnos a un dominio sin conexión, This is, no tenemos por qué tener conectividad entre el equipo y el controlador de dominio para poder unirnos y no tener que generar tráfico entre ambos equipos. Esto es ideal para cuando desplegamos equipos en grandes cantidades o los mandamos a nuestras delegaciones preparados para ser arrancados (generados a partir de imágenes), para no tener que unirles en dominio desde ahí y mediante AIK unirles al dominio mediante un archivo de respuesta (For example).