One of the new and long awaited features in IIS 7 is support for FTPS or FTP over SSL.  By default all FTP data is transfered in clear text, including the user name and password.  From a security point of view you can see this is a bad thing.  FTPS to the rescue!  Before you begin you will need to download and install FTP for ...

Typically hotfixes are released on the second Tuesday of each month as you are all well aware.  Occasionally, I can personally only remember three including this one, there are out of band hotfixes released.  While we don’t normally post hotfix release notifications considering this is an out of band release I wanted to let you all know ...

In case you have been living under a rock for the past month you have most likely heard about the DNS cache exploit recently discovered by Dan Kaminsky.  This might be one of the most severe flaws discovered as it was cross platform affecting everything from Windows to Linux, UNIX, Cisco IOS etc....  It was so big in fact that all the ...

Here at the LazyAdmin we have talked quite a bit about using BitLocker with Windows Vista. With the introduction of Server 2008 you can now also leverage Bitlocker with your 2008 servers. This is particularly attractive when deploying Read Only Domain Controllers (RODC) to remote locations where physical security is questionable. One BitLocker ...

We have talked about enabling BitLocker Active Directory integration in a previous post now we will take a look at prepping your domain to implement this integration.  To take advantage of the several of the more compelling feature such as RODCs and Windows 2008 domain controllers we first need to extend the AD schema in our current ...

One of the nice things with RODCs is the ability to control cached credentials.  You can also pre-populate passwords for specific users, like a branch office user, in case the branch office connection goes down but this can be a security concern if that server gets stolen.  Server 2008 has a nice way of handling this so you can sleep ...

The other day I posted the first half of this video with the server side setup of NAP.  This video will cover the client side setup and testing on both Windows Vista and Windows XP SP3. Note: Double-click on the video to go full screen. If you want to give these demos a try yourself be sure to grab the lab build guide and demo scripts ...

Server 2008 is out and one of the very cool features is NAP or Network Access Protection.  This feature allow you to protect the internal network from threats.  There is a nice entry on Wikipedia explaining NAP but the TLA way is to show you the quick steps to get it done.  While I could write it out I figured video would be cool as ...

The other day I posted a tip on how to enable the Network Access Protection client on XP SP3.  The client is also built into Vista (RTM and SP1) and is a little easier to configure.  Although the same command line from the XP SP3 config can be used, there is a MMC console as well. Again before we configure the client we must set the ...

With the recent launch of Windows Server 2008 you are no doubt spending all your free time playing around with everything new.  One thing you might be playing around with is Network Access Protection.  There is a great document on getting a DHCP based NAP lab set up but one thing the document is missing is how to configure the NAP client ...

As you may know, BitLocker Drive Encryption only encrypts the C:\ drive.  If you have additional drives in your PC, or use an external USB hard drive with your notebook, you can't encrypt that drive with BDE.  Officially that is :) While Vista SP1 will bring support for encrypting the other volumes in your system you can do it today ...

We've done a few post on BitLocker around some of the more advanced features and controls.  The one thing we haven't touched yet is just how easy it is to encrypt your drive with BitLocker.  Before we get started on the procedure a little review of the options you can choose is in order. TPM Only - This is the easiest to deploy and ...

We have gone over the GPO settings for BitLocker recently and now we are going to cover the actual configuration of BitLocker on the computer itself.  There are two ways, the GUI way, or the CLI way.  Today we will focus on the CLI method.  There is one command that allows you to manage BitLocker via the CLI and that is ...

We posted an article earlier about configuration settings in BitLocker. We covered most of the tabs from the GPO configuration settings. If you investigated the BitLocker Administrative Template you may noticed a final configuration you can adjust. This is the ''Configure TPM Platform validation profiles''   This GPO ...

TLA reader Drew Dressler saw the instructions posted on this site on  using a Windows CA to generate and SSL certificate for an Apache webserver.  He has another method he wanted to share that he uses to do the same thing.  These instructions assume you have apache 2.x running on a linux box with 2.6 kernel or later with ...