Retired Microsoft Blog disclaimer
This directory is a mirror of retired "A Microsoft Premier Field Engineer's blog on Cloud and Security Technologies" TechNet blog and is provided as is. All posting authorship and copyrights belong to respective authors.

Posts on this page:

Original URL: https://blogs.technet.microsoft.com/xdot509/2016/05/16/update-to-microsofts-sha1-deprecation-policy/
Post name: Update to Microsoft’s SHA1 Deprecation Policy
Original author: chdelay
Posting date: 2016-05-16T01:20:59+00:00


See: https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/

-Chris

Original URL: https://blogs.technet.microsoft.com/xdot509/2015/12/30/steps-for-renewing-ndes-service-certificates/
Post name: Steps for renewing NDES Service Certificates
Original author: chdelay
Posting date: 2015-12-30T16:26:29+00:00


For those organizations that used the Network Device Enrollment Service run into is the process for renewing the certificates for NDES. I never was able to find good instructions on how to do this. So, I had no choice but to create my own. The steps in this blog posting cover how to renew the certificates used by the Network Device Enrollment Service. You will need to be logged in as an Enterprise Admin for most of the steps outlined in this posting.


Read more →
Original URL: https://blogs.technet.microsoft.com/xdot509/2015/12/27/administrator-workstations/
Post name: Administrator Workstations
Original author: chdelay
Posting date: 2015-12-27T15:21:06+00:00


I had previously published this information to my blog and accidently removed it from here. Re-adding the posting. I hope to find time to update this for Windows 10 in the future. Windows 10 has a feature named Credential Guard which greatly increases the security of credentials and help limits their exposure. This blog posting covers one possible way that Administrator Workstations could be configured to reduce the attack surface for Administrator Accounts. If you would like assistance with this Microsoft Consulting Services has a service named Privileged Administrator Workstation, where they can assist you with implementing Administrator Workstations. Their service is much more detailed and comprehensive then what I have provided here. The instructions here are just taking Microsoft’s PtH recommendations and showing how they could be implemented.


Read more →
Original URL: https://blogs.technet.microsoft.com/xdot509/2015/12/27/transitioning-your-pki-to-sha2/
Post name: Transitioning Your PKI to SHA2
Original author: chdelay
Posting date: 2015-12-27T14:53:00+00:00


Background

Hashing Algorithms

Hashing Algorithms take variable input and provide a unique fixed length output. Hashing algorithms have a number of desired properties. Those desired properties include that the hash should not be able to be reversed to determine the data that was inputted into the hash. Also, it should not be possible to produce collisions. A collision is when two separate inputs into a hash algorithm produce the same hash.


Read more →
Original URL: https://blogs.technet.microsoft.com/xdot509/2015/07/23/secure-administrator-workstations/
Post name: Secure Administrator Workstations
Original author: chdelay
Posting date: 2015-07-23T07:14:17+00:00


Are you a systems administrator for your organization? Do you have an administrative account that is a member of a privileged group such as Domain Admins or Enterprise Admins? Do you use that account on the same machine on which you check your email, or browse the internet?

If you answered yes to all of these questions, you have a problem. Well, I guess to more accurately describe this situation, your organization has a problem. This purpose of this article is to illustrate how an Administrator Workstation can be secured to limit the possibility of compromise.

Definitions

Productivity Workstation: Workstation used by a user to check email, access the internet, view and edit documents. This workstation is less trusted since it has a larger attack surface and is extremely susceptible to compromise.


Read more →