The Active Directory Advisor

Welcome to the newest and coolest place to get Active Directory solutions and tips. I’m Derek Melber, here to provide you with the most relevant, innovative solutions for your Windows Active Directory issues.

Those of you who know me might have seen me speak at TechEd or MMS. Or you might have read one of my numerous online articles on security. Or you might have even read one of the 15 books that I’ve written over the past 16 years.

For those of you who don’t know me, I welcome you to my world! In addition to the points above, I have been a Microsoft MVP (Active Directory and Group Policy) for the past 15 years. During this time I have had the opportunity to speak, educate, write, and consult for thousands of administrators and companies.

I am going to be producing some powerful solutions that will meet the needs of all Windows Active Directory administrators. There are so many issues related to Active Directory that plague Windows administrators all over the world, and those issues typically fall under the concept of Active Directory management.

Although Active Directory has been around for 14 years now, nearly every administrator continues to have a problem solving easy and complex issues alike, including user, group, and computer management challenges. There are, however, tricks, tools, and other options that you can deploy to solve these issues with great precision and efficiency. These solutions are exactly what I plan to provide for you, leveraging my experience and insight so you can apply them in your environment.

My goal is to provide you with solutions to Active Directory management issues through this blog. These blog posts will teach you detailed concepts related to Active Directory, Group Policy, security, and auditing that you can’t find anywhere else. In addition to this blog, I am going to be providing you with articles, videos, webinars, seminars, and more. I want to give you the knowledge to make you a mean-lean administrative machine!

Just to give you an idea of what is to come, here are a couple of small nuggets for you to chew on:

  1. Did you know that you can track when applications and service accounts are using NTLM or not? Many know that NTLM is still supported even in the latest installation of a Windows Server 2012 R2 Active Directory domain. The rub is that you just can’t disable NTLM or things might break. If you use some new audit functions within Group Policy, you can start to track the use of NTLM authentications. Here’s a link to the details on how to accomplish this: http://technet.microsoft.com/en-us/library/jj865674(v=ws.10).aspx
  2. When you are using a third-party password management and self-service password tool, you want to ensure that the users can’t bypass the tool to change their domain user password. So you can remove the Change Password option (available when you press Ctrl-Alt-Del) by hacking the registry. Here’s how:
    • The path to the setting is: [HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesSystem.
    • The name of the value you want to change is DisableChangePassword and the data should be 1.

    You can also modify this by using the local policy or a Group Policy Object in Active Directory. That path is User ConfigurationPoliciesAdministrative TemplatesSystemCtrl-Alt-Del OptionsRemove Change Password. Set this policy to Enabled.

As you can see, my goal is to give you power over your Windows Active Directory environment with small tips – and some larger tips from time to time! I know you will find my tips, tricks, and options to be helpful. I appreciate you giving me your time and look forward to what is coming.

You Can Learn More About the ManageEngine Product Line By Going to www.ManageEngine.ca

The original article/video can be found at The Active Directory Advisor

About the Author: Shannon Lewis

Leave a Reply