Providing the best user experience with a Single-Sign-On (SSO) capability without compromising security is key of successful implementations of federation services. I personally like the ADFS model and SAML (Security Assertion Markup Language) because is robust, effective and suitable from small to large organizations offering an incredible amount of features if it configured/implemented correctly. Continue reading “How to Turn On ADFS Security Auditing with Powershell”
If not well designed or managed, User and Administrator privilege separation for users/system administrators on a Windows OS can be painful for both sides. Indeed, Windows OS doesn’t have a simple and neat management like a SUDO on Linux OS, but settings need to be tailored with GPO or at least with different users.
Regular user accounts (e.g. Domain Users) should not be a member of the local administrators group for a security point of view.
Using separate users: a standard one and an admin member of the local administrators group is at least a good way to mitigate the risk of potential/malicious/accidental damage to the system. It doesn’t matter if most of the today’s threats can deal with the regular user context.
Nothing new if you’re familiar with the least privilege access, if is something you’ve never think about it… Well, I can use a simple effective analogy for allowing user with local admin rights on their workstation.. it’s like to let them run with the scissors all the time… is it worthy or simply asking for trouble?
There are many really good tools capable of generating random passwords with different complexity and purposes. Some of them are integrated in password managers, some embedded in the browser others available programmatically from the cli with no need to use an online password generator. Continue reading “PowerShell: Random Password Generator”
I like to keep it simple, but I think that “secure-by-default” description of PowerShell is telling the story wrong, like saying that powershell is just a glorified command prompt or a modern replacement for VB Script. It not setting the right context and showing which goal we want to reach.
Proxy servers are everywhere and used for more than one purpose. Frequently a bad configuration of a proxy server on the device can be the root cause of users navigation problems or negative experience, needless to say that companies use group policies to manage proxy settings or transparent proxy in a router/firewall to avoid this problem. In general a proxy server has positive impact on the user experience and the user is not even aware of it. Continue reading “How To Modify Your Proxy Settings with Powershell”