Sign PowerShell scripts

If you’re troubleshooting lockout issues or if you have some security concerns, you can display stored usernames and passwords with : Continue reading →

Modify Active Directory Computer Password Maximum Age

Posted on April 3, 2014 by edemilliere

Hello,

You can modify maximum computer password age with GPO :
Continue reading →

[UpDate] Find the bitlocker key of a deleted computer in ActiveDirectory

Posted on March 31, 2014 by edemilliere

Hello,

Here an update about that old post, I made a PowerShell function an posted it on technet.
Continue reading →

Deny “Password Never Expire” for Everyone

Posted on December 16, 2013 by edemilliere

Hello,

Hereunder a nice “feature” I just learned about :

It’s possible to deny the permission to tick the case “Password Never Expire”, while keeping the possibility to enable/disable the account, and manipulate the other bits of the “UserAccountControl”.

I think this is useful for help desk people and delegated administrators, to ensure they change their passwords regularly, without affecting their ability to work.

This is an ACL at the domain level :

Note : This ACL is defaulted to “Allow”.

I just modified to deny this permissions, and try to tick that case with the “Administrator” account :

This case is click-able, but you can’t apply your modifications :

You have some others permissions that can be pretty handy domain-wide :

Deny Password Never Expire for Everyone

Posted on December 16, 2013 by edemilliere

Hello,

Hereunder a nice “feature” I just learned about :

IT for Dummies

Just another IT WordPress site

Tag Archives: Security

Sign PowerShell scripts

Weak password encryption in Group Policy Preference

Get Remote Registry Access ACL

Display stored usernames and passwords

Modify Active Directory Computer Password Maximum Age

[UpDate] Find the bitlocker key of a deleted computer in ActiveDirectory

Deny “Password Never Expire” for Everyone

Deny Password Never Expire for Everyone