Bulk change specific permissions for users

A friend of mine recently had problems regarding uploading certificates to GAL. As a matter of fact the users were unable to upload certificates when they choose "Publish To GAL". In this case the most errors you get is "Microsoft office Outlook was unable to publish your certificates. The server may be offline or your certificates may be invalid". 

The auditor of auditors: 'LepideAuditor Suite'

Today, in modern days of technology, the concept of auditing has become one of the interesting facts in Information Technology (IT). Back in days, when I was probably playing with my SNES, the concept of auditing was so hard to follow with built-in applications and consoles, but today, you can find many applications which either covers a specific part of auditing or support a huge number of services and applications. Among them, it is rare to find a solution which covers a whole range of services and audits, but ‘LepideAuditor Suite’ is one of those rare. In this article we will talk about this application.

Create Shadow Groups (Dynamic Groups) in Active Directory

Recently I faced a request from a client wanting a Dynamic Security Group in Active Directory which automatically update its members.. However we do have the concept of dynamic objects in Active Directory (I promise to speak on that on another article), but this one was completely different. The client wanted to have a security group which automatically removes the disabled users from it. So I started a lovely conversation with my lovely friend PowerShell.

Fix Group Policy error 1058

Greetings again,
 
Sorry for not being here for a long period of time. Recently I faced a strange issue which made me to pen down an article about it. So I will share this experience in case you may encounter it in near future.
While updating group policy clients my client was receiving an error indicating that the group policy folder in SYSVOL is not accessible. At first I thought that it might be related to some problems in DFS share and NETLOGON but it seemed everything was working perfectly because there was no error in DFS event log of the domain controllers.

Manipulating Active Directory search and add custom attribute

Delegation Wizard is one of the great features in delegating permissions to a group or user in order to delegate the responsibility and administering of objects in Active Directory. This wizard is maintained using delegwiz.inf file in each domain controller. In this tutorial we will cover how to manipulate this wizard and add our custom tasks into the default tasks of Delegation Wizard.

Manipulating the delegation wizard is not a difficult process. Firstly you have to navigate to %systemroot% and copy the delegwiz.inf file to your desktop. We have to do this because the file is protected and you are not allowed to overwrite the file. Once you copied the file you open it using notepad and edit using the following way.

Am I locked out? Where? How?

Account lockout feature is one of the powerful methods in order to prevent password related attacks. Using this method victim user account will be locked out after a number of failed attempts in a specific period of time. This feature has found its way to a lot of other technologies these days. My cellphone will be locked out after three wrong passwords and will not be able to work for about 2 minutes.
Although this policy can help you to prevent attackers from guessing user’s password, it is important to consider the risk provided by this solution in your environment because authorized users can lock themselves by mistyping their passwords when they do not remember the password. This problem can be quite costly for your organization, because locked out accounts will be unable to logon unless their accounts unlocks automatically after specific period of time or get unlocked by an administrator