In its February-Patch, Microsoft covers an important security gap which allows attackers to execute malicious code on user PCs. It concerns the function for executing batch-files and scripts – e.g. during logon to a client – on all Windows client- and server-systems (since Windows Vista/ Windows Server 2003). That gap, caused by reloading scripts and […]
Some days ago, I wanted to activate the group policy for the KDC claim support to use Dynamic Access Control. The AD domain consisted of Windows Server 2008 R2 and Server 2012 domain controllers. Because it was a new group policy of Server 2012, I contacted such a 2012 DC.
Log-ons do not work, permissions do not take effect and group policies can not be applied. The reason could be that the user has memberships in too many Active Directory groups. You may try to incease the MaxTokenSize to fix this issue.
Extended administration of group policies with the help of AGPM (Advanced Group Policy Management) The article gives you an overview about AGPM.
Windows Server 2008 R2 and Windows Remote Server Administration Tools (RSAT) come with some nice CMDlets for the processing of group guidelines: Create, delete and save Group Policy Objects Import GPO’s Generate reports Set authorizations on GPO’s Link GPO’s to OU’s
- Nesting groups in Active Directory
- Create home directory and grant permissions with PowerShell
- Creating an individual random password with PowerShell
- Retrieve Active Directory subnets with PowerShell
- Editing users of other domains – with PowerShell
- Azure Basics: Connecting with Azure (PowerShell)
- PowerShell Custom Objects
- Logon Script does not start on Windows Server 2012 R2 domain
- IsMember – Check group membership in Active Directory
- Dynamic OU Groups – Assign Permissions to OUs