Filtering Event ID 4624 by Logon Type

Let me paint a picture for you:  High level exec walks in and says someone has been on his computer.  “I want to know every time someone has logged into my computer in the last month!” Okay, not so bad.  Get into the event viewer of the machine either locally or remotely, go to your […]

Enabling Password Change for RDS 2012R2/2016

The ability for a user to change their password when it has expired via the Remote Desktop Services webpage is disabled by default.  Enabling the feature is quite simple, but with anything take a moment to consider the security implications and make sure that your organization is okay with the risk. Connect to the server […]

Create Exchange Online IP Blacklist

You may have gotten the hint over the last few posts that I had some brute force issues from a particular set of IPs (a couple /24’s to be exact).  Well after much heartache I found the solution.  Thinking about it now this is probably a pretty common on-prem Exchange configuration option, but alas I […]

Configuring Exchange Online Client Access Rules

Client Access Rules give you a lot of control over who can access Exchange Online from where.  Microsoft gives a pretty good definition so I’ll just throw that at you because I’m lazy: Client Access Rules help you control access to your Exchange Online organization based on client properties or client access requests. Client Access […]

Enabling Extranet Lockout in AD FS 3.0

Brute force attacks can be quite the nuisance for users, especially if they manage to start hitting your AD FS portal with authentication attempts.  The Extranet Lockout feature can help alleviate these pains by preventing the users local AD account from being locked out, but it is by no means a complete solution.  Please see […]

Error signing into authentication app when activating Office 2016

When users were trying to authenticate through Office 2016 to activate the product, they were receiving the following error message upon being redirected to their AD FS login page while on the internal network. An error occurred An error occurred. Contact your administrator for more information. Error details Activity ID: 00000000-0000-0000-c32d-00800000005e Relying party: Microsoft Office […]