Office 365 archive mailboxes
Office 365 provides the function of Archiving which provides users with additional mailbox storage space. When this is enabled items in the user’s mailbox that are older than the archiving …
intensely inquisitive about all things networking
Office 365 provides the function of Archiving which provides users with additional mailbox storage space. When this is enabled items in the user’s mailbox that are older than the archiving …
Litigation Hold is offered by Microsoft to preserve all mailbox content, including deleted items and original versions of modified items for a specified period which can be unlimited or until …
DKIM allows the receiving email server to check that the email from a specific domain is authorized by the owner of the domain. This email authentication method was designed to …
A Sender Policy Framework (SPF) record is a TXT record that you add to your domain to help your recipients’ email server verify where email from your domain should be …
Azure firewall is a stateful firewall that is managed and cloud-based for our Azure resources. It has been build for high availability that is built in so no need for …
In this post, we will deploy a VM to Azure using Terraform, in the previous post we deployed the Resource Group and Virtual Network. Now we will build on this …
Each time we run terraform it records the infrastructure created in a Terraform state file. It is a custom JSON format that maps the resources in Azure, AWS, Google, etc …
In Terraform arguments can have a number of values assigned to it. These lists are surrounded by a couple of square brackets [] and are a sequence of comma-separated values. …
In our last couple of posts on Building Infrastructure and modify we created a resource group within Azure and then modified the tags. Having a single resource group is not …
In our previous post, we build a resource group in Azure. Below we are going to see what happens when we modify it. As companies grow or decrease, infrastructure constantly …
In this post, we will use the example configuration described here to build a resource group in Azure. An Azure resource group is used to logically group resources together, in …
The files that are used to build the infrastructure are simply known as the Terraform configuration. The configuration declares the desired state and it is up to Terraform and the …
Terraform is distributed as a binary package to install it on a Windows 10 machine The appropriate binary can be download from https://www.terraform.io/downloads.html. After downloading, and unzipping the file which …
Infrastructure as Code (IaC) allows for the building and managing of infrastructure through the use of a file or files rather than manually configuring resources in a user interface. This …
To modify the environment variables path in Windows 10 Open the start search bar, type in Env and select “Edit the system environment variables” Click the “Environmental Variables..” button Under …
Virtual machines and other resources such as Azure Application Gateways, Azure Load Balancers, Azure VPN Gateways require an IP address. Create an IP – Portal Click Create a resource and search …
Virtual network peering enables Azure virtual networks to be connected together. Once peered, the virtual networks appear as one, for connectivity purposes with the traffic between the peered virtual networks being …
The VNet to VNet connection type is a way to connect VNets together and is similar to creating a Site-to-Site IPsec connection to an on-premises location in that it uses …
An Azure storage account can have network rules defined so that only traffic from specified networks can access the data. This is defined on the Firewalls and virtual networks blade …
The data within the Azure storage account is always replicated to ensure that it is protected from planned and unplanned events, including transient hardware failures, network or power outages, and massive …
Each time a HTTP/HTTPs request is made to Azure Storage, access must be authorized to ensure that the client has the right permission required to access that data. Azure Storage offers …
Azure Storage is Microsoft’s storage solution in the cloud which can be scaled, durable and highly available. Azure Storage includes the following data services: Azure Blobs: A massively scalable object store for …
Azure virtual machine scale sets allow for the creation and management of an identical group of load balanced VMs that can automatically scale up or down on a schedule or …
Availability Set can be used to increase the reliability and availability of Virtual Machines within Azure. These ensure that any VM deployed to Azure within an availability set is hosted …
Azure portal can be used to generate a Resource Manager template, these JSON files define the resources needed to deploy the solution.
Azure PowerShell can be used to deploy resources to Azure using ARM templates. Prerequisites A template to deploy. This can either be stored locally or on a remote source control repository …
To use PowerShell to administrate Azure, the Azure PowerShell Module has to be installed.
The ARM template is JavaScript Object Notation (JSON) file that defines resources which will be deployed and is made up of different sections. In its simplest structure, a template has …
Azure Resource manager is Azure’s resource and deployement service. This provides a constant management layer that whenever an action through the portal, Azure CLI, Powershell, REST API or client SDK …
DNS aging and scavenging allows for the automatic clean up of stale resource records. Aging is used for identifying stale DNS records and has two sections No-refresh interval – It is …
The DNS server in Windows Server supports a very wide variety of resource records, the ones that are used the most are: A An IPv4 host address record. AAAA An IPv6 …
Secondary zones are not authoritative for a zone and are a read only copy. Secondary DNS zones depend on transferring the data for the zone from another DNS server. Powershell cmdlet to …
A Primary DNS zone is required for DNS name resolution and is both the authoritative for the zone and the primary point of contact for the zone. A secondary zone …
A NPS can be configured as a proxy server, forwarding request for radius authentication to other RADIUS servers. To forward request to other RADIUS server, under Connection Request Policy. Open …
NPS performs centralized authentication, authorization, and accounting for wireless, authenticating switch, remote access dial-up and virtual private network (VPN) connections. When you use NPS as a RADIUS server, you configure …
A diagnose command can be used to view more information about geography based addressing. The command displays country and address information for the countries that have been added to firewall …
The default domain policy has three account lockout policy settings. Account lockout threshold Sets the number of time a password can be entered in wrong before the account will be …
There are five Kerberos policy settings that are part of the Default Domain policy Enfore user logon restrictions Enabled by default, causes the Key Distribution Center (KDC) to validate every …
The ability to reset user passwords can be delegated to other users. To do this: In Active Directory Users and Computer Select the OU from which to delegate control Right …
Local user password policy can be for the local machine by either going to the Local security policy or adding a GPO to the OU that the devise is in. …
Password Settings Objects (PSOs) other wise know as fine-grained password policies can be used to set different restrictions for password and account lockout policies to different sets of users in a domain. …
The Default Domain Policy’s password settings apply to all users in the domain except when a specific Password Settings Object has been applied. The default password policy can be modified …
Active Directory Recycle Bin can be used to recover deleted AD Objects, to be able to do this it first needs to be enabled. Active Directory Recycle Bin requires a Forest …
There are two types of Active Directory restore, an authoritative and non-authoritative. An authoritative restore is where the restored database is marked as authoritative for the domain, by increasing the …
To restore an object in Active Directory ldp.exe or the powershell ADObjects cmdlets can be used. ldp.exe From an elevated command prompt, type ldp.exe Click on Connection > Connect and …
Windows 2012 allow for snapshots of Active Directory to be take, this uses the Volume Shadow Copy (VSS) and is for creating a historical capture of AD at a certain …
Active Directory database can be optimised by defragmenting it. Active Directory normally does an online defragmentation but doing an offline one can recover space in the database. The tool used …
Active Directory can be brought offline in a couple of ways. The traditional was is to boot into Directory Services Restore Mode (DSRM), which is a safe mode boot option …
Windows standard server backup utility and also the backup command line tools can be used to backup Active Directory and SYSVOL. Active Directory database and associated log files are stored …
Service Principal Name is a unique identifier of a service instance and is used by Kerberos Authentication to link a service instance with a service logon account. SPNs have the …
Virtualized Domain Controllers can be cloned though copying of the VHD(x) is not supported. The cloning process must be followed to ensure domain and data integrity are kept. The following …
There are five flexible single master operations in windows domains that reside on only one domain controller. These are: Schema master This is responsible for updates to the Active Directory schema …
Kerberos Delegation allows for a front-end server to a access back-end resources by allowing a Kerberos ticket to be created for another service on the originating user’s behalf. Kerberos Delegation …
Windows 2012 introducted Group Managed Service Accounts (gMSA), it allows for stand-alone MSA accounts to be used across multiple computers. gMSA can be used for schedule task, IIS application pools, …
Managed Service Accounts (MSA) are Active Directory accounts that the password is managed and changed automatically every 30 days. This over comes that issue of service accounts that have passwords …
The settings of a backed up GPO can be imported into an existing GPO. To do this via powershell the cmdlet is: import-gpo -BackupGpoName TestGPO -TargetName TestGPO -path c:\backups In …
Best practice is not to modify the default domain policies but if they are ever need to be restored back to the original state the following command can be used. …
The power of preference extension come in Item-Level targeting. This can be used to narrow the scope of which the extension applies to, for example users in a certain security …
Internet Explorer settings can be configured in preference extensions in the control panel section of both user and computers. It displays the same dialog box as IE internet options.
Printer preference extension allows for the creation, modification and deletion of local, shared, and TCP/IP printers without having to create and maintain logon scripts. Printers can be set in either computer or …
Shortcut preference extension allows for the deployment of shortcuts. These can be a URL, Files system object or Shell File and folders preference extension allows you to create, modify, or remove …
The registry preference extension allows for the creation, updating and deletion of registry keys on of computer (HKLM) and user (HKLU)
Drive maps preferences extension allow for the mapping of network drives. Action has the following options create, replace, update and delete. Location: type a fully qualified UNC path for the network …
This extension allow for the creation, modification and deletion of local, shared and TCP/IP printers. Above is adding a shared printer. In the actions drop down there is Create, Replace, …
Group policy preference allow you to manage drive mappings, registry settings, local users and groups, services, files, and folders without the need to learn a scripting language in the familiar Group Policy …
GPO can be restored by powershell with the following cmdlet Restore-GPO -Name “Default Domain Policy” -path <path to GPO backups> As well as powershell, GPMC can be used to restore. …
GPO can be backed up either by powershell or GUI The cmdlet for backing up GPO is Backup-GPO -All -Path <path to GPO backup> To backup via the GUI in …
The list of administrative templates can be filtered, to do this first right click on Administrative templates and select Filter Options. Filtering based on properties You can filter based on …
Extra administrative templates can be added by: Copying the admx and adml files to the PolicyDefinition folder Withing GPMC’s GPO right click on Administrative Templates and click Add/Remove Templates, this …
Security templates are .inf files that contain security settigns. Security Templates can be imported into a GPO via the GPMC. To import a security template Expand Computer Configuration/Policies/Windows Settings/Security Settings Right click …
Group policy administrative templates are a xml based file with admx file extension. The language specific template files have the adml file extension. In the GPMC administrative template are found in the …
GPO can be used to run script at computer startup and shutdown as well as User logon and logoff. These script can be windows powershell or any Windows Script Host …
Folder redirection allows for redirecting certain user folders, for example My Documents, to a location on a file server. Files in the redirected folder are then available to the user …
Group policy can be updated in individual devices by running the gpupdate /Force command. The /Force applies all policy settings, not just those that have changed. To remotely update Group …
Group Policy caching was created to improve processing under certain circumstances. It allows for Group Policies to be run locally instead of downloading over the network at startup or logon. This …
A client-side extension run on the client computer to implement Group Policy on that computer. In GMPC settings can be modified for slow link, background processing and process the policy …
Traditionally service accounts have been user accounts at provide authentication and authorization for applications or services running on windows servers. After creating the account in Active Directory Users and Computers, we …
Group policy can be used to deploy software to computers. The steps to do this involve Create a shared folder which the users or computers can access. The msi files …
When a user logs into their device, it contacts the domain controller for the latest GPOs. There are mandatory GPOs that will always be applied but some will not if …
In Group policy loopback processing modifies the default processing order, it is a computer setting and applies different user settings to a user logged into the computer that the GPO …
Windows Management Instrumentation (WMI) filtering can be used so that a GPO only applies if certain requirements are met, for example the Operating System is of a certain version or …
By default GPO applies to all objects within the Organizational Unit, with the Authenticated Users group applied to the GPO. To control or limit what groups, users or computers that …
Normally GPOs are process in the link order (see GPO processing order and precedence) and if Block inheritance is enabled high up GPOs are not processed but when a GPO …
The default processing order of GPOs (see GPO processing order and precedence) can be modified, one of the ways is the blocking of inheritance. If blocking of inheritance is set …
The processing order of Group Policies effects what settings are applied to the end user or computer. The Local computer policy is first processed and then Active Directory policies from …
The FortiGate unit has a number of different options for configuring interface address options Network > Interfaces > Select interface and click Edit Manual – Allow for entering in …
The FortiGate unit has a number of different options for configuring interface Network > Interfaces (Select interface and click Edit) Interface name: Name of interface and MAC address. A physical …
DNS servers resolve domain names (For example www.alastair.co.uk) to IP address. The FortiGate uses DNS servers to resolve names to IP address. The settings for this is under Network > …
Fortigate’s SD-WAN can be setup for a failover (redundant) internet link. For example if an organisation has a fibre connection to WAN1 on the Fortigate and a DSL link on …
SIP ALG allows the firewall to dynamically open ports for audio traffic as well as the changing of IP address when NAT is used and the inspection of VoIP traffic.
By default, a PPPoE / DHCP connection is assigned a priority of 5. For static routes by default, a priority of 10 is assigned.
FortiClient can be integrated with Active Directory so that users can use their domain username and password to connect to the FortiClient VPN.
When setting up a FortiClient VPN, to allow a client to resolve NETBIOS name of servers or other devices to IP in DNS we need to specify the domain name …
When creating multi-VPN, firewall policies are needed to allow traffic in and out, of which there can be a large number.
To create a VLAN on the internal interface by cli, use the following commands
The primary DNS suffix is the DNS namespace which a computer belongs to.