In this TechEd session I presented at TechEd New Zealand 2014 I covered some of the changes with Group Policy preferences recently as well as some of the new Group Policy improvements you can do to protect yourself against Pass the Hash attacks. Unfortunately at the end one of my Demo’s did not work however I actually did get it to work only a few minutes after the video ended. All I had to do was log off and on and the authentication attempt failed as expected. In any case it was a great session and best of all it was recorded in full video so you actually get to see me talk on stage rather than just look at my monitor.
Unfortunately they have only release the video as a WMV so you will need to click use this link to play the video. http://video.ch9.ms/sessions/teched/nz/2014/PCIT312_FINAL.wmv
Source: http://channel9.msdn.com/Events/TechEd/NewZealand/2014/PCIT312
When trying to access the video I get this error:
This XML file does not appear to have any style information associated with it. The document tree is shown below.
BlobNotFoundThe specified blob does not exist. RequestId:6c68a202-0001-002f-7858-8651cc000000 Time:2014-10-10T09:00:25.8998483Z
Should be fixed now… you have to click on the video link
Awesome, Thanks! 🙂
Great video! Already heard of the CPasswords but never found a way to get around it. Keep up the good work. Kudos.
Hi Alan, just stumbled upon this post and it is a great video, but is the slide deck still available?
You mention at the end that it contains some great links (in addition to https://support.microsoft.com/kb/2962486 I assume).
Thanks in advance.
Alan
Would you also subscribe to the fact that you would want to deny log on locally/batch to Enter/Domain Admins (teir 0)to your servers(tier 1) as well? Essentially that is what I understand Microsoft recommends as well.
As well as denying Server Admins(tier 1) to log on locally/batch to your Workstations(tier 2)?
4 years ago, I didn’t know the slightest thing about creating a blog. Greatly excited by the prospect of starting a blog of my own, I went ahead to register my first domain name.