Security and Assurance

Security and compliance in datacenters, private cloud and hosting environments.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. RDCMan doesn't expose an option for Restricted Admin

    This might not be the most optimal place for this request, but it somewhat fits and I can't seem to find anywhere more suitable, plus RDCMan is an official Microsoft tool...

    Remote Desktop Connection Manager (RDCMan) doesn't currently seem to expose the RDP Restricted Admin option.

    This feature is great for secure remote server administration when you can't use PowerShell remoting - many such cases still exist!

    It's probably not a huge task either, the GUI just needs a checkbox for the feature which is already implemented elsewhere.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow Windows Server 2016 to support disabling SMBv1 _and_ Server SPN target name validation

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/d520f2d4-4847-403d-bab6-1b33251a761c/issue-disabling-smbv1-and-windows-server-2016?forum=winserversecurity
    On Server 2016, disabling (removing) SMBv1 and having Microsoft network server: Server SPN target name validation level = Required from client (2) are currently not “working together”, yet it works on the other Windows operating systems just fine.

    To recreate this:
    1) Test with a Domain-joined Windows Server 2016 box
    2) Remove-WindowsFeature FS-SMB1 on the Windows Server 2016 box
    3) GPO set or reghack on the Windows Server 2016 box: Server SPN target name validation level = Required from client (2)
    4) Reboot the Windows Server 2016

    Domain Admins are now unable to connect to the \Server2016\C$ default share…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  3. Enhance the password complexity requirements

    Give the possibility for admins to increase the numbers of character set combinations. Currently it is 3, but we would like to make it 4 and we can't. We are "forced" to invest in an external party creating custom password filters - from what I am reading in TechNet forums.

    9 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Add an option to require administrative password reset to honor password history

    Windows supports two password APIs, change and reset. The change API honors password history, preventing users from re-using recent previous passwords. The reset API ignores password history and allows an administrator or e.g. help desk, to re-use a recent previous password. Add an option in Active Directory to force the reset API to also honor password history. The default should be that this option is disabled, an administrator CAN use a recent password, so it matches expected / current behavior. For Active Directory, this option should be available in the default domain policy and also in each password settings object…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Facebook Google
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base