Jan De Clercq

Jan De Clercq is a member of HP’s Technology Consulting IT Assurance Portfolio team. He focuses on cloud security, identity and access management, architecture for Microsoft-rooted IT infrastructures, and the security of Microsoft products. He's the author of Windows Server 2003 Security Infrastructures (Digital Press) and co-author of Microsoft Windows Security Fundamentals (Digital Press).
Email: jan.declercq@hp.com

My Latest Content

My Latest Comments

Author Articles

Q: What firewall ports should we open to make IPSec work through our firewalls?

By Jan De Clercq, 05/25/2012

To use IPSec through your firewalls, here are the ports to open and what they're used for.

Q: What is the krbtgt account used for in an Active Directory (AD) environment?

By Jan De Clercq, 05/23/2012

The krbtgt Active Directory account is a special account used with the Kerberos protocol for user authentication.

Bitlocker Changes in Windows 8

By Jan De Clercq, 05/22/2012

Windows 8 will include enhancements to BitLocker Drive Encryption, potentially speeding and extending the feature's data-protection capabilities. Learn about these changes and how ...

Q: Is there any way to influence the interval at which Windows security policies are applied?

By Jan De Clercq, 04/11/2012

Windows security policy settings refresh every 16 hours by default but you can change that interval with a registry hack.

Q: How can we verify that a Software Restriction Policy (SRP) rule we defined for one of our applications is effectively applied?

By Jan De Clercq, 04/04/2012

Software Restriction Policy (SRP) rules generate events in the Windows application event log, but you can get more detail by enabling verbose trace logging.

Q: Can I apply a different password policy to two different Active Directory (AD) organizational units (OUs)?

By Jan De Clercq, 03/28/2012

Active Directory doesn't support different password policies on different organizational units (OUs), but you can use shadow groups as a workaround.

Microsoft BitLocker Administration and Monitoring

By Jan De Clercq, 03/22/2012

BitLocker is a valuable add-on to the Windows OS. MBAM can ease BitLocker deployment and management, making BitLocker even more useful.

Q: What could prevent security policy settings that have been defined in a domain-wide Group Policy Object (GPO) from being applied to Windows 7 clients?

By Jan De Clercq, 03/22/2012

A corrupt security database on Windows 7 clients can prevent GPO security settings from being applied, but you can use esentutl.exe to fix the problem.

Q: What's the best way to retrieve the audit policy in effect for a Windows machine?

By Jan De Clercq, 02/29/2012

The most reliable tool to retrieve the effective audit policy from a Windows machine is the auditpol.exe command-line tool.

Q: In addition to Certification Authority (CA)–level auditing settings, are there any other configuration settings that must be set to enable auditing of CA management actions?

By Jan De Clercq, 02/29/2012

Setting up auditing in Windows is always a two step process: You configure what to audit, then you configure the audit policy.

Q: How can I make sure that a given Windows account is assigned only a single Certification Authority (CA) management role?

By Jan De Clercq, 02/28/2012

To ensure a Windows account is assigned only a single Certification Authority (CA) management role, you must use certutil to enable role separation on your Windows CA.

Q: How can I implement the public key infrastructure (PKI) management roles that are defined in the Common Criteria Certificate Issuing and Management Components Security Level 4 standard?

By Jan De Clercq, 02/27/2012

Microsoft software supports 4 public key infrastructure (PKI) management roles, which you can implement through the Microsoft Management Console.

Q: Can I store my Encrypting File System (EFS) private key on my smart card?

By Jan De Clercq, 01/31/2012

With Windows Server 2008, Windows Vista, and later, you can store EFS private keys on users' smart cards and control these settings with Group Policy.

Q: How can I disable or enable the Windows Firewall for a specific network connection?

By Jan De Clercq, 01/30/2012

You can control specific network connections through the Microsoft Management Console (MMC) Windows Firewall with Advanced Security snap-in.

Q: Can we disable the default Windows administrative shares (C$, D$, Admin$, IPC$) to lock down some of our Windows servers?

By Jan De Clercq, 01/29/2012

You can remove the administrative shares on Windows servers and prevent them from being created automatically, although Microsoft doesn't recommend it.

Q: How can I find out if my clients are using NTLM for authentication instead of Kerberos against specific Windows servers, applications, or services?

By Jan De Clercq, 01/27/2012

These new Group Policy settings can help you audit, analyze, and restrict NTLM authentication use in your Windows environment.

Q: What are some simple tips for testing and troubleshooting Windows event forwarding and collection?

By Jan De Clercq, 12/28/2011

Use the Eventcreate utility and other command-line resources to verify that Windows event forwarding and collection is configured correction.

Q: With Windows event forwarding and collection, how can we limit the processing impact on source and collector computers?

By Jan De Clercq, 12/23/2011

Limit Windows event collection and forwarding processing impact by turning off pre-rendering of events on source computers and by setting the max number of events sent from a ...

Q: What Windows platforms support Windows event forwarding and collection?

By Jan De Clercq, 12/21/2011

Windows event forwarding and collection was introduced with the Windows Eventing 6.0 code in Windows Vista and Windows Server 2008, but other Windows OSs can serve as event ...

How-To: Use LDAP Over SSL to Lock Down AD Traffic

By Jan De Clercq, 12/12/2011

LDAPS—or LDAP over SSL—establishes an encrypted tunnel between an LDAP client and a Windows domain controller. Learn how to set up LDAPS in a Windows Server 2008 Active Directory ...

First
Previous
1
2
3
4
5
6
7
Next
Last