<![CDATA[Latest Content by Jan De Clercq]]>

<![CDATA[Latest Content by Jan De Clercq]]>http://www.windowsitpro.com/authors/author/author/5247144/rss/5247144en-USSun, 27 May 2012 05:24:28 GMTSun, 27 May 2012 05:24:28 GMT<![CDATA[Q: What firewall ports should we open to make IPSec work through our firewalls?]]>http://www.windowsitpro.com/article/ip-security-ipsec2/firewall-ports-open-ipsec-work-firewalls-143187
By Jan De Clercq
To use IPSec through your firewalls, here are the ports to open and what they’re used for.]]>Jan De ClercqFri, 25 May 2012 13:00:00 GMThttp://www.windowsitpro.com/article/ip-security-ipsec2/firewall-ports-open-ipsec-work-firewalls-143187<![CDATA[Q: What is the krbtgt account used for in an Active Directory (AD) environment?]]>http://www.windowsitpro.com/article/kerberos/krbtgt-account-active-directory-ad-environment-143186
By Jan De Clercq
The krbtgt Active Directory account is a special account used with the Kerberos protocol for user authentication.]]>Jan De ClercqWed, 23 May 2012 16:22:28 GMThttp://www.windowsitpro.com/article/kerberos/krbtgt-account-active-directory-ad-environment-143186<![CDATA[Bitlocker Changes in Windows 8]]>http://www.windowsitpro.com/article/security/bitlocker-windows-8-142661
By Jan De Clercq
Windows 8 will include enhancements to BitLocker Drive Encryption, potentially speeding and extending the feature’s data-protection capabilities. Learn about these changes and how you can leverage them.]]>Jan De ClercqTue, 22 May 2012 13:36:00 GMThttp://www.windowsitpro.com/article/security/bitlocker-windows-8-142661<![CDATA[Q: Is there any way to influence the interval at which Windows security policies are applied?]]>http://www.windowsitpro.com/article/security/interval-windows-security-policies-applied-142694
By Jan De Clercq
Windows security policy settings refresh every 16 hours by default but you can change that interval with a registry hack.]]>Jan De ClercqWed, 11 Apr 2012 13:00:00 GMThttp://www.windowsitpro.com/article/security/interval-windows-security-policies-applied-142694<![CDATA[Q: How can we verify that a Software Restriction Policy (SRP) rule we defined for one of our applications is effectively applied?]]>http://www.windowsitpro.com/article/event-logs/verify-software-restriction-policy-rule-142693
By Jan De Clercq
Software Restriction Policy (SRP) rules generate events in the Windows application event log, but you can get more detail by enabling verbose trace logging.]]>Jan De ClercqWed, 04 Apr 2012 13:00:00 GMThttp://www.windowsitpro.com/article/event-logs/verify-software-restriction-policy-rule-142693<![CDATA[Q: Can I apply a different password policy to two different Active Directory (AD) organizational units (OUs)?]]>http://www.windowsitpro.com/article/security/password-policy-active-directory-142692
By Jan De Clercq
Active Directory doesn’t support different password policies on different organizational units (OUs), but you can use shadow groups as a workaround.]]>Jan De ClercqWed, 28 Mar 2012 13:05:08 GMThttp://www.windowsitpro.com/article/security/password-policy-active-directory-142692<![CDATA[Microsoft BitLocker Administration and Monitoring ]]>http://www.windowsitpro.com/article/security/microsoft-bitlocker-administration-monitoring-141818
By Jan De Clercq
BitLocker is a valuable add-on to the Windows OS. MBAM can ease BitLocker deployment and management, making BitLocker even more useful.]]>Jan De ClercqThu, 22 Mar 2012 13:00:00 GMThttp://www.windowsitpro.com/article/security/microsoft-bitlocker-administration-monitoring-141818<![CDATA[Q: What could prevent security policy settings that have been defined in a domain-wide Group Policy Object (GPO) from being applied to Windows 7 clients?]]>http://www.windowsitpro.com/article/security/security-policy-settings-gpo-windows-7-142647
By Jan De Clercq
A corrupt security database on Windows 7 clients can prevent GPO security settings from being applied, but you can use esentutl.exe to fix the problem.]]>Jan De ClercqThu, 22 Mar 2012 12:32:41 GMThttp://www.windowsitpro.com/article/security/security-policy-settings-gpo-windows-7-142647<![CDATA[Q: What's the best way to retrieve the audit policy in effect for a Windows machine?]]>http://www.windowsitpro.com/article/monitoring-analysis/retrieve-audit-policy-windows-142393
By Jan De Clercq
The most reliable tool to retrieve the effective audit policy from a Windows machine is the auditpol.exe command-line tool.]]>Jan De ClercqWed, 29 Feb 2012 13:00:00 GMThttp://www.windowsitpro.com/article/monitoring-analysis/retrieve-audit-policy-windows-142393<![CDATA[Q: In addition to Certification Authority (CA)–level auditing settings, are there any other configuration settings that must be set to enable auditing of CA management actions?]]>http://www.windowsitpro.com/article/public-key-infrastructure-pki/enable-auditing-certification-authority-management-actions-142391
By Jan De Clercq
Setting up auditing in Windows is always a two step process: You configure what to audit, then you configure the audit policy.]]>Jan De ClercqWed, 29 Feb 2012 11:00:00 GMThttp://www.windowsitpro.com/article/public-key-infrastructure-pki/enable-auditing-certification-authority-management-actions-142391<![CDATA[Q: How can I make sure that a given Windows account is assigned only a single Certification Authority (CA) management role?]]>http://www.windowsitpro.com/article/certificates/assign-single-certification-authority-management-role-142390
By Jan De Clercq
To ensure a Windows account is assigned only a single Certification Authority (CA) management role, you must use certutil to enable role separation on your Windows CA.]]>Jan De ClercqTue, 28 Feb 2012 13:00:00 GMThttp://www.windowsitpro.com/article/certificates/assign-single-certification-authority-management-role-142390<![CDATA[Q: How can I implement the public key infrastructure (PKI) management roles that are defined in the Common Criteria Certificate Issuing and Management Components Security Level 4 standard?]]>http://www.windowsitpro.com/article/public-key-infrastructure-pki/implement-public-key-infrastructure-pki-management-roles-defined-common-criteria-certificate-issuing-management-components-security-level-4-standard-142388
By Jan De Clercq
Microsoft software supports 4 public key infrastructure (PKI) management roles, which you can implement through the Microsoft Management Console.]]>Jan De ClercqMon, 27 Feb 2012 11:10:19 GMThttp://www.windowsitpro.com/article/public-key-infrastructure-pki/implement-public-key-infrastructure-pki-management-roles-defined-common-criteria-certificate-issuing-management-components-security-level-4-standard-142388<![CDATA[Q: Can I store my Encrypting File System (EFS) private key on my smart card?]]>http://www.windowsitpro.com/article/security/store-encrypting-file-system-efs-private-key-smart-card-142075
By Jan De Clercq
With Windows Server 2008, Windows Vista, and later, you can store EFS private keys on users’ smart cards and control these settings with Group Policy.]]>Jan De ClercqTue, 31 Jan 2012 13:00:00 GMThttp://www.windowsitpro.com/article/security/store-encrypting-file-system-efs-private-key-smart-card-142075<![CDATA[Q: How can I disable or enable the Windows Firewall for a specific network connection?]]>http://www.windowsitpro.com/article/windows-server/disable-enable-windows-firewall-specific-network-connection-142072
By Jan De Clercq
You can control specific network connections through the Microsoft Management Console (MMC) Windows Firewall with Advanced Security snap-in.]]>Jan De ClercqMon, 30 Jan 2012 13:00:00 GMThttp://www.windowsitpro.com/article/windows-server/disable-enable-windows-firewall-specific-network-connection-142072<![CDATA[Q: Can we disable the default Windows administrative shares (C$, D$, Admin$, IPC$) to lock down some of our Windows servers?]]>http://www.windowsitpro.com/article/windows-server/disable-windows-administrative-shares-142069
By Jan De Clercq
You can remove the administrative shares on Windows servers and prevent them from being created automatically, although Microsoft doesn’t recommend it.]]>Jan De ClercqSun, 29 Jan 2012 11:00:00 GMThttp://www.windowsitpro.com/article/windows-server/disable-windows-administrative-shares-142069<![CDATA[Q: How can I find out if my clients are using NTLM for authentication instead of Kerberos against specific Windows servers, applications, or services?]]>http://www.windowsitpro.com/article/group-policy/ntlm-authentication-kerberos-142066
By Jan De Clercq
These new Group Policy settings can help you audit, analyze, and restrict NTLM authentication use in your Windows environment.]]>Jan De ClercqFri, 27 Jan 2012 16:14:18 GMThttp://www.windowsitpro.com/article/group-policy/ntlm-authentication-kerberos-142066<![CDATA[Q: What are some simple tips for testing and troubleshooting Windows event forwarding and collection?]]>http://www.windowsitpro.com/article/security/troubleshooting-windows-event-forwarding-collection-141699
By Jan De Clercq
Use the Eventcreate utility and other command-line resources to verify that Windows event forwarding and collection is configured correction.]]>Jan De ClercqWed, 28 Dec 2011 13:00:00 GMThttp://www.windowsitpro.com/article/security/troubleshooting-windows-event-forwarding-collection-141699<![CDATA[Q: With Windows event forwarding and collection, how can we limit the processing impact on source and collector computers?]]>http://www.windowsitpro.com/article/security/windows-event-forwarding-collection-processing-impact-141698
By Jan De Clercq
Limit Windows event collection and forwarding processing impact by turning off pre-rendering of events on source computers and by setting the max number of events sent from a source computer per second.]]>Jan De ClercqFri, 23 Dec 2011 11:00:00 GMThttp://www.windowsitpro.com/article/security/windows-event-forwarding-collection-processing-impact-141698<![CDATA[Q: What Windows platforms support Windows event forwarding and collection?]]>http://www.windowsitpro.com/article/security/windows-event-forwarding-collection-141697
By Jan De Clercq
Windows event forwarding and collection was introduced with the Windows Eventing 6.0 code in Windows Vista and Windows Server 2008, but other Windows OSs can serve as event sources or event collectors.]]>Jan De ClercqWed, 21 Dec 2011 17:17:04 GMThttp://www.windowsitpro.com/article/security/windows-event-forwarding-collection-141697<![CDATA[How-To: Use LDAP Over SSL to Lock Down AD Traffic]]>http://www.windowsitpro.com/article/active-directory/lock-ad-ldap-traffic-141170
By Jan De Clercq
LDAPS—or LDAP over SSL—establishes an encrypted tunnel between an LDAP client and a Windows domain controller. Learn how to set up LDAPS in a Windows Server 2008 Active Directory infrastructure.]]>Jan De ClercqMon, 12 Dec 2011 00:00:00 GMThttp://www.windowsitpro.com/article/active-directory/lock-ad-ldap-traffic-141170