Hagen Deike :verified: · @samurai
55 followers · 109 posts · Server sueden.social
gMSA sample #application #ForWindows containers #OperatingSystem
To that end, I created a containerized sample app to test if the gMSA config is working or not. This sample app is actually nothing more than the IIS base container image, with a new virtual directory with Windows authen [...]
https://bit.ly/3HaRDNB #app #gmsalm-demo #gMSA #AK #spec
Source: Microsoft Tech Community ITOps Talk Blog
#application #forwindows #operatingsystem #app #gmsalm #gMSA #AK #spec
Gareth Emslie 🇿🇦 🇪🇦 🇨🇭 · @keyoke_za
39 followers · 246 posts · Server hachyderm.ioSecurity is an important consideration when running production workloads on a Service Fabric cluster, and Windows security with group Managed Service Accounts (gMSA) is the recommended model. This article outlines how to configure node-to-node and client-to-node security using the gMSA model in a standalone Service Fabric Cluster running on Azure Virtual Machine Scale Sets with Windows Server 2022. https://techcommunity.microsoft.com/t5/azure-paas-blog/standalone-service-fabric-cluster-secured-with-windows-gmsa/ba-p/3715287 #ServiceFabric #gMSA #AzureVMSS
#servicefabric #gMSA #azurevmss
iCyberFighter · @iCyberFighter
192 followers · 69 posts · Server infosec.exchange
Microsoft is rolling out fixes for problems with the #Kerberos network #authentication protocol on Windows Server after it was broken by a November 8 Patch: https://www.theregister.com/2022/11/21/microsoft_kerberos_fix_windows/ | #DomainController #GMSA
#kerberos #authentication #domaincontroller #gMSA
Cody Dostal :unverified: · @dostalcody
337 followers · 358 posts · Server infosec.exchange
For those with questions on how th check the #November #Patches issue mentioned by @fabian_bader, where "services like MDI that run on the Domain Controller itself and use a #gMSA won't start anymore if msDS-SupportedEncryptionTypes is set to AES 128 and/or AES 256 only"
You can run (at least on your DC) get-adcomputer -properties msDS-SupportedEncryptionTypes -filter * and if it returns 24 I believe you are affected. Possible also the values 16 and 8 if I'm understanding this bug right.
Source for values: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/decrypting-the-selection-of-supported-kerberos-encryption-types/ba-p/1628797
Source for PowerShell: https://serverfault.com/questions/896486/query-kerberos-encryption-modes-supported-by-ad-through-ldap
Fabian Bader · @fabian_bader
592 followers · 122 posts · Server infosec.exchange
After installing the #November #Patches services like MDI that run on the Domain Controller itself and use a #gMSA won't start anymore if msDS-SupportedEncryptionTypes is set to AES 128 and/or AES 256 only.
Clear the property or add RC4 as a workaround.
This did not happen on member servers with the patch applied.
#november #patches #gMSA #MDI #patchtuesday #ad
benzogaga33 · @benzogaga33
545 followers · 17844 posts · Server mamot.fr
Active Directory : utiliser un gMSA dans une tâche planifiée https://www.it-connect.fr/active-directory-utiliser-un-gmsa-dans-une-tache-planifiee/ #ActiveDirectory #Sécurité #gMSA
#gMSA #sécurité #activedirectory