PKI Blog

Two-factor Authentication via SMS Messaging for FIM 2010 R2 SSPR

Posted by CSS Technical Team on Sep 17, 2014 11:11:00 AM

Recently I worked on a customized self-service password reset (SSPR) solution leveraging FIM 2010 R2. The SSPR functionality provided out of the box by FIM 2010 R2 is quite comprehensive. In the design sessions with the customer, they decided that they wanted to use a higher level of security for users on the Internet to be able to reset their passwords. This certainly makes sense—exposing an interface where corporate users can reset their passwords is a boon to the service desk, but introduces a significant threat surface and associated security risk.

Read More

Topics: Infrastructure Management, Industry Trends, SMS, strong authentication, Identity Management, SSPR, OTP, Blog, Self-Service Password Reset, one-time password, FIM 2010 R2, two factor authentication

FIM: When products don’t play nice together...

Posted by CSS Technical Team on Jan 24, 2013 10:17:31 AM

As a consultant, one of the primary responsibilities is to deal with strange problems or issues that arise. And inevitably some obscure issue will come to the surface during a demo… Since I specialize in Microsoft’s Forefront Identity Manager combined with a previous life as a Windows Server Engineer, I run a fairly comprehensive virtual development and demo lab with about every mainstream Microsoft Server product deployed across an average of 80 virtual servers. Given the right set of circumstances you’ll find products that just don’t play nice together.

After my failed SSPR password reset demo, I went through the standard troubleshooting check list including configuration verification. The first thing I found awry was permissions missing for the FIM Service account on WMI's Root/CIMV2 namespace. Since this was a functioning SSPR environment, I know they had been set previously. In addition, the Root/MicrosoftIdentityIntegrationServer namespace was missing from the tree too. My schedule allowed enough time to repair the issue but not fully perform a Root Cause Analysis to the situation.

Read More

Topics: WMI, PWUnrecoverableError, IT Security, Microsoft Security Partner, Infrastructure Management, FIM, Microsoft SCCM, Identity Management, SSPR, System Center Configuration Manager, Information Technologoy, SCCM, Blog

Using System Center Orchestrator to Automate Security Tasks

Posted by CSS Technical Team on Aug 6, 2012 6:44:00 AM

With System Center Configuration Manager 2012, customers have the ability to use Endpoint Protection capabilities to provide anti-malware services and security to servers and clients. However, to reduce administrator touch points and mistakes, we can use the flexibility of System Center Orchestrator to augment and automate standard security processes. In this post, I will demonstrate how to create a runbook to automate the triggering of a full Endpoint Protection malwarescan in response to a malware detected alert within Configuration Manager.

Read More

Topics: Application Publishing, IT Security, Microsoft Security Partner, Microsoft System Center, SCCM 2012, Configuration Manager, Desktop Security, Sysctr, Infrastructure Management, System Center 2012, SCORCH, workflow, SCCM, System Center Orchestrator, System Center Configuration Manager 2012, Anti-Malware, Blog, SCCM client

The NDES CA Thumbprint Hash

Posted by CSS Technical Team on Feb 21, 2012 6:00:32 AM

Recently, while working on a Microsoft Network Device Enrollment Services (NDES) deployment, a client asked a simple-enough question about the thumbprint for the Certificate Authority (CA) certificate that was displayed on the NDES admin enrollment GUI, “What is that hash? And why doesn’t it match any of the CA certificate thumbprint hashes in my chain-of-authority?”

Read More

Topics: digital certificate, microsoft ca, IT Security, Microsoft Security Partner, NDES, Public Key Infrastructure, Certificate Management System (CMS), Infrastructure Management, mCMS, SCEP, Microsoft Checksum Integrity Verifier, MD5 hash, Blog, FCIV, SHA-1, Simple Certificate Enrollment Protocol, Microsoft Network Device Enrollment Services (NDES, Microsoft Certificate Authority

SCCM 2012 – Migration Made Easy – Part 2

Posted by CSS Technical Team on Jan 17, 2012 4:00:00 AM

In Part 1 of this blog series I presented an overview of the requirements for preparing a migration from Configuration Manager 2007 to 2012. With that information in hand I believe that you should have a general understanding of the pre-requisites necessary to begin your migration process.

Migration Objects

We’re going to cover the types of objects that can be migrated and how they are translated to Configuration Manager 2012. Bulleted below are all of the objects that can be migrated from ConfigMgr 2007 to ConfigMgr 2012.

Read More

Topics: Microsoft System Center 2012, IT Security, Microsoft Security Partner, System Center migration, SCCM 2012, Desktop Security, System Center 2012 migration, Infrastructure Management, System Center 2012, sccm microsoft, Microsoft Active Directory, Microsoft AD, Systems Management, ConfigMgr 2012, Blog, SCCM client, Configuration Manager 2012

SCCM 2012 - Migration Made Easy - Part 1

Posted by CSS Technical Team on Nov 3, 2011 5:00:00 AM

As we all wait in anticipation for Configuration Manger 2012, there are a number of concerns that present themselves from an administrator’s perspective. One of those primary concerns, and the topic of this post, is the lack of upgrade path from SCCM 2007. At first glance it seems like a show stopper as companies may balk at a whole new infrastructure while already having one already in place for SCCM 2007. However, as Microsoft has made giant strides forward in terms of Systems Management and Hierarchy Simplification with ConfigMgr 2012, they have also reduced the pains of migration immensely. With the release of ConfigMgr 2012 RC some of you may be gearing up for testing, with that in mind the first part of this three part blog will highlight the requirements for preparing a migration along with any caveats and information pertaining to the migration process.

Read More

Topics: IT Security, Microsoft Security Partner, SCCM 2012, Desktop Security, Infrastructure Management, Microsoft SCCM, sccm microsoft, Microsoft Active Directory, SCCM, migrate SCCM 2012, Systems Management, ConfigMgr 2012, Blog, SCCM client, migration to SCCM 2012

SCCM 2012: Software Update Improvements

Posted by CSS Technical Team on Aug 31, 2011 6:40:00 AM

We are all familiar with how Configuration Manager 2007 handled software updates and, without speaking for everyone who was using SMS 2003, we can probably agree that 2007 made multiple strides forward in making the update process easier. We can all celebrate again as Configuration Manager 2012 is set to deliver another step forward in making the management for software updates easier and more efficient.

Read More

Topics: IT Security, Microsoft Security Partner, Microsoft System Center, SCCM 2012, Infrastructure Management, Microsoft SCCM, SCCM, Systems Management, ConfigMgr 2012, Software Update Groups, Blog, Configuration Manager 2012

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?