Doesn’t appear so, I’ve sent you an email, let me know if you need anything else.

@syfuhs.net still on my hardening “new” Windows Server 2025 only environment. RC4 had to be turned back on because of www.reddit.com/r/sysadmin/c...

Any news on this?

It’s in the post, here: syfuhs.net/killing-ntlm...

🤞

Thank you. This is a WS 2025 only environment, but it appears it might still take a while for IAKerb.

The RDS webfeed.aspx through GPO seems to be a bug.

Good to know about the HTML5 client, do give them an nudge if you can :). So KDC proxy won’t help here.

KDC Proxy for Remote Access There's a little known feature in Windows called the KDC Proxy that lets clients communicate with KDC servers over an HTTPS channel instead of TCP.

Testing HTML5 RDP client. With NTLM off, site opens but RemoteApp fails internally. Would syfuhs.net/kdc-proxy-fo... help? Should I deploy KDC-proxy on RDS Gateway, or will IAKerb/LocalKDC solve this (make NTLM exception for now)? Not sure about external users.

Steve, quick follow-up: In this new environment, I have an RDS server with Gateway. Two issues if NTLM is disabled: RemoteApp GPO deployment fails (webfeed.aspx). Once settings apply, updates work fine. Manual feed works without NTLM. Same issue as: learn.microsoft.com/en-us/answer....

Would you be so kind to let me DM you on this subject? I have two outstanding issues with RDS as well and would appreciate your take?

Appreciate your reply. Hope we get a solution soon.

@syfuhs.net if you have any pointers for CS server I’d appreciate them Trying this in an all WS 2025 environment syfuhs.net/killing-ntlm...

Palo Alto Networks has silently patched an issue used by security researchers to dump cleartext PAN GlobalProtect VPN appliance passwords

github.com/t3hbb/PanGP_...

Oasis Security Research Team Discovers Microsoft Azure MFA Bypass Critical vulnerability could have allowed malicious actors to gain unauthorized access to users’ Microsoft accounts.

Don’t look back in anger.

oasis.security/resources/bl...

Unlocking OSConfig: Windows Server 2025 Security Baselines and Drift Control Learn to secure Windows Server 2025 with OSConfig by implementing security baselines and drift control for robust configuration management

Are you running Windows Server 2025? If so, OSConfig is a tool you’ll definitely want to check out! OSConfig quietly arrived in Windows Server '25 with some powerful configuration management features, and it even works on Windows 11 ✅

Learn more 👉 patchmypc.com/osconfig-win...

Third party passkey providers NOT enabled.

Third party passkey providers ENABLED

Quick Question for all you #Android users out there:
Are you on Android 14?
If yes: Has your device vendor implemented third-party #passkey providers?

Let me know the OEM brand name in the replies or send me a DM

SCRIL also helps.

Orin shows off how easy it is to in-place upgrade a Windows Server 2012r2 DC to Server 2025! Easy peasy.

We still recommend deploying new & decomming old! But hopefully this shows you how much better our upgrade game has gotten with 2025.

Windows security and resiliency: Protecting your business At Microsoft, security is our top priority, and with every release, Windows becomes even more secure. At Ignite 2024, we will highlight new Windows security innovations that will provide the clarity a...

New security features announced at Microsoft Ignite:

-Quick Machine Recovery - recover PCs with boot issues remotely
-Windows Hotpatch - deploy patches without restarting PCs
-Config Refresh - restore config defaults at regular intervals
-Zero Trust DNS - [words]

blogs.windows.com/windowsexper...

BlueHat 2024 - YouTube BlueHat 2024 - Oct 29-30, 2024. Redmond, WA USA

m.youtube.com/playlist?lis...

Bluehat talks online👍