With the cumulative update for April 2023, Microsoft delivers the Local Administrator Password Solution (LAPS) as a system component for the first time. The updated version uses different attributes in AD and introduces new PowerShell cmdlets. Admins must remove the legacy LAPS to benefit from the new features.

The post Windows LAPS now part of the OS; new password security features included first appeared on 4sysops.

In my previous post about NTFS permissions, I showed you how to list file or folder permissions that differ from those of their parent. Today, you'll learn how to use AccessChk, a tool from the Sysinternals suite, to query files, folders, shares, services, and other objects for their effective permissions.

The post AccessChk: View effective permissions on files and folders first appeared on 4sysops.

Cryptomator is a free, open-source solution that allows you to encrypt Dropbox and OneDrive using strong encryption that you control.

The post Encrypt Dropbox and OneDrive or with the free Cryptomator first appeared on 4sysops.

The purpose of Azure service accounts is to grant permissions to resources in Azure. There are three types of Azure accounts: service principals, managed identities, and user accounts employed as service accounts.

The post Understanding Azure service accounts first appeared on 4sysops.

Reading NTFS permissions for files and folders on a Windows device to find misconfiguration can be a cumbersome and time-consuming task. Basically, there are two options for accomplishing the task. Either you can read NTFS permissions for every scanned object and analyze the results, or you can find misconfigured permissions and list only the differences. Let me show you how to do the latter with the help of AccessEnum, a GUI tool from the Sysinternals Suite.

The post Read NTFS permissions: View read, write, and deny access information with AccessEnum first appeared on 4sysops.

AWS Secrets Manager enables you to safely store secrets, such as passwords or access keys. This way, you don't have to store these secrets as plaintext in your applications. With the help of IAM AssumeRole, you can then access the secrets in Secrets Manager without exposing your AWS keys in cleartext.

The post Store secrets in AWS Secrets Manager first appeared on 4sysops.

You can restrict logon times for Active Directory users for specific days or hours. This can be useful to enforce your corporate working hours policy, and it improves security because hackers won't be able to log on during times when nobody is supposed to be at the office.

The post Restrict logon time for Active Directory users first appeared on 4sysops.

By default, the Windows logon screen displays some information about the current user as well as accounts that have previously logged onto the system. These can be specifically hidden using Group Policy settings. In some cases, however, it is not immediately clear what these settings do or how they interact with each other.

The post Show or hide users on the logon screen with Group Policy first appeared on 4sysops.