Archive for March, 2010
Cross Forest Authentication NTLM
Posted by RZomerman in Active Directory, Windows 2008, Windows 2008 R2 on March 26th, 2010
So we’ve seen how a trust is setup, and how we can manipulate the domain controllers involved, can we do the same for authentication traffic? The answer would be yes, but why is it a yes, and how is the main question.
While many believe WINS or LMHOSTS can help us on external (non-forest) trusts, we dive into a packet capture that has captured the opening of a fileshare on a remote forest.
For this demo, I have installed a resource server in the forestroot domain, and a RIVER client on the OCEANFLOOR domain.
Creating trusts (as follow up to…)
Posted by RZomerman in Active Directory, Windows 2008, Windows 2008 R2 on March 26th, 2010
So I was wondering the following, how do all the domain controllers know that the trust is established, since (see previous post) we cannot accurately say which domain controller is being used..
When we have the same problem with user passwords, the PDC gives the vote whether the password (just changed) for the user is valid. The same seems to apply for Trusts. When running a trace while creating the trust on a “regular” domain controller and not the PDC, we can find out how that is accomplished. For this, I have installed a domain controller called MICHDC01 which is on the (newly created) LAKES site.
Cross Forest Authentication part 2 – Creating trusts
Posted by RZomerman in . All Posts, Active Directory, Windows 2008, Windows 2008 R2 on March 26th, 2010
In part of the the forest authentication blog post, we’ve seen that a particular path is used depending on Kerberos or NTLM authentication. We’ve also seen that domain controllers rely on other domain controllers of the forest to find the right domain (and thus object in the AD). The question now is, which domain controller of the other forest is used to authenticate the user? What happens during a trust creation, do we really need the PDC emulator? Will LMHOSTS still help us, like it did in the old days?
Those questions we will answer in this series of authentication across trusts part 2, 3 etc..
Server Core + network bindings
Posted by RZomerman in . All Posts on March 20th, 2010
When you want to control the bindings on a network card in Server Core (2008R2), your stuck with the registry editor. So how do you A: know what binding you want to remove, B: where to locate it, C: to disable it..
A is easy.. you want to remove, File and Printer Sharing, Client for Microsoft Networks etc etc..
B: the bindings are located in two sections, to first look what’s installed go to:
HKLM\System\CCS\
When you configure Hyper-V networks, you must make sure to create them once, and only once.. else you will end up in great trouble. To get out.. use this manual
The problem I encountered was that my nic had previously been bound to a Hyper-V network and I wanted to connect it to a new network. No problem you say, except for the error message “Adapter is already bound to another virtual network”.
Normally you would open ncpa.cpl and go to the network adapter. Over there, de-select the binding for Hyper-V networks and click OK..In server core however this is much nicer!. (NOT!)
First we must get the network card ID:
Wmic nicconfig Description,SettingID
You will receive a list of all network adapters and their SettingID.. note the adapter you wish to use and copy the setting id
Start regedit and go to HKLM\System\CCS\Services\VMSP\Linkage
Double click the Bind entry.. and remove the SettingID noted earlier..
A reboot would be nice.. and you should be able to connect the networks to the appropriate NICs again
<<Update>> You can take a look at http://code.msdn.microsoft.com/nvspbind, that would make things easier.
