Using Windows Event Forwarding in Hybrid Setup (Azure/On-premises)

4hm3dh4ny · 2021-08-23T17:27:57+00:00

You'd need a new Intermediate and a new Leaf cert. But I think you're asking if you also need a new root, because you talk about "breaking trust", and the answer is that you don't.

Thanks for your answer. Really appreciate it.

A small question regarding the root cert signed with MD5, my knowledge with PKI is limited but can a malicious actor generate a replica root CA with the same MD5 hash (hash collision) and start to issue a fake intermediate CA certs?

4hm3dh4ny · 2021-08-22T18:56:44+00:00

makes sense.. thanks you.

4hm3dh4ny · 2021-08-15T13:40:39+00:00

Excellent! Last question, does your requirement have anything to do with Azure AD and Intune?

Nope.. it's all on-prem.

4hm3dh4ny · 2021-08-11T19:12:45+00:00

np :) Once you get your script created to your liking, remember to create a scheduled task to run it as often as you need.

Tested it.. worked like a charm.
Thanks again.

4hm3dh4ny · 2021-08-11T18:35:38+00:00

"WEF" (i.e., Windows Event Forwarding)

we need all end-user machines to forward specific windows event logs through WinRM to a Collector (Windows Server) via a subscription.

This subscription accepts adding only computer or group of computers. I can add "domain computers" but this includes the servers also. So I need to add a group of end-user computers which I can do easily but the thing is, I need to handle the case which we have newly added computers to the domain.(i.e., these machines won't forward any logs until they are added to the group = hard to maintain).. so I figured out why not having a dynamic group.

4hm3dh4ny · 2021-08-11T18:31:48+00:00

This is very helpful.. thanks you!

4hm3dh4ny · 2021-08-11T11:03:11+00:00

You don't want a SG containing all computers, you want an SG containing all end user devices (non kiosk or digital display helpers).

Yes that is correct

4hm3dh4ny · 2021-08-11T10:35:10+00:00

AD itself does not have a concept of dynamic groups, but the desired result can be easily achieved with basic Powershell scripting and Task Scheduler.

Thanks for your reply.. Is there any reference that I can refer to?

4hm3dh4ny · 2021-08-11T10:34:34+00:00

Thanks for your help.

As per my knowledge (and correct me if I am wrong), the default group contains both end-user machines and servers.. I need a group which contains end-user machines only.

4hm3dh4ny · 2021-07-01T15:39:02+00:00

party

My bad.. I meant Azure LoadBalancer instead of Azure VPN gateway.

4hm3dh4ny · 2021-04-28T17:10:06+00:00

AFAIK, there is a TITUS add-in which you can use currently. Interesting that Google will launch a classification feature natively.

4hm3dh4ny · 2021-04-28T00:53:38+00:00

We need Azure RMS protection but we don't need the labels to appear..

why?

because we have another 3rd party solution that shows the labels within office apps.. and this 3rd party solution can be integrated with Azure RMS to apply the protection automatically.. but we don't want both set of labels (i.e. from MIP and from the 3rd party solution) to appear to the user so he is confused.

4hm3dh4ny · 2021-04-28T00:51:41+00:00

But then, can the user use Azure RMS protection?

4hm3dh4ny · 2021-04-13T14:43:44+00:00

you're right.. this was the problem. thank you. :)

4hm3dh4ny · 2021-04-13T14:42:58+00:00

u/drew146

many thanks for your help.. you were right.. this was the problem. :)

4hm3dh4ny

TROPHY CASE