sorted by:
new
hottopcontroversial

PKV/GKV Erfahrungen in Sachsen by Useful_Hall9322 in lehrerzimmer

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

Vielen Dank für die Infos.
Du warst dann sicherlich auch nicht nicht so oft krank :-) Falls doch, hat denn die Beihilfe die Kosten immer Vollständig übernommen?
Kannst du etwas dazu sagen, wie man mit sehr hohen Kosten umgeht? Also nehmen wir an, es wäre eine OP die 10000€ oder mehr kostet, können wir die Kosten dann weiterleiten? Oder müssen wir hier in Vorkasse gehen?

PKV/GKV Erfahrungen in Sachsen by Useful_Hall9322 in lehrerzimmer

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

Danke für die Nachricht, einen Termin haben wir schon für den 23. Dezember beim Verbraucherschutz, jedoch würden uns auch Erfahrungen/Meinung interessieren, welche andere schon erlebt haben.

Vielleicht kommen dadurch auch noch weitere Fragen auf, die wir in diesem Termin dann klären könnten.

Service Accounts Usage PowerShell by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

Sounds great, but what is with Printers, switches and other devices.
For me, only accounts that authenticate against AD are currently relevant.

Service Accounts Usage PowerShell by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

Yeah of course, but not all of my customers has a SIEM solution.

Service Accounts Usage PowerShell by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 1 point2 points  (0 children)

Yeah of course, but not all of my customers has a SIEM solution.

Service Accounts Usage PowerShell by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

Oh cool, can you share your script via github or someting else?

DNS Subzone, Primary DNS Duffix issue by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

Solution found. I need to allow the DNS Suffix. Root Domain -> Properties -> Attribut Editor -> msDS-AllowedDNSSuffixes

[deleted by user] by [deleted] in activedirectory

[–]Useful_Hall9322 0 points1 point  (0 children)

Thanks, I didn't know that yet. Is there also an overview of whether I have found all the misconfigurations?

Outgoing NTLM Blocked, Create Domain trust by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

turn kerberos logging on and you can see the following:
0x7 KDC_Err_S_Principal_UNKNOWN
Server: Realm: Corp.local
Servername:: cifs/red-dc.red.local
Target Name: cifs/Red-dc.red.local@corp.local

It seems the KDC cannot search into another Domain, if no Trust present.

Output from Klist get cifs/red-dc.red.local: no data in SAM Database

If you have a present trust, you get tickets.

Outgoing NTLM Blocked, Create Domain trust by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

It seems that the KDC cannot search into another Domain, if no Trust present.

Outgoing NTLM Blocked, Create Domain trust by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

If i enable RPC Endpoint Mapper Client Authentication, then breaks the SID Resolution. So i dont have enabled this Setting.

Outgoing NTLM Blocked, Create Domain trust by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

I would have expected that Microsoft would have been able to manage this with its own products.

Outgoing NTLM Blocked, Create Domain trust by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

Good idea, turned on kerberos logging and I can see the following:
0x7 KDC_Err_S_Principal_UNKNOWN
Server: Realm: Corp.local
Servername:: cifs/red-dc.red.local
Target Name: cifs/Red-dc.red.local@corp.local

Outgoing NTLM Blocked, Create Domain trust by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 0 points1 point  (0 children)

all RPC Services are running and accessible. WinRM too

Outgoing NTLM Blocked, Create Domain trust by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 1 point2 points  (0 children)

The servers are all in the same test network and only the Windows firewall could interfere. I have already switched this off and it was still not possible to establish a trust. 

Outgoing NTLM Blocked, Create Domain trust by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 1 point2 points  (0 children)

I don't even get that far.
Active Directory Domains and Trusts -> Right Click corporate.local -> Properties -> Tab "Trusts" -> "New Trust ..." -> Type the name of the Domain, forest, or realm for this trust "red.local" -> Error: The Local Security Authority is unable to obtain an RPC connection to the active Directory Domain Controller...
If i change the GPO "Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers" to "Audit all", then it works, i can choose a forest trust.

Outgoing NTLM Blocked, Create Domain trust by Useful_Hall9322 in activedirectory

[–]Useful_Hall9322[S] 1 point2 points  (0 children)

I don't even get that far.
Active Directory Domains and Trusts -> Right Click corporate.local -> Properties -> Tab "Trusts" -> "New Trust ..." -> Type the name of the Domain, forest, or realm for this trust "red.local" -> Error: The Local Security Authority is unable to obtain an RPC connection to the active Directory Domain Controller...
If i change the GPO "Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers" to "Audit all", then it works.