Active Directory Policies

Using groups for access to shared drives and resources

October 17, 2025
Shared drives and file shares look simple on the surface: “give Finance access to \\FS1\Finance.” In reality, they become one of the fastest-growing sources of permission sprawl, audit pain, and accidental overexposure—especially in environments with multiple file servers, legacy shares, and hybrid identity. The most reliable way to keep access stable over…
Read more
Active Directory Fundamentals

Restricting logon to specific machines

September 12, 2025
Restricting logon to specific machines: the expert guide Restricting logon to specific machines means enforcing which Windows computers a given user may sign in to—locally or via Remote Desktop—using Active Directory controls such as userWorkstations (“Log On To…”) and computer-side User Rights Assignment policies (“Allow/Deny log on locally” and “Allow/Deny log on…
Read more
Active Directory FundamentalsActive Directory Policies

How to enforce policy changes with minimal topology disruption

September 12, 2025
Enforcing policy changes with minimal topology disruption In Active Directory, “policy change” usually means Group Policy, security baselines, authentication hardening, and configuration shifts that must apply consistently. “Topology disruption” is what happens when enforcement is achieved by rearranging the directory—moving OUs, splitting…
Read more
Active Directory Policies

Prevent remote logon for local accounts with blank password - GPO

December 22, 2023
In the realm of network security, one critical aspect is ensuring that all accounts, especially those with remote logon capabilities, are secured with strong passwords. Allowing remote logon for local accounts with blank passwords can pose a significant security risk. This article provides a step-by-step guide for system administrators on how to create a Group Policy Object (GPO) to deny remote…
Read more
Active Directory Fundamentals

Configure domain password policy - Here’s how

November 14, 2023
In this article, we delve into configuring the Active Directory Domain password policy, essential for maintaining robust security and compliance within your organization. The following steps, inspired by user interactions and common queries, aim to provide a comprehensive understanding and hands-on approach for advanced system administrators. Prerequisites for Configuring Domain Password…
Read more
Active Directory Fundamentals

Service account design in architecture (gMSAs etc.)

October 3, 2025
Service Account Design in Architecture (gMSAs, SPNs, Delegation, and Real-World Patterns) Service accounts are rarely “just accounts.” They’re long-lived identities that sit at the junction of authentication (Kerberos vs NTLM), authorization (AD ACLs), and operational reliability. That combination makes them both critical and dangerous: …
Read more
Active Directory PoliciesHand-picked ResourcesRecent Posts

Delegating OU permissions with minimal risk: the expert’s comparison guide

September 29, 2025
Short definition: Active Directory OU delegation is granting scoped, task-specific permissions on Organizational Units (OUs) to security groups—without domain-wide admin rights—so teams can safely manage only what they must. Why OU delegation matters now Modern AD estates are bigger, more hybrid, and more frequently touched by non-admins than ever. Help desks need to reset passwords…
Read more
Active Directory FundamentalsActive Directory PoliciesTop Read Articles

Automating inactive user account cleanup: beyond “run a script every 90 days”

September 19, 2025
A production-grade playbook for hybrid Active Directory and Microsoft Entra ID (Azure AD) inactive user account cleanup: signals, staged actions, reversibility, and governance—backed by copy‑paste runbooks. On this page Quick definition Why the usual approach breaks First principles Production-ready technical core Implications & trade-offs Expert mental models Misunderstandings &amp…
Read more