joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

Archive for the 'tech' Category

AdFind and AdMod Production Releases

by @ Wednesday, January 27th, 2021. Filed under tech, updates

Hi, I just wanted to touch base on the upcoming releases. I thought I would be releasing new production versions of AdFind and AdMod at the beginning of the month. Obviously that did not happen. I ran into a few bugs I needed to deal with and most recently ran into something I really wanted […]

ESAE (aka Red Forest) is finally dead. About time.

by @ Sunday, December 20th, 2020. Filed under tech

https://docs.microsoft.com/en-us/security/compass/esae-retirement ”We have found that ESAE projects are often detrimental to overall security posture as they are high cost, difficult to use and support, and provide a limited set of security (only Active Directory administrators and only preventive controls).” What took so long to figure that out? Oh, they knew, they just didn’t have something […]

Beta versions of AdFind V01.53.00 and AdMod V01.21.00

by @ Sunday, December 20th, 2020. Filed under tech

For a short time only I have the latest daily build Beta versions of AdFind V01.53.00 and AdMod V01.21.00 out on the joeware website at https://www.joeware.net/downloads/beta/20201231_expire/ As the folder name implies, these versions will expire on December 31, 2020 UTC. These may actually be the Release Candidates unless I find something in the next week […]

A Glimpse At Some AdMod Security Descriptor Fun…

by @ Monday, November 23rd, 2020. Filed under tech

So say you hate Account Operators group as much as I do and want to just strip the AO ACEs off of objects… Then this output below is something you will like… Less than 30 seconds to strip all AO access off of 20 objects remotely from a non-domain joined PC over wireless to a […]

Beta version of AdMod and DACLs…

by @ Tuesday, August 18th, 2020. Filed under tech

Thoughts? [Tue 08/18/2020  0:24:46.40] E:\DEV\cpp\vs\AdMod\Debug>adfind -f ou=tobedeleted  -jsdenl AdFind V01.53.00cppBETA Joe Richards (support@joeware.net) July 2020 Using server: LO-DC4.lockout.test.loc:389 Directory: Windows Server 2019 (10.0.17134.1) Base DN: DC=lockout,DC=test,DC=loc dn:OU=tobedeleted,DC=lockout,DC=test,DC=loc [OWNER] LOCKOUT\Domain Admins [GROUP] LOCKOUT\Domain Admins [DACL] (FLAGS:INHERIT) [DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];inetOrgPerson;;BUILTIN\Account Operators [DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];computer;;BUILTIN\Account Operators [DACL] OBJ ALLOW;;[CR CHILD][DEL CHILD];group;;BUILTIN\Account Operators [DACL] OBJ […]

Clearing the DENY DELETE EVERYONE from OUs with AdFind|AdMod

by @ Thursday, July 9th, 2020. Filed under tech

Another common thing that people want to do from the command line with AdFind | AdMod is to clear the “Protect object from accidental deletion” setting that is implemented with a deny delete ACE on the object, specifically [DACL] DENY;;[DEL TREE][DEL];;;Everyone As mentioned previously, the Security Descriptor is a BLOB so you have to deal […]

How Do I Make an Object’s Security Descriptor Inheritable and also while I am at it… resetting from AdminSDHolder…

by @ Thursday, July 9th, 2020. Filed under tech

I recently received an email of: <SNIP> I have a bunch of previously sensitive&protected accounts where I like to enable inheritance.. Is it possible to remove protected inheritance flag with admod? <SNIP> The quick answer to the direct question is yes, there is an easy way to turn inheritance back on for an arbitrary object […]

Windows Server 2003 Support for AdFind??

by @ Sunday, February 9th, 2020. Filed under general, tech

Out of curiosity how many people need to run my tools on pre-Windows Server 2008 machines? I.E. Windows 2000, XP, 2003, etc? I was just alerted this last week by a random Russian user that AdFind doesn’t run ON Windows Server 2003 X64. I did some testing and that is correct, in fact it won’t […]

CVE-2020-0601–PATCH YOUR 2016/2019 DOMAIN CONTROLLERS!

by @ Wednesday, January 15th, 2020. Filed under tech

While Microsoft put a weak “important’ rating on CVE-2020-0601 the NSA (yes that NSA) has called it critical and severe. And since they found it, I am going to lay my bets with them. Microsoft’s bulletin says it is code signing issues, NSA and others in the social media circles says it is much deeper. […]

AdFind V01.52.00… Part Deux…

by @ Monday, January 13th, 2020. Filed under tech, updates

So try two… When I updated the web pages last night, I apparently updated a page that didn’t have the newer download mechanism in it so ended up breaking the download for AdFind. So you have gotten to experience a nice unhappy face page instead when trying to download. That was corrected a few hours […]

[joeware – never stop exploring… :) is proudly powered by WordPress.]