Following is a list of SekChek’s published white papers. These documents are intended to address common client queries and provide clarity on various security-related topics.
The white papers are provided free of charge. You are entitled to distribute the documents to anyone you wish as long as you provide them in their entirety and current form, including the copyright notice.
Most IT professionals can recognise a Security Identifier (SID), such as S-1-5-32-544, but where do SIDs come from, what do they represent, what are they used for, how are they stored, and how do you translate and interpret them?
This document sets out to answer these questions.
See also SekChek’s SID Resolver and Orphaned SID Locator tools.
We receive many questions regarding Windows’ processing of Group Policy Objects (GPOs), such as: what logic does Windows use when it processes GPOs; and which policy will take precedence for a certain user or computer belonging to a domain where multiple GPOs are linked to an Organizational Unit (OU), site or domain.
In the case of a large domain containing a large number of complex GPOs it is very difficult to answer the latter question due to the many interrelated logic paths used by Windows when it processes its GPOs.
The purpose of this document is to outline the main conditions that influence Windows when it processes and applies GPO policies.
Windows’ Password not Required control (useraccountcontrol / PASSWD_NOTREQD), which is analysed in SekChek for Windows / AD report section Accounts not Requiring a Password generates many questions from SekChek users. Also, the purpose of the control is often misunderstood.
The purpose of this document is to clarify the function of the control and provide a method for testing and confirming its behaviour.
The introduction of fine-grained password policies is new to Windows Server 2008 and represents a leap forward, allowing for the implementation of multiple Account Policies on a single domain.
This document introduces Password Settings Objects (PSOs), their requirements and benefits, and explains how to setup and apply PSOs on an Active Directory domain.
Active Directory allows you to assign five FSMO roles to domain controllers in a domain and enterprise: Domain Naming Master; Infrastructure Master; PDC Emulator; RID Master; and Schema Master.
This document explains: the function of each FSMO role; how to determine which DC owns a particular role; and how to transfer a role to another DC.