Myths #3: Give without giving

One more mystery for me: how give everything without giving everything. This is exactly the question I see very often in various forums and other places. This is the question I hear personally from time to time. It can be in asked in several forms, the most frequent forms are: 1) How can I give a user local admin rights and be sure that they cannot do <put your own stuff here>? 2) How can I restrict my domain admin from accessing the <your very valuable information>? Naturally, at this point I start boiling and all that stuff, but let’s … Continue reading Myths #3: Give without giving

Myths #2: PKI edition.

Take notice: My new feed address is now Please re-subscribe. BTW, did you know what do certificate template options like “Allow private key to be exported” or “Prompt the user during enrollment and require user input when the private key is used” really do? Do they make you more secure or not? Certainly, some people who read my blog do know the answer, others have already guessed the answer: no. They don’t enforce any behavior on a client: it just communicate the requested by CA features. A good example of it was windows 2003: while you weren’t able export … Continue reading Myths #2: PKI edition.

Myths #1: Number of previous logons to cache

You know, as an IT Pro I often meet some persistent myths about OS, protocols or whatever else. Sometimes these encounters become sooo frequent, that explaining these wrongs just bore  me to death. What’s even more amazing: these wrongs are explained usually on so many blogs, pages and other places that… Well, anyway, probably some people who know people who read my blog don’t read those blogs and pages, therefore I’ll try to show some more of these mistakes. Let’s begin from the very basic, but one of the most frequent mistakes about Group Policy. Yeah, the one which is … Continue reading Myths #1: Number of previous logons to cache