Businesses need to migrate from the deprecated SHA-1 to SHA-2 to bolster their cybersecurity posture. They may still be running Active Directory Certificate Services (AD CS) using the SHA-1 cryptographic hash, along with the weaker Cryptographic Service Provider (CSP). In my previous post I discussed considerations when migrating AD certificate services to SHA-2. Let's look at how to replace them with SHA-2 and Key Storage Provider (KSP).

The post How to migrate Active Directory Certificate Services to SHA-2 and Key Storage Provider first appeared on 4sysops.

Secure Hash Algorithm (SHA) has been around since the mid-90s and is one of the leading cryptographic hash algorithms used to secure digital resources. The initial standard (SHA-1) has now been around long enough that hackers know its weak points and can exploit systems secured with this hash algorithm. Therefore, it is time for organizations to migrate away from SHA-1 in favor of SHA-2.

The post Migrating AD certificate services to SHA-2: Considerations and challenges first appeared on 4sysops.

Virtual smart cards provide the benefits of physical smart cards without extra costs or hardware. They are based on a Trusted Platform Module (TPM) and authenticate users with a certificate against Active Directory, like a physical smart card.

The post Provide strong Windows authentication using virtual smart cards first appeared on 4sysops.

TPM+PIN decryption with BitLocker requires physical access to the device when the endpoint boots or resumes from sleep. This feature can be a challenge for remote helpdesk technicians attempting to remotely access the endpoint, install software, and perform other tasks using Wake on LAN. For this reason, Microsoft created BitLocker Network Unlock.

The post Manage encrypted PCs remotely using BitLocker Network Unlock first appeared on 4sysops.