Want your TV Series Automatically Downloaded?

Its now more easier than ever before. With this step by step guide using Sickbeard , Plex and SABnzb Want your TV Series Automatically Downloaded?
Powered by Blogger.

Latest Updates

Thursday, October 6, 2016

How to secure your Active Directory by tracking historical activities/changes

Posted By: The Funky Tech Guy - 12:35:00 AM

Active directory is arguably the most important part of your IT infrastructure – housing all user accounts and password data in a centralized place. Due to its very nature, ensuring the Active Directory is secure is both a complex and necessary task. To protect yourself against insider threats it is important to make sure you keep track of all activities and changes that occur in the past and present in your Active Directory through in-depth reporting and real-time alerting.

How to track, audit and monitor Active Directory activities and modifications

There are two main techniques for auditing Active Directory – native auditing and third party solutions.

1. Native Auditing

Auditing the Active Directory natively involves enabling the “audit object changes” option in Active Directory Domain Services. This feature can be implemented by enabling the Global Audit Policy and configuring the System Access Control List. By doing this, you can generate audit logs which can be tracked in the event viewer. To avoid generating an excessive number of logs, create audit exceptions through schema.
In previous versions of Windows Server, audit logs provided information solely on who made changes to which active directory object attributes. From Windows Server 2008 onwards, enabling auditing creates logs of old and new values as well.
Although these audit logs do display a substantial amount of information, using native processes like “Event Viewer” or “PowerShell” can be both a time consuming and ineffective method. This is mainly due to the lack of reports, alerts and graphical comparisons that you can get from the tools. For example, in order to perform historical change tracking, you have to manually compile audit data for each change and list them to make comparisons. This is essentially a full time job if you intend to perform regular and in-depth audits.

2. Third Party Solutions

Third party solutions can help you address all manner of security, systems management and compliance challenges by pro-actively auditing, monitoring and alerting on critical IT systems. LepideAuditor for Active Directory automates the auditing of Active Directory and provides over 270 pre-defined reports that can be delivered via the console or to any specified email address. Deploying an automated solution like this ensures that you get the maximum detail from your audits with the minimum amount of effort.
Below are some examples of the customized reports generated by LepideAuditor for Active Directory that can be used to track, monitor and alert on historic events/activities happening within the Active Directory:
Report I – The following image depicts three trends (in graphical view) as a result of the past events/activities in the Active Directory, including:
1. User Modifications Trend – This displays important operations performed by users, such as create, delete, modify, rename, move, security changes and permissions modifications.
2. Computer Modifications Trend – This report displays computer operations, such as create, delete, modify, move, rename, status change and permission modifications.
3. Group Modifications Trend – This graph shows all the operations performed on specific or numerous groups (a group of user accounts) such as create, delete, modify, rename, move, permission change and membership information (including the addition of new users and deletion of some users).
By hovering over the values you can obtain further details on the information displayed in the graph.
In addition to this, LepideAuditor for Active Directory can also generate detailed reports that show any changes in the usual trends of permissions being granted to users. This includes permission analysis of the historic events/activities in the Active Directory.
Report II – The below report shows domain modifications made by users in an easy to view grid alongside details regarding users whose accounts have been created. You can delve deeper into the reports by filtering based on user path, who created the account, when the account is created, where it is created, “from” field and more. In this image, the custom filters “this month” and “administrator” have been applied to generate a report of the administrator’s activities in the current month.
The detail of each row in the report is displayed on the right hand side under the “Detail” column, as shown in the image.


LepideAuditor Suite includes numerous exclusive features designed specifically to ensure that users are provided with complete visibility into activities taking place in the Active Directory. Some of these include the following:

1. All Modification Reports for Active Directory

LepideAuditor Suite tracks Active Directory modifications and displays all potential changes, along with before and after values, for the objects being modified.


2. Real-time Alerting

Whenever any suspicious behavior, activity or event is encountered in the Active Directory environment, LepideAuditor Suite sends real-time alerts in three different ways: Email notifications (sent straight to the inbox), LiveFeed alerts that continuously track changes as they happen and the LepideAuditor app – a mobile application that allows users to receive instant alerts straight to any Apple or Android enabled device.

3. Powerful Search Capability

LepideAuditor Suite possesses a powerful search functionality that allows users to locate relevant data quickly and easily. All searches can be saved directly to the console for future reference.


Securing your Active Directory is a critical part of your IT security plan, and tracking the changes (both current and historical) that your users are making in this system is a reliable method of detecting suspicious activity. Third-party solutions, like LepideAuditor for Active Directory, provide you with a 360-degree view (both graphical and grid based) of all the events happening within your Active Directory – including displaying “who,” “what,” “when” and “where” details for all changes made. By automating the auditing of your critical IT systems you can ensure that you are getting the maximum amount of detail with the minimum amount of effort.
This article was written by Satyendra Tiwari for The Funky Tech Guy. Follow him on twitter @satylepide

Thursday, September 29, 2016

Elon Musk shares his interplanetary fantasy but his inspiration is down to earth

Posted By: The Funky Tech Guy - 1:31:00 AM

When I came across this article I knew that it was something I wanted to share not because of one man's journey towards interplanetary space travel but rather the story of one man, risking everything to achieve his dreams. He has personally pledged his entire fortune on achieving his vision and dream.

The lesson I take from this is that there is a whole,different life outside of our everyday and sometimes mundane, everyday living. It's filled with routine. Some people never leave their city and some don't even leave their community. To them that is life. That is all they know. They don't know what is out there.
As he famously says:
It would be an incredible adventure. It would be the most inspiring thing that I could possibly imagine. Life needs to be more than solving problems every day. You need to wake up every day and be excited about the future, and be inspired and want to live. ~ Elon Musk
When was the last time you woke up in the morning feeling truly excited about something?

So go out there and live your dreams,however big or small. You may want to take a tip from,in my opinion the most inspirational piece ever written.

The video below is Elon Musk’s dream. What is your dream? and what have you done recently to bring yourself closer to achieving it.

You can read the full article below:
Elon Musk shared his interplanetary fantasy but his real message is down to earth | Lynne Everatt | Pulse | LinkedIn:

Monday, September 26, 2016

3 Easy Ways To Grant the rights to modify AD group membership and be Successful

Posted By: The Funky Tech Guy - 7:17:00 AM



You would like to grant a non domain admin user the rights or permissions ,e.g your servicedesk staff, the ability to modify the group membership but only of certain groups.
There are two very easy ways of doing this and a third more granular approach if required.


Ensure you have created an AD group and assign your users you want to grant access to this group. If possible, create a separate OU to house all the groups you intend to give rights to.

Option 1 - Delegation of Control

  1. Right click the OU where the groups are and click Delegate Control… then click Nextimage
  2. Select your AD Group

  3. Select Modify the membership of a group and click next

  4. Click Next and Finish

Option 2 – Managed By

Note: you can use this on an OU or individual group.
  1. Right the same OU then click Properties
  2. Click the Managed By tab then click the Change… button

  3. Specify your group and click OK

Option 3 – Using the security tab

If you need to be more granular,do it this way as it allows you to see exactly what permissions are associated with a given task and you can add additional permissions.
  1. Right click either the OU or specific group you would like to grant access or modify right to
  2. Click Properties
  3. Click the Security Tab
  4. Click Advanced
  5. Click Add
  6. Select your Group
  7. On the Object tab Select Descendant Group Objects and enable:
    • Read Members
    • Write Members

  8. Click OK until all windows are closed
That's it

Hope this has been informative. If you have any comments or questions do so below.

Friday, September 23, 2016

Solved: How to Delegate Access for your Helpdesk or Servicedesk In Active Directory

Posted By: The Funky Tech Guy - 4:26:00 AM

Today I want to share with you a simple best practise that I have often seen overlooked and not implemented.

The problem

Have you ever started at a new company and found that everyone has domain admin access? The technicians,the admins,the non technical boss and even the level 1 service desk staff? I have, in almost every company I started. This without saying,poses a huge risk,not just from a security point of view but also the fact that so many people have the potential to either intentionally or unintentionally $uck $hit up. Either way you have your hands full and enough on your plate to still have to worry about one of your servicedesk staff to start digging in things they learnt about in their mcse class.
So how do we go about mitigating this risk and applying the best practice for least privilege access (You only have access to do the things that enable you to perform your job)

The Solution

I usually tackle this in a few ways
  1. I get the backing of the decision makers by informing them of the risks to the business and what I can do to resolve it. This way if they decide to do nothing you have it in writing that they were made aware of the risk and its all on them.
  2. Next you will usually dish out an e-mail or go speak to the managers of the respective sections to find out their needs and roles. Essentially you need to know who does what before you can even begin with the technical bits
  3. Now that you have that information on who does what its allot easier to go into AD and create some groups. In my example I have 3 levels of support which is what I found most common at all the companies I worked. They are
    • Level 1 Support – Service desk- They do your quick fixes and generally require the following permissions
      • Reset password
      • unlock an account
      • change password
      • Read Access to all users attributes.
    • Level 2 Support – Desktop Engineers ,technicians generally have a few more:
        • Reset password
        • change password
        • unlock account
        • read attributes of an AD user
        • Create users
        • modify Active Directory Groups
        • Join Computers to the domain
        • Rejoin Computers to the domain
        • Unjoin computers from the domain
        • move computers to the proper OU

    • Level 3 Support – Network or Systems Admins usually have domain admin access depending on the size and organic structure of the company. Larger companies will have more granular roles,rights and permissions where as the the generalist Admin will usually have domain admin rights and whatever he/she grants to themselves Smile
  4. I create NEW administration aka adm accounts for each support user. e.g For the user John Black with a username of jblack I create admjblack. I simply add adm as a prefix.
  5. I then create AD security groups e.g Sevicedesk_Firstline , ServiceDeskdesk_Secondline and so on. Be sure to give good descriptions.

OK so now that we got that out of the way, lets get to the fun bit of actually configuring this.
button (1)

Featured Post

Infrastructure Matters

Copyright © 2013 The Funky Tech Guy ™ is a registered trademark.

Designed by Templateism . Built with Blogger Templates .