Actice Directory Round 2/26/2010

Here's what has been happening in the AD world the last week.

First up, MVP Sean Deuby has contributed an important blog post regarding authentication changes in Windows Server 2008 R2, Windows 7 and NTLM. The big change is the minimum requirement for 128 bit encryption.  This obviously has consequences if your domain controllers are moving to R2 but you still have a fair number of down level clients.  Check out Sean's article for all the details.

I also came across a very useful post by Dave Stork about integrated authentication for Exchange 2010 using Firefox. I don't use Exchange and OWA these days, but when I did it seemed you always had to use Internet Explorer to handle integrated authentication. If you preferred Firefox you were out of luck. Or so it would seem. Dave has uncovered some hidden Firefox settings that enable integrated authentication. Very intriguing and valuable stuff.

Oh, and speaking of Exchange 2010, PowerGUI/PowerShell expert Dmitry Sotnikov reports that a PowerPack for Exchange 2010 is now available for a free download.  Now if I can ever get around to installing Exchange 2010 myself I'll have a very useful management tool.

In the Group Policy space the folks at the Group Policy Center have posted the first of a multipart series on configuring a user's browser home page using Group Policy. There are several ways to accomplish this and the first article explains clearly how to do it using a GPO.

And if you've every had to troubleshoot Group Policy, you'll appreciate the decision chart
published on the Group Policy Team Blog.

My last Group Policy find is a PowerShell script by Tony Murray to basckup all GPOs in your domain. The script takes advantage of the Group Policy and Active Directory modules that ship with Windows Server 2008 R2. Although remember you can install the RSAT package on Windows 7 and manage other just about any other domain level.

That's all for now.