An ActiveSync Primer

An ActiveSync Primer Dominic Salemno What is ActiveSync? When I speak of ActiveSync, I am speaking in regards to the protocol itself, not the application. In any communications protocol, there is always a purpose for the transmission. In the case of ActiveSync, it provides a means of ensuring that a specific mobile device is consistent…


msDS-SupportedEncryptionTypes – Episode 1 – Computer accounts

Introduction In order to be concise with this article, I need to assume that the reader is familiar with Kerberos and Active Directory. If not, then I can quickly think of two scenarios: 1)      Your favorite search engine (Bing in my case) took you here as a misunderstanding. 2)      You came because you stumbled upon…


Parsing Pictures in a PowerPoint binary file

  In this blog I’d like to cover every aspect of parsing Office binary documents, and do it in less than a thousand words.  But, what follows is more realistic, thus more narrow in focus.  Specifically, I’ll examine the PowerPoint binary format from the point of view of parsing/enumerating “Pictures”.  PowerPoint Pictures are found in…


Understanding security descriptor defaulting rules for Active Directory objects

This blog post is to help understand the defaulting rules when assigning security descriptors to new active directory (AD) objects. Background The SECURITY_DESCRIPTOR structure defines the security attributes of an object. For instance, some of the attributes specify the owner, the access rights, privileges to perform operations, and level of audit logging. The SECURITY_DESCRIPTOR structure…


Active Directory Technical Specification Control Access Rights Concordance

Active Directory Technical Specification Control Access Rights Concordance The attached PDF document provides a concordance for the Microsoft Active Directory ‘Control Access Rights’ documented in the Microsoft Open Specifications, as of 10 August 2009. The main reference for these rights is [MS‑ADTS] 5.1.3.2.1 Control Access Rights. I created the document as a useful reference for…


Stronger Keys for Netlogon Remote Protocol in Windows 7

Background   Netlogon Remote Protocol (MS-NRPC) provides a secure communication between domain members and domain controllers.   In the protocol, a client delivers a logon request to the domain controller over an established secure channel between a DC and clients.  The secure channel is achieved by encrypting the communication traffic with a session key computed using a…


S4U_DELEGATION_INFO and Constrained Delegation

Background   The constrained delegation extension, also called S4Uproxy, is one of the Service for User (S4U) extensions to Kerberos protocol.   It allows a service to obtain service tickets to a subset of other services on behalf of the user.  The service can then present the tickets to the other service as if the user has…


Exploring the Compound File Binary Format

Although the march of progress steadily tramples the old tried and true in favor of enlightened file formats designed for the new era of the web, some of us take joy in digging deeper into bits and bytes of binary file formats.  I’m one of those and I can’t resist hacking my way through one…

2

Overview of Protected Office Open XML Documents

  Suppose your application requirement is to programmatically create password “protected” Office Open XML (OOXML) documents.  Or, perhaps the requirement is to programmatically convert a batch of unprotected OOXML documents to password protected ones.  The following information outlines some aspects to consider when implementing for this requirement.   If you need to review the OOXML…


Understanding unique attributes in Active Directory

In this blog, I would like to help the reader understand the rules that govern unique attributes in Active Directory (AD) along with the Open Protocols documentation set. I provide examples for user naming attributes. I also clarify common misunderstandings about attribute uniqueness and attribute indexing. This blog post does not intend to provide a…