AD Security Patch

Archived from groups: microsoft.public.windows.server.active_directory,microsoft.public.win2000.security (More info?)

All,

I have been looking for this. Does anyone know what this refers to?
And what applications this may break? Is it applied to DCs or to all
servers in a domain/forest? Is it specific to W2K or to W2K3 as well?

I have no more details other than the name is "AD Security Patch."

Thanks!

Patty

Archived from groups: microsoft.public.windows.server.active_directory,microsoft.public.win2000.security (More info?)

Thanks. I was looking for a sanity check. Anyone else heard of some
sort of mystical AD Security Patch?

Archived from groups: microsoft.public.windows.server.active_directory,microsoft.public.win2000.security (More info?)

It is supposed to secure AD. I myself have never heard of such a
thing. Ever. However, the company also says it has broken other
applications, which makes me assume that the it is applied to all
servers and not just DCs. I am currently involved in deploying Unity
and they AD folks are concerned that their AD patch is going to cause
issues.

Now, I have asked the AD folks for more details but....heaven help me
for saying this....they are not very bright but extremely defensive and
think they know everything. I had to explain LDIF to them for all
their knowledge, though....

So, with this in mind, before I question them some more, I wanted
confirmation that this really existed. I did a dump on their patches
and none of them said "AD Security Patch". Heh. However, when pushed,
they said that ws the name of it and they had regrets for implementing
it.

Archived from groups: microsoft.public.windows.server.active_directory,microsoft.public.win2000.security (More info?)

Try this...

Have them review the checklists from here and see if they can pinpoint what
they are referring to:
http://TownsendOneMedia.com/BulletInBlue/

Some problematic patches that I've seen affect AD-environments:
http://www.microsoft.com/technet/s [...] 5-011.mspx (SMB)
http://www.microsoft.com/technet/s [...] 5-027.mspx (SMB)
http://www.microsoft.com/technet/s [...] 5-019.mspx (TCP/IP -
lot of problems with this. See the caveats section for a # of issues and
post-hotfixes, especially 898060).

If you are referring to Cisco Unity, their supported patch list is here:
http://www.cisco.com/en/US/product [...] 0a63e.html

Another sneaking suspicion I have is when they refer to 'secure AD' is they
may have attempted to use one of the security templates from the NSA or MS:
http://www.microsoft.com/downloads [...] laylang=en

http://www.nsa.gov/snac/downloads_ [...] cg10.3.1.1

These templates can break a ton things if not reviewed VERY carefully.

Other than that, tell their AD guru's they aren't guru's if they can't give
you a name other than 'AD Security Patch'. They should know better that all
patches are KB or Bulletins #'s. Coax the # out of them by telling them that
the MS06-099 is the fix for their problems. If they say "YES!", their
morons. If they say "No, it's ____", bingo, there's the number you need. :~>

Archived from groups: microsoft.public.windows.server.active_directory,microsoft.public.win2000.security (More info?)

Well, it appears they did have some of these "problematic" patches
installed, especially the second one (MS05-027). I reassured them that
this would not impact Unity, though. They were impressed that there
was more a name than AD Security Patch, too :-)...

Anyhow, we are a go extending the schema tonight.

Thanks again and your help was very much appreciated!

Regards,

Patty