Importing a group policy can both be very nerve wracking but also quite easy.
Things you’ll need:
I assume that you already have a admx file and want to import it for the local machine.
Note; If the environment exclusively contains Windows 8.0 / Server 2012 (non-R2) or newer systems, then the ‘Privacy’ setting may (optionally) also be set to enable SMB encryption. However, using SMB encryption will render the targeted share paths completely inaccessible by older OSes, so only use this additional option with caution and thorough testing.
Why Harden UNC Paths in Windows Active Directory?
Administrative templates are divided into admx and language files(adml files).
Windows uses central store to store the files, the central store is located on the sysvol share which is located here:\\contoso.com\SYSVOL\contoso.com\policies\PolicyDefinitions
To update the definitions you will have to download and install the latest version, which you can find here:
https://www.microsoft.com/en-us/download/details.aspx?id=106254
Do not delete the krbtgt accounts for the RODCs. The krbtgt account for an RODC is listed in the format krbtgt_number.
Fun little issue that i had today, doing a installation of a RemoteApp on a new Windows Server 2019.
I had a problem where my RDWeb didn’t show any application once logged in. Luckily i had one RemoteApp server that already worked without any problems so i started compared things and ended up looking into the IIS
Active Directory will always validate a new Directory Services Repair Mode password to make sure it meets the domain’s password complexity requirements; this validation also calls into password filter dlls like Microsoft Entra Password Protection. If the new DSRM password is rejected, the following error message results:
Setting Up Azure Entra ID B2B Collaboration – A Detailed, Fact‑Based Guide
ItemWhy It Matters
Azure Entra ID tenant (the “host” tenant)
All B2B relationships are anchored in a single tenant that you control.
Appropriate licensing
Azure AD Premium P1 (or higher) is required for most B2B features such as conditional access policies, entitlement management, and advanced security reporting.
External partner identification
ANY.RUN allows users to upload suspicious files and URLs for dynamic analysis. However, unless explicitly set to private or used under a commercial license, these uploads are publicly accessible. This means that anyone browsing the platform can view, download, and analyze the same files—posing serious risks when sensitive or proprietary data is involved.
