It always comes back to Requirements

I’m just going to say it – many people in IT don’t give enough thought to requirements. They might think they do, there may even be a document with the word “Requirements” in the title, but are they good enough for the job?

Using the MIMWAL to create Policy objects

I worked with the FIMWAL in the past on a couple of MCS engagments, but hadn’t yet had the opportunity to use the open-sourced MIMWAL on an engagment. I have, however, just been converting something I’ve done before to all-MIMWAL workflows, in preparation for re-using the concepts on a new project. This is a pretty
Read More »

Script: Compare-ADGroups.ps1

I recently wanted to do some analysis of existing groups in a well established AD that has a lot of groups (more groups than users in fact). I was hoping to find groups that looked like good candidates for conversion to role-based (aka criteria-based) groups.

Pre-wired access control

Here’s a picture I once used in a presentation (credited to wallwin.ca) to illustrate the mess access control in directories and applications often looks like when you try and do any kind of review and analysis. These days I don’t go into server and patch rooms all that often, but even so it’s been a long
Read More »