Miha Pecnik's Avatar

Miha Pecnik

@mihapecnik.bsky.social

Senior Systems Engineer focused on Microsoft technologies.

41 Followers  |  82 Following  |  11 Posts  |  Joined: 22.12.2023  |  1.731

Latest posts by mihapecnik.bsky.social on Bluesky

It’s in the post, here: syfuhs.net/killing-ntlm...

25.11.2025 04:52 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

🀞

02.11.2025 16:49 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Thank you. This is a WS 2025 only environment, but it appears it might still take a while for IAKerb.

02.11.2025 16:38 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

The RDS webfeed.aspx through GPO seems to be a bug.

Good to know about the HTML5 client, do give them an nudge if you can :). So KDC proxy won’t help here.

02.11.2025 16:37 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
KDC Proxy for Remote Access There's a little known feature in Windows called the KDC Proxy that lets clients communicate with KDC servers over an HTTPS channel instead of TCP.

Testing HTML5 RDP client. With NTLM off, site opens but RemoteApp fails internally. Would syfuhs.net/kdc-proxy-fo... help? Should I deploy KDC-proxy on RDS Gateway, or will IAKerb/LocalKDC solve this (make NTLM exception for now)? Not sure about external users.

02.11.2025 04:09 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Steve, quick follow-up: In this new environment, I have an RDS server with Gateway. Two issues if NTLM is disabled: RemoteApp GPO deployment fails (webfeed.aspx). Once settings apply, updates work fine. Manual feed works without NTLM. Same issue as: learn.microsoft.com/en-us/answer....

02.11.2025 04:09 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0

Would you be so kind to let me DM you on this subject? I have two outstanding issues with RDS as well and would appreciate your take?

01.11.2025 07:56 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Appreciate your reply. Hope we get a solution soon.

26.10.2025 14:31 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Post image

@syfuhs.net if you have any pointers for CS server I’d appreciate them Trying this in an all WS 2025 environment syfuhs.net/killing-ntlm...

26.10.2025 07:26 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

Palo Alto Networks has silently patched an issue used by security researchers to dump cleartext PAN GlobalProtect VPN appliance passwords

github.com/t3hbb/PanGP_...

26.12.2024 15:20 β€” πŸ‘ 25    πŸ” 9    πŸ’¬ 2    πŸ“Œ 1
Preview
Oasis Security Research Team Discovers Microsoft Azure MFA Bypass Critical vulnerability could have allowed malicious actors to gain unauthorized access to users’ Microsoft accounts.

Don’t look back in anger.

oasis.security/resources/bl...

12.12.2024 19:11 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 1    πŸ“Œ 0
Preview
Unlocking OSConfig: Windows Server 2025 Security Baselines and Drift Control Learn to secure Windows Server 2025 with OSConfig by implementing security baselines and drift control for robust configuration management

Are you running Windows Server 2025? If so, OSConfig is a tool you’ll definitely want to check out! OSConfig quietly arrived in Windows Server '25 with some powerful configuration management features, and it even works on Windows 11 βœ…

Learn more πŸ‘‰ patchmypc.com/osconfig-win...

22.11.2024 15:38 β€” πŸ‘ 6    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Third party passkey providers NOT enabled.

Third party passkey providers NOT enabled.

Third party passkey providers ENABLED

Third party passkey providers ENABLED

Quick Question for all you #Android users out there:
Are you on Android 14?
If yes: Has your device vendor implemented third-party #passkey providers?

Let me know the OEM brand name in the replies or send me a DM

30.11.2024 18:24 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 4    πŸ“Œ 0

SCRIL also helps.

24.11.2024 04:47 β€” πŸ‘ 0    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Orin shows off how easy it is to in-place upgrade a Windows Server 2012r2 DC to Server 2025! Easy peasy.

We still recommend deploying new & decomming old! But hopefully this shows you how much better our upgrade game has gotten with 2025.

21.11.2024 08:43 β€” πŸ‘ 11    πŸ” 3    πŸ’¬ 1    πŸ“Œ 0
Preview
Windows security and resiliency: Protecting your business At Microsoft, security is our top priority, and with every release, Windows becomes even more secure. At Ignite 2024, we will highlight new Windows security innovations that will provide the clarity a...

New security features announced at Microsoft Ignite:

-Quick Machine Recovery - recover PCs with boot issues remotely
-Windows Hotpatch - deploy patches without restarting PCs
-Config Refresh - restore config defaults at regular intervals
-Zero Trust DNS - [words]

blogs.windows.com/windowsexper...

19.11.2024 15:41 β€” πŸ‘ 12    πŸ” 2    πŸ’¬ 0    πŸ“Œ 5
Preview
BlueHat 2024 - YouTube BlueHat 2024 - Oct 29-30, 2024. Redmond, WA USA

m.youtube.com/playlist?lis...

Bluehat talks onlineπŸ‘

12.11.2024 14:43 β€” πŸ‘ 3    πŸ” 2    πŸ’¬ 0    πŸ“Œ 0

@mihapecnik is following 20 prominent accounts