News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon

Blog Archives

  • Admins note: Microsoft delays promised changes to LDAP channel binding

    Posted on February 4th, 2020 at 12:54 woody Comment on the AskWoody Lounge

    If you don’t know an LDAP channel from a Disney channel, you can safely ignore this missive.

    Microsoft originally promised that it would change LDAP channel binding and LDAP signing to more-secure configurations via a patch in January. Then, in December, it said the patch had been pushed back to March.

    Today, MS just announced that the dreaded patch has been pushed back again, this time until sometime in the second half of the year:

    Windows Updates in March 2020 add new audit events, additional logging, and a remapping of Group Policy values that will enable hardening LDAP Channel Binding and LDAP Signing. The March 2020 updates do not make changes to LDAP signing or channel binding policies or their registry equivalent on new or existing domain controllers.

    A further future monthly update, anticipated for release the second half of calendar year 2020, will enable LDAP signing and channel binding on domain controllers configured with default values for those settings.