With TPM enabling BitLocker to protect your data from the threat of someone physically stealing your laptop, you can almost admire Microsoft’s logic. Obviously, that’s a far bigger risk than a few hundred million unpatched Windows 10 machines being exposed to the Internet. Because, of course, laptops are being stolen by the truckload every night, while malware and remote exploits are just fringe concerns. Brilliantly deducted.

The goal is to use PowerShell to create a GPO and a WMI filter for the PDC. The PDC is the authoritative time source in a Domain and it’s vital that only the PDC syncs with the upstream time source. Every other domain controller should, in turn, sync from the PDC, maintaining a proper hierarchy and preventing clock chaos

Rocky Linux version 10 is today's Linux OS of choice and part of the Zero Trust implementation for the home lab. The steps in this blog detail the implementation of IPSec between a Windows Domain and Linux using Strongswan.