While the title to this post may sound a bit scary or ominous, the subject of this post is definitely real. A fellow IT guy whom I’ve known for many years, alerted me to a situation he came across in an IT shop he was helping. Namely, the customer’s computers got infected with a ransomware virus, which … Read More.
I had a chance to attend my first BlackHat/Defcon conference last week in Las Vegas. I also attended the very excellent BSides conference, happening concurrently. Besides being shaken to my core from the skills demonstrated during the week :-), I got a chance to see some excellent talks related to Windows security and some super … Read More.
Hello Group Policy fans enthusiasts happy people! Darren and I had a quick discussion about his script to remediate the problems created by applying MS16-072 and GP processing. Read Darren’s previous post for context but here is a recording of our discussion. Have a good day and happy troubleshooting! Kevin
Here’s the scenario: You’ve got some Windows servers that contain critical customer data–it might be customer records, or PCI (Payment Card Industry) data, or just a critical system on your network. You rightly use Group Policy Restricted Groups policy or similar, to control access to those servers. That Group Policy controls which users or groups … Read More.
Just a quick follow up to my previous post on Group Policy Preference password remediation–our very own Kevin Sullivan posted a great video walkthrough of the problem and our tool for remediating these passwords. Enjoy! Darren
A little over two weeks ago, the United State Computer Emergency Readiness Team (US-CERT) issued a bulletin calling for admins to take action on an old issue that I’ve covered extensively in the past. The issue relates to the fact that there are several areas within Group Policy Preference (GPP) that used to allow you to enter user … Read More.
I had a good email conversation last week with someone on the PowerShell team at Microsoft, in the wake of the release of our Desired State Configuration CSE. The gist of his question was around how users could protect the configuration information held within the DSC documents that got deployed via Group Policy. He mentioned … Read More.
Earlier this week, Microsoft released a couple of patches that addressed vulnerabilities in our good friend Group Policy. First, I will say that it’s relatively rare to see such vulnerabilities directly effect Group Policy function, like this one does. That’s a good thing. That said, this one, while not trivial to exploit, is relatively serious … Read More.
Recently someone asked if it was possible to disable the print screen functionality on their keyboard through Group Policy. My initial response was that I had never seen a policy setting to do this, and indeed I figured that you would need to do some low level trapping of keyboard commands to make this work. … Read More.
Microsoft recently announced a new security vulnerability in Windows shortcuts that affects all versions of Windows since XP! Its references here: http://support.microsoft.com/kb/2286198. This particular vulnerability takes advantage of the icon that appears in shortcut (.lnk and .pif) files on Windows. Within the article cited above, Microsoft provides a “FixIt” workaround for the problem that essentially … Read More.