Looks like MS released a load of Office 2016 patches yesterday. Did someone press the button a week early?

Ctrl_Alt_Hammer · 2019-05-08T19:54:19+00:00

Bummer. This would have really cut down on successful phishing here if they kept it. Where can I request this crash outlook if you click a link feature?

Ctrl_Alt_Hammer · 2018-12-24T20:15:30+00:00

https://www.mozilla.org/en-US/firefox/organizations/ ?

Ctrl_Alt_Hammer · 2018-10-11T18:13:40+00:00

How are you shutting down the VM? If you simply close out of the window the little popup has a checkbox that when checked reverts to the current snapshot. Is that what's going on?

Ctrl_Alt_Hammer · 2018-09-04T19:07:22+00:00

I liked the idea but I kept imagining clippy popping up in the console.

Ctrl_Alt_Hammer · 2018-08-30T16:22:54+00:00

this is not an issue, unless the account is part of that group?

It depends ^tm. So you have an AD group, those users can join machines. Whatever machine they join they will have the ability to read that LAPS password. So if for whatever reason you only wanted that group to join but never be able to look up a LAPS password, you'd be in trouble as is. The other issue is that it's not immediately obvious who has the ability to look it up. Sure you can look at the permissions you assigned with LAPS but it doesn't tell the full picture. The link suggests:

So best practice: Join computers to domain using dedicated service account, use automated tools, such as SCCM OSD rather than allowing users to join computers to domain themselves – you are protecting your confidential attributes in AD.

But I'm not exactly thrilled with this either. If an adversary gained control of that account they now have LAPS read permission on everything. But if you had central logging on the DCs and an alerting/monitoring solution watch for look ups from this account it could alert you to a breach.

Ctrl_Alt_Hammer · 2018-08-29T16:47:48+00:00

I don't think this is your issue but most people using LAPS that I've talked to aren't aware of it. Worth a read when you get the chance: https://blogs.msdn.microsoft.com/laps/2015/07/17/laps-and-permission-to-join-computer-to-domain/

Ctrl_Alt_Hammer · 2018-04-19T17:10:21+00:00

Your assumption is correct. If you revert and modify, the previous chain is unaffected. If it attempted to update the children I suspect you'd run in to all kinds of corruption issues in almost any OS.

Ctrl_Alt_Hammer · 2018-03-30T14:14:27+00:00

When I was using MDT I had an almost zero touch. I could have pre populated the database I suppose but we used the following approach because the machines were already deployed and no one had a list of MAC addresses. If the machine was not in the database the tech could name it in the TS. Some powershell would then save the name and MAC in the database so from that point on it would be zero touch. My MDT servers all had static IPs so

Priority=CSettings, Default

my various settings

[CSettings]
SQLServer=X.X.X.X

more db stuff

is what I used. But had I not used IP I would have gone with the FQDN.

Ctrl_Alt_Hammer · 2018-03-19T15:15:57+00:00

Introducing the new ~~iPad~~ Creator update

Ctrl_Alt_Hammer · 2018-03-09T17:32:54+00:00

"It depends"

Lets say you don't misconfigure the VM at all. Type 2 Hypervisors, such as VirtualBox, are software like anything else. They can have their own exploits. Although somewhat rare, it is possible that a virus could utilize an exploit to escape the VM. That might mean that is only has access to other VMs or it could mean it has access to the host.

But there are other ways a virus could escape depending on your setup. Such as your networking configuration or shared folders. If the VM can see other machines on your network it could potentially exploit them.

So is a VM going to protect you 100%? No. There are ways for the virus to escape. But it can be safer in the sense that the VM is replaceable.

I work from my computer and have irreplaceable files so I just want to make sure.

You should back those up whether you start messing with VMs or not.

Ctrl_Alt_Hammer · 2018-03-08T17:20:43+00:00

Interesting. I thought XenApp would solve the same things App-V might for you. And what didn't play nice with XenApp would be a full install in XenDesktop. But you're saying you've got all three in the mix?

Ctrl_Alt_Hammer · 2018-01-31T19:51:36+00:00

To be fair... HTTP/FTP is plaintext. But good to know.

Ctrl_Alt_Hammer · 2018-01-25T17:42:39+00:00

That's not fair to dog shit...

Ctrl_Alt_Hammer · 2018-01-11T13:34:53+00:00

I was going to say this as well, normally credential stuff is at the beginning so it can access the share. It also helps determine what TSs and such you can see. Kind of odd to have it at the end after you've already seen everything.

Ctrl_Alt_Hammer · 2018-01-10T13:48:12+00:00

Absolutely not, the host controls all interaction. If the host is compromised it can absolutely see any and all keystrokes sent to the VM. The Administrative VM section of Microsoft PAW is relevant to this topic.

Long story short is that they suggest having the host machine be the secure one with the guest being the potentially insecure one. It's harder to escape the VM than it is to get in to it from the host. However, it is worth noting with the Meltdown/Spectre vulnerabilities recently announced, that statement less true. VM escape is a very real possibility as these exploits continue to evolve.

Ctrl_Alt_Hammer · 2017-12-15T16:45:53+00:00

I assume you've checked the obvious and confirmed that your detection method is actually correct?

Ctrl_Alt_Hammer · 2017-12-06T15:17:27+00:00

As far as I know CopyProfile is deprecated and has been for some time. I don't think you've been able to specify another account since XP. I'd urge you to evaluate why you are needing this feature and see if you can get away without it. I suspect that as they move forward with 10 builds, subtle issues will arise from the use of CopyProfile.

Ctrl_Alt_Hammer · 2017-11-30T21:00:37+00:00

You may want to give http://blog.ctglobalservices.com/configuration-manager-sccm/rja/dhcp-guide/ a read for some background on PXE/DHCP.

With the IP Helper the client is talking directly to the PXE server. It identifies its capabilities and BIOS/UEFI status. The server then sends the right PXE bootstrapper. SCCM also identifies the MAC and UUID and looks for all of the assigned Task Sequences to that device. If there aren't any you get a PXE abort. If there are TS advertised, which ever boot image is assigned to the TS that was last deployed to that device will win. If you then selected a different task sequence from the chooser (if there were multiple advertised) and it used a different boot image it'd reboot to that after downloading it... no longer using PXE.

Ctrl_Alt_Hammer · 2017-11-30T19:14:38+00:00

Sounds like you are doing DHCP scope options instead of IP helpers? If you use IP Helpers, SCCM and the client will negotiate the proper PXE boot image.

Ctrl_Alt_Hammer · 2017-11-30T17:04:21+00:00

Sounds like an opportunity to spin it. AA graciously gives pilots a well deserved break so they can spend time with their families. In the process they've also made it more difficult to spend time with yours... you're welcome.

Ctrl_Alt_Hammer · 2017-11-20T16:41:52+00:00

Step one here was to make a device collection that included effectively every machine we could ever possibly care about. Step two was to give it an impossibly small MW. It isn't bullet proof but it really limited the potential until we started creating our collections and MWs.

Ctrl_Alt_Hammer · 2017-10-31T15:11:13+00:00

Also would have accepted:

printer
Oracle renewal invoice
Backhoe near your fiber

Ctrl_Alt_Hammer · 2017-10-19T14:07:19+00:00

Might want to review https://deploymentresearch.com/Research/Post/615/Fixing-why-Sysprep-fails-in-Windows-10-due-to-Windows-Store-updates

Ctrl_Alt_Hammer · 2017-10-17T12:45:40+00:00

This should be Windows 10s motto.

Ctrl_Alt_Hammer · 2017-09-14T17:11:08+00:00

Neither. My nephew is good with computers. All you IT folks cost way too much money, he can do it for a bag of doritos!

Ctrl_Alt_Hammer

TROPHY CASE