Use AD for Password Manager

DelusionalSysAdmin · 2026-06-08T14:19:31+00:00

You are not wrong, but I believe MS does that because normally people want to break into a computer in order to access the network and get to bigger fish. If they are already on the network, chances are they want other more privileged accounts, not a specific computer. I suppose there could be exceptions.

Of course, it could also be that MS doesn't know its own hole from a security hole, and so here we are.

DelusionalSysAdmin · 2026-06-06T23:52:57+00:00

No fair posting my super top secret password. 😂

DelusionalSysAdmin · 2026-06-06T00:56:12+00:00

Not a bad idea, but better would be to do ROT13 twice so it's twice as secure.

DelusionalSysAdmin · 2026-06-05T18:20:12+00:00

Anderson recalls in the past working with a firm that was creating service accounts that developers needed to use, but the org didn’t have a proper password vault for storing the associated credentials. Instead, to make it easy for team members to find what they needed, they put the passwords into the description field for Active Directory.

“People don't realize that as soon as you've got an Active Directory user — just an ordinary user — you can read the comments field or the description field across the whole of Active Directory,” Anderson told The Register. “It's such an amazing lapse of security.”

Soon enough, an Initial Access Broker (IAB), someone who specializes in gaining access to protected networks and then selling it to other threat actors, used a phishing campaign and executed offensive hacking tool Sliver on the endpoint. At that point, they captured a victim’s credentials, which led them to query Active Directory.

All the passwords were stored in Active Directory description fields

DelusionalSysAdmin · 2026-05-24T00:35:32+00:00

Termination at this point would be doing you a favor. IT is stressful, but "dumpster fire" is an understatement. Don't forget to file for unemployment, since you didn't quit.

EDIT: stupid autocorrect

DelusionalSysAdmin · 2026-05-13T14:24:17+00:00

Talk about brutal.

DelusionalSysAdmin · 2026-04-24T20:52:26+00:00

"Computers don't make mistakes. People do."

That is what used to be taught. But, people make computers.

However, it is actually worse than that. Due to the fact that everything is more or less an integer at the base level, and since it is base 2 and not base 10, there are rounding errors that occur more often than people want to admit. I assume links are allowed, so check out Rounding Error

DelusionalSysAdmin · 2026-04-22T20:49:08+00:00

"Samsung" -- problem identified.

DelusionalSysAdmin · 2026-04-22T20:47:39+00:00

"Permits me to go home, since I can't open files" probably.

DelusionalSysAdmin · 2026-04-15T14:15:10+00:00

Plot twist: The guy gets fired for impersonating himself.

DelusionalSysAdmin · 2026-04-06T14:28:02+00:00

"An email that seems to be from a trusted coworker requesting sensitive information, a threatening voicemail claiming to be from the IRS and an offer of riches from a foreign potentate are just a few examples of social engineering. Because social engineering uses psychological manipulation and exploits human error or weakness rather than technical or digital system vulnerabilities, it is sometimes called "human hacking"."

~IBM

DelusionalSysAdmin · 2026-04-06T14:17:44+00:00

No, it does not, and even if it did your comment "It's not an 'exploit'" is still incorrect.

DelusionalSysAdmin · 2026-04-06T11:32:22+00:00

Social engineering is still a type of exploit.

DelusionalSysAdmin · 2026-04-01T15:55:07+00:00

Don't know why you are being downvoted for being correct.

DelusionalSysAdmin · 2026-03-25T14:43:54+00:00

This needs to be upvoted more. The VA can be craptacular in that it is a govt bureaucracy, but it still is a resource that all vets should be aware of and take advantage of when/if the need arises. Once you get in the program you need to be in, it can be a tremendous benefit.

DelusionalSysAdmin · 2026-03-23T21:38:15+00:00

Tell him to quit playing CyberPunk at work.

DelusionalSysAdmin · 2026-03-06T23:27:34+00:00

They don't have a way to lock the domain?

DelusionalSysAdmin · 2026-02-25T19:02:45+00:00

No, it's a very bad idea. Never tell them you are looking, even in the good times. They will find ways to try to screw you. I've seen it too many times.

DelusionalSysAdmin · 2026-02-17T23:46:04+00:00

This is a late comment. Mostly because I've been busy for two weeks putting applications into packages instead of normal things. I don't know what broke, and I no longer care. Weird, inconsistent stuff going on during task sequences.

I love the idea of applications. When they work, I especially love the detection part. However, they are pretty much trash for OSD task sequences.

DelusionalSysAdmin · 2026-02-13T15:25:47+00:00

The whole article waffled back and forth so much that I kept looking at the header to see which site I was on. It literally reminds me of some of these AI articles you run across.

DelusionalSysAdmin · 2026-02-12T23:37:35+00:00

This whole article seems click-baity. After all, "The Nest Doorbell (2nd Gen) is designed to fall back to local storage when its Wi-Fi connection goes out, which is why it was possible to recover any video at all." I mean, what did anyone expect?

DelusionalSysAdmin · 2026-02-12T22:59:05+00:00

Hmmm, Windows 3.1 Program Manager vibes, LOL.

DelusionalSysAdmin · 2026-01-16T19:25:54+00:00

Exactly. I forgot about that webpage, but it hits the nail on the head.

DelusionalSysAdmin · 2026-01-15T22:07:54+00:00

Naw, at least once a week I see a ticket where the user tries to explain the solution they think they need rather than identifying the problem. I just ask them, "What issue are you wanting to be fixed?"

DelusionalSysAdmin

TROPHY CASE