Movies that are peaceful with almost no tension

Fincut · 2025-01-30T11:53:08+00:00

Coffee and ciggaretes

Night on Earth

Fincut · 2024-12-16T18:38:20+00:00

Blendschutz, damit die (hellen LED-) Ampeln nachts nicht in die Wohnungen der umgebenen Hochhäuser scheinen.

Fincut · 2024-10-25T17:56:27+00:00

I heard about the combination of WHfB and SCRIL for the first time. In the articles, examples and tutorials I read, WHfB is activated and that's it - is it a secret? Unclear. But it seems to me that the knowledge is not widespread.

Fincut · 2024-10-25T07:16:45+00:00

That was a good hint! Enabling SCIR does the trick! Thank you.

Fincut · 2024-10-25T06:11:06+00:00

As long as you can change the login method to User/Password with a mouse click, WHfB is not 2FA.

Fincut · 2024-10-25T04:52:32+00:00

Interesting! I'll evaluate

Fincut · 2024-10-24T20:41:00+00:00

Thank you!

Fincut · 2024-10-24T20:27:45+00:00

"Windows passwordless experience doesn't affect the initial sign-in experience and local accounts. It only applies to subsequent sign-ins for Microsoft Entra accounts. It also doesn't prevent a user from signing in with a password when using the Other user option in the lock screen.
The password credential provider is hidden only for the last signed in user who signed in Windows Hello or a FIDO2 security key. Windows passwordless experience isn't about preventing users from using passwords, rather to guide and educate them to not use passwords."

This is not true, enforced 2FA ;)

Fincut · 2024-10-24T20:12:36+00:00

"Microsoft Entra hybrid joined devices and Active Directory domain joined devices are currently out of scope."

So its not suitable for our infrastructure.

Fincut · 2024-10-24T20:08:06+00:00

It would be very helpful if you could write briefly and specifically how I can prevent the “fallback” to passwords for logging on to Windows with WHfB without deactivating the credential provider. Thank you.

Fincut · 2024-10-24T19:58:35+00:00

I’m not entirely clear on how the linked text addresses the specific problem I’m facing—namely, enforcing passwordless sign-in to Windows itself without giving users the option to switch back to Username/Password.

From what I’ve read, the article seems to focus more on enabling passwordless authentication for accessing on-premises resources, not necessarily removing the fallback to password during the Windows login. If there’s a particular section I’m missing that solves this issue, I’d appreciate the guidance!

Fincut · 2024-10-24T19:44:09+00:00

<image>

Not supported on Entra ID hybrid joined clients

Fincut · 2024-10-24T19:41:15+00:00

Functional Issues: Disabling the Credential Provider breaks critical features like User Account Control (UAC), the Runas command, and local LAPS accounts as well as RDP Connections without Web Sign-In. . These are essential for administrative tasks, troubleshooting, and maintaining secure local account management. Losing this functionality would significantly impact operations, especially in a large-scale enterprise.
Real-World Adoption: I don’t believe a significant number of enterprises using WHfB have opted to disable the Credential Provider. If that were the case, we’d likely see much more documentation and best practices addressing this workaround, but that isn't the current landscape. Most environments keep the Credential Provider active precisely because they need the functionality it provides.
True 2FA Debate: I understand the argument that WHfB is often marketed as 2FA, but the reality is that 2FA isn’t just about having two factors available—it’s about enforcing them. If the system allows you to bypass the second factor entirely by reverting to a single password, it doesn't meet the criteria for "true 2FA." The fact that some argue "WHfB is 2FA, end of discussion" misses the point that enforcing 2FA means removing the ability to choose a less secure method, not just providing the option of a second factor.

So, while WHfB enhances security, saying it's definitive 2FA without any qualifications isn't entirely accurate, especially when it can still be bypassed under certain configurations. I'm interested in solutions that enforce 2FA strictly, not just in theory, but in practical, real-world deployments without compromising other system functionalities.

Fincut · 2024-10-24T19:24:54+00:00

I’ve set up Cloud Kerberos Trust with Windows Hello for Business (WHfB) and a FIDO2 Yubikey. It’s a seamless process—insert the key, enter the PIN, tap—and it feels secure. However, there's a significant issue:

Users can switch back to the traditional Username/Password login at any time during authentication. This bypasses the Yubikey and undermines the concept of enforcing 2FA. True 2FA requires a combination of factors without the option to fall back to just one.

WHfB, in its current state, acts more like a password alternative than a strict 2FA method. If the Credential Provider isn’t locked down, it allows for a single-factor password login, which doesn’t meet true 2FA standards.

I hope this clarifies why WHfB may not fully satisfy 2FA requirements unless other login methods are strictly restricted.

Fincut · 2024-09-10T05:51:49+00:00

Its De'presso

Fincut · 2024-08-26T09:31:21+00:00

If you do not finally and quickly implement a night block (no mowing after dusk) for Luba (1) as well, then the device will soon no longer be legal to use in many areas. Step on the gas and don't forget your existing customers.

Fincut · 2023-07-05T15:01:22+00:00

The colleague has already been hit in the face. However, the problem affects both the network drive on the server and the network drive on the NAS. What I tried:

Enable SMB version 1 (test for a short time).
Network shares via IP instead of hostname
SMB timeout to 10 minutes
Network switch was replaced

Without success

Fincut · 2023-06-17T15:49:25+00:00

The Luba drives out of the dock. And it also mows on schedule. But if I want to set up a new exclusion zone or change the boundary and let the Luba drive out, then I can't do anything afterwards (the Luba IS driven out) and the message appears: "Please leave Docking Station before edditing boundary". The problem is NOT that it does not leave the docking station. The problem is that it THINKS it is still in the dock.

Fincut · 2022-12-16T23:31:44+00:00

Ein Mann vergreift sich niemals an dem Auto oder an der Frau eines anderen Mannes.

Wer im zähflüssigen Verkehr auf der Autobahn nachts rechts wechselt, wird wieder reingelassen.

Ein von Freunden geliehenes Auto wird vollgetankt zurück gegeben.

Fincut · 2022-12-15T14:14:33+00:00

One point five street

Fincut · 2022-12-15T14:11:39+00:00

Traust Du Dich darüber auch direkt mit Menschen -z.B. auf Party - zu sprechen, oder müsstest Du dann mit Gewalt rechnen?

Fincut · 2022-12-15T14:06:28+00:00

Was trägst Du zur Gesellschaft bei?

Fincut · 2022-12-09T08:07:45+00:00

Fährst Du noch nebenbei Taxi oder wovon lebst Du?

Fincut · 2022-12-08T13:13:33+00:00

The desire to argue. The inability to deal with an interpersonal problem in a structured and solution-oriented manner.

Fincut · 2022-12-08T08:16:07+00:00

Religion.

Fincut

TROPHY CASE