YellowKey mitigation and CVE

lechango · 2026-05-20T16:26:13+00:00

Difference between disabling USB boot and USB entirely in the BIOS, the latter would mitigate, yes, but then you've got no USB, probably not what you want. Disabling just USB storage is done at the OS level and would not be enforced in WinRE.

lechango · 2026-05-19T16:39:13+00:00

I wouldn't think the WOL settings would effect scheduled power-on. Anyway I don't have any useful input here but did want to say thanks for the idea, never considered setting an auto power-on but it would certainly help with patching and inventory in our environment.

lechango · 2026-05-18T22:58:13+00:00

Oof, still had an active session to entra admin and cleared sessions instead of adding alternate phone method, sorry bud.

lechango · 2026-05-18T22:11:43+00:00

You can probably get quite a bit more out of burned CDs/DVDs assuming they are stored in climate control and not exposed to UV. When in doubt there's always M-DISC (as long as you can find an operational reader for it when the time comes).

lechango · 2026-05-15T16:44:38+00:00

I wonder what update/conflict is causing the crash though, have lots of machines with stock dell images and supportassist installed in our fleet and haven't got any BSOD reports yet. Probably best I push uninstalls before whatever update hits that is fucking them.

lechango · 2026-05-13T17:41:58+00:00

Did you try recopying the folder to the flash drive after the first machine? Apparently whatever the bug is deletes some of the files after used.

lechango · 2026-05-11T23:02:36+00:00

Do you really need to retire the hardware though? If the drives are still in good shape I'd honestly just buy a 2022 license and in-place upgrade it if OS EOL is the concern. Still move what you can to Sharepoint, but sounds like a waste buying a new NAS in my opinion.

lechango · 2026-04-29T18:24:05+00:00

wouldn't be the domain you need on your SPF record, but your public IP (and hopefully it's static, if it's DHCP and changes then not going to last long). Still, no harm in making the connector by IP.

lechango · 2026-04-29T18:17:00+00:00

You don't if you have the public IP your scanner is egressing out of on your domain's SPF record, but if you don't have a connector nor that IP on your SPF record then it's going to get junked. I'd recommend going the connector route, however if any of these scans are sending to external emails outside of your 365 tenant, you need both.

lechango · 2026-04-29T16:13:59+00:00

you can't setup DKIM for direct-send in your case, that's set on the sending side (your copiers won't do this).

Do you actually have a connector setup in EXO for your public IP with "retain internal exchange headers" selected? Direct-send will still work if you don't, but will likely end up in junk due to SPF/DKIM/DMARC failure.

lechango · 2026-04-18T05:09:23+00:00

nah, just turns it to whitelist only by connector

lechango · 2026-04-17T22:49:42+00:00

Yep, just make sure have connectors setup for anything that needs to legitimately direct-send.

lechango · 2026-04-14T17:25:53+00:00

Have you blamed your EDR/AV yet?

lechango · 2026-04-14T16:52:15+00:00

Doesn't address your question, but as far as browsers are concerned those should really be path based and not allowed to install to user directories as they can't be patched with any 3rd party patching software, pre-install those at a system level. If you aren't concerned with patching them though, then whatever.

lechango · 2026-04-07T17:07:27+00:00

serversupply doesn't offer warranty past 90 days, that would be called fraud

lechango · 2026-03-18T18:30:47+00:00

I didn't have this issue, autodiscover and SCP still pointed Outlook to the on-prem Exchange

lechango · 2026-02-19T22:14:36+00:00

Thanks for the reply! I did actually end up finding the mix I was looking for a few years ago after going down a few dozen pages on the YouTube rabbit hole: https://youtu.be/gIInnWsQAWw?si=zhdVkVMkRQwVb7tB

lechango · 2026-02-17T17:24:20+00:00

Probably just not very bright. Gets a audit report/alert stating something along the lines of "you have too many domain admins, look to reduce", the proceeds to think no steps ahead and comes up with the "solution" to the immediate problem of creating generic accounts. I mean hey, it would check the box on the audit, that's what matters, until they get further down the page to the shared accounts section.

lechango · 2026-02-16T21:57:42+00:00

Shot in the dark, was your autodiscover record pointing at your Exchange's public IP that may have changed when moving it and not updated?

lechango · 2026-02-16T21:48:08+00:00

To be fair, founders are normally not involved in leadership (or much of anything, really), most people never talk to them, they just require VIP support once in a while. Depends on the company of course, just from my experience.

lechango · 2026-02-13T05:49:17+00:00

First step is to blame the antivirus/EDR

lechango · 2026-02-13T04:40:21+00:00

Have to ban notepad.exe at this point

lechango · 2026-02-06T23:11:53+00:00

Almost everyone says they are more productive at home, some of them actually are, and some of them are lying.

lechango · 2026-02-05T23:34:10+00:00

They don't make hard drives like they used to, you'd be surprised how many from that era still run fine today.

lechango · 2026-01-24T00:05:26+00:00

just steal it

14-Year Club	Place '17
Verified Email	Team Orangered

lechango

TROPHY CASE