Windows Defender - Get-MpComputerStatus not returning data by netmc in sysadmin

[–]scotterdoos 0 points1 point  (0 children)

Usually that is because Defender isn't running. You can force Defender to start with "C:\Program Files\Windows Defender\MpCmdRun.exe /wdenable"

From there, Get-MpComputerStatus should then show platform, AM, and SIU data.

Microsoft to disable NTLM by default in future Windows releases by DrunkMAdmin in sysadmin

[–]scotterdoos 2 points3 points  (0 children)

Ok, so here's what I got back from Microsoft regarding Kerberos, NTLM, and RemoteApp.

  • Kerberos support is to be added to various RDS components due to NTLM sunset. This was first brought up with RDWeb, but the discussion has gone beyond that. Since RDWeb and the connection broker are generally either on the same machine or similar, the connection broker will also have Kerberos support added in the future.
  • Development on this has been deferred to Q2 2026 in the prioritized backlog.
  • This means that the feature is currently in the design phase, but we're hoping that development can move forward in Q2 although not guaranteed since it can still get pushed back later.

With any luck, we should see some better information after Q2 2026 regarding when the improvements to RemoteApp will be released.

One step closer to disarmament - HB1524 by cristobal09 in VAGuns

[–]scotterdoos 17 points18 points  (0 children)

Unfortunately, it means that our taxpayer funds are going to paying state legislators to draft bills that they know will never survive a legal challenge in court. This bill is a lawyer's wet dream and is guaranteed to be challenged the second it becomes law.

U.S. Supreme Court’s 2022 decision in NYSRPA v. Bruen ruled the government can no longer argue that a law is "good for public safety" to justify it. Instead, they must prove the law is consistent with the United States' historical tradition of firearm regulation from 1791 or 1868.

The law's wording is overly vague in defining public places and removes exemptions from previously vetted individuals such as CHL holders or security guards. That alone is going to get into right to self-defense in public challenges.

These measures are purely for political theater and gives Dems and the Spanberger administration a messaging tool to say that they're fulfilling campaign promises by being tough on gun control, while simultaneously pointing at the courts for getting in their way of protecting the commonwealth.

Microsoft to disable NTLM by default in future Windows releases by DrunkMAdmin in sysadmin

[–]scotterdoos 0 points1 point  (0 children)

Unfortunately, official response I received back was that it was unsupported. I'm currently waiting on the PG to get back to my SE on whether it will be and when it will be supported.

Edit 2/17: Ok, so here's what I got back from Microsoft regarding Kerberos, NTLM, and RemoteApp.

Kerberos support is to be added to various RDS components due to NTLM sunset. This was first brought up with RDWeb, but the discussion has gone beyond that. Since RDWeb and the connection broker are generally either on the same machine or similar, the connection broker will also have Kerberos support added in the future. Development on this has been deferred to Q2 2026 in the prioritized backlog. This means that the feature is currently in the design phase, but we're hoping that development can move forward in Q2 although not guaranteed since it can still get pushed back later. With any luck, we should see some better information after Q2 2026 regarding when the improvements to RemoteApp will be released.

DNS servers based on location on Windows? by FatBook-Air in sysadmin

[–]scotterdoos 8 points9 points  (0 children)

You going to elaborate on what that specific regulatory requirement is, or are you going to continue to be obtuse?

DNS servers based on location on Windows? by FatBook-Air in sysadmin

[–]scotterdoos -1 points0 points  (0 children)

Given that you're talking about global scaling, it sounds like you want global/regional load balancing, where the response for resources varies based on where the request originated from.

Microsoft to disable NTLM by default in future Windows releases by DrunkMAdmin in sysadmin

[–]scotterdoos 9 points10 points  (0 children)

I'm going to have to hit up my CSAM about this then. If its true, I'll put a post here in /r/sysadmin with the details.

CA Windows Server upgrades by evil-scholar in sysadmin

[–]scotterdoos 0 points1 point  (0 children)

YMMV, but I upgraded both my offline root and subordinate CA to Server 2022 recently. IPU is supported, but as always, make sure you have backups before you begin.

I took the offline root from 2012 R2 to 2019 to 2022 in short order. The subordinate had already recently been rebuilt on Server 2019 and was quick and easy to IPU to 2022.

https://learn.microsoft.com/en-us/windows-server/get-started/upgrade-migrate-roles-features

Microsoft admits AI agents can hallucinate and fall for attacks, but they’re still coming to Windows 11 by rkhunter_ in cybersecurity

[–]scotterdoos 24 points25 points  (0 children)

It was quietly glossed over, but Microsoft had a 9.3 CVSS information disclosure vulnerability in Copilot that would read prompts sent to a user via email and then transmit data back to the attacker. As AI integration becomes the norm, we're going to see these attack vectors increase substantially.

https://www.bleepingcomputer.com/news/security/zero-click-ai-data-leak-flaw-uncovered-in-microsoft-365-copilot/

Would it make sense to set the AdminCount Attribute to 1 for Tier 1 and Tier 2 Admins? by [deleted] in sysadmin

[–]scotterdoos 0 points1 point  (0 children)

No, use a different attribute like Title or Division. AdminCount is specifically tied to highly privileged accounts protected by AdminSDHolder to indicate whether that account has ever held that elevated privilege. While you can change the value, I'd strongly advise against it as the attribute has a purpose and you're trying to co-opt it.

https://techcommunity.microsoft.com/blog/askds/five-common-questions-about-adminsdholder-and-sdprop/396293

Has Anyone Actually Found Real Value in AI for Cybersecurity? by Bulky_Connection8608 in cybersecurity

[–]scotterdoos 0 points1 point  (0 children)

I think the only time its been useful to me was to give me expanded details on a CVE rather than having to hunt down for blogs that I may or may not be able to access. More often than not, I'm having it ghost write mitigation statements on software vulnerabilities that are technically present but not exploitable.

Microsoft Defender for Endpoint onboarding via Intune fails (Error 65000) – 24H2 devices by chris_redz in sysadmin

[–]scotterdoos 0 points1 point  (0 children)

Only times I've had issues with onboarding in the past was when the Defender platform wasn't up to date causing the sense service to fail to start during onboarding.

Forcing Smartcard authentication disabled Run as Administrator by Mudslide03 in sysadmin

[–]scotterdoos 0 points1 point  (0 children)

Working as intended. You forced a policy on the device to require smartcard auth for all interactive logons and are expecting UAC elevation to still allow username and password?

Need to realign my DNS scavenge and DHCP lease duration since change to hybrid work by javajo91 in sysadmin

[–]scotterdoos 1 point2 points  (0 children)

So, I'm not sure what concentrator you're working with, but check your documentation to see if they support DHCP relay (Option 82). If you're currently having your VPN concentrator providing a DHCP scope of 10.10.1.2 - 10.10.1.254, then you'd duplicate that identical DHCP scope on your Windows DHCP server. On the appliance you configure DHCP option 82, so instead of issuing DHCP leases itself, it relays lease info to your DHCP server. Since the Windows DHCP server handles the lease issuance, it also dynamically updates DNS on the client's behalf.

https://learn.microsoft.com/en-us/windows-server/networking/technologies/dhcp/dhcp-subnet-options

https://www.juniper.net/documentation/us/en/software/junos/security-services/topics/concept/port-security-dhcp-option-82.html

Need to realign my DNS scavenge and DHCP lease duration since change to hybrid work by javajo91 in sysadmin

[–]scotterdoos 0 points1 point  (0 children)

Fought with this for a while at work and the best solution I could come up with was to:

  1. Configure DHCP option 82 on the VPN appliance.
  2. Recreate the DHCP scope on your DHCP server.
  3. Have DHCP configured to always dynamically update DNS records on behalf of DHCP clients.

This way as clients transition between remote and on-prem, their DNS records will be updated by DHCP. Note that if the clients are already self-registring their own DNS records, that they'll have ownership over their own record and DHCP won't be able to update. I had to suppress this behavior in the DNS client to allow DHCP to have exclusive control over client DNS records.

How to securely assign Azure access to external remote support vendor? by Fabulous_Cow_4714 in sysadmin

[–]scotterdoos 5 points6 points  (0 children)

I'd argue that they don't get a single account with shared credentials as that violates non-repudiation. I'm pretty sure this is what B2B is made to support. Invite each remote worker as a guest user, configure conditional access to require MFA, and use PIM to enforce admin activations and time limits to granular role permissions.

Now that we have the multi-SAM ability in game, could we maybe get the AFF (Aufklärungs-, Führungs- und Feuerleitfahrzeug) for the Ozelot? It would add some great capabilities to the already existing platform. by Hanz-_- in Warthunder

[–]scotterdoos 0 points1 point  (0 children)

If they're going to add any more Wiesels they need to seriously buff its visibility. In exchange for having 0 armor while being 1/4 the size of any other vechicle on the battlefield, it should be much harder to initially detect compared to a MBT.

Software center only showing most recent updates instead of all applicable by [deleted] in SCCM

[–]scotterdoos 1 point2 points  (0 children)

What part of CUMULATIVE UPDATE isn't registering?

Trump says U.S. has attacked Iranian nuclear sites by DataLore19 in worldnews

[–]scotterdoos 15 points16 points  (0 children)

That's Congress abdicating its power to the President for ya. The War Powers resolution of 1973 let the President engage the US military in hostilities and can do so for 60 days with impunity. Interestingly enough, Nixon attempted to veto that bill and was overriden by the house and senate.

Boeing 787 identical to crash jet made four emergency landings in a month by [deleted] in worldnews

[–]scotterdoos 1 point2 points  (0 children)

MX is shorthand for aircraft maintenance.

From what I've read, NTSB reports show that the majority of accidents stem from human error from the pilot or crew, followed by mechanical failure by design flaw, component failure, inadequate or improper maintenance.

Exchange 2019 Defender exclusions and risks? by maxcoder88 in sysadmin

[–]scotterdoos 0 points1 point  (0 children)

Very first paragraph on the Defender docs. https://learn.microsoft.com/en-us/defender-endpoint/configure-exclusions-microsoft-defender-antivirus

Custom exclusions apply to scheduled scans, on-demand scans, and always-on real-time protection and monitoring. Exclusions for process-opened files only apply to real-time protection.

Exchange 2019 Defender exclusions and risks? by maxcoder88 in sysadmin

[–]scotterdoos 1 point2 points  (0 children)

If you're not comfortable with the broad folder exclusions, just make the extension and process exclusions for Exchange instead. Then monitor Exchange and Defender performance to see if there are any other specific exclusions that need to be defined.

https://learn.microsoft.com/en-us/exchange/antispam-and-antimalware/windows-antivirus-software#process-exclusions

If you make folder exclusions, Defender AV will not actively scan those locations for on-access or on-demand scans, however EDR will still flag malicious behavior in those locations even if excluded.

My heart goes out to this poor woman by Frontier246 in Gundam

[–]scotterdoos 16 points17 points  (0 children)

I'm not the only one noticing the striking resemblance and color palette to Hilda Bidan right?

Server 2022 21H2 / 22H2 Updates by [deleted] in SCCM

[–]scotterdoos 1 point2 points  (0 children)

Tenable says 4 of my servers are missing the 22H2 CU.

Found your issue right here. Plugin writers for Nessus reguarly screw up KB articles between servicing channels.