|
xp_cmdshell Ha, I can! We also introduced application control (with AppSense) and then someone had the brilliant idea to block powershell, cmd.exe and mstsc.exe because those applications apparently are all security risks. Of course after they did that, nobody was able to do any work anymore, so we introduced an exception scheme where your boss was able to make you completely exempt from it with a simple ticket. Now, two thirds of all users have been exempt from any application restrictions for the past 18 months and I don't believe anyone is ever going to pick this topic up again. peak debt fucked around with this message at 14:09 on Jan 19, 2019 |
#
¿
Jan 19, 2019 14:06
|
|
|
|
| # ¿ May 21, 2024 13:29 |
|
|
Tab8715 posted:Why do I keep seeing this from time to time? Was there some reason in the past to do this? It was pretty normal pre 2005 because applications wouldn't run without it. It used to be pretty common for them to store state information right in "c:\program files\whatever" and if the end user didn't have write rights in that directory you'd either get endless error messages or configuration changes were reset every restart. Only after Vista made this harder because of UAC did developers start putting the end user writable files into %appdata%. And yeah, I actually had this discussion with the solo-developer of a pension fund application in loving 2017 that he couldn't put his .mdb files that he needs to open with read/write rights in the program files directory.
|
|
#
¿
Jan 31, 2019 10:44
|
|
|
wyoak posted:Dumping the cached SAM database requires admin credentials and PtH is gonna be one of the first things someone tries on a popped domain machine, so unless you can guarantee that no one besides the workstation user has ever logged in to that machine you're giving away a pretty big attack surface, and that's just the first thing that comes to mind I thought the SAM database for locally cached domain passwords was double-hashed exactly to protect against this?
|
|
#
¿
Feb 1, 2019 18:27
|
|
|
If you change the way you split your domain into sites also tell to your SCCM guy(s) because he probably uses AD sites that to optimize download traffic and if you mess around with those he might have to adjust things too.
|
|
#
¿
May 12, 2019 22:19
|
|
|
With Windows 7 you had to inject the USB 3.0 drivers into the Boot Image, but with Windows 10 I haven't had to do this so far.
|
|
#
¿
May 29, 2019 11:35
|
|
|
We have one of those computers too. It manages a $100k printer. I was actually able to install the software and get it to run on Windows 10 32-bit with a lot of fidgeting with compatibility settings, security policies and UAC, but the manufacturer won't support it. So we just spent the 200 bux to get the extended security updates from Microsoft for that one machine. That'll give us another three years breathing room. Hopefully it'll be someone elses problem by then! That being said, it was truly the best of OSs   Almost made it 10 years. Goodbye sweet prince.
|
|
#
¿
Jan 14, 2020 14:19
|
|
|
|
| # ¿ May 21, 2024 13:29 |
|
|
eXXon posted:The 5 minutes I spent in 8.1 reminded me why I downgraded in the first place. What a shitshow that was. I get PTSD every time I have to work on a 2012 server.
|
|
#
¿
Jan 21, 2020 23:35
|
|