Re: [mssms] DCR pressing F8 in boot media to optionally prompt for credentials (much like PXE password is optional)

[Niall Brady]

Weve had many raps and this is the first time theyve pointed it out as a 
security risk

Sent from my phone, please excuse any typo's as a result.


> On 22 Sep 2014, at 22:12, Justin Chalfant <justin.chalf...@microsoft.com> 
> wrote:
> 
> This has always been the case where it’s not recommended in production.
>  
> Thanks,
>  
> Justin Chalfant
> Premier Field Engineer – Configuration Manager
> Public Sector
> Microsoft Services
>  
> Tel : (303) 846-2701
> Email:     justin.chalf...@microsoft.com
>  
> If you have any feedback about my work, please let either myself or my 
> manager Ron Hill know at ron.h...@microsoft.com
>  
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Gerry Hampson
> Sent: Monday, September 22, 2014 1:04 PM
> To: mssms@lists.myitforum.com
> Subject: RE: [mssms] DCR pressing F8 in boot media to optionally prompt for 
> credentials (much like PXE password is optional)
>  
> That’s a pain. We’ve been doing this for years. I wonder what’s changed?
>  
> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] 
> On Behalf Of Niall Brady
> Sent: 22 September 2014 20:05
> To: mssms@lists.myitforum.com
> Subject: Re: [mssms] DCR pressing F8 in boot media to optionally prompt for 
> credentials (much like PXE password is optional)
>  
> it was raised by Microsoft Gerry, I don't have the report but can request it, 
> but long story short to do with the ability to dump variables, gain access to 
> shares via the Network access account, view unattend.xml etc, 
> 
> I ran this by the Product Group and they confirmed that it is classified as a 
> security risk... so don't be surprised when the next RAP you are at points 
> this out... where previously they did not.
>  
> On Mon, Sep 22, 2014 at 9:00 PM, Gerry Hampson <gerry.hamp...@ergogroup.ie> 
> wrote:
> What's the supposed security risk Niall?
>  
> 
> -------- Original message --------
> From: Niall Brady
> Date:22/09/2014 19:18 (GMT+00:00)
> To: mssms@lists.myitforum.com
> Subject: [mssms] DCR pressing F8 in boot media to optionally prompt for 
> credentials (much like PXE password is optional)
>  
> filed on connect, if anyone could vote it up that would be great, 
> bug number 974211 
> 
> also, keep in mind that Risk and Health Assessment Program (RAP) is now 
> flagging cmd support in WinPE as a security risk and asking you to remove it,
> 
> so please, vote this up !
> cheers
> niall.
>  
>  
>  
>  
>  
>