Gotcha, I was referring to in general not being recommended. It was likely recently added to the RAP As a Service tool.
Thanks, Justin Chalfant Premier Field Engineer – Configuration Manager Public Sector Microsoft Services Tel : (303) 846-2701 Email: [email protected]<mailto:[email protected]> If you have any feedback about my work, please let either myself or my manager Ron Hill know at [email protected]<mailto:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Niall Brady Sent: Monday, September 22, 2014 1:39 PM To: [email protected] Subject: Re: [mssms] DCR pressing F8 in boot media to optionally prompt for credentials (much like PXE password is optional) Weve had many raps and this is the first time theyve pointed it out as a security risk Sent from my phone, please excuse any typo's as a result. On 22 Sep 2014, at 22:12, Justin Chalfant <[email protected]<mailto:[email protected]>> wrote: This has always been the case where it’s not recommended in production. Thanks, Justin Chalfant Premier Field Engineer – Configuration Manager Public Sector Microsoft Services Tel : (303) 846-2701 Email: [email protected]<mailto:[email protected]> If you have any feedback about my work, please let either myself or my manager Ron Hill know at [email protected]<mailto:[email protected]> From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Gerry Hampson Sent: Monday, September 22, 2014 1:04 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] DCR pressing F8 in boot media to optionally prompt for credentials (much like PXE password is optional) That’s a pain. We’ve been doing this for years. I wonder what’s changed? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Niall Brady Sent: 22 September 2014 20:05 To: [email protected]<mailto:[email protected]> Subject: Re: [mssms] DCR pressing F8 in boot media to optionally prompt for credentials (much like PXE password is optional) it was raised by Microsoft Gerry, I don't have the report but can request it, but long story short to do with the ability to dump variables, gain access to shares via the Network access account, view unattend.xml etc, I ran this by the Product Group and they confirmed that it is classified as a security risk... so don't be surprised when the next RAP you are at points this out... where previously they did not. On Mon, Sep 22, 2014 at 9:00 PM, Gerry Hampson <[email protected]<mailto:[email protected]>> wrote: What's the supposed security risk Niall? -------- Original message -------- From: Niall Brady Date:22/09/2014 19:18 (GMT+00:00) To: [email protected]<mailto:[email protected]> Subject: [mssms] DCR pressing F8 in boot media to optionally prompt for credentials (much like PXE password is optional) filed on connect, if anyone could vote it up that would be great, bug number 974211 also, keep in mind that Risk and Health Assessment Program (RAP) is now flagging cmd support in WinPE as a security risk and asking you to remove it, so please, vote this up ! cheers niall.
