Re: [NTSysADM] Sure is quiet today

[Susan Bradley]

BTW on MU this has the number of KB2920189


On 5/14/2014 3:23 PM, Susan Bradley wrote:

Read the known issues in KB2962824 and it's impact on HyperV and guest/childrens. It won't install if they child supports UEFI (Server 2012/2012R2) and either you have to do a funky workaround involving shutting down the kids or install bitlocker role.

(I don't like the resolution IMHO)

I've seen several folks report that they can't open Outlook 2013 after yesterday's update. Outlook 2013 relies on DirectX and thus update the video driver/disable hardware acceleration or disable aero.

MS14-025 is an interesting patch that you can shut down the auditors/pentesters from grabbing passwords. You can deploy the Group policy preferences patch to everyone BUT your machine that has the RSAT tools to give you time to fix up how you do things as pentesters keep grabbing credentials from passwords left behind in Group policy preference and RSAT consoles (note this patch is not on MU but on the download site/catalog and on WSUS)

http://blogs.technet.com/b/srd/archive/2014/05/13/ms14-025-an-update-for-group-policy-preferences.aspx

In addition to the change in behavior, Microsoft is providing customers with two PowerShell scripts. The first script, Enum-SettingsWithCpassword, will search existing GPO’s for use of the account password functionality. We urge companies to immediately run this script and delete vulnerable GPO’s detected.

The second script, Invoke-PasswordRoll, can be used to set local administrator passwords on remote systems (something that Group Policy Preferences is commonly used for). The script takes a list of usernames and computers, and uses PowerShell remoting to connect to each computer and change each specified usernames password to a randomized password. The username/password combinations will be written recorded in a file on disk (which is encrypted, but optionally can be stored in clear-text). Note that the script enforces randomized passwords to ensure the local accounts cannot be used in pass-the-hash attacks.

You can find both scripts athttp://support.microsoft.com/kb/2962486.


On 5/14/2014 3:12 PM, Jonathan Link wrote:

Sometimes it's good to follow...

On Wed, May 14, 2014 at 6:07 PM, Kennedy, Jim <kennedy...@elyriaschools.org <mailto:kennedy...@elyriaschools.org>> wrote:

    Oh, I will have plenty to say about that tomorrow. Too busy
    cleaning up the mess right now.
    ------------------------------------------------------------------------
    *From:* listsad...@lists.myitforum.com
    <mailto:listsad...@lists.myitforum.com>
    [listsad...@lists.myitforum.com
    <mailto:listsad...@lists.myitforum.com>] on behalf of Jon Harris
    [jk.har...@live.com <mailto:jk.har...@live.com>]
    *Sent:* Wednesday, May 14, 2014 5:56 PM
    *To:* ntsysadm@lists.myitforum.com
    <mailto:ntsysadm@lists.myitforum.com>
    *Subject:* [NTSysADM] Sure is quiet today

    It is sure quiet today.  I figured with the Microsoft patches out
    I would see some chatter on issues.

    Jon

--
Got your CryptoLocker prevention in place?
http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
Our last day of XP patching.  Wave it goodbye.

--
Got your CryptoLocker prevention in place?
http://www.thirdtier.net/2013/10/cryptolocker-prevention-kit-updates/
Our last day of XP patching.  Wave it goodbye.