Tag Archives: SysAdmin

RTFM – Installing the update doesn’t automatically fix the vulnerability

Recently I was going through my vulnerability scan report and noticed one of the top 5 plugins was in regards to MS15-011.  Reading through the report it mentioned that the patch KB3000483 was installed but UNC Hardened Access was not enabled via Group Policy.  After further reading of the KB article, I realized what needed to be done.  Microsoft was nice to give some recommendations and such.  So I enabled the UNC Hardened Access on the SYSVOL and NETLOGON shares for the domain.  I did not do it for the file shares as we tend to use multiple OS platforms.  Though I would recommend doing so if you are running in a single platform environment (All Windows).

Continue reading

“But I need have local admin to run this!”

March is finally here!  The walls of snow are melting down quickly here in New England.  I can finally see grass!  Well ok… it is more like torn up chunks of sod from completely missing the side walk with the snow blower, but it has remnants of grass.

During my hibernation, I remembered some conversations from the past.  Mainly they had to do with “discussions” with users about their needs on their systems.  They commonly revolved around the requirement of administrative rights on their local workstations.  Which of course lead them to believe their current user account was the one that needed those rights.  Well most of us in security, as well as many others in the Systems Admin side of things, know that this is bad and should never be granted without a really good reason.  But does this mean it isn’t possible to grant these users their wishes? Continue reading