Windows 10 showing weird Logon screen

Dashrender

Most likely. The boot disk is mainly there to get you boot time access to the disk.

Jason

Why is it not part of the domain? And why would the user have had local admin rights to even do it?

samy

@Jason because he' s the chairman..

NattNatt

@samy said:

@Jason because he' s the chairman..

That's more reason FOR him to be under the same security features as everyone else...surely he has more sensitive data/information than anyone else...

scottalanmiller

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

NattNatt

If you can get the HDD out and connect to another machine as a secondary drive, can you get the data that way? (not tried with Win10 install, so not sure if it locks it down...)

Dashrender

@scottalanmiller said:

it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Exactly! This is something I don't understand - but then again, clearly, neither does those CEOs who do this shit.

Dashrender

@NattNatt said:

If you can get the HDD out and connect to another machine as a secondary drive, can you get the data that way? (not tried with Win10 install, so not sure if it locks it down...)

As long as you don't have drive encryption enabled, you will have full access this way.

Of course individual files could have encryption, but I can't see why that would have been affected by this.

NattNatt

@Dashrender said:

@NattNatt said:

If you can get the HDD out and connect to another machine as a secondary drive, can you get the data that way? (not tried with Win10 install, so not sure if it locks it down...)

As long as you don't have drive encryption enabled, you will have full access this way.

Of course individual files could have encryption, but I can't see why that would have been affected by this.

Yeah, that's what I was thinking, then, when you have the data, you can factory reset and do it right the second time around.

Jason

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights. the CIO doesn't run in an admin account either (but has one).

NattNatt

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

Jason

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Dashrender

@Jason said:

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Exactly what I was thinking.

Sure, the CEO shouldn't have an admin account, but the CIO is the head of IT. If they want it, they can and should have it.

NattNatt

@Jason said:

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Yes, but his main ISNT an admin account..? You said he has one, but doesn't use it day-to-day, which is how it should be..? But the fact the Chairman's laptop isn't even on the domain is always going to be the point of failure...

NattNatt

@Dashrender said:

@Jason said:

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Exactly what I was thinking.

Sure, the CEO shouldn't have an admin account, but the CIO is the head of IT. If they want it, they can and should have it.

@Jason said:

the CIO doesn't run in an admin account either (but has one).

^ How I read it is he has one (as he should) but doesn't use his admin account for day-to-day stuff (which again, is the way it should be)?

Dashrender

@NattNatt said:

@Jason said:

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Yes, but his main ISNT an admin account..? You said he has one, but doesn't use it day-to-day, which is how it should be..? But the fact the Chairman's laptop isn't even on the domain is always going to be the point of failure...

That was the OP's situation, not @Jason's situation.

NattNatt

@Dashrender said:

@NattNatt said:

@Jason said:

@NattNatt said:

@Jason said:

@scottalanmiller said:

@samy said:

@Jason because he' s the chairman..

I have to agree with NattNatt, that means that his laptop would be important, not trivial. All the more reason to have it be secure. The chairman falling below the most basic security level and being treated like an illiterate home user is... very bad. Not only is it bad for the chairman's own usability, it shows his own disregard and disrespect for the company itself. And it sends a message from the chairman to the rest of the company... he sees the company as a joke, so why should they take it seriously?

Yep. None of our Board, Key investors, CEO, COO, CFO etc have admin rights the CIO doesn't run in an admin account either (but has one).

Well that's set up correctly at least... but that's like locking your house, windows, cat flap etc...but leaving the keys in the ignition of your car outside... Yes, you've secured most of it, but the biggest and easiest thing to do is unsecure...

How's that? The CIO is an IT postion so he will have and admin account at any company.

Yes, but his main ISNT an admin account..? You said he has one, but doesn't use it day-to-day, which is how it should be..? But the fact the Chairman's laptop isn't even on the domain is always going to be the point of failure...

That was the OP's situation, not @Jason's situation.

So it was, the lack of avatar confuses me, thought they were the same person, my bad :') apologies @Jason - thought it was OP trying to say "but we did all this stuff" to try and make the initial thing seem better...

Dashrender

Sounds like we are all in agreement then.

CIO and IT staff should have two accounts -

normal every day account = non admin
admin account for admin tasks = admin level.

NattNatt

@Dashrender said:

Sounds like we are all in agreement then.

CIO and IT staff should have two accounts -

normal every day account = non admin
admin account for admin tasks = admin level.

And everyone should be on the domain... EVERYONE especially the chairman...

Dashrender

@NattNatt said:

@Dashrender said:

Sounds like we are all in agreement then.

CIO and IT staff should have two accounts -

normal every day account = non admin
admin account for admin tasks = admin level.

And everyone should be on the domain... EVERYONE especially the chairman...

Well, unless you're doing a LANless design, then it doesn't matter.