ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Brett
    3. Best
    B
    • Profile
    • Following 0
    • Followers 0
    • Topics 0
    • Posts 10
    • Best 3
    • Controversial 0
    • Groups 0

    Best posts made by Brett

    • RE: Retiring the Chrome app launcher

      @travisdh1 I'm right there with you.

      I became used to it on my Chromebook, so I have the Chrome App Launcher mapped to my CapsLock key in Windows via AutoHotKey.

      I found it rather convenient because I could hit CapsLock, type gm, hit Enter, and bam I'm in Gmail. It's like using Windows' start menu, just for Chrome apps. I probably have 10 of them or so - Gmail, Calendar, Drive, Keep, Photos, Play Music, Signal, Keeper, YouTube.

      Oh well, guess I'll have to figure out the next easiest method to open those.

      posted in Announcements
      B
      Brett
    • RE: End User Software Management When Running as Normal Users on Windows

      @JaredBusch said:

      @Mike-Davis said:

      @JaredBusch said:

      As an outsourced IT Service Provider, we cannot be always available to clients to handle this need in as timely a fashion as needed at times (i.e. the owner says he needs his cat pics screensaver installed now).

      The compromise we have come up with is a domain account that is added to the local administrators group in AD.

      I'm in the boat and also use group policy to push a local admin account to the machines through group policy. If a machine (esp laptops) decides it doesn't want to log in to the domain, you can just log in with the local account and get it going.

      Yeah, we push that LocalAdmin via GPO. It is not manually setup on the machines.

      Consider changing this practice. I used to do it that way, too, but it's no longer considered secure and Microsoft won't even allow you to do it anymore in the newer versions of Windows Server in the GPPs.

      Account info disseminated this way isn't hard to find, I believe its in the SYSVOL folder somewhere, and once an attacker had it they could laterally jump from machine to machine with ease. This would be especially bad if that policy was applied to more than just workstations.

      This doesn't produce the exact same results, but today you would want to use Microsoft's LAPS (Local Administrator Password Solution):
      https://www.microsoft.com/en-us/download/details.aspx?id=46899
      I've set it up several times now and it's really easy to use.

      I'm sorry if you're already familiar with it, but I didn't want anyone to think your suggestion is a good practice these days.

      posted in IT Discussion
      B
      Brett
    • RE: End User Software Management When Running as Normal Users on Windows

      Also please note that you do not want LAPS to apply to domain controllers since they have no local accounts. It will change the domain's Administrator account password. I found that out while testing LAPS.

      I still use it on servers, just not DCs.

      posted in IT Discussion
      B
      Brett
    • 1 / 1