You probably have heard or read about the current issues with chips and their vulnerability.

A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre)  are two nasty exploits and you might want to check your systems if they are patched.

Luckily the Microsoft Security Response Center has released a PowerShell module named SpeculationControl which can be installed from the PowerShell Gallery.

Install-Module -Name SpeculationControl -Force


Additionally maybe look at Mike’s post


If you are scheduling tasks, no doubt you run across the issue that if you need a task run as a different user, said user needs the right to logon as a batch job. Doing this is fairly easy:

  1. Start **secpol.msc**
  2. Expand Local Policies -> User Right Assignment
  3. Find “Logon as a batch job”
  4. Add the user / service account as needed

This can of course also be set up via GPO.

Office 2016 and 2013 users who use run-a-script rules are discovering their scripts are currently disabled (as is Start Application), thanks to a security update. When the update is installed, any existing run-a-script and run application rules will be disabled.




^ that option, ‘start application’ is missing.

The fix is easy, as usual, just a registry key.  :o)

# Outlook 2016
$registryPath = "HKCU:\Software\Microsoft\Office\16.0\Outlook\Security"
$Name = "EnableUnsafeClientMailRules"
$value = "1"
New-ItemProperty -Path $registryPath -Name $name -Value $value`
                 -PropertyType DWORD -Force -Verbose

# Outlook 2013
$registryPath = "HKCU:\Software\Microsoft\Office\15.0\Outlook\Security"
$Name = "EnableUnsafeClientMailRules"
$value = "1"
New-ItemProperty -Path $registryPath -Name $name -Value $value`
                 -PropertyType DWORD -Force -Verbose