You probably have heard or read about the current issues with chips and their vulnerability.

A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.

CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre)  are two nasty exploits and you might want to check your systems if they are patched.

Luckily the Microsoft Security Response Center has released a PowerShell module named SpeculationControl which can be installed from the PowerShell Gallery.

Install-Module -Name SpeculationControl -Force

Get-SpeculationControlSettings



Additionally maybe look at Mike’s post

Well, I am the 2017 Spicey Award winner, the Hero Award. Hooray, Thank you Spiceworks!

If you are scheduling tasks, no doubt you run across the issue that if you need a task run as a different user, said user needs the right to logon as a batch job. Doing this is fairly easy:

1. Start **secpol.msc**
2. Expand Local Policies -> User Right Assignment
3. Find “Logon as a batch job”
4. Add the user / service account as needed

This can of course also be set up via GPO.

Office 2016 and 2013 users who use run-a-script rules are discovering their scripts are currently disabled (as is Start Application), thanks to a security update. When the update is installed, any existing run-a-script and run application rules will be disabled.

^ that option, ‘start application’ is missing.

The fix is easy, as usual, just a registry key.  :o)

# Outlook 2016
$registryPath = "HKCU:\Software\Microsoft\Office\16.0\Outlook\Security"$Name = "EnableUnsafeClientMailRules"
$value = "1" New-ItemProperty -Path$registryPath -Name $name -Value$value
-PropertyType DWORD -Force -Verbose

# Outlook 2013
$registryPath = "HKCU:\Software\Microsoft\Office\15.0\Outlook\Security"$Name = "EnableUnsafeClientMailRules"
$value = "1" New-ItemProperty -Path$registryPath -Name $name -Value$value
-PropertyType DWORD -Force -Verbose