A fundamental design flaw in Intel’s processor chips has forced a significant redesign of the Linux and Windows kernels to defang the chip-level security bug.
CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre) are two nasty exploits and you might want to check your systems if they are patched.
Luckily the Microsoft Security Response Center has released a PowerShell module named SpeculationControl which can be installed from the PowerShell Gallery.
Install-Module -Name SpeculationControl -Force Get-SpeculationControlSettings
Additionally maybe look at Mike’s post
Well, I am the 2017 Spicey Award winner, the Hero Award. Hooray, Thank you Spiceworks!
If you are scheduling tasks, no doubt you run across the issue that if you need a task run as a different user, said user needs the right to logon as a batch job. Doing this is fairly easy:
- Start **secpol.msc**
- Expand Local Policies -> User Right Assignment
- Find “Logon as a batch job”
- Add the user / service account as needed
This can of course also be set up via GPO.
- Source: Set Logon as batch job rights to User by Powershell, C# and CMD
Office 2016 and 2013 users who use run-a-script rules are discovering their scripts are currently disabled (as is Start Application), thanks to a security update. When the update is installed, any existing run-a-script and run application rules will be disabled.
^ that option, ‘start application’ is missing.
The fix is easy, as usual, just a registry key. :o)
# Outlook 2016 $registryPath = "HKCU:\Software\Microsoft\Office\16.0\Outlook\Security" $Name = "EnableUnsafeClientMailRules" $value = "1" New-ItemProperty -Path $registryPath -Name $name -Value $value` -PropertyType DWORD -Force -Verbose # Outlook 2013 $registryPath = "HKCU:\Software\Microsoft\Office\15.0\Outlook\Security" $Name = "EnableUnsafeClientMailRules" $value = "1" New-ItemProperty -Path $registryPath -Name $name -Value $value` -PropertyType DWORD -Force -Verbose