Where SMART Group Policy Admins come to get SMARTER

A service of PolicyPak Software. Making you (even more) awesome!

RECEIVE REGULAR TIPS AND
BREAKING GROUP POLICY NEWS.
SIGN UP FOR OUR NEWSLETTER!

Jun
5
2017

When using GP to disable SMB, it’s BOWSER, not BROWSER

I got this letter in the ol’ inbox.  I got explicit permission to share it with you from it’s author, with name included. A true warrior is one who makes mistakes, takes ownership of those mistakes, and then shares those mistakes with the world to make it a better place. Steven Stein, my hat is off to you. Here’s Steve’s letter to me, which I hope helps you out if you plan to kill SMB using GP using my previous post’s links. -email below- To my fave GP guy who I try to avoid bothering with useless trivia:   Here is […]

May
30
2017

Prevent Wannacry using Group Policy

In the effort of “not repeating excellent work of others” … here are two articles to help you turn off SMB 1 via Group Policy: https://blogs.technet.microsoft.com/staysafe/2017/05/17/disable-smb-v1-in-managed-environments-with-ad-group-policy/  http://www.grouppolicy.biz/2017/03/how-to-disable-smb-1-on-windows-7-via-group-policy/  It doesn’t take much, and you should do it.. yesterday. You should also start thinking about how to block attacks that users themselves (or even slightly tired IT people) can click upon and wreck their networks. I humbly suggest you check out PolicyPak Least Privilege Manager and our SecureRun feature. Here are two videos showing you you could have prevented the attack in the firstplace: https://www.policypak.com/video/stop-cryptolocker-and-other-unknown-zero-day-attacks-with-policypak-secureruntm.html  https://www.policypak.com/video/policypak-elevate-scripts-and-java-jar-files.html   

Apr
25
2017

EMET is gone for Windows 10. Here’s what to do next.

Very interesting and geeky article about how to use Group Policy in Windows 10 to prevent memory attacks. The kind that EMET on Windows 7 provided, but is not available anymore for Windows 10. Here’s the article at Microsoft.  

Apr
18
2017

What’s new in ADMX and Group Policy for Windows 1703 Creators Edition

The new ADMX files are ready for download. You can get them here from Microsoft: https://www.microsoft.com/en-us/download/details.aspx?id=55080 Here’s my (usual) advice: 1. If you don’t have a central store, please first watch this video I made on it. 2. If you already have a central store, leave what’s already there, and then overwrite anything NEW from the download on top of what you ALREADY have. 3. Install these ADMX files… even if you have no Windows 10 at all, and/or even if you have no Windows 10 1703. Just.. use them. 4. Is this advice perfect for everyone? No; but for 99.98% […]

Nov
25
2016

How to Buy a laptop as a Regular Person (2016-2017 edition)

This is a yearly re-post / re-edit. It started in 2009 and has been updated yearly. This started out as a post to “just my closest friends” but has become one of my popular blog entries of all time. Here’s my fully updated guide to end-of-year 2016 into 2017. If you’re an IT geek like me, you’re often asked “What kind of laptop should I buy?” If you’’re NOT an IT geek, you’’re likely asking an IT geek friend “What kind of laptop should I buy?” This is a guide for both of you. If you’’re in IT, this question […]