I got this letter in the ol’ inbox.  I got explicit permission to share it with you from it’s author, with name included. A true warrior is one who makes mistakes, takes ownership of those mistakes, and then shares those mistakes with the world to make it a better place. Steven Stein, my hat is off to you. Here’s Steve’s letter to me, which I hope helps you out if you plan to kill SMB using GP using my previous post’s links. -email below- To my fave GP guy who I try to avoid bothering with useless trivia:   Here is […]

In the effort of “not repeating excellent work of others” … here are two articles to help you turn off SMB 1 via Group Policy: https://blogs.technet.microsoft.com/staysafe/2017/05/17/disable-smb-v1-in-managed-environments-with-ad-group-policy/  http://www.grouppolicy.biz/2017/03/how-to-disable-smb-1-on-windows-7-via-group-policy/  It doesn’t take much, and you should do it.. yesterday. You should also start thinking about how to block attacks that users themselves (or even slightly tired IT people) can click upon and wreck their networks. I humbly suggest you check out PolicyPak Least Privilege Manager and our SecureRun feature. Here are two videos showing you you could have prevented the attack in the firstplace: https://www.policypak.com/video/stop-cryptolocker-and-other-unknown-zero-day-attacks-with-policypak-secureruntm.html  https://www.policypak.com/video/policypak-elevate-scripts-and-java-jar-files.html   

Very interesting and geeky article about how to use Group Policy in Windows 10 to prevent memory attacks. The kind that EMET on Windows 7 provided, but is not available anymore for Windows 10. Here’s the article at Microsoft.  

The new ADMX files are ready for download. You can get them here from Microsoft: https://www.microsoft.com/en-us/download/details.aspx?id=55080 Here’s my (usual) advice: 1. If you don’t have a central store, please first watch this video I made on it. 2. If you already have a central store, leave what’s already there, and then overwrite anything NEW from the download on top of what you ALREADY have. 3. Install these ADMX files… even if you have no Windows 10 at all, and/or even if you have no Windows 10 1703. Just.. use them. 4. Is this advice perfect for everyone? No; but for 99.98% […]

This is a yearly re-post / re-edit. It started in 2009 and has been updated yearly. This started out as a post to “just my closest friends” but has become one of my popular blog entries of all time. Here’s my fully updated guide to end-of-year 2016 into 2017. If you’re an IT geek like me, you’re often asked “What kind of laptop should I buy?” If you’’re NOT an IT geek, you’’re likely asking an IT geek friend “What kind of laptop should I buy?” This is a guide for both of you. If you’’re in IT, this question […]