Monday, December 8, 2014

Change to Group Policy Preferences: Creating Local Users

During the course of my MCSE studies I was working through some lab exercises at the end of one of the chapters, and encountered a problem. The chapter was covering Group Policy preferences, and specifically, I was looking at the steps to setup a new local user on a computer. This is found at "Computer Configuration\Preferences\Control Panel Settings\Local Users and Groups". I thought this might be useful in certain circumstances, but also understood the potential issue, as this method stores the password for the new user account in plain text on the SYSVOL share. The recommendation that I had read stated that it would be a good idea to require the password to be changed at the next logon. A sensible precaution.

So, I started into the exercise. Imagine my surprise when I clicked on "New | Local User", then under "Action:" selected "Create" and encountered this issue:



Every single entry was grayed out, and I was unable to enter any information. If I changed it back to "Update", all of the boxes opened up, but re-selecting "Create" grayed them back out again. So, I tried it from a different computer. Same results. I also tried rebooting the server. Same result. Okay.... Time to hit the Internet and see if anyone else is having the same problem.

The first search result told me all I needed to know. Microsoft has released a patch to remove this security vulnerability. The Knowledge Base article is here:

MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege: May 13, 2014

Well, that was easy. Simply put, if you are regularly patching your servers (I hope you all are), you can no longer add a local user to systems via group policy preferences.

The question I have is will exam 70-411 test on the pre-patch behavior, or the post-patch behavior? Time to do some more research.

Have a great week everyone!
Posted by at No comments:

Wednesday, October 8, 2014

Welcome to The Frozen Geek

I am going to be using this page to post technical articles that do not really belong on my personal blog. Here, you will find information on Windows Server and PowerShell tips & tricks, guides, lab setups, and walk-throughs. My hope is to create a repository of relevant information for myself and others to refer to. Whilst this is going to be a technical blog, I will continue to post updates on my MCSE studies to my personal blog.

My first technical tip: Learn PowerShell.

Here are a few useful resources below for beginners wanting to learn PowerShell:

Learn Windows PowerShell 3 in a Month of Lunches - 2nd Edition: Don Jones &Jeffery D. Hicks


Have a great week!

David


Posted by at No comments:
Subscribe to: Posts (Atom)