So, I started into the exercise. Imagine my surprise when I clicked on "New | Local User", then under "Action:" selected "Create" and encountered this issue:
Every single entry was grayed out, and I was unable to enter any information. If I changed it back to "Update", all of the boxes opened up, but re-selecting "Create" grayed them back out again. So, I tried it from a different computer. Same results. I also tried rebooting the server. Same result. Okay.... Time to hit the Internet and see if anyone else is having the same problem.
The first search result told me all I needed to know. Microsoft has released a patch to remove this security vulnerability. The Knowledge Base article is here:
MS14-025: Vulnerability in Group Policy Preferences could allow elevation of privilege: May 13, 2014
Well, that was easy. Simply put, if you are regularly patching your servers (I hope you all are), you can no longer add a local user to systems via group policy preferences.
The question I have is will exam 70-411 test on the pre-patch behavior, or the post-patch behavior? Time to do some more research.
Have a great week everyone!
No comments:
Post a Comment