@scottalanmiller said in Windows Server 2022 and Suspect Edge Instability:

Tested the fix of changing nesting to disable. So far, so good. But it'll take time to know.

Another day, no crashes. So far this fix is working and is really easy.

Thanks I'll give this a try today

@dashrender said in Removing Windows Installed Packages with Powershell:

@dustinb3403

Sure, but to Gene's point - you're not going to be installing crapware with Chocolatey - but the MS Store pre-loads your machine with a shit ton, and really, the only way to get rid of if all is using PowerShell.

I love the first post for info sake itself... I just don't see the need to mention Choco in the same thread - it serves an entirely different purpose - not to mention the fact that it isn't even loaded by default, so if it's there - YOU know it's there.

And again, you know how to install and uninstall applications with Chocolatey.

But you may not know (or want to know how to learn to use Microsoft's App Store) and maybe you prefer to use a shell to remove applications from add and remove.

While you know what you've installed with Choco, doesn't mean you know how to remove programs like in the OP which, again installed during the evening hours without me having installed it.

@dustinb3403

Oh, yeah that changes things... advanced ip scanner as others have suggested might be the safest thing.

We've pushed the config to "Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks."

Option 2 at the link below:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

@dustinb3403 said in Checking multiple Directories to confirm all files are identical:

I know I could use a tool like Create-Synchronicity to force 1 other directory to match the source, but I would prefer to find and list the differences in the directories.
Maybe powershell can help?

Yeah, PowerShell can help with this in the same way closing the front door of a house will fix a fire inside of it.

@flaxking said in Windows Defender Application Control:

@obsolesce said in Windows Defender Application Control:

@ccwtech said in Windows Defender Application Control:

@obsolesce said in Windows Defender Application Control:

@ccwtech said in Windows Defender Application Control:

Has anyone played with Windows Defender Application Control, specifically Group Policy to turn it on for each workstation?

I have a request from a client to do this, but I am very leery of using group policy for something like this.

Are they all running Win 10 Enterprise?

For sure no... Win 10 Pro.

Then it won't work as it's a requirement.

I think specifically it's using Group Policy for WDAC that's enterprise edition only, right?

Yes, you can use it in Pro, just not enforced by a GPO

@dustinb3403 said in The Failure of Windows as a Service:

@scottalanmiller said in The Failure of Windows as a Service:

@stuartjordan said in The Failure of Windows as a Service:

Like I've said in the past, this is where it is going towards, first business then will be consumer:

https://global.techradar.com/en-ae/news/microsoft-launches-windows-365-a-new-way-to-experience-windows-10-and-windows-11

Yeah, except their main markets are like the US and Canada where Internet reliability is really low. It's like no one there has ever been on the Internet. Oh wait...

I'm sure this has been stated before, but don't conflate you're poor experiences with Internet Connectivity with everywhere across the US.

Granted many places have very crappy options but they still get places "online".

Don't conflate your good experience in one location with my sampling of thousands of sites across the US that we support and monitor all the time. The US has, and is well documented to be, some of the worst Internet in the developed world and certainly not on par with some of the undeveloped world.

@dbeato said in You Have Exceeded the Maximum Number of Computer Accounts - Windows and Active Directory:

@scottalanmiller This is for a standard user without any Domain Admin Privileges. I am assuming this is for a Technician joining computers that no one wants to have admin permissions.

That would be an example case. Yes.

Would something like crackmapexec do the trick? I've started playing around with it to validate that some of our security configs are actually doing what they're supposed to and it can be used to dump user lists from a lot of the native windows locations. Not sure that it would get everything that you're looking for but "hacking" tools might be something to consider in addition to the typical bevy of PS and Windows commands.

@dustinb3403 I even managed to make devcon.exe disable USB
but I wanted with this command you sent