Forum Widgets
Latest Discussions
Local user management password policy inconsistent behaviour
Hi all, Maybe some of you can enlighten me regarding the windows 10 + 11 local user password policy. The part that I want to question is "not contain parts of the user's full name". Then, let's say I want to create a new user with the following detail: Fullname: Max Mustermann Username: TESTUSER1 Pass: MaxPassword12345678 When I try to create that user via cmd or powershell, either using "net" or "New-LocalUser", it will not succeed and it will show the error "the password does not meet complexity....", which is expected. However, if I try to create the same user with the same credential via lusrmgr, it will be created without any error. So, why there is a different behaviour between lusrmgr and CLI? Then, if we have the existing user, and try to change the password of that user via lusrmgr, and the password contains the part of the user's full name, then the error will be thrown as expected. So, why is it only affect the lusrmgr and only when we create a new user? Is this a bug? Thanks!Microsoft account linked to a deleted e-mail address
I'm trying to help a friend who has a Microsoft account which is linked to an e-mail address that was deleted some years ago. He had a recent problem on his laptop when Windows 11 crashed. He went into the troubleshooting option and eventually selected the recovery option and it rebooted ok. Interestingly, when we looked at accounts he was able to select the option to login to his administrator account and could see all details like his 365 subscription etc. The problem is he doesn't remember his Microsoft account password and as the e-mail account linked to it is an old one that was deleted a few years ago, he is unable to receive an e-mail with the authentication code to change his password and then change the e-mail address etc. We tried the other options where it asked lots of questions like previous passwords and even the card number for his subscription and when it reached the end, there was a message saying that facility isn't currently available. We can't find a telephone number to speak to someone at Microsoft support and also don't know any support e-mail address. When he tried to contact and use a chat facility it expects him to login, but he doesn't know his password so that option wasn't helpful. We are now in a situation where we don't know how to resolve the problem. One final option which he isn't keen on is to create a new Microsoft account,cancel his credit card and get a new number, so that way they won't charge him for the 365 renewal and then create a new Microsoft account and set up a new subscription. That is one way to work around the problem because he can't find any way to resolve the problem and so far we have found it impossible to actually speak to someone in support. Any advice on this will be appreciated. Thank you David
WDAC: Unable to deploy Vulnerable driver blocklist
Hello, I tried to deploy the Microsoft Vulnerable driver blocklist with an Intune WDAC policy but i always faced an error using the XML provided by Microsoft : https://aka.ms/VulnerableDriverBlockList MS doc: https://learn.microsoft.com/en-us/windows/security/application-security/application-control/app-control-for-business/design/microsoft-recommended-driver-block-rules Thanks and regards
Mangled email address (on Microsoft's side, not ours)
Ok awhile back when our company was using both Google products and Microsoft products, I already had a Google account and was told that I could use both my Microsoft account and my Google account for work (back when both companies integrated their services seamlessly). So, in order to login to both accounts simultaneously I set my default email account to my Google Account and since then everythins worked. Up until recently. Since where I live happens to be now near a Microsoft Data Center, our company recently decided to switch entirely to Microsoft products. Well, since we are now using multi-factor (as in more than dual factor) authorization I have been having issues logging into my work account. I was told by my IT Administrator that since Microsoft mangled my original (Hotmail) email account when I made my Google (Gmail) email account my primary, is has been the source of the issues with our multi-factored proxy / VPN (my IT admins words not mine). I tried contacting and talking directly to Microsoft support and was told that I needed to create a new email account (which I will not do because I have years of work related documents associated both with my Microsoft and Google accounts) because Microsoft is unwilling to go back and fix THEIR MISTAKE. I see no security reason why I cannot switch my primary email account from Google back to Microsoft (so that I can properly unlink my Google account without losing information from either account).
2FA in Owa 2016 that authenticates via ADFS and publishes via WAP
Hello! The company's Security department wants to implement a ManageEngine product to enable 2FA on OWA. Our infrastructure is an Exchange 2016 that authenticates with ADFS and publishes to a WAP server. The ManageEngine provider only says that a PowerShell can be run on the Exchange server, but this doesn't work. Is this product compatible with this infrastructure? Or should I use another software to implement 2FA? I hope you can clarify this question for me. Thank you very much and best regards.[On demand] The latest and greatest in the world of Windows LAPS
Windows LAPS continues to evolve. Find out what's new - from automatic account management and passphrases to disaster recovery and bug fixes. Watch The latest and greatest in the world of Windows LAPS – now on demand – and join the conversation at https://aka.ms/LatestInLAPS. To help you learn more, here are the links referenced in the session: Automatic account management demo Passphrase support demo Rollback detection demo Password recovery demo What is Windows LAPS? Windows LAPS feedback For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] Secure corporate data and privacy with Win32 app isolation
Learn how to use Win32 app isolation to help contain the damage an application may cause in case of compromise. Watch Secure corporate data and privacy with Win32 app isolation – now on demand – and join the conversation at https://aka.ms/AboutWin32AppIsolation. To help you learn more, here are the links referenced in the session: Win32 app isolation overview Repo Issues Public preview: Improve Win32 app security via app isolation For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.[On demand] How to protect your administrator users on the device
Get tips to help you enforce least privilege with Windows 11—and minimize the risk of admin users making a system-level change by mistake. Watch How to protect your administrator users on the device – now on demand – and join the conversation at https://aka.ms/ProtectAdminUsers. To help you learn more, here are the links referenced in the session: Admin experience: via Intune setting catalog – The feature is configurable in the LocalPoliciesSecurityOptions – policy CSP. Administrator protection on Windows 11 blog For more free technical skilling on the latest in Windows, Windows in the cloud, and Microsoft Intune, view the full Microsoft Technical Takeoff session list.
