User Profile
starman2heven
Brass Contributor
Joined Sep 06, 2018
User Widgets
Recent Discussions
Re: Copy & paste permission error after Win11 23H2
Harjit_Dhaliwal Christiaan_Brinkhoff Who broke File Explorer in Win11 23H2? This is a major bug, many heavy regulated industrides like Pharmaceutical manufacturing depend on this "write once". It's critical that users cannot modify the files or it's metadata/attributes in any way once the file has been written.Copy & paste permission error after Win11 23H2
I have a file share that has very specific permissions due to regulations. Users are only allowed to read and write files, but they are not allowed to delete or modify the files in any way once they are created, see picture below. Note that users do not have "Write attributes" or "Write extended attributes". Users get their permissions through nested security groups. This has been working well for several years when users had Win10 and the Win11 OS. But after users upgraded to Win11 23H2 they are getting an error when they are copy & pasting files from their workstation "you need permissions to perform this action". Same user on a Win10 or Win11 22H2 workstations can perform the same copy & paste action. If I add the "Write attributes" or "Write extended attributes" permission to their security group they can copy & paste files to the share from a Win11 23H2 or 24H2 workstation. I know that the file explorer in Win11 23H2 got a new code base and many new features. Has anybody seen this behavior or can they replicate this problem?Re: Secure Score "this account is sensitive and cannot be delegated"
I have a Microsoft case open on this for the second time. It has been very painful to get Microsoft support to understand the problem. They just do not read what I am writing or view the snapshots that I attached to the case. I have been in IT for over 25 years and I have to say, Microsoft support today is very poor. I guess you have to buy their "Enterprise" support to get some real support, because their 1st level support is a joke.Re: Secure Score "this account is sensitive and cannot be delegated"
LiorShapiraYes, I can confirm that the list of exposed entities has now only 2 devices left. One of them has a DHCP role and the other device object is AzureADKerberos (https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust?tabs=intune#microsoft-entra-kerberos-and-cloud-kerberos-trust-authentication). What are your recommendation for the AzureADKerberos object? It's basically a Read-Only Domain controller and I would rather not break our Windows Hello authentication.Re: Secure Score "this account is sensitive and cannot be delegated"
LiorShapiraMy tenant still has not changed, in exposed entities I still see my DC's , Exchange and DHCP servers. And in the implementation tab I cannot see any change, and the learn more link points to this https://go.microsoft.com/fwlink/?linkid=2283220Secure Score "this account is sensitive and cannot be delegated"
Hi In Microsoft Secure Score when selecting the recommended action Ensure that all privileged accounts have the configuration flag "this account is sensitive and cannot be delegated" and in the Exposed entities tab I only see computer accounts. In the Implementation instructions they only mention user accounts. How do I complete this recommended action and get rid of the computer accounts detected?Re: Kiosk XML - Whitelist apps in %userprofile%
@Sanoj_Vettat and fjaeger86 I cannot get this to work, that is I have a stupid application that is installed/copied in the users profile and it does not have AUMID and even though I copy the shortcut to C:\ProgramData\Microsoft\Windows\Start Menu\Programs folder no AUMID gets created. Also I have created an Applocker policy to allow it and distribute it via Intune, I see it gets applied but the app still get denied. Seems that Assigned access and Applocker policy do not merge. Does anyone have proper solution for this or is this just not possible?Re: Constant starting failures with sensor version 2.222.17390.40606
EliOfek The issue is fixed, but that is no way thanks to Microsoft support. That was a complete waste of time. Really looking forward to fill out the customer survey. Anyway, it looks like we were yet another victim of the https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/. The puzzle pieces are falling into place. The timeline is roughly like this: 1. At 5DEC2023 at 4:57 AM the time jumps to 12MAY2024-4:48 AM, logs show that W32time service did that. 2. About 6 minutes later W32time server corrects the time back to 5DEC2023 5:03 AM 3. When people come to work in the morning a lot of people cannot login with their Windows Hello PIN number. 4. Group manage service account for Windows Defender for Identity stops working 5. Audit trails on SQL production database has the wrong date And I am pretty sure that there is a lot more to be uncovered. This will take many weeks to discover and document what went wrong. Microsoft has made many bad products and features over the years, but Windows STS got to be on the top 5 list. So my recommendation is to disable Windows STS ASAP.Re: time.windows.com wrong time on 5th December 2023
Krishna73037 I believe that I was a victim of Windows STS (Secure Time Seeding), all the symptoms are there. It is obsoletely ridiculous that Microsoft has silently added this STS to the Windows time service. https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/time.windows.com wrong time on 5th December 2023
We are using time.windows.com as an external NTP sync for our PDC domain controller. On 5th Dec. 2023 at 4:57:28 AM it changed the time on the PDC domain controller to 12th May 2024. Then it switch back about 8 minutes later. Was there any issue with the time.windows.com service on the 5th Dec. 2023? Anyone else seen this?Constant starting failures with sensor version 2.222.17390.40606
Hello Does anyone has this issue with Defender for Identity sensor version 2.222.17390.40606 on Windows server 2022 ? "The Azure Advanced Threat Protection Sensor service terminated unexpectedly. It has done this 3650 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service."
