Local user management password policy inconsistent behaviour
Hi all, Maybe some of you can enlighten me regarding the windows 10 + 11 local user password policy. The part that I want to question is "not contain parts of the user's full name". Then, let's say I want to create a new user with the following detail: Fullname: Max Mustermann Username: TESTUSER1 Pass: MaxPassword12345678 When I try to create that user via cmd or powershell, either using "net" or "New-LocalUser", it will not succeed and it will show the error "the password does not meet complexity....", which is expected. However, if I try to create the same user with the same credential via lusrmgr, it will be created without any error. So, why there is a different behaviour between lusrmgr and CLI? Then, if we have the existing user, and try to change the password of that user via lusrmgr, and the password contains the part of the user's full name, then the error will be thrown as expected. So, why is it only affect the lusrmgr and only when we create a new user? Is this a bug? Thanks!
Windows 10 Security Breach, How?
Hi Team Around 3am this morning I had noticed my computer at the login prompt screen, which it has never done before, so I went to login with my password and it was rejected, I tried a few times without success. Then I noticed someone typing my account name in the password box, yes, I saw the letters being typed and no password masking ******** So I then switched the computer off and rebooted into recovery console and did a Restore point from the other day and restarted and logged in fine, but in the Downloads folder there were 2 files in there downloaded 30 mins ago called AnyDesk.exe and gcapi.dll, I then ran a scan on the system and it found 3 registry entrees and file Registry Key: 3 Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Firefox Default Browser Agent 7743CA9CB8B798ED, Quarantined, 12828, 1218032, , , , , , Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{5B8F8578-E984-4729-B99B-39363F3C65B8}, Quarantined, 12828, 1218032, , , , , , Trojan.SmokeLoader.TSK, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{5B8F8578-E984-4729-B99B-39363F3C65B8}, Quarantined, 12828, 1218032, , , , , , File: 1 Trojan.SmokeLoader.TSK, C:\WINDOWS\SYSTEM32\TASKS\Firefox Default Browser Agent 7743CA9CB8B798ED, Quarantined, 12828, 1218032, 1.0.80470, , ame, , E637D6F45411522DB1BD7B3926BFE0F4, 0948A75BFF970254463488A9F69FD91A19165B876D7B7DFD9DC2C554C1516B32 Not sure if it's releated Can someone explain how this happenned and to stop it happenning again?