Posts

Showing posts from May, 2021

Using Intune to configure a Scheduled Task to start a service at User logon

Image
If you are looking for a way to execute a command at user logon then this blog may just help you. Recently, I dealt with an issue where users were being prompted to provide UAC credentials in order to allow running of a background service against an application installed using Company Portal. The name of the application is Nord VPN Teams  and since I was working with this application for the first time, I knew very little about it. However, if your users are not admin users and are setup as Standard Users  then it is not hard to imagine that users can receive such prompts from time to time. To get around this, I immediately thought of using Proactive Remediation Scripts feature in Intune. However, the issue with using Proactive Remediation Scripts at the moment is that one cannot make the script run at User logon . Enter the use of good old Task Scheduler in Windows. The solution involves the following at a high level - 1. Define a PS script to detect the status of the serv...

Intune: Different ways of setting a Local Admin account, but is it a good idea?

Image
Security has always been and will always be an important subject and with the increasing number of recent security attacks, I felt compelled to cover the topic of setting local admin accounts on endpoints. Before the landscape of Modern workplace even came into picture, setting a local admin account ( aka break glass account ) has been a common practice. Now that more and more organizations are adopting Modern Workplace framework, this requirement has just evolved. I must point out that even though setting a local admin account is extremely useful and the fact that it allows administrators to perform elevated admin tasks, from a security standpoint it is not such a good idea. But more on that later. Let's see what are the different ways to set the local admin account using Intune. In case of a Domain Account - When you connect a Windows device with Azure AD using Azure AD join, Azure AD adds the following security principals to the local administrators group on the device: - The Az...

Fixing 'SMB Signing Disabled or SMB Signing Not Required' vulnerability.

Image
If your organization is using a vulnerability scanning tool then more often than not, vulnerability like  SMB Signing Disabled or SMB Signing Not Required will flag up and probably make it to the top of the list. This is because most organizations may not have SMB signing enabled by default for all their client and server communications. What is SMB signing? SMB signing is a security mechanism in the SMB protocol which is  designed to help improve the  security of the SMB protocol.  SMB signing adds security to a network using NetBIOS, avoiding  man-in-the-middle attacks and w hen enabled on both the client and server, SMB sessions are  authenticated between the machines on the packet level. According to Microsoft , following SMB configuration scenarios can play out - If SMB Signing is enabled and required at both the client and the server, or if SMB signing is disabled at both the client and the server, the connection is successful. If SMB signing is enabl...