CntdwnToExtn
Fully Optimized
- Messages
- 1,746
- Location
- Parents Basement...Still
Earlier this year, Microsoft released a couple updates to address Remote Code Execution.
The above TechNet Blog posting explains in detail what it mitigates.
In a nutshell, it enables authentication between your clients (which are workstations and servers) and the file share they are trying to access.
The first shares recommended to be secured are your SYSVOL and NETLOGON shares from the DC's. This is to ensure when attempting to get a GPO or refresh, they are not hijacked.
It's also recommended to enable this on your sensitive shares.
MS15-11 KB can also give you more detail.
*Note: The "privacy" switch is ONLY available for Server 2012 and Windows 8 clients (and above). If you use this on a Windows 7/2008 domain, you will have issues. So leave this switch out if you're not fully migrated!!!
MS15-011 & MS15-014: Hardening Group Policy - Security Research & Defense - Site Home - TechNet Blogs
The above TechNet Blog posting explains in detail what it mitigates.
In a nutshell, it enables authentication between your clients (which are workstations and servers) and the file share they are trying to access.
The first shares recommended to be secured are your SYSVOL and NETLOGON shares from the DC's. This is to ensure when attempting to get a GPO or refresh, they are not hijacked.
It's also recommended to enable this on your sensitive shares.
MS15-11 KB can also give you more detail.
*Note: The "privacy" switch is ONLY available for Server 2012 and Windows 8 clients (and above). If you use this on a Windows 7/2008 domain, you will have issues. So leave this switch out if you're not fully migrated!!!
