Lightnews — Scholar-powered news

Guy Leech @guyrleech.bsky.social · 10d

Note that the default in secpol.msc says "Not Configured" but it's on by default so enable auditing but don't enable Success. I don't believe that these events are useful - they cause log overwrite of ones that are like process creation & termination

Guy Leech @guyrleech.bsky.social · 10d

Just dug this 2018 tweet out as seeing the issue at a customer:

#Windows Security event log being swamped by 4703 "A token right was adjusted" events? Disable "Audit Authorization Policy Change" by local or group policy. Common with #SCCM
learn.microsoft.com/en-us/previo...

1

Guy Leech @guyrleech.bsky.social · 11d

Thanks although you spelt powershell.exe wrong 😂

3

Guy Leech @guyrleech.bsky.social · 12d

Too many times

1

Guy Leech @guyrleech.bsky.social · 12d

What's the current thinking/consensus/experience of having duplicate machine SIDs on the same subnet & members of the same domain (different hostnames & MAC & IP addresses obviously)?
It's many years since @markrussinovich.bsky.social said changing SIDs wasn't necessary but what about RoW?

4 2

Guy Leech @guyrleech.bsky.social · 15d

What a croc

Or is it?

What, a croc? 😄

Reposted by Guy Leech

PSConfEU @psconf.eu · 15d

💡 Be Your Own Sherlock in the Realms of Microsoft Graph
👨‍🏫 @hcritter.bsky.social – Senior System Engineer at CANCOM GmbH
🗓️ 14 Oct | #PSConfEU MiniCon
👉 Free ticket: synedgy.com/psconfeu-minicon
#PowerShell #Microsoft #Graph #automation

3 5

Guy Leech @guyrleech.bsky.social · 15d

I use thin sliced ham for my dogs

3

Guy Leech @guyrleech.bsky.social · 15d

If you want to quickly figure out if & where a process is writing a logfile, create a filter (ctrl l) in @SysInternals procmon for your process(es) and also Category = Write & turn off registry & network capture in the toolbar

2 3

Guy Leech @guyrleech.bsky.social · 15d

Any of you got experiences of packaging Adobe or AutoCAD apps into MSIX and delivering via App Attach? About to have a play myself but interested to know if others have tried. I think going App-V is probably not a sensible approach given its life expectancy.

2

Guy Leech @guyrleech.bsky.social · 16d

Need to turn %USERDNSDOMAIN% into canonical form, eg for ADSI ?

"DC=$(($env:USERDNSDOMAIN -split '\.') -join ',DC=')"

1 3

Guy Leech @guyrleech.bsky.social · 17d

They are indeed a croc ...

Guy Leech @guyrleech.bsky.social · 18d

It burns?🤣

Reposted by Guy Leech

PSConfEU @psconf.eu · 18d

💡 #PowerShell Security: A Journey Through Time
👨‍🏫👨‍🏫 @miriamwiesner.bsky.social - Security Researcher at Microsoft & Anam Navied - Software Engineer, PowerShell team at Microsoft
🗓️ 14 Oct | #PSConfEU MiniCon
👉 Free ticket: synedgy.com/psconfeu-minicon
#automation

2 6

Guy Leech @guyrleech.bsky.social · 18d

In my Unix coding days I always preferred amber screens over green screens

1 2

Guy Leech @guyrleech.bsky.social · 18d

Jesus H Christ!

4 1 34

Guy Leech @guyrleech.bsky.social · 18d

"We're going to need a bigger bed" ! 😂
I had 4 with me last night although they are smaller & my bed is bigger

1 1 20

Guy Leech @guyrleech.bsky.social · 18d

London #PowerShell User Group in person Meetup is tomorrow
evening
www.meetup.com/powershell-l...

London PSUG September Meetup @ Jane Street, Wed, Sep 24, 2025, 5:30 PM | Meetup

Join us at Jane Street for this meetup! There will be drinks, food, and SWAG!!! Make sure your register here (mandatory)! **Schedule:** * 17:30 Arrival & Welcome Drinks *

www.meetup.com

2 4

Guy Leech @guyrleech.bsky.social · Sep 11

Cases for the old Nokia phones were to protect the floor, not the phone 😂

1 4