If not well designed or managed, User and Administrator privilege separation for users/system administrators on a Windows OS can be painful for both sides. Indeed, Windows OS doesn’t have a simple and neat management like a SUDO on Linux OS, but settings need to be tailored with GPO or at least with different users.
Regular user accounts (e.g. Domain Users) should not be a member of the local administrators group for a security point of view.
Using separate users: a standard one and an admin member of the local administrators group is at least a good way to mitigate the risk of potential/malicious/accidental damage to the system. It doesn’t matter if most of the today’s threats can deal with the regular user context.
Nothing new if you’re familiar with the least privilege access, if is something you’ve never think about it… Well, I can use a simple effective analogy for allowing user with local admin rights on their workstation.. it’s like to let them run with the scissors all the time… is it worthy or simply asking for trouble?
Continue reading “How To Create a Local Admin Account with Powershell”
There are times where small and simple things can have big impact for a larger audience, one example is implementing a Text To Speech function. Users want to interact with machines in a smarter and meaningful way, the biggest challenge is for developers and engineers to meet that expectation integrating those features in their solutions.
We always give for granted that notifications are visual and users are always staring at in front of a monitor waiting for a pop-up window or a new line on the cli to check progress or output of a repetitive operation.
But I think that in many cases text to speech is a good way getting user attention or providing useful instructions. So let’s dive into..
Continue reading “Powershell: Text To Speech in 3 lines of code”
There are many really good tools capable of generating random passwords with different complexity and purposes. Some of them are integrated in password managers, some embedded in the browser others available programmatically from the cli with no need to use an online password generator. Continue reading “PowerShell: Random Password Generator”