@RoopanKumar said in Can a domain user allowed for Windows Updates and install software should be denied:
is there any way to implement it without WSUS role
need to do via GPO
Yes, read the technet article. The first step is about WSUS - but ignore that. If there is no WSUS setup it will just use the online repository - just don't specify a custom server in any of the setup, therefore it will just use the Windows default one.
Group policy is the way forward here if you have a central server with Active Directory and you're talking about a Windows environment.
Turn Windows updates on through Group Policy (https://technet.microsoft.com/en-us/library/cc708574(v=ws.10).aspx) and that's all you need really..?
@DustinB3403 said in What Are You Doing Right Now:
@NattNatt yea
I tore mine of those when I was younger, had it in a splint for about 2 months...the pain was mental - I feel for you!
@DustinB3403 said in What Are You Doing Right Now:
@NattNatt said in What Are You Doing Right Now:
@DustinB3403 said in What Are You Doing Right Now:
I'm cringing in pain.... i hurt my tendon on the inside portion of my thumb moving a table..... need a brace.
well that was a silly thing to do wasn't it!
Hope it gets better soon dude!
its so sore....
the fleshy bit between your thumb and first finger..?
@DustinB3403 said in What Are You Doing Right Now:
I'm cringing in pain.... i hurt my tendon on the inside portion of my thumb moving a table..... need a brace.
well that was a silly thing to do wasn't it! Hope it gets better soon dude!
Been in work for 30 mins, first day back after the holiday...
EDIT: Sorry just read through the thread, can't be any help 
@DustinB3403 said in Non-IT News Thread:
@scottalanmiller said in Non-IT News Thread:
Russia bath lotion kills 41 drinkers in Irkutsk
http://www.bbc.co.uk/news/world-europe-38363441The issue here is people are consuming things which are clearly not meant for consumption!
The issue here is they removed them from the shelves and didn't let natural selection continue down it's course....
mine sometimes does sometimes doesn't and not figured out the recurring pattern yet...
@IRJ said in Local Guest Account:
@NattNatt said in Local Guest Account:
@scottalanmiller said in Local Guest Account:
@NattNatt said in Local Guest Account:
@IRJ said in Local Guest Account:
@NattNatt said in Local Guest Account:
@IRJ said in Local Guest Account:
@DustinB3403 said in Local Guest Account:
We disable it.
According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.
The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.
Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?
Internal IT poses a risk as well.
Depends who you work with...I trust all my team I work with. If I didn't, I wouldn't work with them...
Right, so why watch your vendor like that, they are part of your team.
Not always, we are told by clients to allow some vendors onto their systems, they were never recommended by us, therefore not part of our team, they're an external third party. Not saying sit there and just do that, but we are always on the server at the same time with a recorded session in those instances, can still do other tickets etc in the background, but keep an eye on for opening stuff they shouldn't be doing/have a recording to prove stuff that was done etc
You can give yourself a local admin rights in about 60 seconds through the GUI. If you script it, you are talking about 3-5 seconds. If you are going to let someone on your system, you better be auditing them.
That was my point, we do that, we record everything as well to make sure we don't miss anything/can play back and see exactly what was done, covering ourselves in case something they do breaks the system//creates a backdoor//loophole like this
@scottalanmiller said in Local Guest Account:
@NattNatt said in Local Guest Account:
@IRJ said in Local Guest Account:
@NattNatt said in Local Guest Account:
@IRJ said in Local Guest Account:
@DustinB3403 said in Local Guest Account:
We disable it.
According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.
The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.
Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?
Internal IT poses a risk as well.
Depends who you work with...I trust all my team I work with. If I didn't, I wouldn't work with them...
Right, so why watch your vendor like that, they are part of your team.
Not always, we are told by clients to allow some vendors onto their systems, they were never recommended by us, therefore not part of our team, they're an external third party. Not saying sit there and just do that, but we are always on the server at the same time with a recorded session in those instances, can still do other tickets etc in the background, but keep an eye on for opening stuff they shouldn't be doing/have a recording to prove stuff that was done etc
@JaredBusch said in Weekend Plans:
@Dashrender said in Weekend Plans:
did you get that crap snow?
We got a dusting.
Ended up with only about 7-8 inches.
Promised 10 inches, end up with 7-8?
The jokes make themselves....
@IRJ said in Local Guest Account:
@NattNatt said in Local Guest Account:
@IRJ said in Local Guest Account:
@DustinB3403 said in Local Guest Account:
We disable it.
According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.
The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.
Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?
Internal IT poses a risk as well.
Depends who you work with...I trust all my team I work with. If I didn't, I wouldn't work with them...
@IRJ said in Local Guest Account:
@DustinB3403 said in Local Guest Account:
We disable it.
According to Microsoft that is a low risk and if you aren't getting alerts for local user account changes it can pose a much higher risk.
The local admin account is generally changed on a regular basis, but guest accounts are rarely touched. An admin or even a vendor could in turn enable the guest account and give it local admin privileges, and chances are you would never know.
Wait, you allow Vendors access to your servers without monitoring them to see what they're actually doing?
@wirestyle22 said in Weekend Plans:
@NattNatt said in Weekend Plans:
Was working all weekend doing a big migration at one clients, and then managing an on-call issue where a big client's hosted services were down for ~6 hours...
Eeesh.
Yup, was....fun?
Was working all weekend doing a big migration at one clients, and then managing an on-call issue where a big client's hosted services were down for ~6 hours...