Windows CVE-2021-34527 PrintNightmare - Useful flowchart

 @wdormann posted a very useful flowchart regarding Windows CVE-2021-34527 PrintNightmare: https://www.kb.cert.org/vuls/id/383432

CSW CVE-2021-34527 PrintNightmare Windows Vulnerability

Further information can be found here: https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2021/2021-233732-1032.pdf?__blob=publicationFile

at No comments:
Labels: , , ,

"gpupdate" vs "gpupdate /force" & Group Policy Processing Order

gpupdate vs gpupdate /force

 
Microsoft Windows Group Policy refresh can be manually using the command "gpupdate". There is a option called "/force". The difference between both is:
  • gpupdate = if there are not changes, we dont change anything
  • gpupdate /force = reapply all settings eventhough nothing has changed; changes are immediatly applied

Source: https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/gpupdate

Group Policy Processing Order

With this keep in mind the group policy processing order, in which the group policies are applied to windows:
  1. At first Local Group Policies are applied
  2. Second comes the Site Group Policies
  3. Third are the Domain Group Policies
  4. Final are the OU Group Policies (If there are multiple OUs, they are applied top to down)
Sources: https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc785665(v=ws.10)?redirectedfrom=MSDN & https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc757050(v=ws.10)?redirectedfrom=MSDN
at 1 comment:
Labels: , ,
Subscribe to: Posts (Atom)

Splunk UseCase for attacks against FortiGate Firewall management interfaces

If you are using Splunk as your SIEM you can try to detect attacks against your FortiGate firewalls by using the following SPL query: index...