Monday, July 29, 2019

FileVault password not sync with AD user password


1.     Remove user from filevault (Login as Local Admin)
sudo fdesetup remove -user firstname.lastname 

2.     Restart.

3.     Re-add user from filevault
sudo fdesetup add -usertoadd Firstname.Lastname
4.    After hitting enter, you will expect the following in terminal:
Enter the user name:Administrator
Enter the password for user ‘Administrator':
Enter the password for the added user 'Firstname.Lastname':

Tuesday, July 9, 2019

Vulnerabilities ADV180012, ADV180002, and ADV190013


Microsoft is aware of a new publicly disclosed class of vulnerabilities that are called “speculative execution side-channel attacks” and that affect many modern processors including Intel, AMD, VIA, and ARM.
To fix the vulnerabilities at your server, run your command prompt as administrator.


Copy and paste below into CMD and restart the server
The registry edits are;
1.      reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverride /t REG_DWORD /d 72 /f
2.      reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management" /v FeatureSettingsOverrideMask /t REG_DWORD /d 3 /f
3.      reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Virtualization" /v MinVmVersionForCpuBasedMitigations /t REG_SZ /d "1.0" /f
If ADV180012, ADV180002 have been previously patched, only regedit #1 is needed.
I pulled these edits from the Microsoft Knowledge Base Article 4072698