iiiiiiitttttttttttt

1447 readers

230 users here now

you know the computer thing is it plugged in?

A community for memes and posts about tech and IT related rage.

founded 7 months ago

MODERATORS

irelephant@programming.dev

irelephant@lemmy.dbzer0.com

Shivering@programming.dev

neidu3@sh.itjust.works

KingTootsie@programming.dev

AnarchistArtificer@slrpnk.net

106

Half the Citrix tickets we get are basically this (infosec.pub)

submitted 1 week ago* (last edited 1 week ago) by IcedRaktajino@startrek.website to c/iiiiiiitttttttttttt@programming.dev

10 comments fedilink hide all child comments

(Yes, I know it's supposed to sign them in automatically. It doesn't always. We've got tickets in. What does work every time is signing into Office when prompted.)

you are viewing a single comment's thread
view the rest of the comments

[–] sylver_dragon@lemmy.world 4 points 1 week ago

If you set stuff up properly

A lot of heavy lifting going on in those words....

Also, the malware which gets bundled with "free" versions of products usually doesn't care if the install fails or succeeds, just that the user downloaded the package, unzipped it, and double-clicked on the ever-so-helpful "install.lnk". Most of the current ransomware and infostealer malware doesn't need local admin to do it's damage. Plenty of Remote Access Toolkits (RATs) will run quite happily in user space. Users can edit their local RUN registry key and/or create scheduled tasks. And there are doubtless Privilege Escalation vulnerabilities sprinkled around the system like fairy dust when it gets to be time to dump the SAM hive or lsass memory space.

Yes, locking down local admin gets you a lot, in terms of security. It's far from a trump card though. Lots and lots of damage can happen in user land.