Is your execution policy Unrestricted for the entire machine?

Sometimes I see customers that for simplicity set the Powershell Execution Policy to Unrestricted. Well, I often wonder why, the usual reply is because it just doesn’t work otherwise. Well I say its time reconsider. Powershell allows for a much more granular solution using scopes. Did you know that there are 5 different scopes for the Execution policy?

Scope
Process
CurrentUser
LocalMachine
UserPolicy
MachinePolicy

So armed with this knowledge we can allow the current process to run as unrestricted while maintaining a rather secure machine around it. But if there were options to the scope what different execution policies are there? Well there are 7, well kind of.. [Read more…]

UAC modified groups

So I was searching for which groups that User Access Control (UAC) removes from the default kerberos ticket. After alot of googling, and even reading the old UAC blog. So I decided to make the list myself. And not finding it I decided to build the list.

But first what is UAC?

UAC helps secure a system by removing some groups from the kerberos ticket used by Explorer.exe. When you run a program as Administrator it will run with the full kerberos ticket.

Which windows groups are removed from the default kerberos ticket? [Read more…]