George Simos

NTLM is being phased out in Windows 11. Learn the risks of legacy authentication, how to audit NTLM dependencies, and how Kerberos options like IAKerb and Local KDC prepare you for what’s next. #TechTakeoff x.com/i/broadcasts/1…

Υπολογιστές μας θα παίξουν στην ταινία The riders, που γυρίζετε αυτές τις ημέρες στην χώρα μας. Ο Μπραντ Πιττ θα μάθει ms-dos για να εκτυπώσει σε έναν εκτυπωτή dot matrix!

Discovering PowerShell provider dynamic parameters oofhours.com/2026/03/03/dis…

In Active Directory, there is a method that’s been around for many years which changes the password last set date but not the actual password. This is what I call a “fake password change” since the account appears to have a recent password when scanning for old passwords based on password last set, but the underlying password hasn’t actually changed. I spoke about this in my 2015 @BSidesCharm talk which was my first conference talk. More details including step-by-step screenshots are here: adsecurity.org/?p=4969 Why does this happen? There are times where service account (or admin accounts) need to have password changes, but someone doesn’t want to do the work to change them. The ability to fake a password change requires modify rights on the pwdLastSet attribute which provides the ability to check/uncheck the setting “User must change password at next logon”. This setting is enabled when you want the user to change their own password when they logon. How does this work? This is simple to do when you have rights on the target account (in this example the password last changed in August 2025). We open up Active Directory Users and Computers (ADUC), double-click on the target account to open up the account properties and then click on the Account tab. From here we check the box for “User must change password at next logon” and click Apply. The PasswordLastSet date is now blank. Which makes it seem like the account has never had a password set. We continue with our process where we uncheck the box for “User must change password at next logon” we checked and then click Apply. After performing this action, the password change date has now been set to the current date and time even though the password itself hasn’t been changed since August 2025. We have successfully faked a password change! Why does this happen? This happens because the “User must change password at next logon” option is used to force a user to change their password at next logon. With it checked, Active Directory is waiting for the user to attempt to logon which is when the user is directed to change their password. During this time the PasswordLastSet value is blank since it is waiting for a new password. Once the user changes their password, the checkbox is effectively removed and the current date and time are set for the user’s passwordlastset property (technically this is the “pwdlastset” attribute, but the AD PowerShell cmdlets use that property). An attacker could use this technique for an account with an old password they discover and have control of the account (with the ability to flip this bit). This would show that the password changed without it actually changing. Detect fake Active Directory password changes at scale I wrote a PowerShell script that will scan either the Active Directory Admins or All Users in the domain to see if there’s a fake password change that has been performed on them. github.com/PyroTek3/Activ…

@mmsmoa Enjoyed the experience a lot back in 2024!

Back by popular demand - Who is excited for the Escape Rooms at MMS? Meet fellow attendees and speakers in a fun new way! Great opportunity to network and have a good time ....... for Free! mms2026atmoa.sched.com/event/2C0nZ/th… Register Today 👉 mmsmoa.com/mms2026moa May 3-7, 2026 #Microsoft #ITpros #MSIntune #Windows #ConfigMgr #Windows365

@jsnover Thank you for everything, not just PowerShell but the inspiring presentations and speaking engagements/keynotes. Enjoy retirement and keep us posted about things you will be tinkering with!

Retired. Thanks for all the fish!

The MDT download is gone, so RIP oofhours.com/2026/01/06/the…

@PJ_Marcum The hit of the time capsule.....

Somebody is definitely doing something incorrectly….. #MEMCM

Windows 11 23H2 Home and Pro editions, have reached end of life / support today, upgrade to 24H2 to remain supported. If you're a Windows 11 23H2 Education/Enterprise edition customer, these editions will be supported for another 12 months until 11/10/2026. #Microsoft #Windows11

@jarwidmark @ramseyg Even for me, an old guy in tech, these mini courses are not only enjoyable, but also very insightful, thank you for that Johan!

We all started somewhere, help someone else do the same. Share this free community course with a new tech who’s ready to jump into Microsoft IT (or that just started).

Well, of course… That’s what October was missing :)

@PJ_Marcum @Mister_MDM @juergkoller @MattWreede @mmsmoa @DeviceDeploy Correction it was for @DeviceDeploy (/chuckles)

@PJ_Marcum @Mister_MDM @juergkoller @MattWreede @mmsmoa @DeviceDeploy Maybe @Mister_MDM would like to jump in this thread and comment?

Ever feel like Intune takes its time to apply a policy? That behavior isn’t something new…. it goes back to the original “get, set, get” model Microsoft built nearly twenty years ago. The same OMA DM Protocol that once powered Windows Phone became the blueprint for every Intune policy still running today. Even now, you can still spot WindowsPhoneProvider references buried inside the OMA DM client code. This blog looks at where Intune all started: patchmypc.com/blog/the-histo… #Intune #MSIntune #Windows #Windows11

@PJ_Marcum @juergkoller @Mister_MDM @MattWreede @mmsmoa @DeviceDeploy He does that from time to time, throwing bits of info to keep us on the edge 😊But he is a nice chap and clarifies info very well.

@GSimos @juergkoller @Mister_MDM @MattWreede At @mmsmoa @DeviceDeploy mentioned an agent I was unaware of. I knew about the IME and the hardware inventory agent. I think this new one is for app deployment, but I could be remembering that wrong.

@MattWreede @juergkoller @Mister_MDM @PJ_Marcum AI start talking Aye!

@GSimos @juergkoller @Mister_MDM @PJ_Marcum 2019 was the golden time. Co-Management was the hotness. SKU-ification hadn't occurred yet. Strong leadership. Technical prowess. Then, the darkness. The SKU-ification. The sad times. But hey, we have AI slop now, so let's go ask CoPilot how to write a song as a pirate.

@driving_croonr @miketerrill @bdam555 @jarwidmark @gwblok @mniehaus Again, glad we stick on Server 2022 😊

@driving_croonr @miketerrill @bdam555 @jarwidmark @gwblok @mniehaus The Win11 24/25H2 October updates issues are affecting Windows Server 2025 also, Server 2022 is immune bit.ly/4qEYTXh

First localhost and now WinRE-yikes! Let's hope there isn't another crowd strike. @bdam555 @jarwidmark @gwblok @mniehaus windowslatest.com/2025/10/18/mic…

@Glen_A_Cook @bdam555 @bytenerd The Win11 24/25H2 October updates issues are affecting Windows Server 2025 also, Server 2022 is immune bit.ly/4qEYTXh

@bdam555 @bytenerd Known issue for W11 25H2 #3592msgdesc" target="_blank" rel="nofollow noopener">learn.microsoft.com/en-us/windows/…

PSA: have heard multiple reports that this month's CUs (ex. KB5066835) break/alter the localhost loopback in ways that has broken a fairly wide swath of software. No official word yet that I'm aware of. Paging @bytenerd

@MattWreede @juergkoller @Mister_MDM @PJ_Marcum /Chuckles

@juergkoller @Mister_MDM @PJ_Marcum If you push hard enough, square wheels are fine.