Attached: 1 image
So, Microsoft is silently installing Copilot onto Windows Server 2022 systems and this is a disaster.
How can you push a tool that siphons data to a third party onto a security-critical system?
What privileges does it have upon install? Who thought this is a good idea? And most importantly, who needs this?
#infosec #security #openai #microsoft #windowsserver #copilot
Yep. I no longer have to administer Windows servers (everything I do is serverless these days) but I did for many years.
Adding anything to a server without vetting it against policies is a huge no no. Back when I was doing it, a big part of our monthly update deployment was updating the test environment first so we knew we weren’t about to break a bunch of shit for us and our customers. Not just “does this brick Windows server”, but “do our applications still function” (usually yes, but the answer was no on several occasions over shit smaller than this).
I don’t know what adding copilot does. Is it going to accidentally break some custom application by accident because it’s tied directly into the system? Is it going to report shit that I’ve already opted out of due to our data policies and possibly fuck up our audit compliance because of government regulations (defense, medical, and energy sectors have huge responsibilities in that area, just don’t ask how I know)? How does it interact with our in-house developed software?
Fuck, I dunno. That sounds like a nightmare for infrastructure and ops, several managers, government regulators, and a payday for legal.
Yep. I no longer have to administer Windows servers (everything I do is serverless these days) but I did for many years.
Adding anything to a server without vetting it against policies is a huge no no. Back when I was doing it, a big part of our monthly update deployment was updating the test environment first so we knew we weren’t about to break a bunch of shit for us and our customers. Not just “does this brick Windows server”, but “do our applications still function” (usually yes, but the answer was no on several occasions over shit smaller than this).
I don’t know what adding copilot does. Is it going to accidentally break some custom application by accident because it’s tied directly into the system? Is it going to report shit that I’ve already opted out of due to our data policies and possibly fuck up our audit compliance because of government regulations (defense, medical, and energy sectors have huge responsibilities in that area, just don’t ask how I know)? How does it interact with our in-house developed software?
Fuck, I dunno. That sounds like a nightmare for infrastructure and ops, several managers, government regulators, and a payday for legal.
The thought of administering windows server is vomitous.
How else would you manage microsoft AD?
There’s alternatives out there, unless you have specific contract obligations.
Maybe, but it’s still widely used and someone has to do it.