From 3785bc07fa4bae00327579c88a8ade2a4995305f Mon Sep 17 00:00:00 2001 From: itsrlyAria <82474610+itsrlyAria@users.noreply.github.com> Date: Thu, 18 May 2023 04:32:24 -0700 Subject: [PATCH 1/4] Update wufb-compliancedeadlines.md Changing the Deadline and GP numbers to be correct --- windows/deployment/update/wufb-compliancedeadlines.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deployment/update/wufb-compliancedeadlines.md b/windows/deployment/update/wufb-compliancedeadlines.md index 3549b7bdb6..96a06feeab 100644 --- a/windows/deployment/update/wufb-compliancedeadlines.md +++ b/windows/deployment/update/wufb-compliancedeadlines.md @@ -36,7 +36,7 @@ With a current version, it's best to use the new policy introduced in June 2019 |Policy|Location|Quality update deadline in days|Feature update deadline in days|Grace period in days| |-|-|-|-|-| -|(Windows 10, version 1709 and later) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 3 | 7 | 2 | +|(Windows 10, version 1709 and later) Specify deadlines for automatic updates and restarts | GPO: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Specify deadlines for automatic updates and restarts | 2 | 2 | 5 | When **Specify deadlines for automatic updates and restarts** is set (Windows 10, version 1709 and later): From 6c6828abe7d00e2b916faeaa0155ac017992d951 Mon Sep 17 00:00:00 2001 From: itsrlyAria <82474610+itsrlyAria@users.noreply.github.com> Date: Thu, 18 May 2023 04:34:04 -0700 Subject: [PATCH 2/4] Update update-policies.md Fixing Deadline and GP recommendations to be accurate --- windows/deployment/update/update-policies.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/deployment/update/update-policies.md b/windows/deployment/update/update-policies.md index 1eb791b4fd..d4302cecac 100644 --- a/windows/deployment/update/update-policies.md +++ b/windows/deployment/update/update-policies.md @@ -37,8 +37,8 @@ to opt out of automatic restarts until the deadline is reached (although we reco restarts for maximum update velocity). We recommend you set deadlines as follows: -- Quality update deadline, in days: 3 -- Feature update deadline, in days: 7 +- Quality update deadline, in days: 2 +- Feature update deadline, in days: 2 Notifications are automatically presented to the user at appropriate times, and users can choose to be reminded later, to reschedule, or to restart immediately, depending on how close the deadline is. We recommend that you @@ -62,7 +62,7 @@ be forced to update immediately when the user returns. We recommend you set the following: -- Grace period, in days: 2 +- Grace period, in days: 5 Once the deadline and grace period have passed, updates are applied automatically, and a restart occurs regardless of [active hours](#active-hours). From 98a76b64a19871a06f33bc5fbd18f728daef829e Mon Sep 17 00:00:00 2001 From: professorbike Date: Fri, 2 Jun 2023 14:18:44 -0500 Subject: [PATCH 3/4] Update audit-security-group-management.md Fix typo in description of 4755. Previously stated "4737 is the same" instead of 4755. --- .../auditing/audit-security-group-management.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/auditing/audit-security-group-management.md b/windows/security/threat-protection/auditing/audit-security-group-management.md index eb76f1d581..14cccd81d4 100644 --- a/windows/security/threat-protection/auditing/audit-security-group-management.md +++ b/windows/security/threat-protection/auditing/audit-security-group-management.md @@ -83,7 +83,7 @@ This subcategory allows you to audit events generated by changes to security gro > [!IMPORTANT] > Event 4754(S) generates only for domain groups, so the Local sections in event [4731](event-4731.md) do not apply. -- 4755(S): A security-enabled universal group was changed. See event _[4735](event-4735.md): A security-enabled local group was changed._ Event 4737 is the same, but it is generated for a **universal** security group instead of a **local** security group. All event fields, XML, and recommendations are the same. The type of group is the only difference. +- 4755(S): A security-enabled universal group was changed. See event _[4735](event-4735.md): A security-enabled local group was changed._ Event 4755 is the same, but it is generated for a **universal** security group instead of a **local** security group. All event fields, XML, and recommendations are the same. The type of group is the only difference. > [!IMPORTANT] > Event 4755(S) generates only for domain groups, so the Local sections in event [4735](event-4735.md) do not apply. From 58a7a99542f9d3ff69da5209c9ef071410655cc4 Mon Sep 17 00:00:00 2001 From: Jared DeWitt Date: Sat, 3 Jun 2023 14:29:53 -0600 Subject: [PATCH 4/4] Update network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md --- ...ty-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md index f0c1ef0a6c..dbc99216c2 100644 --- a/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md +++ b/windows/security/threat-protection/security-policy-settings/network-security-restrict-ntlm-audit-ntlm-authentication-in-this-domain.md @@ -90,7 +90,7 @@ There are no security audit event policies that can be configured to view output This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. -NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB replay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the +NTLM and NTLMv2 authentication is vulnerable to various malicious attacks, including SMB relay, man-in-the-middle attacks, and brute force attacks. Reducing and eliminating NTLM authentication from your environment forces the Windows operating system to use more secure protocols, such as the Kerberos versionĀ 5 protocol, or different authentication mechanisms, such as smart cards. ### Vulnerability