Attached: 1 image
So, Microsoft is silently installing Copilot onto Windows Server 2022 systems and this is a disaster.
How can you push a tool that siphons data to a third party onto a security-critical system?
What privileges does it have upon install? Who thought this is a good idea? And most importantly, who needs this?
#infosec #security #openai #microsoft #windowsserver #copilot
This stuff always makes me laugh. Firstly, yes absolutely, Microsoft shouldn’t do this sort of crap. But more importantly, the person complaining about it here is shouting out for the world to hear “I don’t know how to manage Windows servers properly!”. There is one single group policy setting that stops this from happening. A single, set-and-forget GPO. Anyone managing Windows environments that isn’t aware of this, shouldn’t be managing Windows environments.
There are 5 million ways to configure windows and each have an absurd and almost by-design level of convolution. You can’t possibly expect people to know about a new GPO immediately
That is why companies will hire good sys admins who do their job and stay on top of the important group policy settings. This absolutely would not be missed by any reasonably competent IT dept.
There is one GPO to disable co-pilot. One. It’s not even hard to find and has been available for more than 6 months.
And yes I would absolutely expect someone whose job it is to manage Windows servers to know about it. And certainly, I would expect them to look it up before declaring to the world how bad at their job they are.
Let me see if I understand your logic. Microshit decides to push something sneakily on servers, and the OP mentions that he just found out about it, and never once does he mention that he doesn’t know what to do about it, but and you assume he doesn’t know, but and choose to blast him over your assumption.
It wouldn’t have been installed at all if the OP did their job properly and had set the one config option. Microsoft doing shady things is hardly news. That’s why a good Windows sysadmin keeps and eye out for this sort of stuff.
I get that, but we can’t go around assuming stuff and blasting people over assumptions. We don’t know if someone else in his team was in charge of that, and he found out while auditing the server, that’s certainly a possibility. Then there’s the fact that his post could help someone thinking about setting up a similar server rethink this and choose to move away from Microshit altogether.
I agree that whomever is in charge should keep updated on information, issues and their potential solutions (I’d fire any sys admin not living by those rules, for sure).
Now, if he is, in fact, responsible for that, shame on him, but he’s innocent until proven guilty.
The OP is re-tooting a toot of a screenshot of a tweet. My (mild) criticism isn’t aimed at OP, nor the OP of the OP, just the original Twitter OP. No one was “blasted” but even if they were, the Twitter OP is not likely to see my comments and have a bad case of the sads from it.
This stuff always makes me laugh. Firstly, yes absolutely, Microsoft shouldn’t do this sort of crap. But more importantly, the person complaining about it here is shouting out for the world to hear “I don’t know how to manage Windows servers properly!”. There is one single group policy setting that stops this from happening. A single, set-and-forget GPO. Anyone managing Windows environments that isn’t aware of this, shouldn’t be managing Windows environments.
This is a ridiculous statement. Copilot should be opt-in, not opt-out and the setting is new.
Perfectly reasonable by the sysadmin to not have that already set.
Like I said, Microsoft shouldn’t do that crap. BUT the co-pilot setting has been around for 6 months. Long enough for any halfway decent sysadmin.
There are 5 million ways to configure windows and each have an absurd and almost by-design level of convolution. You can’t possibly expect people to know about a new GPO immediately
That is why companies will hire good sys admins who do their job and stay on top of the important group policy settings. This absolutely would not be missed by any reasonably competent IT dept.
A company that’s using Windows Server is not hiring the brightest mfers
There is one GPO to disable co-pilot. One. It’s not even hard to find and has been available for more than 6 months.
And yes I would absolutely expect someone whose job it is to manage Windows servers to know about it. And certainly, I would expect them to look it up before declaring to the world how bad at their job they are.
Let me see if I understand your logic. Microshit decides to push something sneakily on servers, and the OP mentions that he just found out about it, and never once does he mention that he doesn’t know what to do about it, but and you assume he doesn’t know, but and choose to blast him over your assumption.
Did I miss something?
It wouldn’t have been installed at all if the OP did their job properly and had set the one config option. Microsoft doing shady things is hardly news. That’s why a good Windows sysadmin keeps and eye out for this sort of stuff.
I get that, but we can’t go around assuming stuff and blasting people over assumptions. We don’t know if someone else in his team was in charge of that, and he found out while auditing the server, that’s certainly a possibility. Then there’s the fact that his post could help someone thinking about setting up a similar server rethink this and choose to move away from Microshit altogether. I agree that whomever is in charge should keep updated on information, issues and their potential solutions (I’d fire any sys admin not living by those rules, for sure). Now, if he is, in fact, responsible for that, shame on him, but he’s innocent until proven guilty.
The OP is re-tooting a toot of a screenshot of a tweet. My (mild) criticism isn’t aimed at OP, nor the OP of the OP, just the original Twitter OP. No one was “blasted” but even if they were, the Twitter OP is not likely to see my comments and have a bad case of the sads from it.
Ok, cool, I guess.