all InfoSec news
SCCM Site Takeover via Automatic Client Push Installation
Malware Analysis, News and Indicators - Latest topics malware.news
tl;dr: Install hotfix KB15599094 and disable NTLM for client push installation.
While reading SCCM Current Branch Unleashed and stepping through the site installation process, I found something interesting — the primary site server’s domain computer account is required to be a member of the local Administrators group on the site database server.
During site installation, this account is also added to the sysadmins group in the site database.
This means that if:
- automatic site assignment and automatic site-wide client push …
account administrators automatic client computer current database domain install installation local ntlm process sccm server takeover