Attached: 1 image
So, Microsoft is silently installing Copilot onto Windows Server 2022 systems and this is a disaster.
How can you push a tool that siphons data to a third party onto a security-critical system?
What privileges does it have upon install? Who thought this is a good idea? And most importantly, who needs this?
#infosec #security #openai #microsoft #windowsserver #copilot
This stuff always makes me laugh. Firstly, yes absolutely, Microsoft shouldn’t do this sort of crap. But more importantly, the person complaining about it here is shouting out for the world to hear “I don’t know how to manage Windows servers properly!”. There is one single group policy setting that stops this from happening. A single, set-and-forget GPO. Anyone managing Windows environments that isn’t aware of this, shouldn’t be managing Windows environments.
Then my next question would be, does that update on the change logs? Does the change log notify the admin that in the future, copilot may be installed if they didn’t touch those settings?
There are 5 million ways to configure windows and each have an absurd and almost by-design level of convolution. You can’t possibly expect people to know about a new GPO immediately
That is why companies will hire good sys admins who do their job and stay on top of the important group policy settings. This absolutely would not be missed by any reasonably competent IT dept.
I don’t use windows so I don’t know the specifics. If microsoft is INFORMING the user beforehand about this change (that copilot switch/policy is now available) AND DISCLOSE that in the future if you didn’t touch this switch then copilot may be installed, sure, blame admin. Otherwise, this is a shitty move from software update POV
To add:
Maybe you can link the change log provided by microsoft before this update that adds those switches or rules to prove that it has indeed been disclosed to the admin.
There is one GPO to disable co-pilot. One. It’s not even hard to find and has been available for more than 6 months.
And yes I would absolutely expect someone whose job it is to manage Windows servers to know about it. And certainly, I would expect them to look it up before declaring to the world how bad at their job they are.
Let me see if I understand your logic. Microshit decides to push something sneakily on servers, and the OP mentions that he just found out about it, and never once does he mention that he doesn’t know what to do about it, but and you assume he doesn’t know, but and choose to blast him over your assumption.
It wouldn’t have been installed at all if the OP did their job properly and had set the one config option. Microsoft doing shady things is hardly news. That’s why a good Windows sysadmin keeps and eye out for this sort of stuff.
I get that, but we can’t go around assuming stuff and blasting people over assumptions. We don’t know if someone else in his team was in charge of that, and he found out while auditing the server, that’s certainly a possibility. Then there’s the fact that his post could help someone thinking about setting up a similar server rethink this and choose to move away from Microshit altogether.
I agree that whomever is in charge should keep updated on information, issues and their potential solutions (I’d fire any sys admin not living by those rules, for sure).
Now, if he is, in fact, responsible for that, shame on him, but he’s innocent until proven guilty.
The OP is re-tooting a toot of a screenshot of a tweet. My (mild) criticism isn’t aimed at OP, nor the OP of the OP, just the original Twitter OP. No one was “blasted” but even if they were, the Twitter OP is not likely to see my comments and have a bad case of the sads from it.
This stuff always makes me laugh. Firstly, yes absolutely, Microsoft shouldn’t do this sort of crap. But more importantly, the person complaining about it here is shouting out for the world to hear “I don’t know how to manage Windows servers properly!”. There is one single group policy setting that stops this from happening. A single, set-and-forget GPO. Anyone managing Windows environments that isn’t aware of this, shouldn’t be managing Windows environments.
This is a ridiculous statement. Copilot should be opt-in, not opt-out and the setting is new.
Perfectly reasonable by the sysadmin to not have that already set.
Like I said, Microsoft shouldn’t do that crap. BUT the co-pilot setting has been around for 6 months. Long enough for any halfway decent sysadmin.
Then my next question would be, does that update on the change logs? Does the change log notify the admin that in the future, copilot may be installed if they didn’t touch those settings?
There are 5 million ways to configure windows and each have an absurd and almost by-design level of convolution. You can’t possibly expect people to know about a new GPO immediately
That is why companies will hire good sys admins who do their job and stay on top of the important group policy settings. This absolutely would not be missed by any reasonably competent IT dept.
A company that’s using Windows Server is not hiring the brightest mfers
I don’t use windows so I don’t know the specifics. If microsoft is INFORMING the user beforehand about this change (that copilot switch/policy is now available) AND DISCLOSE that in the future if you didn’t touch this switch then copilot may be installed, sure, blame admin. Otherwise, this is a shitty move from software update POV
To add: Maybe you can link the change log provided by microsoft before this update that adds those switches or rules to prove that it has indeed been disclosed to the admin.
There is one GPO to disable co-pilot. One. It’s not even hard to find and has been available for more than 6 months.
And yes I would absolutely expect someone whose job it is to manage Windows servers to know about it. And certainly, I would expect them to look it up before declaring to the world how bad at their job they are.
Let me see if I understand your logic. Microshit decides to push something sneakily on servers, and the OP mentions that he just found out about it, and never once does he mention that he doesn’t know what to do about it, but and you assume he doesn’t know, but and choose to blast him over your assumption.
Did I miss something?
It wouldn’t have been installed at all if the OP did their job properly and had set the one config option. Microsoft doing shady things is hardly news. That’s why a good Windows sysadmin keeps and eye out for this sort of stuff.
I get that, but we can’t go around assuming stuff and blasting people over assumptions. We don’t know if someone else in his team was in charge of that, and he found out while auditing the server, that’s certainly a possibility. Then there’s the fact that his post could help someone thinking about setting up a similar server rethink this and choose to move away from Microshit altogether. I agree that whomever is in charge should keep updated on information, issues and their potential solutions (I’d fire any sys admin not living by those rules, for sure). Now, if he is, in fact, responsible for that, shame on him, but he’s innocent until proven guilty.
The OP is re-tooting a toot of a screenshot of a tweet. My (mild) criticism isn’t aimed at OP, nor the OP of the OP, just the original Twitter OP. No one was “blasted” but even if they were, the Twitter OP is not likely to see my comments and have a bad case of the sads from it.
Ok, cool, I guess.