Based on a week of agony with customer projects that feel like a gasoline truck went off a bridge into a swamp filled with alligators gang-raping a pile of C-4 explosives. Or something like that. Whatever. I need sleep. No, wait. I need caffeine! The great cure for all that needs curing. Anyhow, where was I? Oh yeah.
Suggestion 1 – Default Domain Policy needs an ass-whipping
The Default Domain is famous for two main reasons:
- It’s the core of the basic AD configuration invasion and occupation forces, and as such, is supposed to be treated delicately.
- Users mow it down like a roasted pig at a homeless shelter barbecue
So, if it’s considered bad to muck with it beyond basic user password and other security-focused settings, why even include any other settings?
Therefore, as your candidate, I would push for a new Default Domain policy that ONLY contains a handful of settings and nothing else. You want other settings? Go make them yourself. The hard way. Like your great great great great and not-so-great grandparents did, with their bare hands. Sun-up to sun-down. In the vast, frozen fields, fighting off bears and rabid squirrels and shit.
I need sleep.
Suggestion 2 – Turn File Extensions on By Default
Turn them off, and you should be punished. Like, eyelids stitched back to your forehead, strapped to a chair and forced to watch The View re-runs for an entire week, without food or water, punished.
Hiding file extensions isn’t just dumber than the dumbest of dumb things, it’s also dumb. It’s a security hole, and it confounds Help Desks the world over, with clueless users torturing their techs as follows:
“Yes maam, I know you can’t work without that Cantankerous Cats wallpaper, but if you could just please find the .JPG file and right-click on it….
“I don’t see any Jay Peg files on my machine. I’m looking for Can Tank Are Us Cats, but I don’t see no Jay Peg files”
“It probably isn’t showing the J..P..G… extension, but…”
“The what?”
“The J-PEG extension”
“What’s an extension?”
“It’s a, hold on a second while I load my 9mm…. okay, I’m back. Do you see a file in the Pictures folder that looks like a small picture?”
“I see a lot of picture files in my pictures folder. Isn’t that what it’s for?”
“Yes…. (click click click)… Do you see one that has that stupid ass name, I’m sorry, I mean that cute kitty name in it?”
“I see one called ‘Spora – Cats are Ransomware Screensaver’, should I open that one?”
*** bang! ***
“Hello?”
“Hello?!”
“I opened it, but now I’m getting a message about entering a credit card….”
Skatterbrainz Blog 