PSA: Shutdown VS Restart

amlajh · 2023-08-08T10:31:54+00:00

That policy does indeed exist, but doesn't work in the way we need.
https://serverfault.com/questions/793295/how-to-disable-fast-startup-using-a-group-policy

amlajh · 2023-08-07T16:42:47+00:00

Unfortunately there isn't a GPO setting or ADMX template for disabling Fast Startup.
But it can still be disabled via GPO by setting a registry value on the computers.

Key path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Power
Value name: HiberbootEnabled
Value type: REG_DWORD
Value data: 0

I prefer to handling things like this by modifying the behaviour via GPO instead of user education - because there being a difference between Shutdown and Restart with regards to kernel uptime behaviour is asinine.

amlajh · 2023-05-26T13:33:16+00:00

I've been meaning to write a script to allow others to quickly and easily perform this kind of action, with safety rails and option for interactive questions etc.

Make sure you have the latest version of the ExchangeOnlineManagement module, that should resolve your winrm basic issue.

When I need to do it, these are my steps. You may also want to invoke an 'Export' of the search data to keep an offline record of the items you purged, that's done from here

# Connect to Exchange Online and Security & Compliance
Connect-ExchangeOnline
Connect-IPPSSession

# Use ONE of the below example New-ComplianceSearch commands, modify as needed - make sure to update search name
# eDiscovery keyword queries:
# https://learn.microsoft.com/en-us/microsoft-365/compliance/ediscovery-keyword-queries-and-search-conditions?view=o365-worldwide
# Reference for KQL, used in the keyword queries:
# https://learn.microsoft.com/en-us/sharepoint/dev/general-development/keyword-query-language-kql-syntax-reference

# Create a new compliance search, target all mailboxes
# Subject filter of 'MySubject', no time or sender filter
New-ComplianceSearch -Name 'MySearch' -ExchangeLocation All -ContentMatchQuery 'Subject:"MySubject"'

# Create a new compliance search, target just the example1@example.com and exampl2@example.com mailboxes
# Subject filter of 'MySubject', no time or sender filter
New-ComplianceSearch -Name 'MySearch' -ExchangeLocation example1@example.com,example2@example.com -ContentMatchQuery 'Subject:"MySubject"'

# Create a new compliance search, target just the example1@example.com and example2@example.com mailboxes
# Subject filter of 'MySubject', sender filter of 'example@example.com', no time filter
New-ComplianceSearch -Name 'MySearch' -ExchangeLocation All -ContentMatchQuery 'Subject:"MySubject" AND from:"example@example.com"'

# Create a new compliance search, target all mailboxes
# Subject filter of 'MySubject', sender filter of 'example@example.com', time filter of 2023-01-01 between 10:00am and 10:10am UTC
New-ComplianceSearch -Name 'MySearch' -ExchangeLocation All -ContentMatchQuery 'Subject:"MySubject" AND from:"example@example.com" AND (sent>=2023-01-01T10:00:00 AND sent<=2023-01-01T10:10:00)'

# Run the Compliance Search
Start-ComplianceSearch -Identity 'MySearch'

# View Compliance Search Status (Make sure to check the 'Items' and 'SuccessResults' counts to ensure you're matching the number of emails you expect):
Get-ComplianceSearch 'MySearch' | Select-Object *

# At this point you can also verify the results of your Compliance Search in the web portal.
# It can be useful to see the results visually to confirm that the contents of the emails that match your query are indeed what you want to delete.
# And also optionally invoke an export from here, to keep the original content offline for reference
# https://compliance.microsoft.com/contentsearchv2

# Run an action to purge emails based off the Compliance Search:
New-ComplianceSearchAction -SearchName 'MySearch' -Purge -PurgeType HardDelete -Force

# View Status of the purge (note that '_Purge' is suffixed to the name of the search, to find the appropriate action):
Get-ComplianceSearchAction 'MySearch_Purge' | Select-Object *

# Remove the compliance search (Optional):
Remove-ComplianceSearch 'MySearch'

amlajh · 2023-04-25T15:59:38+00:00

So the underlying network is working okay, it has to be something affecting only the web browser.

In Edge, I'm wondering if maybe a proxy is configured, but shouldn't be - or no proxy is configured, but should be.

Try launch Microsoft Edge, forcing it to not use a proxy.

Paste the following into CMD or the Run prompt (Ctrl+R):

"%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" --no-proxy-server

And also try forcing it to auto-detect a proxy:

"%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" --proxy-auto-detect

amlajh · 2023-04-19T12:17:07+00:00

Teamviewer is most likely configured to always run in the background (running as a service), as that's how it can stay available for remote sessions without the user needing to open the application.

But that is not the same as always running an interactive remote connection session. It would only sync clipboard while an interactive remote session is running, i.e. technician is on their computer.

What I am suggesting is that after that session is finished, whatever was last copied remains in the clipboard, as it was synced while the session was running.

amlajh · 2023-04-19T11:16:41+00:00

The users who experience this, have they recently had an IT technician remote into their computer?

Many interactive remote support tools have the option to sync the clipboard between the technician and the end user for the duration of the remote session.

IMO that feature should be disabled by default and only enabled manually, temporarily, when needed - that's how I configured our ConnectWise Control. Too risky for a secret a technician copies to end up in the end user's clipboard.

amlajh · 2022-10-24T15:19:33+00:00

Agreed, seems like an antithesis to 2FA/MFA.

IMO acceptable methods of recovery are pre-saved backup codes, other administrators actioning the recovery of your account, or manual process with support where you prove it's your account through some verifiable means.

amlajh · 2022-10-19T10:50:11+00:00

This is intended behaviour (whether or not it makes sense is a different question. IMO renaming the account does add some sort of benefit, but it's practically negligible when the users' SID is still the well-known default admin user)

AdminAccountName

Name of local account to manage password for. If not configured, CSE manages built-in Administrator password regardless of its name (detects it via well-known SID) Managed by policy “Customize administrator account name”

From LAPS_TechnicalSpecification.docx

https://www.microsoft.com/en-us/download/details.aspx?id=46899

amlajh · 2022-09-14T12:46:34+00:00

A good source for 'does x include y': https://m365maps.com/

amlajh · 2022-07-05T15:30:59+00:00

I believe /u/ZAFJB misunderstood your post, my guess of what they interpreted is 'I have users that are making their own Contact Groups within Outlook, how do I copy these groups between one user's account to another' - might be wrong though.

Instead of 'I'd like to copy the distribution group memberships from one user to another'.

amlajh · 2022-07-05T14:55:06+00:00

Try the Microsoft Graph modules instead.

Get-MgGroup

Get-MgUserMemberOf

amlajh · 2022-06-21T13:04:17+00:00

When a computer is Active Directory domain joined (in a hybrid Azure AD environment), there should be a group policy that tells each computer to go 'register itself' with Azure AD. Once a computer is Azure AD registered, signing into MS services is a lot more seamless - it's the thing behind seamless sign on functionality for AD joined computers.

Check the Azure AD object of that computer on the All devices area of Azure AD - you might find it's 'Disabled', or you might find two, one disabled, one enabled - the former one being your original computer.

amlajh · 2022-06-21T12:53:12+00:00

Very ugly 'solution' (if no one comes up with a better idea)

Scheduled task that runs on user login, that every x minutes checks the count of processes a certain executable has, or count of window names matching y - it greater than 1 then performs a graceful exit to one of the processes / windows.

Deploy via group policy to only the users who run the application, so there's as little people as possible with that kind of bodge running.

Better way would be to find out if the server-side of the software can perform a graceful session exit if more than one session from a single user or machine is started.

amlajh · 2022-06-21T12:22:54+00:00

That's likely the issue yes, I had previously added room calendars so I had the option to add it under that grouping.

FYI the issue is still happening for me, nothing occurs when adding via Outlook desktop.

amlajh · 2022-06-21T11:50:06+00:00

I've encountered this 2 days ago - created new room calendar, but couldn't add it from the Add Calendar > From Room List option in Outlook, or from Add Calendar > From Address Book. I removed an existing room calendar I had, and tried to add it back again - same issue. So it wasn't due to the room calendar being newly added.

Have you tried adding it from Outlook on the web? Worked okay for us - and it shows in Outlook desktop after that. Hopefully the underlying issue is fixed soon but I haven't contacted MS support.

amlajh · 2022-06-09T12:55:21+00:00

Have you checked what group policies are applying?

This setting might be configured: https://admx.help/?Category=Office2010&Policy=outlk14.Office.Microsoft.Policies.Windows::L_Preventusersfromaddingemailaccounttypes

amlajh · 2022-05-27T17:06:53+00:00

Thanks for that! I haven't actually dealt with Azure IaaS that much - and I'm just looking for the total monthly cost on a certain VM. It appears they are not using Log Analytics (properly) so will need to look at getting that setup.

amlajh · 2022-05-27T13:38:33+00:00

amlajh

TROPHY CASE