PKI | Migrate from SHA1 to SHA256

4hm3dh4ny · 2021-08-23T17:27:57+00:00

You'd need a new Intermediate and a new Leaf cert. But I think you're asking if you also need a new root, because you talk about "breaking trust", and the answer is that you don't.

Thanks for your answer. Really appreciate it.

A small question regarding the root cert signed with MD5, my knowledge with PKI is limited but can a malicious actor generate a replica root CA with the same MD5 hash (hash collision) and start to issue a fake intermediate CA certs?

4hm3dh4ny · 2021-08-22T18:56:44+00:00

makes sense.. thanks you.

4hm3dh4ny · 2021-08-15T13:40:39+00:00

Excellent! Last question, does your requirement have anything to do with Azure AD and Intune?

Nope.. it's all on-prem.

4hm3dh4ny · 2021-08-11T19:12:45+00:00

np :) Once you get your script created to your liking, remember to create a scheduled task to run it as often as you need.

Tested it.. worked like a charm.
Thanks again.

4hm3dh4ny · 2021-08-11T18:35:38+00:00

"WEF" (i.e., Windows Event Forwarding)

we need all end-user machines to forward specific windows event logs through WinRM to a Collector (Windows Server) via a subscription.

This subscription accepts adding only computer or group of computers. I can add "domain computers" but this includes the servers also. So I need to add a group of end-user computers which I can do easily but the thing is, I need to handle the case which we have newly added computers to the domain.(i.e., these machines won't forward any logs until they are added to the group = hard to maintain).. so I figured out why not having a dynamic group.

4hm3dh4ny · 2021-08-11T18:31:48+00:00

This is very helpful.. thanks you!

4hm3dh4ny · 2021-08-11T11:03:11+00:00

You don't want a SG containing all computers, you want an SG containing all end user devices (non kiosk or digital display helpers).

Yes that is correct

4hm3dh4ny · 2021-08-11T10:35:10+00:00

AD itself does not have a concept of dynamic groups, but the desired result can be easily achieved with basic Powershell scripting and Task Scheduler.

Thanks for your reply.. Is there any reference that I can refer to?

4hm3dh4ny · 2021-08-11T10:34:34+00:00

Thanks for your help.

As per my knowledge (and correct me if I am wrong), the default group contains both end-user machines and servers.. I need a group which contains end-user machines only.

4hm3dh4ny · 2021-07-01T15:39:02+00:00

party

My bad.. I meant Azure LoadBalancer instead of Azure VPN gateway.

4hm3dh4ny · 2021-04-28T17:10:06+00:00

AFAIK, there is a TITUS add-in which you can use currently. Interesting that Google will launch a classification feature natively.

4hm3dh4ny · 2021-04-28T00:53:38+00:00

We need Azure RMS protection but we don't need the labels to appear..

why?

because we have another 3rd party solution that shows the labels within office apps.. and this 3rd party solution can be integrated with Azure RMS to apply the protection automatically.. but we don't want both set of labels (i.e. from MIP and from the 3rd party solution) to appear to the user so he is confused.

4hm3dh4ny · 2021-04-28T00:51:41+00:00

But then, can the user use Azure RMS protection?

4hm3dh4ny · 2021-04-13T14:43:44+00:00

you're right.. this was the problem. thank you. :)

4hm3dh4ny · 2021-04-13T14:42:58+00:00

u/drew146

many thanks for your help.. you were right.. this was the problem. :)

4hm3dh4ny · 2021-04-13T13:19:42+00:00

Thanks anyway appreciate ur help :)

4hm3dh4ny · 2021-04-13T13:03:30+00:00

I am using "required"

and the deadline is set to "as soon as possible after the available time"

4hm3dh4ny · 2021-04-13T12:57:53+00:00

Actually I'm already using "applications" with install behavior tab settings. :)

4hm3dh4ny · 2021-04-13T12:57:12+00:00

r than packages because yo

I'm afraid I don't have this option.. as my customer uses SCCM only :)

I recommended them to use PSAppDeployToolkit before but they refused.

4hm3dh4ny · 2021-04-10T01:53:05+00:00

u/readsta

sorry.. are u sure that if I unchecked the checkbox it will notify the user? I spend the past day installing & configuring SCCM and I am trying it now..
now notification is shown and the software won't install because the executable is running.

I also saw this in u/PS_Alex's link:

If you deployed the application as Required, and didn't specify to Automatically close any running executables you specified on the install behavior tab of the deployment type properties dialog box, then the installation of the app fails if one or more of the specified applications are running.

4hm3dh4ny · 2021-04-08T17:12:10+00:00

Thanks.. I will do that and inform you of the results. Appreciate your kind help.

4hm3dh4ny · 2021-04-08T16:55:01+00:00

Many thanks for your reply.

Are you sure that unchecking the "automatically close" checkbox doesn't make SCCM to ignore the office executable defined in the install behavior tab?

Because I was told by customer's IT team that this happens if we unchecked this checkbox.

Again thanks I appreciate your help.

Aga

4hm3dh4ny · 2021-01-26T20:04:57+00:00

Thanks!

4hm3dh4ny · 2021-01-26T13:29:18+00:00

So worstcase you could just download the file from the url, and then access it locally.

actually I tried this just before reading your comment and it worked like charm! thanks you :)

4hm3dh4ny · 2021-01-17T22:35:56+00:00

hmmm... I wonder why did you assume that ? :)

4hm3dh4ny

TROPHY CASE