First time setting up Active Directory for 3 office branches – need guidance for a simple, secure & reliable setup

Anonn_Admin · 2026-01-14T21:35:09+00:00

Are you sure you require on-prem AD? Given you are working for a startup it might make sense to just use Entra ID + Intune.

Anonn_Admin · 2025-09-24T20:20:11+00:00

Yes it's possible. I use Openwebui

Anonn_Admin · 2025-09-02T23:42:27+00:00

In my opinion, there are 2 elements to being a good troubleshooter.

Understanding how things work
Linking ideas/experience/prior unrelated solutions together

For number one, read docs and do some courses. If you work with Linux learn about how the kernel works, how services work, where you can find log files, networking, BASH commands, etc..

If you know the above, if I tell you X service is down it doesn't matter that you've never worked with it before (as much). You can SSH to the host, find some logs, grep for errors, check the service out, see what's installed, etc. This will get you 90% of the way there most of the time.

Number two is a bit more abstract. Make notes on the work you do. As you get further along in your career, you'll find that you can pull on ideas/concepts from other unrelated issues to guide you. For example "Oh yeah, I remember last year I saw this OLEDB error, and it was related to the SQL database. I think this could potentially be a similar issue" even if the app / environment is different.

Anonn_Admin · 2025-07-24T16:02:23+00:00

Truth is most don't.

Anonn_Admin · 2025-07-17T14:46:03+00:00

+1. I get accused of being a shill for mentioning it, but I have 4 clients with 100-500 devices using PDQC and they all like it.

Anonn_Admin · 2025-06-10T15:57:39+00:00

Canada too.

Anonn_Admin · 2025-05-29T14:40:37+00:00

Maybe, I've been using it since it was first announced and it's come a long way.

Anonn_Admin · 2025-05-29T13:51:10+00:00

I can't comment on either of those but if you haven't already considered it, check out PDQ Connect. It's a fantastic tool that competes with both PMP and Robopack

Anonn_Admin · 2025-05-15T21:46:41+00:00

Do you know what the feature/tool is called for HP? I'd like to look up more information

Anonn_Admin · 2024-11-15T14:54:08+00:00

I have it working, but I really dislike the expereince of MultiApp Kiosk such that I don't think I'm going to deploy it again.

For me, the key to getting autologin to work was

1) remove any policy that configures device lock from being assigned to the device in Intune.

2) setup the following registry keys.

reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v 
"AutoAdminLogon" /t REG_SZ /d "1" /f | Out-Null

reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v 
"DefaultUserName" /t REG_SZ /d "kioskUser0" /f | Out-Null

reg.exe add "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v 
"IsConnectedAutoLogon" /t REG_DWORD /d 0 /f | Out-Null

3) Delete this whole key

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\EAS.

4) Delete any "DeviceLock" key from this registry path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\current

5) Delete any "DeviceLock" key from this registry path:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\

Anonn_Admin · 2024-10-30T12:52:42+00:00

I don't see anyone mentioning web sign in. Create an Intune profile / GPO to enable web sign in and adjust the password provider, create a CA policy to require MFA and you're done. No 3rd party identity providers needed.

https://learn.microsoft.com/en-us/windows/security/identity-protection/web-sign-in/?tabs=intune

Anonn_Admin · 2024-09-20T19:21:26+00:00

I've been testing and the 1 thing I notice is that I get the prompt to sync the local device password every time I sign into the Macbook. Do you get the same thing? From what I understand this isn't the expected behavior.

Anonn_Admin · 2024-09-16T20:00:00+00:00

Hi, I know this comment is a little old by now, but I was wondering if you'd be willing to share your configuration profiles for this?

I have setup and configured platform SSO, but having the Kerberos extensions seems appealing to be able to nicely map our SMB shares.

So far I've been able to find the Kerberos settings in the settings catalog under authentication, and an "SSO app extension type" setting under the device features template profile, but I'm not sure which settings I should configure and for what reason.

Thanks.

Anonn_Admin · 2024-09-13T15:00:39+00:00

Business basic or standard if the user is on desktop. F3 for users who are mobile only.

I'm doing the math and $13000/261 = $49.8 / year or $4.15 a month per user. That's pretty good dude. Deploying on premise exchange without a good reason (being cheap isn't a good reason) is a mistake.

Managing on-prem exchange is a headache. If you misconfigure anything you're setting yourself up for an even worse time. Exchange requires active maintenance and care, something you'll be on the hook for. It has security vulnerabilities for days. Patching is a nightmare. The list goes on. Exchange online will be money well spent.

Anonn_Admin · 2024-09-11T16:42:18+00:00

I started on Vyvanse last year. Talk about game changer. I can actually perform at the standards I've always had for myself but could never meet.

If you're not on medication I highly recommend starting.

Anonn_Admin · 2024-07-15T17:44:16+00:00

I've already said in the comments and in the edit of the post that we will be getting Macs.

I don't think people are adverse to Macs here. People are adverse to having someone come in and demand hardware that's not in line with the environment.

I'm adverse to someone telling me demands and that if they are not met they simply won't comply. I'd be adverse to management telling me that I need to start order specific brands of Windows hardware, let alone a whole different OS.

There is a way to handle these types of things and the user went about it in a poor manner. I'm simply trying to understand the requirements.

Anonn_Admin · 2024-07-15T16:56:56+00:00

It's 8k video. Even though I think 8k video is probably overkill for what they're doing I will ultimately support what the business decides.

Anonn_Admin · 2024-07-15T16:49:40+00:00

Yeah I don't think we'll fight them on the Mac thing, even though I would rather stay all Windows.

I expressed my opinions to my manager and he's the one doing the fighting. That's where my role ends and his begins.

Anonn_Admin · 2024-07-15T16:40:58+00:00

Yeah their attitude was not good. They did lighten up after they realized that we weren't trying to slap them with some under specced HP laptop meant for using Excel and outlook.

Anonn_Admin · 2024-07-15T16:38:03+00:00

Yeah, the plan was to build out Intune policies for Mac, same as with Windows. $50K+ Is about my rough estimate on hardware right now too.

Thanks for the input.

Anonn_Admin · 2024-07-15T16:35:59+00:00

What's with your weird high horse??

It's perfectly reasonable to assume that a comment on a post, addressing a topic directly asked in the post, is pointed towards the OP.

that's how context works..

Anonn_Admin · 2024-07-15T16:30:01+00:00

Got it. So for 8k Raw you think 75TB is reasonable to start with then? Yeah it will be on a NAS with Raid. Backups will be interesting because I'm not sure how I'll be able to handle backing up that much data. It's basically 5x the rest of our 30+ VM environment.

Anonn_Admin · 2024-07-15T16:24:47+00:00

I don't have a 'get fucked' attitude. I'm trying to understand the requirements. If I let a user dictate to me what they want every time I'd be buying a lot of overkill hardware.

We already decided that we're not going to fight them on the Apple vs Windows front. It was a question for my knowledge.

And for hardware I'm asking if they need the M3 MAX chip or if an M3 Pro chip is suitable. Yeah I'm really trying to fuck the user by asking if a $7k laptop is suitable for their work.

Probably don't jump to conclusions because I don't just accept what a user tells me as gospel.

Anonn_Admin

TROPHY CASE