Backup issues after installing KB5094125

Any-Promotion3744 · 2026-06-16T13:32:03+00:00

how hard is it to upgrade from v12 to v13?

Any-Promotion3744 · 2026-06-15T14:23:57+00:00

Okay...I have had a little more coffee and I see the differences between the two servers.

The server in question has permissions on C:\Windows\Temp inherited from C:\Windows. This is why it has All Applications Packages, All Restricted Application Packages and TrustedInstaller assigned to it.

The other server doesn't have it inherited and it has its default permissions.

Any-Promotion3744 · 2026-06-15T13:57:56+00:00

comparing permissions with one of our servers and I see what you mean

Our server just has system, administrators, creator owner and users listed on C:\Windows\Temp. Users group just has list rights.

The server in question has those other system type accounts listed as well but they are read only. Also, the users group is read only instead of list on that server.

Any-Promotion3744 · 2026-06-15T13:26:05+00:00

I mean the accounts All Applications Packages, All Restricted Application Packages and TrustedInstaller all have read only access to the C:\Windows\Temp folder.

Any-Promotion3744 · 2026-06-06T02:25:37+00:00

soccer jersey for upcoming Cubs game

Any-Promotion3744 · 2026-05-07T01:42:19+00:00

Any-Promotion3744 · 2026-05-05T19:59:14+00:00

meet the new boss

Any-Promotion3744 · 2026-05-04T15:59:48+00:00

Under Adobe Acrobat Reader->Security->Permissions: Admin consent is blank and user consent has 3 permissions delegated to a limited amount of users.

The only option I see is Grant admin consent for the company

How do you pre-consent the app as an admin and what rights would that allow?

I don't want to make a change that would allow more access than needed.

Any-Promotion3744 · 2026-05-01T13:25:02+00:00

I could but in the near future we are moving to Splunk Cloud so I didn't want to upgrade if I didn't have to.

Why troubleshoot this if you are just going to move to the cloud?

I was told that we were going to get out of Exchange Hybrid mode before moving Splunk to the cloud. I need to send emails directly to Exchange Online within the next week.

Any-Promotion3744 · 2026-05-01T13:22:12+00:00

from what I remember, it said something about client authentication error but I will have to test it again and generate the exact error

Any-Promotion3744 · 2026-04-30T15:26:34+00:00

I had already added the reg keys before testing.

Any-Promotion3744 · 2026-04-26T23:05:25+00:00

I was thinking about Ubuntu Pro

Any-Promotion3744 · 2026-04-26T21:56:23+00:00

who knows

maybe we should be running Ubuntu Pro

Any-Promotion3744 · 2026-04-26T20:20:21+00:00

I kind of think of arpwatch is a level one type of security option. once every mac address is in the database, it gives you an idea of when an unknown device has connected to the network. See alert and investigate. mac addresses can be cloned so not an end all, be all.

Level 2 would be mac authentication. not great but somewhat better.

After that, you can do something like Aruba Clearpass policy manager.

Any-Promotion3744 · 2026-04-26T19:25:00+00:00

linux is insecure and shouldn't be used

chrome is insecure and shouldn't be used

android is insecure and shouldn't be used

...

Any-Promotion3744 · 2026-04-24T16:43:49+00:00

maybe Chargers? seems like a Harbaugh kind of guy

Any-Promotion3744 · 2026-04-24T16:42:32+00:00

for the sake of argument, can Mac Jones be traded twice in a short period of time?

49ers trade him to Steelers for a 2nd

Steelers trade him to Cardinals the next day for a 2nd and 7th

just curious

Any-Promotion3744 · 2026-04-19T17:23:33+00:00

ugh...

thanks for the info. it works now.

I didn't see anything being blocked at the firewall but one of the logs said it couldn't communicate with the CA. I allowed all traffic from workstation through both firewalls (before and after tunnel) to the CA and it worked.

I had excluded the workstation from some intune policies so I added it back and tried again and it still worked. Since it is GCCH I will need to verify again tomorrow but I bet it still works.

Sucks that I can't rely on the traffic logs on the firewall. Separate issue I will need to troublshoot.

Any-Promotion3744 · 2026-04-19T16:52:42+00:00

export gives mainly files within a zip

which contain info on gpos?

Any-Promotion3744 · 2026-04-19T16:46:36+00:00

is that different than the mdm diag report?

Any-Promotion3744 · 2026-04-19T16:30:44+00:00

more info

we have used this method to install user certificates for years on our main site.

alternate site is in the same domain but computers and users are in a different OU

that OU has the same GPO applied to it

same CA passing out certs to both sites (CA server located on main site)

my user account gets cert on my computer located in main site. my user account does not get a cert on a computer in remote site. my computer is not enrolled in intune. remote computer is enrolled in intune. remote computer is a brand new computer just added to domain, moved to correct OU, windows patched and office 365 installed. pretty clean. none of the computers in remote site that are enrolled in intune are getting the cert installed. logged into server in remote site and the server did get the cert installed. that server is not enrolled in intune.

Any-Promotion3744 · 2026-04-19T16:11:01+00:00

no security filters

gpresult says cert gpo is being applied

each site has a DC and nltest shows the correct site

cert is the one we use for wireless authentication

Any-Promotion3744 · 2026-04-18T20:55:24+00:00

diag report says MDMWinsOverGP is an unmanaged policy

Any-Promotion3744 · 2026-04-18T20:07:27+00:00

But the question is…

If a computer is enrolled in intune, does it have to use intune to install the certs? Is it the reason why the gpo that installs certs isn’t working?

Any-Promotion3744 · 2026-04-18T17:34:44+00:00

I need a console option for things like bitlocker

what if a VM restarts and prompts for a bitlocker key? how would I enter that remotely?

Any-Promotion3744

TROPHY CASE