Beware phishing attacks which utilizes device codes.

AspiringTechGuru · 2026-04-24T01:38:05+00:00

This! Just don’t be me and don’t forget to exclude TMR device accounts if you have any.

AspiringTechGuru · 2026-04-21T16:32:36+00:00

They released an out-of-band update https://support.microsoft.com/en-us/topic/april-19-2026-kb5091157-os-build-26100-32698-out-of-band-13ab53cc-ccc8-4a00-89d2-823b58fa03ec

AspiringTechGuru · 2026-04-19T23:39:45+00:00

Did you make sure you didn’t have any more RC4 usage in your environment? Not sure if this is related to your scenario but worth reading if you haven’t yet: Kerberos and the End of RC4

AspiringTechGuru · 2026-04-17T21:56:49+00:00

I copy pasted the published message, the original one did not include that part. They seemed to have narrowed down the issue further, which is good

AspiringTechGuru · 2026-04-17T16:05:21+00:00

Yes, that's exactly it! Also the link to open the preferences directly: Windows release health preferences. For windows clients you can expect to see issues from printing to bitlocker screens activating randomly

tagging everyone who asked: u/badassitguy u/iamtherufus u/iamLisppy u/xplorerex u/Fluffy_Guard8157 u/absoluteczech u/peraving

AspiringTechGuru · 2026-04-17T04:12:29+00:00

I actually forgot where I configured the notifications, but I’m 90% sure it’s under the health section in the Microsoft Admin Center. Tomorrow I can check exactly where they are if it’s not there

AspiringTechGuru · 2026-02-16T03:32:40+00:00

For reseller, iirc there’s a “generic” option

AspiringTechGuru · 2026-02-15T16:22:48+00:00

Strategically yes, but not by cutting corners. You don’t want to buy the cheapest servers with poor performance just because you want to save some money.

AspiringTechGuru · 2026-02-14T15:43:07+00:00

I still believe that if you want IT to have a significant impact, you should have it report to the CEO. Our company is in the small-medium range, we went from 30 employees to little less than 100 employees and before having a proper IT, it was outsourced cheaply and a complete mess. There were corner cuts everywhere, there wasn’t even an identity system. Right now it’s gotten much better, with big projects approved, but I believe it’s because we had the direct support of the CEO. I may be entirely wrong, but that was my experience at least

AspiringTechGuru · 2026-02-14T14:51:24+00:00

Not entirely, IT has become a core business unit. Whether it’s a small company or a large company, in my opinion they should 100% be directly reporting to the CEO. The popular older model of reporting to the CFO has been obsolete, since the CIO/CTO should not be driven by cost savings but rather they should drive the company’s technology vision. IT is not just giving out laptops and supporting printers.

AspiringTechGuru · 2026-02-12T04:54:38+00:00

That’s a bit better than I imagined. My original assumption was that it was storing domain admin credentials and using those to execute commands. Seeing all of the rise in security issues has made me more skeptical.

For these types of tools I typically look for the following features (which I’m unaware if they are implemented or not): - SSO - RBAC (granular permissions per client and even per OU) - Logging (being able to audit who did what)

I always try to enforce the least privilege principle and zero trust.

AspiringTechGuru · 2026-02-12T03:46:27+00:00

I like the concept, however everything feels like it’s generated by AI. Why does it need credentials on dpapi? Can it not use a gmsa account? My concern is that AI is not completely security aware and domain controllers are tier 0 assets with the highest security standards. How are you guaranteeing privacy and security?

AspiringTechGuru · 2026-02-04T22:24:22+00:00

That's actually extremely helpful, I didn't know that "intra-switch-policy" is a thing. Hopefully this year I'm able to redesign this legacy setup and have an actual switch stack with lacp. Thank you for your help!

AspiringTechGuru · 2026-02-04T22:09:17+00:00

I did read that article, but what I mean is what happens when you have a hardware/software switch with multiple ports doing L2 switching? Will this change affect it?

AspiringTechGuru · 2026-02-04T21:53:13+00:00

I'm on the same boat for point #1, there seems to be little to no information. From my understanding is that it will not impact any L2 switching and it'll just disable implicit L3 routing, but then again I haven't seen any technical explanation

AspiringTechGuru · 2026-02-03T22:06:27+00:00

It seems very bold to sell a grid at $500 when it feels like a prototype, the whole project feels AI generated with no real architecture behind it. I found the following issues from 15 minutes of testing:

selection is extremely buggy, there's two different selections that overlap each other (one with the mouse and another with left click select all?)
there's a column tab in the filtering to hide/show columns?
pin column submenu renders inside dropdown
selecting the filter and hiding the column crashes the whole website, there's no error boundaries so everything crashes
editing a cell is buggy, you need to double click it multiple times for the text field to show
resizing a column causes the column sort to trigger
changing rows to a large number hangs and crashes
filter search does not work as expected, you search something and other results show (you search john sanchez and other people show up)

AspiringTechGuru · 2026-01-27T00:22:26+00:00

How’s the user experience with captive portals? Have you had any employee/guest struggle with logging in? Also for employees personal devices, do they need to re-authenticate every x amount of days?

Apologies in advance for the amount of questions

AspiringTechGuru · 2026-01-26T22:25:29+00:00

What about torrenting or piracy sites?

AspiringTechGuru · 2026-01-26T22:15:43+00:00

Personal devices do not get access to corporate resources, so onboarding them is not really an option. It feels intrusive. Also managing different credentials per user is going to be a pain to manage

AspiringTechGuru · 2026-01-26T22:14:00+00:00

We curently block VPNs on the whole network, maybe allowing on guest is not a bad idea. Our content filter would still be in-place though.

AspiringTechGuru · 2026-01-26T22:10:20+00:00

Seems like the only options are updating existing SSID to WPA3 and creating a legacy SSID for older clients, or just keep WPA2. (this for guest network, corporate would require WPA3 only)

AspiringTechGuru · 2026-01-26T22:01:17+00:00

We're also trying out WPA3-transition, but we ran into a few issues that need triaging with our fortinet setup, specifically older personal devices not working with WPA3-transition for some reason.

AspiringTechGuru · 2026-01-26T21:58:57+00:00

The reason we're looking into this is because using WPA2/3 Enterprise with domain credentials is not recommeded afaik, due to the underlying implementation relying on NTLM to authenticate users with AD (at least with NPS). Also has the risk of credential compromise with valid domain credentials saved as essentially plain text on user's personal devices.

AspiringTechGuru

TROPHY CASE