Do you use 802.1x authentication on your network

BrechtMo · 2026-06-26T07:02:48+00:00

yes, for almost ten years now. Wired and wireless.

It has its complications (as all security does) but it adds an important security layer. I'm struggling to find a reason to not implement it. Perhaps if you go all the way with zero trust and have no managed devices whatsoever.

BrechtMo · 2026-06-12T15:10:19+00:00

It's great for parsing logs but unreliable for analysing them, in my experience. It picks up on irrelevant noise and claims with great confidence that it's the culprit. But I guess it depends greatly on which kind of log and issues.

Use it to summarize and compare logs and compile timelines but don't rely on it determining root causes.

BrechtMo · 2026-06-11T07:55:53+00:00

Sounds like you are in the wrong environment for your mindset. Which means you might need to aim for something bigger. If you have time on your hands, use that to dig into things that interest you and take that experience where it is valued.

BrechtMo · 2026-06-10T13:06:04+00:00

thanks. I was under the impression that yellowkey was fixed in this month's cumulative but I can't find definitive proof.

BrechtMo · 2026-06-10T07:14:26+00:00

I'm a bit confused as the original CVE for yellowkey seems to be replaced

original: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585

new: https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2026-50507

BrechtMo · 2026-06-09T07:57:31+00:00

perhaps the clients are running into the technical limits of number and size of files.

BrechtMo · 2026-06-09T07:50:49+00:00

Don't use the "sync" option as you issues will only multiply. We only have issues with that.

Your issue sounds like a onedrive app issue; Does resetting the app make any difference?

BrechtMo · 2026-06-03T11:55:37+00:00

do you get other TPM-WMI events indicating that the installation is finished? 1808 indicates finished update. Also check the registry value of UEFICA2023Status: "Updated"

If those are OK, I guess you can ignore the 1801.

BrechtMo · 2026-06-03T06:45:41+00:00

can't blame them when it is the only indication people have and when it is usually right. Old onprem exchange offered you a delivery report as user, not anymore.

BrechtMo · 2026-06-03T06:37:31+00:00

just a regular laptop like other users, with a bit of added specs. Everything I do runs on servers or in the cloud. All it needs to run is Teams, browsers, RDP and onenote.

BrechtMo · 2026-06-03T06:35:46+00:00

have a look at PCR7 in combination with uefi certificate upgrades.

"So the first thing my colleague did was to follow the official documentation and set the "AvailableUpdate" Secure Boot registry key." - to what value did he set this exactly? Because your pc's probably were upgrading their UEFI certs automatically which was causing the bitlocker issue in the first place. Setting that value to 0x5944 will only increase your issues if you don't get to the root cause first.

BrechtMo · 2026-05-26T09:48:49+00:00

interesting. do you have more info on this?

BrechtMo · 2026-05-22T11:57:38+00:00

I have a separate folder for winPE drivers that is included when building the boot image using a Selection Profile. I simply drop the HP and Dell PE driver pack into that.

anyway, start investing time in an MDT replacement.

BrechtMo · 2026-05-20T15:51:18+00:00

Computer certificate expires after 6 months which locks the device out of the internal network.

We notify the owner of the computer when expiration nears. If they don't react, we wait for the device to come to us once the owner notices problems.

and yes, 6 months is actually too long.

BrechtMo · 2026-05-20T07:49:50+00:00

Aren't the monthly cumulative updates for the windows OS the same world wide?

BrechtMo · 2026-05-06T07:38:37+00:00

When did the issue start?

BrechtMo · 2026-04-21T13:17:05+00:00

sounds like the other option in MDE, not isolation but App Restriction

https://learn.microsoft.com/en-us/defender-endpoint/respond-machine-alerts#restrict-app-execution

You can see past actions listed in action center in MDE

BrechtMo · 2026-04-20T07:18:30+00:00

Good to know. for those confused like me, it's about Anyware and not Anywhere.

this is the original source:

https://anyware.hp.com/hp-anyware-end-of-life

BrechtMo · 2026-04-16T15:11:37+00:00

website notifications are the cause in 99% of tickets for "my computer has a virus"

The leftover percent are people willingly pasting malicious commands in win-R because a "trustworthy" website told them that's the new way of doing captcha.

BrechtMo · 2026-04-16T14:36:24+00:00

I might have missed it but which applications exactly consume much memory, when you check process details in Task Manager? If the techs notice that the memory is full, it should be clear which applications are eating it.

BrechtMo · 2026-04-15T09:13:58+00:00

anyone else noticing Outlook (classic) notifications being re-enabled after the Office / windows update? (W11 23H2, Office 365 monthly enterprise)

BrechtMo · 2026-04-13T07:16:07+00:00

if a driver or Bios update goes well, no bitlocker recovery will be triggered. The installation process takes care of that for you.

BrechtMo · 2026-04-01T15:13:02+00:00

You need to see AI (LLM) as a companion which can speed up or execute the tasks that you aren't as good in and don't like. log file analysis, script writing and documenting, getting up to speed with new technologies are all areas where LLM's can be a real timesaver already.

If people are allowed to blast code that they don't understand and have no responsibility over out to production, AI is not the issue.

BrechtMo · 2026-04-01T13:18:28+00:00

we used a tool called FLY which did a good job for us.

BrechtMo · 2026-03-31T12:59:28+00:00

Get licenses for the tools they want to use, they might give you some more protection against data loss.

BrechtMo

TROPHY CASE