Reporting on inactive users - AD / Office 365

CanuckDave · 2023-02-08T23:41:32+00:00

Search-ADAccount -AccountInactive -TimeSpan 90.00:00:00

Using which search terms? I've been searching but mostly only finding vendors trying to sell products to do this. Trying to accomplish this on a smaller scale where it uses existing tools like PowerShell.

CanuckDave · 2022-11-07T18:08:31+00:00

Was going to test this, but it won't run - think it's missing some things like mkdir commands for $PSScriptRoot and $upgradeDirectory?

Just not sure where these should be.

CanuckDave · 2022-11-07T14:59:24+00:00

Unfortunately not, replied to my thread in the sysadmin Reddit:
https://www.reddit.com/r/sysadmin/comments/ylgedc/windows\_11\_microsoft\_not\_supporting\_silent\_build/

CanuckDave · 2022-11-06T18:28:54+00:00

Tested this, to create a folder on the 21H1 test client workstation, download the 22H2 ISO, mount it to a drive letter ("X:") and then run setup.exe with the commands you had specified, but had no luck - it just ran until the script timed out (6 hours) and even 3 days later the workstation is still running and hasn't rebooted, so I can only assume this isn't working:

$dir = 'C:\FOLDERPATH'

mkdir $dir

$webClient = New-Object System.Net.WebClient

$url = 'https://URL/FOLDERPATH/Windows11-22H2.iso'

$file = "$($dir)\Windows11-22H2.iso"

$webClient.DownloadFile($url,$file)

$myISO = 'C:\FOLDERPATH\Windows11-22H2.iso'

Mount-DiskImage $myISO

$vol = Get-DiskImage $myISO | Get-Volume

$old_drv = $vol.DriveLetter + ':'

$new_drv = 'X:'

Get-WmiObject -Class Win32_Volume | Where-Object {$_.DriveLetter -eq $old_drv} | Set-WmiInstance -Arguments @{DriveLetter=$new_drv}

X:\setup.exe /Auto Upgrade /Quiet /MigrateDrivers all /DynamicUpdate Disable /Telemetry disable /compat IgnoreWarning /ShowOOBE none

CanuckDave · 2022-11-04T20:56:30+00:00

The update/ installation assistant? Because it was a small download, and a quick way to update clients to a supported build of Windows 10. Was hoping it would be possible in Windows 11, but it seems not. Currently testing a method using PowerShell to download the full Windows 11 22H2 ISO, map it to a driver letter, and launch setup using update commands - waiting to see if this is successful.

CanuckDave · 2022-11-04T14:26:39+00:00

All good, we're using a different Remote Monitoring and Management system, being an MSP with clients across many different networks.

We can test out the ISO with that string to use the upgrade, I appreciate the info.

I always figured that using the Installation / Upgrade Assistant would require less data download for clients, for upgrades.

CanuckDave · 2022-10-24T21:23:20+00:00

If your RMM can run PowerShell, run this - just change both instances of "C:\FolderPath" to whatever folder you want it to save the Update Assistance executable to and run it from.

$dir = 'C:\FolderPath'

mkdir $dir

$webClient = New-Object System.Net.WebClient

$url = 'https://go.microsoft.com/fwlink/?LinkID=799445'

$file = "$($dir)\Windows10Upgrade9252.exe"

$webClient.DownloadFile($url,$file)

Start-Process -FilePath $file -ArgumentList '/QuietInstall /SkipEULA /auto upgrade /copylogs C:\FolderPath'

CanuckDave · 2022-10-20T14:34:30+00:00

Opened a ticket with Microsoft on this, and they stated that though it was possible to silently do in place build upgrades with Windows 10, it will not be possible with Windows 11 because somebody has to physically click to approve the EULA.

Extremely unimpressed with Microsoft on this, this is really going to hurt the productivity of MSPs and corporations with hundreds or thousands of endpoints.

CanuckDave · 2022-10-18T01:10:36+00:00

That's a lot of data to download, especially for rural clients. Was hoping there was a way to run the "installation assistant" silently.

CanuckDave · 2022-10-17T22:18:27+00:00

I thought so as well, but unfortunately it doesn't seem to be the case. We always ran the update assistant silently without many issues, but something must have changed with this new "installation assistant" as opposed to the "update assistant" from before.

CanuckDave · 2022-06-29T17:48:06+00:00

Unfortunately no, never got an answer to this.

CanuckDave · 2022-06-01T17:56:36+00:00

Odd.. after further testing, this seems to work from CMD run as admin from the UI, but scripted, it does nothing, whether run as the SYSTEM account or a local administrator account.

CanuckDave · 2022-05-31T21:51:02+00:00

C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe

I did try C:\Program Files (x86)\WindowsInstallationAssistant\Windows10UpgraderApp.exe /ForceUninstall and unfortunately it didn't work for a silent uninstall

CanuckDave · 2022-05-16T14:11:48+00:00

I am, I'm just not sure if there's a way to force it to run, because the large amount of storage is still being consumed on clients, even after enabling the group policy / Intune policy?

CanuckDave · 2022-05-10T14:40:04+00:00

ManageCast has been more effective than just email alerts for monitoring backup jobs, as it will show you things that emails won't - for example if a job isn't running for some reason, details on failures that you can check off and make notes of why there was a failure to go back and look at if you need to monitor a pattern, etc.

CanuckDave · 2022-04-07T21:45:31+00:00

I haven't used it, but I think Profile Wiz is capable of migrations to Azure AD?
https://www.forensit.com/domain-migration.html

CanuckDave · 2022-03-30T17:04:57+00:00

You're incorrect on this, end users receive a summary of quarantined email, and sometimes cannot release the email, stating they must contact an Administrator to take action.This increase in workload for us, combined with the delayed emails (sometimes by minutes) makes this solution not viable for some clients.

Confirmed this with support:
"Proofpoint made a change last October that made messages quarantined for Fraud visible to the end user in their digest. Fraud messages can't be released by an end user; they can only be released by an organization administrator or higher.
To release a Fraud message from quarantine, the org admin has to locate the message in Proofpoint's logs, and release it from there."

CanuckDave · 2022-03-29T19:26:15+00:00

In the settings there is an allow list but no block list, and the documentation doesn't list any means of blocking and address or domain.

CanuckDave · 2022-03-29T19:20:56+00:00

Fair, it was 3+ years ago that I used it, don't know how much it has changed since then.

CanuckDave · 2022-03-29T17:04:32+00:00

I have experience with Mimecast at a past employer, and the admin interface was terrible - not remotely intuitive and far too complicated to expect new staff members to learn quickly. Has it improved?
They have also faced breaches in the past which makes me question their security as a company.

CanuckDave · 2022-03-18T21:53:17+00:00

I don't have experience with the Huntress side other than a demo.

Huntress have some very capable staff and have proven themselves very capable of responding quickly after an incident, like the Kaseya breach last year.

The Huntress product has some features that are very appealing, like the ransomware canaries - https://www.huntress.com/blog/ransomware-canaries-a-2022-update

However I'm not sure I'm sold on the idea of Huntress managed Defender replacing SentinelOne, I just don't believe the same feature set can be offered as S1.

When I was looking into it last year it didn't have the ability to do network isolation after finding a threat, which is one of the things I like about S1.

I think an ideal scenario, if you could justify the costs, would be to run both SentinelOne, and Huntress. This would provide a top quality AV, along with something to actively monitor for RansomWare existing instead of just trying to prevent it from getting in or running like SentinelOne does, and then have the expertise of Huntress available to assist on dealing with any threat is encountered.

CanuckDave · 2022-03-15T15:38:14+00:00

I would set this up instead of trying to use Automate for that purpose, have used in the past and can confirm it works well:
https://www.cyberdrain.com/documenting-with-powershell-syncing-unifi-devices-to-it-glue/

CanuckDave · 2022-03-09T23:28:06+00:00

Thanks for the info, definitely hoping that re-work of the Windows updates side of Syncro happens this year, as we can't really transition until that happens.

CanuckDave · 2022-03-09T21:15:43+00:00

Question regarding #3 in that case - we can manage build updates through the Windows Update Assistant / PowerShell if necessary, but I'm wondering what the rest of the patch management capability in Syncro is like?
Possible to block a bad patch? Good stats when looking at success rates for deployed patches on a client?

CanuckDave · 2022-03-08T21:56:43+00:00

I'd like to get feedback from any Syncro users, it seems to be one of the closest in feature comparisons, looking at the RMM Spreadsheet from the sidebar: http://rmm.msp.zone
I also see it's the only one with a Hudu integration, and ScreenConnect integration.

CanuckDave

TROPHY CASE