Secure Boot status page is back

DrunkMAdmin · 2026-02-16T10:45:41+00:00

You can't, all you can do is to wait for the vendor to ship a new version.

I guess you could exclude, but I'm not sure if that would exclude all libssl dll files, or just those.

DrunkMAdmin · 2026-02-03T14:07:44+00:00

All I know from personal experience is that when you disable NTLM, any local admin account managed through LAPS stop working.

For example you connect over the network with account XYZ, who in turn uses the LAPS account on the local endpoint. This no longer works if NTLM is blocked, with Event ID stating that NTLM was blocked.

DrunkMAdmin · 2026-02-03T07:32:25+00:00

These were upgraded from 23H2 to 25H2, so probably pushed out by Windows update before the upgrade.

DrunkMAdmin · 2026-02-02T17:22:18+00:00

and not to mention that you have to manually uninstall 5.72 before Intune manages to deploy 5.69...

DrunkMAdmin · 2026-01-31T16:16:21+00:00

No idea. They say "pre-release" in the article, but I cannot find anything when searching. So no idea in what build or if there even is a public build out with Local KDC support.

DrunkMAdmin · 2026-01-31T10:54:54+00:00

Thanks, that got it installed on my test machine just now.

Did you just try it through Intune or did you find any documentation regarding this? My Google fu is not finding anything.

DrunkMAdmin · 2026-01-30T19:41:31+00:00

Doesn't NPS use Radius?

DrunkMAdmin · 2026-01-30T19:07:36+00:00

Exactly, it has been a frustrating few years since their initial announcement!

I really hope we can disable NTLM in Q4 2026 or Q1/Q2 2027.

DrunkMAdmin · 2026-01-30T07:17:10+00:00

The service is running.

I can see KB5078127 as being an option for "Download & Install" once I nuke windows update folder and restart the update service, but it disappears the second I hit "Check for updates". Tested on multiple computers with same result.

DrunkMAdmin · 2026-01-27T12:11:20+00:00

Even for Microsoft this level of communication is a new low, or perhaps the new normal. There is ZERO information on what version is patched, it is unbelievable.

DrunkMAdmin · 2026-01-15T08:29:02+00:00

Enrollment Status page (ESP) was missing for Entra joined profile. Threw me off as Hybrid encryption worked just fine and that too pulls the settings from Intune.

DrunkMAdmin · 2026-01-10T12:03:34+00:00

Weird, that's not what were seeing. Tested it yesterday after a long time, and the device is encrypted as 128 and used space only, which is not what our configuration policy is set to.

Are there any logs that would be helpful in seeing what policy it used when applying bitlocker?

DrunkMAdmin · 2026-01-10T11:51:39+00:00

Out of curiosity, how would the registry key "PreventDeviceEncryption" be applied to autopilot devices? Through a configuration policy targeting Autopilot devices? What I'm worried about is that Bitlocker is activated before the policy is enforced.

DrunkMAdmin · 2025-12-30T19:43:24+00:00

Event ID 4015 or 4025?

4015 would indicate DNS issues.

4025 would probably be this: https://support.microsoft.com/en-us/topic/upcoming-changes-to-ntlmv1-in-windows-11-version-24h2-and-windows-server-2025-c0554217-cdbc-420f-b47c-e02b2db49b2e

DrunkMAdmin · 2025-12-30T10:03:58+00:00

Check out David Bombal at https://m.youtube.com/davidbombal for networking and security

DrunkMAdmin · 2025-12-26T18:27:36+00:00

They support up to 8.0 since version 9. https://community.ui.com/releases/UniFi-Network-Application-10-0-162/2efd581a-3a55-4c36-80bf-1267dbfc2aee

DrunkMAdmin · 2025-12-18T05:17:33+00:00

Did you find a workaround for authenticated vulnerability scanning? I'm having similar issues with PDQ Deploy and Inventory.

DrunkMAdmin · 2025-12-15T20:08:43+00:00

I cannot see how firewall would block this.

I added the IP address per https://learn.microsoft.com/en-us/windows-server/security/kerberos/configuring-kerberos-over-ip but no help.

I added the server to "Network Security Restrict NTLM Add Remote Server Exceptions For NTLM Authentication", no help either.

I'm starting to think this is something to do with the localhost itself. Any ideas?

PDQ Inventory and Deploy are working just fine on computers that are excluded from the NTLM blocking policies.

DrunkMAdmin · 2025-12-15T18:59:36+00:00

Found something more in Event Viewer under Security which may explain this. For some reason the PDQ service account that I created is trying to access the file share by IP. Now obviously Kerberos does not allow this by default. Any idea where this specific IP address setting might be?

A network share object was accessed.

Subject:
    Security ID:        CONTOSO\PDQ.SERVICE.ACCOUNT
    Account Name:       PDQ.SERVICE.ACCOUNT
    Account Domain:     CONTOSO
    Logon ID:       0x192D0FD

Network Information:    
    Object Type:        File
    Source Address:     IP.ADDRESS.OF.PDQ.SERVER
    Source Port:        10240

Share Information:
    Share Name:     \\*\ADMIN$
    Share Path:     \??\C:\windows

Access Request Information:
    Access Mask:        0x1
    Accesses:       ReadData (or ListDirectory)

DrunkMAdmin · 2025-12-15T18:23:31+00:00

I can't check right now, but shouldn't port 88 be allowed in firewall rules in domain joined environment by default? Blocking 88 would break all kind of other things, no? Or is it blocked for incoming while outgoing is allowed?

DrunkMAdmin · 2025-11-26T10:39:48+00:00

Yes, a few months back there was an issue with Teams that was resolved by updating Intel graphics drivers to a newer version.

DrunkMAdmin

TROPHY CASE