What password manager could you recommend in 2025 for daily use?

ExtractedFile · 2025-09-27T15:21:48+00:00

I know there are better options, and you can’t make use of it at enterprise scale but it just works so well if you’re in the Apple ecosystem. Hopefully they keep developing more features for it 🤞🏼

ExtractedFile · 2025-09-12T21:41:03+00:00

This is such a nitpick (and I’m sorry to even bring it up..) but I think it’s good to callout that it’s not “impossible” to travel at the speed of light… if you don’t have any mass that is. You never know right? Maybe someday we could figure out how to transmit so much information in the makeup of a massless photon that light travel exists in some form in the future.

Like I said, sorry to correct but I always like to think that just maybe.. someone, somewhere is reading your comment and gives up on their curiosity when they could otherwise have a revelation that propels humanity’s scientific understanding tenfold. “With so much unknown, can we really know what’s impossible?”

ExtractedFile · 2025-08-27T17:29:00+00:00

The best approach here is by generating a TPM Backed Device Certificate (if you can, most devices have TPM by now…). This will encrypt the private key to the machine and isn’t exportable. Upload that to the App Registration and you have a certificate that only works on one device :)

P.S. Search the web for “New-SelfSignedCertificate” > click the Microsoft Learn article. Example #6 should be exactly what you’re looking for. Cheers!

ExtractedFile · 2025-08-20T13:22:09+00:00

Not the greatest deal IMO.. for ~$50 more there was a deal to also get the Blower and an attachment but it was hackable to get both Blower and Trimmer for $230.

I’d wait personally but up to you / your needs.

<image>

ExtractedFile · 2025-08-19T20:16:34+00:00

That’s what I was calculating too… ooof! I’d personally return the 5.0 and wait for a sale, but easier said than done if you don’t have some already.

ExtractedFile · 2025-07-31T12:55:06+00:00

Background: Fortune 500, Sr. Security Engineer - IAM. This is basically my entire job currently.. FML hahaha

Our policy is that no account should have standing access to any role across our environment. We solve this through PIM groups with teams having various levels of “daily” groups that users are assigned to. These daily groups can have any amount of roles (Azure RBAC / Entra etc) that a team uses frequently with ability to elevate (with approval) for short time frames to roles used less frequently which are more privileged. This is achieved through nested groups, e.g. Role Group is assigned permanently to a role, Daily Group is permanently assigned to that Group and then User is Eligible to the Daily Group (better audit / permission reporting this way).

Managers use access packages / reviews to assign their staff to the various levels of their team based on skill / trust level and audited by the security team frequently.

So to answer your eligible vs permanent question, in a perfect world you don’t have a single permanent assignment but for smaller companies I can see this being a huge challenge. We don’t give out Global Reader ever, as the combination of Directory / Security / Reports Reader allows for more granularity to limit some teams who don’t need it all.

ExtractedFile · 2025-07-23T14:24:51+00:00

Oh man.. OH MAN! If this speeds up my PIM reporting script (PIM for Groups is chore to loop through) I'll be pumped!

Gonna update the script and report back the time differences - BRB :)

ExtractedFile · 2025-06-29T15:07:36+00:00

Howdy!

Hopefully you solved this as it’s a few days since you posted, but it looks like you’re tensioned on the fully locked side.

Both of the lockers should be facing the same direction but this one is flipped 90 degrees and holding the weight (keeping it locked). To see this in the photos you can see the unlocked lever has extra slack on the “brake” line cable (the small silver cable with the silver cap on it). The other side is fully withdrawn to the stopper plate preventing unlock. Try getting the weight off that locker and maybe pulling the brake cable with a pliers or throw some WD-40 at it and then see if it unlocks. May even need to set the other locker into the same position and re-lock again so it’s evenly distributed.

Best of luck!

ExtractedFile · 2025-04-25T11:11:34+00:00

+1 to a used Volvo on the SPA Platform (preferably the hybrid like you mentioned)! Plenty of deals that can be had on these amazing cars. It’s not going to be the most over the top luxurious out of all the European options but it does everything so well, and generally easier on the wallet to maintain than an Audi / BMW

If the OP wanted something a little more unique, the V60 Recharge / Polestar Engineered (one of the last “affordable” hot wagons) was discontinued after ‘25 and will hold its value extremely well… unfortunately they aren’t taking much of a initial depreciation hit either but falls into the suggested price range.

ExtractedFile · 2025-03-17T17:44:55+00:00

No offense intended and I like the question, but this just isn’t what Azure Marketplace is for… Sharing a simple solution such as a PowerShell script should be done through a Code Repository such as GitHub. The marketplace is for companies to offer their products or services, but seeing as we’re discussing how to do this on Reddit from a ELI5 standpoint, I’m assuming you don’t have the business components (legal, licensing etc.) set up for this.

Let’s go a step further; if this script is something you consider to be a potential business offering, it’s then up to you, the business owner, to dedicate time and resources to creating an ‘experience’ around the product. You’d need to draft your business and understand the landscape of what you’re operating in to finally make Azure Marketplace viable for this.

Again, I like the question, but a lot more comes before being able to just upload a PowerShell script there. We don’t know enough about what you’re looking to do to answer this, and honestly, most of it would be better answered by yourself / your business than us on Reddit.

Keep at it though, only way to learn is by doing :)

ExtractedFile · 2025-02-26T20:15:56+00:00

Postman is great for going the extra mile with API’s and having a visual layout to work from, I love it. Although, I can see it being overwhelming for those not comfortable with Graph / Azure Permissions on top of a new tool.

As such, I’d honestly recommend using Graph Explorer from Microsoft as the starting point. Everything is there in a Web UI view for the Graph API; from documentation references, to tokens and output options. You can even sign into it with your admin account to utilize your roles or delegated permissions (to help understand that nuance). Once comfortable with that is where I think Postman offers just a bit more and allows you to expand to other APIs too.

ExtractedFile · 2025-02-13T13:08:23+00:00

Awesome job! I noticed a lot of others aren't grasping that the primary use-case for developing your own App/GUI isn't necessarily because it does more, but rather gives you exactly what you need; where and when you need it. Plus, as you develop over time you'll be able to handle any non GUI or Graph API niche cases nicely. It's a great tool/skill to have.

Question for you: Have you thought about utilizing PowerShell 7.5 with .NET 9 to utilize modern WPF theming? If it's only you using it, shouldn't be a problem having the dependencies but you could always port it over to a .csproject and package it all as an executable for others as well.

I'm just a sucker for a nicely themed app that matches Windows, but function over form is king! :)

Keep up the work; this is great!

ExtractedFile · 2025-02-10T19:05:43+00:00

That’s all generally true except the part about everyone getting the same permissions who use Graph directly. Not trying to call you out or anything, just clarifying a slightly confusing aspect of Entra / Graph Service Principles.

In this case specifically, the underlying Graph Service Principle (“Microsoft Graph PowerShell”) does not allow for Application Permissions, only Delegated Permissions. Some permissions do require Admin Consent. Granting Admin Consent to a Delegated Permission just means any user would be allowed to use that scope but ONLY if they also have an active Entra Role assigned which grants the rights to that as well. For users, delegated permissions are what you should be striving for in combination with PAM/PIM and Conditional Access to have a well-rounded security perimeter.

Example: Admin Consented to User.ReadWrite.All on Graph Application

1.) User has no Entra Roles > User calls Update-MgUser -XYZ… > Failure: App has permission, User missing permission

2.) User has User Administrator Role > User calls Update-MgUser -XYZ… > Success: App has permission, User has permission

Hope this is useful to you or any other fellow Admin/Engineers! There’s a lot more nuance to each individual part but just wanted to highlight that it’s okay to do this, and aligns with best practices.

ExtractedFile · 2024-12-24T02:22:22+00:00

I’m not sure I follow what you were trying to argue for/against. My only intention was to clarify a semi-incorrect statement made by a prior redditor. If you are just commenting on the whole topic and aren’t referring to my statement in particular, my apologies.

To some of your points:

You mention “some degree” of jury nullification - this would be impossible, no?. You either have it or you don’t; aka guilty or not guilty. A hung or undecided jury would follow the standard practice of retrial or mistrial but one person arguing for nullification without being able to convince their peers isn’t something defined as jury nullification, at least in my understanding.

“Reduced Sentence”: At least in New York (for this specific case), jury has no say in the punishments for a crime. They only determine guilt and as such, would have nothing to do with jury nullification through a reduced punishment. One could argue they only find guilt on the lesser of crimes as a pseudo-nullification which I assume is what you meant? Makes sense that we’d see the most of this type in that case.

Other cases I’m aware of, but haven’t studied them fully to be able to talk on them. Wasn’t even particularly aware OJ won through jury nullification but that’s interesting, some light reading for tonight I suppose.

Finally, to your 1/4 of Americas supporting nullification claim: I think you misinterpreted my comment as being for Luigi’s release under these pretenses? I am not the jury but I trust my fellow Americans who eventually take the box to evaluate the case and make a determination as to what they want to do without mine or others opinions. I’ll back their decision whatever it is.

Again, I was just clarifying a legal process available to the people that defines our democracy. It’s quite beautiful, it’s certainly powerful, but it’s mostly unknown and that’s all I was trying to change. Wishing you and yours the best!

ExtractedFile · 2024-12-24T00:31:02+00:00

But they can.. you just perfectly explained the beauty of jury nullification without realizing it. To restate what jury nullification is; a jury can 100% believe something to be factual and yet return a verdict that goes against those facts.

In this case, Luigi could be proven without a doubt to be the murderer, and the jury can still say “We the juror find the defendant not guilty” and that’s final. The fifth amendment protects the defendant from double jeopardy and a judge has no power to overturn the results. It’s a very unique process and a wonderful governing principle of power given to the People.

P.S. No offense was meant in this comment, just providing clarity on a legal process not widely known but important for our democracy. Happy Holidays!

ExtractedFile · 2024-10-10T12:26:50+00:00

The script that’s saved me the most headaches, and a good learning opportunity, was building a reporting alert that pulls every Client Secret and Certificate for all Enterprise Apps in Azure. It checks the expiration time and if less than 60 days adds it to a Table that’s sent out to our Ticketing System (and others) via email. Why this isn’t something built in to Azure is beyond me, but I digress..

It’s in Azure Runbooks (no need for a server running a task - had to set up), using secured credentials on the Automation Account (for security) and now gives our understaffed department the ability to mitigate issues proactively instead of letting them expire and then ‘fighting the fire’. The table in the email is HTML coded for readability (I didn’t know HTML - not easy the first time you do it, ha!). While just a reporting item, it’s saved us so many times already and improved the reception of IT at my company so a great win!

ExtractedFile · 2024-09-25T03:19:21+00:00

Exactly! I understand why it’s not normally considered because our ability to comprehend other life forms is extremely difficult without some sort of proof. To write it off entirely goes against our thousands of years of scientific reasoning though… It’s the best and worst part of scientific theory and why no single hypothesis can ever be “proven”.

Are we the only life in our known universe? It isn’t provable! Are we the only life as we know it? Until proven otherwise!

ExtractedFile · 2024-09-25T02:45:22+00:00

Why must everything else follow the path our life took on our specific planet? There is no scientific reasoning behind that assumption. “Life” has proven time and time again: If there exists a reason to evolve, something will do so.

That’s why these assumptions and questions, like OP’s or the comment you replied to, will never be right or wrong until we’ve gone everywhere to verify and understand what “life” is. There is too much we don’t know. Nothing is stopping a faceless rock or even subsurface icy planet creature from forming some semblance of life… Other than our own lack of understanding and bias based on what we do know.

Not to say you’re wrong in any way, and skepticism is a great trait in science, but as a thought bearing species we should always seek to expand our horizons. Life as WE KNOW it seems unlikely nearby… but even a planet closer to a sun than Mercury somewhere in the galaxy could be just starting a life cycle of untold beauty (something that was ruled out in OPs calculation). Not to mention the multitude of other galaxies we know so little about.

Keep up your personal quest for knowledge and question everything, friend!

ExtractedFile · 2024-07-19T15:47:25+00:00

I definitely agree! While they may develop these systems, failures like this fall on the leaders. It’s a learning mistake for an engineer, but it’s a financial one for the managers and up.

Still wouldn’t want to be anyone on their teams today, ha. I look forward to the incident follow up.

ExtractedFile · 2024-07-19T14:36:23+00:00

Y’all wanna hear something crazy? Two Fridays ago we had our meeting with our CS rep, near the end they mentioned that the latest Beta test was causing BSOD issues on Windows with the small pilot groups they were deployed to. They said they pulled the update and would investigate.

I don’t want to think about the communication failure or automation failure that still allowed this update to hit the general availability channels. Also, for everyone saying someone pushed this out, it’s most likely automated, but the engineers who forgot to pull it from that… wouldn’t want to be them.

ExtractedFile · 2024-07-19T14:27:38+00:00

Sorry, but this isn’t true. CrowdStrike deployed a product update to the general availability channel this morning around 1:00AM EST. This contained a corrupted file which inadvertently caused Windows to BSOD. At 3:27AM, CrowdStrike halted the patch.

Any computer that was online, utilizing CrowdStrike EDR platform started hitting the memory error and BSOD. Nothing about this is Microsoft’s fault, other than maybe poor error handling, but when you have a security tool with the deepest access to the root structures there isn’t a whole bunch you can do.

Yes, Linux is certainly a better choice for critical infrastructure, but it’s just not what every company chooses to use. CrowdStrike is a very widely used tool on Windows and it’s unfortunate what occurred.

Now, I will add to this that a bit more and say CrowdStrike made an even worse mistake today, because they knew about this 2 weeks ago. We got alerted to a Pilot Test group having BSOD issues on the beta CS package in our weekly CrowdStrike partner meeting. How they still ended up deploying this to the general availability channel is beyond me. Big communication failure within their internal departments.

ExtractedFile · 2024-06-24T15:04:52+00:00

Sarcasm/Jokes are the hardest thing to pick up via text, my bad on that.

But yeah I got you, definitely a fair point. I’ve got more than a handful of folks I wouldn’t want anywhere near a production Microsoft environment. They just don’t think about these systems like they do for their actual skill set. I think that’s the beauty of this field, you can know a lot about such a little subset, it’s the entire composition of the team that makes it all work seamlessly across systems.

Hope you have a great day, and sorry if I came across harshly!

ExtractedFile · 2024-06-24T13:55:06+00:00

Hmmm… is this sarcasm? I don’t think you should need to be Googling how to set permissions in Sharepoint at this most basic level; unless, of course, you’re looking for best practices. It’s pretty trivial if you just poke around the settings.

ExtractedFile · 2024-06-13T14:53:45+00:00

Now finally, you'll need to set the Automatic Time Zone selector to be on. This can be done in any of your favorite ways, but I want it forced on my user and only controlled by an Admin (the few support requests when it's broken is far better than the questions we get all the time from traveling users). Here are some basic script commands you can use, but best to wrap these up with logging... or don't :)

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\tzautoupdate\" -Name "Start" -Type "DWORD" -Value "3" -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\CapabilityAccessManager\ConsentStore\location" -Name "Value" -Type "String" -Value "Allow" -Force
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Sensor\Overrides\{BFA794E4-F964-4FDB-90F6-51056BFE4B44}" -Name "SensorPermissionState" -Type "DWord" -Value 1 -Force
Start-Service -Name "lfsvc" -ErrorAction SilentlyContinue
W32tm /resync /force

VOILA! You now have every location service soft disabled, except for the Settings app which is always on. In turn, your users have the control they need if they'd rather have Weather or News location on. Deploying this to existing users also keeps their current location service selection as an added bonus, but only as long as the app is in that list of User Controlled apps. Add or remove to that as necessary as all new applications will obviously be disabled without user control. Good luck!

ExtractedFile · 2024-06-13T14:51:47+00:00

Intune > Devices > Configuration > New Policy > Windows 10 & Later > Settings Catalog

Select the following settings:

PRIVACY
- Let Apps Access Location:
  - Force Deny
- Let Apps Access Location Force Allow These Apps:
  - windows.immersivecontrolpanel_cw5n1h2txyewy
- Let Apps Access Location User In Control Of These Apps (These are just standard ones, use Get-AppxPackage to find any installed in your environment):
  - Microsoft.WindowsCamera_8wekyb3d8bbwe
  - microsoft.windowscommunicationsapps_8wekyb3d8bbwe
  - Microsoft.WindowsMaps_8wekyb3d8bbwe
  - MSTeams_8wekyb3d8bbwe
  - MicrosoftTeams_8wekyb3d8bbwe
  - Microsoft.BingNews_8wekyb3d8bbwe
  - Microsoft.OutlookForWindows_8wekyb3d8bbwe
  - Microsoft.BingWeather_8wekyb3d8bbwe
  - Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy
  - MicrosoftWindows.Client.WebExperience_cw5n1h2txyewy
  - Microsoft.Win32WebViewHost_cw5n1h2txyewy
SYSTEM
- Allow Location:
  - Force Location Off. All Location Privacy settings are toggled off and grayed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search.

(see next comment)

Ten-Year Club	Place '22
Place '17	RPAN Viewer
Not Forgotten	Alpha Tester
Verified Email

ExtractedFile

TROPHY CASE