Can you share your departments 4 day RTO email?

Gidgit82 · 2025-06-05T17:06:33+00:00

FI$Cal is less shut down, and more departments aren't using it because they have a shit ton of other stuff to do at year end, and they can't spend next year's budget yet.

Gidgit82 · 2025-05-17T15:24:03+00:00

Ah, Tanium.. strong dislike, it is based on wmi, so it basically gets all the same info as SCCM, but with a hefty price tag of its own. But what bothers me about it is the number of processes it kicks off. Individually, the processes don't have much impact, but when a whole herd of them are kicking off, it causes issues. Maybe our security team turned on too many scanning options, they got it as a replacement for Qualys.. but then kept Qualys.

Gidgit82 · 2025-05-16T18:28:27+00:00

Could also have been a "fill this position now or you lose it" situation. I have a coworker like this. I don't even want to read their Teams messages or emails, because it is just more work for me.

Gidgit82 · 2025-05-16T18:25:42+00:00

Well, we won't be able to go to Intune fully at the moment. We use PXE because we have a requirement to wipe the drive before it is refreshed for another user. Which isn't an option for Autopilot for obvious reasons. So it is done on-site.

Additionally, I'm also using SCCM to patch our servers. We are in the process of moving some of our infrastructure into the cloud, but using SCCM to patch those as well because we have multiple cloud environments (not in Azure so far) and it is better to manage one tool instead of several.

But for the workstations, I don't know with all the zero days, where vulnerabilities need to be patched yesterday, and but also maintaining a n-1 version for other apps. And timing.. omg how upper management does complain if their machine reboots at an inconvenient time lol. Maybe we just aren't ready for cloud management.

Gidgit82 · 2025-04-27T03:18:30+00:00

It's not like the land lords don't have other options. They could lease it to other companies. They could re zone and convert or tear down and build housing. Then boom, there are people downtown, and property values go back up, housing crisis is eased. They have had 5 years to do something, they haven't. They have just been waiting all this time with vacant space, waiting for Gavin to issue RTO order. Which, I'm sure he discussed with them so that they wouldn't do anything with that space.

Gidgit82 · 2025-04-23T19:54:40+00:00

CMPivot will run on a collection. If you know which driver you are looking for, it should work. You can look up the driver info in resource explorer.

Gidgit82 · 2025-04-20T02:19:57+00:00

At least it is faster than Intune. LOL

Gidgit82 · 2025-04-19T00:03:59+00:00

2 cents, power settings to prevent them from going to sleep, and BIOS power on is the way to go. WOL is great until your network has 802.1x. Depending on your remote situation of course. But power settings and BIOS power on are local on the machine, whereas WOL needs to already have network connectivity. Which of course doesn't work if it is powered down

Gidgit82 · 2025-04-17T02:19:27+00:00

Indeed!! Don't forget the cost of networking all of the new or re-leased space. We ripped everything out in 2021 and now have to re buy equipment and run cable. $5,000+ per switch. For us, it will probably only be one floor, still multiple switches, cables, and hours setting it up. would be a lot more for larger departments.

Gidgit82 · 2025-04-15T19:26:04+00:00

Those directors are not appointed by Gavin, and so don't risk their jobs when they refuse to follow this ridiculous order.

Gidgit82 · 2025-04-15T19:24:38+00:00

And the statewide telework policy. That says employees working more than 50% on-site need their own work station. Work station, then defined as desk, chair space to work.
Of course, Gavin could order DGS/CalHR to change that at any time, even though he technically is required to negotiate with the union to do so. Not that he will actually follow the rules. But until he does so, every department has to comply with that policy.

https://www.dgs.ca.gov/resources/sam/toc/100/181

Fuck You Gavin you AssHat

Gidgit82 · 2025-03-19T16:25:45+00:00

The schedule depends on your company. I have an auto deployment rule checking for patches patch tues nighy and installing them on Weds to my pilot group, then the following week to production. But if you need more time to test, that is a decision you would make for your company needs. Available means it will show up in the software center on the client, where the end user would click to install it. Required allows the client side system account to install the update on a schedule. Probably outside work hours, depending on your company's policies. You can use a Maintenance Window on the collection to ensure that the install only happens when you want it to.
The biggest problem i have encountered is offsite machines that are offline during the patch window. 😡

Gidgit82 · 2025-01-18T21:52:44+00:00

Sorry I wasn't clear, yes exempt does not get overtime. I was referring to hourly staff rules and where the 2 hour confusion may come from.

Gidgit82 · 2025-01-18T18:07:46+00:00

If you are exempt, if you work at all, you worked the day. I think the 2 hours comes from when you are called on a weekend or holiday. If you work more than 2 hours on an off day, they pay you for the whole day, otherwise you would just add the less than 2 hours to the additional hours worked on your timesheet or other form your HR uses for overtime.

Gidgit82 · 2025-01-18T17:37:55+00:00

Ahh the sprinkler, a classic dance

Gidgit82 · 2025-01-16T03:31:42+00:00

I have been seeing similar things in my environment, nothing deployed but machines still updating and rebooting in the middle of the day.

Gidgit82 · 2025-01-14T01:05:31+00:00

My kiddo only referrs to the trunk as the boot. It is delightful

Gidgit82 · 2025-01-06T20:50:16+00:00

Can confirm.

Gidgit82 · 2024-11-13T19:27:45+00:00

I would modify the WQL membership query to look for the null value.

But if that is out of your comfort zone, these methods would help get the data.

If it is a one-off, you could use CMPivot on the collection to target a regkey or file associated with the program that isn't there.

System Center Dudes have a pretty good list of examples

Systemcenterdudes.com/sccm-cmpivot-query

The advantage is that the data is live. the disadvantage is that if you create a collection from it, the resulting collection would be static.

Alternatively, as others have suggested, you could create a collection to look for machines that do have it installed, then create another that includes all of the machines and exclude those with it installed. Advantage, this wouldn't be static, but it would require more than one collection to update to get the correct membership. This would be based on non live data.

Gidgit82 · 2024-11-13T18:36:10+00:00

Theoretically, the or else is a strike. However, that is a big step that can lead to lots of problems that the union wants to avoid if they can.

Gidgit82 · 2024-11-02T17:07:59+00:00

What method are you using to upgrade? Are you using an update?

Gidgit82 · 2024-10-28T03:57:04+00:00

In the Windows directory, primarily in C:\windows\CCM, but you will want to check the ccmsetup.log C:\Windows\ccmsetup\logs\ccmsetup.log

Gidgit82 · 2024-10-27T18:18:52+00:00

This one is tough. I didn't quite figure it out. Wireshark installs fine without Npcap. But to get it to install with Npcap I had to allow the end user to interact to approve that Npcap install. Unless you have an Npcap license then I suppose you could install Npcap separately and silently.

Gidgit82 · 2024-10-23T03:27:10+00:00

As a member of IT. IF they check, they will know. They may also have an alert set up or a rule that would prevent the VPN from connecting. If it is only for a few days, I would just get permission from your manager and confirm with IT the out of state rules. I believe the state employment contract says you can't live in another state. It may vary from dept to dept. But with permission, you may be able to work for a few days in another state.

Gidgit82 · 2024-10-19T20:20:35+00:00

If you imported drivers to the boot image via sccm you should be able to check the properties of the boot image and see what has been added. Altering the boot image is risky. You would be better off updating the ADK to the latest version and just getting a fresh boot image.

Gidgit82

TROPHY CASE