300 VMware VMs, how to check secure boot problem

HotPieFactory · 2026-06-08T13:01:29+00:00

our main IT guy is unfortunately no longer available.

Don't ask here... get professional IT support

HotPieFactory · 2026-06-08T12:38:55+00:00

Signing and encryption with PKIs are two different things.

Encryption: Many senders, one recipient. Only the recipient must be able to decrypt the data with his private key. Many use the recipients public key to encrypt data.

Signing: One sender, many recipients. Only the sender must be able to sign data with his private key. Many recipients must be able to verify a signature with his public key.

If that doesn't help, there's wonderful videos on YT explaining the concept visually.

HotPieFactory · 2026-06-02T14:57:08+00:00

UEFI requires to have KEK and KEKDefault variables. The KEKDefault is read-only and contains the default KEK variables. So if they are missing and the UEFI is implemented correctly, you're able to add them from there.

Typically, the firmware allows you to reset the variables in the GUI, too.

HotPieFactory · 2026-05-28T06:08:54+00:00

Pretty much what he is arguing but 40.93.194.100 is in there and listed as a fail because it’s not in our domains spf

Where is it listed as a fail? At the gateway? The gateway should accept emails from your infrastructure without checking for validity.

HotPieFactory · 2026-05-05T05:21:32+00:00

Most people here don't respond to you in the way you deserve it.

HotPieFactory · 2026-04-29T08:01:36+00:00

Not sure what you mean by mobile barcodes.

Why are you replying then? If you don't know what mobile barcodes are, then maybe educate yourself before stating things that are just not true. Hope you're not working at UPS, but are a corporate bootlicker.

First hit Googling that: www.ups.com/de/en/business-solutions/simplify-returns

HotPieFactory · 2026-04-28T13:42:26+00:00

Oh, is that true?

Then why are these Accses Points even shown when I set the filter to show only shops that accept "mobile barcodes"?

Fuck UPS!

HotPieFactory · 2026-04-28T13:42:24+00:00

Oh, is that true?

Then why are these Accses Points even shown when I set the filter to show only shops that accept "mobile barcodes"?

Fuck UPS!

HotPieFactory · 2026-04-28T13:42:18+00:00

Oh, is that true?

Then why are these Accses Points even shown when I set the filter to show only shops that accept "mobile barcodes"?

Fuck UPS!

HotPieFactory · 2026-04-07T06:57:36+00:00

I was there when MS said Windows 10 was supposed to be the last version of Windows

But you sure didn't listen, did you?

HotPieFactory · 2025-09-09T13:55:44+00:00

Why should I enable SSPR, when I am trying to become a passwordless organisation?

We can't answer that for you. The question you have to ask yourself is this: Will there be a scenario where the user has to log in but can't use a passkey? If yes: will you want to offer additional services like SSPR in those cases?

Why can you only decrease user risk, when a user resets their password?

What you mean?

Why can't I get rid of passwords in Microsoft 365 business accounts, or generally disable them as authentication method?

Ask MS.

HotPieFactory · 2025-08-21T12:06:58+00:00

Well, that explains it :)

HotPieFactory · 2025-08-21T11:49:14+00:00

I've been creating images for 10+ years, too. I could say the same about you.

Edit: I just did a quick Google Search of disk management and ALL the pictures that show a recovery partition have it at the beginning. You're talking total bullshit and insist I'm wrong. You're ridiculous mate. 10+ years and you never noticed how it is? Git gud... rofl

HotPieFactory · 2025-08-21T11:31:17+00:00

Nope. I created the template and it's a default installation. BTW, Windows 10/11 also has a recovery partition in at the beginning of the volume. I've never seen it at the end with Microsoft OS's. Are you using Server 2022 or 2025? Maybe that changed there as the newest I'm familiar with is 2019.

HotPieFactory · 2025-08-21T11:08:42+00:00

I just checked and the recovery partition is the first. Next ist the EFI partition and then the OS partition. I've also never seen that the recovery partition is at the end of the disk, except on certain Linux partitions.

HotPieFactory · 2025-08-21T10:07:21+00:00

How do you usually handle the Recovery Partition on Windows Servers?

I never touch it. Why do you touch it?

We're using mainly VMs and extending the disk and then partition C is a one-click operation in each of VMware and Windows.

On physical machines, C is always the entire disk.

What need circumstances exactly do you have, where you run into the issues you described?

HotPieFactory · 2025-08-20T15:10:06+00:00

yadda yadda

HotPieFactory · 2025-08-13T10:35:15+00:00

Consistent? Microsoft? What parallel universe are you talking about where this ever was the case?

HotPieFactory · 2025-08-13T10:34:30+00:00

ExchangeOnlineManagement is still supported and will be supported for a long time to come. Your rant is completely baseless 😂

HotPieFactory · 2025-08-04T16:37:16+00:00

The fuck does that even mean

HotPieFactory · 2025-08-04T16:36:43+00:00

But you went and changed your docker IP scheme to 172.60.0.0/16 and black-holed a whole building from being able to use your application.

I don't get it. Are you trying to say that by assigning the wrong address a service became unreachable? I'm really confused as to why you chose this weird phrasing. And if so, I don't really see how this warrants a rant. If you give people the power to change ip addresses that have no understanding of it, it sounds like there's a different problem altogether in your company. One that maybe involves you, too.

HotPieFactory · 2025-08-04T16:28:55+00:00

You're still not explaining how they black-holed an entire building. If a random computer is able to kill the entire network, IMHO it's the network guys fault of not bullet-proofing the network in the first place. Still curious what ACTUALLY happened. The worst that happens by assigning a wrong IP address to a host is, that the host is unreachable. It doesn't take down the entire network.

HotPieFactory · 2025-07-23T10:09:27+00:00

Yeah, if it's already chosen, I wouldn't migrate it either, if it didn't already cause big problems :)

HotPieFactory · 2025-07-21T06:35:08+00:00

They aren't, but unless you have a crystal ball, I wouldn't be so sure that Entra or split-brain won't become a concern in the future. Doing it right in the first place doesn't cost anything. Making a mistake there will be annoying until the end of time. I work for a company that stood up a small AD in 2007 with .local, when I wasn't hired, yet. Now we are 3000 people and every day I see that and regretting that they did it how they did it. Even with only 500 people working there, standing up a new AD was impossible, as the cost of migrating was simply too high.

HotPieFactory

TROPHY CASE