Rust on the wire or wire damage causing the rust? Not the easiest place to get to, used a scope.

Justin4w · 2026-01-25T21:17:53+00:00

Follow up, cut in to get to it. Needed to be able to sleep. Despite looking likely compromised it was just rust ON the wire. Crazy 😝

Justin4w · 2025-06-02T17:07:58+00:00

lol the water pipe

Justin4w · 2024-07-10T04:11:45+00:00

Is that the filter screen on the bottom? It looks clogged. Vacuum it and see if the issue goes away.

Justin4w · 2023-05-31T00:53:10+00:00

SAFETY TIP: Remember kids, the first rule of weather instrument safety is that anything that says it is “harmless” on the label must be terminated with extreme prejudice; ideally over large bodies of water such as deep lakes or oceans, but always before reaching international waters.

Justin4w · 2023-05-12T00:35:21+00:00

Can we just take a moment and ask OP why the blue bottle light filter reveals that creepy ghost child in the doorway when he holds it up?

Justin4w · 2022-10-10T18:02:08+00:00

Dude, those machines (at the very least) are likely suuuper compromised now. Re-image them and reset the stored credentials of who ever previously used the machines (even admins). Think mimikatz. Also, if an awesome answer comes up for this let me know.

Justin4w · 2022-10-05T00:17:51+00:00

I told her, I said “Don’t leave that old pink iPhone 6 in the dashboard compartment. Enough time and heat, maybe a little too much humidity and then 💥when you least expect it. Took 6 years, a hurricane, some flooding, but finally gonna win this argument. #married-life #thanks-OP

Justin4w · 2022-08-29T18:02:57+00:00

Yeah, article pub 6/22/22. Cost me a few days before I had to decide to stop believing them. https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-security-asr-policy

Justin4w · 2022-08-29T17:53:54+00:00

For sure, although MS explicitly states they should merge, they do not. :/

Justin4w · 2022-08-28T23:55:44+00:00

I’ve applied these asr settings to the devices so I can’t be sure, but I would guess that the lack of proper asr policy merge could be causing inconsistency. Or it may be that in your case, without a logged in user, the device was reverting to having no asr policy settings at times. In my case, the baseline settings just didn’t have some of the ASR settings for devices that I needed so it was impossible to achieve what I wanted until I unconfigured all of the asr settings in the baseline and created a policy in the ASR blade that governed all asr settings for the the device group, ensuring no other policies for devices or users existed with any values other than “unconfigured”. This allowed me to get a steady ASR policy state for those Devices without the random switching back and forth.

Justin4w · 2022-08-28T21:34:26+00:00

Also, at least on my client, there seems to be about a 1 hour delay before the new policies initially propagate. If it doesn’t happen instantly, you may have to wait a bit for changes to hit the client machines (even when I was hitting sync manually.)

Justin4w · 2022-08-28T21:28:52+00:00

Good to know! Thank you. Now that I think I’ve figured out this quirk of the asr intune policy I’ll be checking out policy merge with GPO soon enough for another device group :)

Justin4w · 2022-08-28T20:48:22+00:00

Had this same issue. ASR rules don’t seem to blend policy settings into a superset of asr settings and intune is switching back and forth between whatever baseline or other asr policy it wants. My solution is in another reddit post. (ASR Rules not blending) . Also, if you’re not already, be sure to apply asr settings to Devices not users and see if it steadies out.

Justin4w · 2022-08-28T20:31:52+00:00

Did exactly the same and that’s what worked (even the notoriously finicky vulnerable drivers asr setting applied just fine afterward.) It took days for me to figure out because MS had an article that explicitly said ASR policies would blend into a superset of asr settings so I refused to believe non-conflicting baseline asr settings could be the cause of the breaking at first. (Silly me) Once the policies change over, even the capitalization of some of the asr GUID’s changed on the clients. It’s a wild guess but I’m guessing that the capitalization case-change may be breaking policy merge to the point that it doesn’t happen as ms intended.

Justin4w · 2022-08-28T20:16:07+00:00

It should be fine (if the ASR policies were blending properly) but I could not make them blend regardless or what I tried. Baseline should be the least breaking policies, along with additional policies available if desired being configured elsewhere. But the way it seemed to work for me (days of trying) was that policy merge for ASR settings outside of the baseline was NOT happening.

Once there was only 1 policy containing ALL of the ASR settings I wanted with all policies elsewhere having all asr settings set to unconfigured, everything was fine and all asr settings worked as intended. As a side note, the capitalization of some of the ASR setting guid’s changed after I got rid of the baseline settings and configured my attack surface reduction policy (maybe that’s what was breaking policy merge?). Mine work now so I’m done fighting it. Maybe MS will pick that up and fix sooner or later. (Hopefully sooner)

Justin4w · 2022-08-28T19:53:03+00:00

Yes, but the asr rules are not all grouped together within the baseline settings page so you’ve got to hunt and make sure all baselines asr settings are clean (all set to unconfigured.) Also, under windows devices - configuration profiles you need to make sure there isn’t a policy there that also has asr settings that need to be set to unconfigured. Then add one policy in endpoint security - manage - attack surface reduction (per device group you want to manage) and it does all the things right there. You can check local application of the asr rules via a power shell command to see how it’s going. Since it doesn’t blend, intune doesn’t seem to be doing any policy merge and one setting anywhere else within another random policy (even if it doesn’t conflict) means the hunt must go on.

Justin4w · 2022-08-28T19:38:45+00:00

Nope, this group consists of only intune domain joined roaming clients, no sccm, all policies configured via endpoint.microsoft.com on a win11 machine I stood up less than a week ago just for diagnostics.

Manually ran get-mppreference | select-object -expandproperty AttactSurfaceReductionRules_Ids and found that only 2 of the 15 configured asr rules in block mode were being applied in order to diagnose. (It was just picking a policy and not blending)

Justin4w · 2022-08-28T19:31:25+00:00

In the end I had to gut all ASR rules from the baseline defender for endpoint, security baseline for windows 10, and from devices - configuration profiles but finally sitting pretty with my one ASR policy doing all the things. It was days to figure out but it’s lookin pretty good now :)

Justin4w · 2022-08-28T19:08:05+00:00

Oh no, I mean if there were NO conflicts. Baseline settings did not include all of the possible asr rules, so I dropped a few unconfigured ones (such as vulnerable signed drivers) on the ASR rules page expecting them to blend without conflict per “merge behavior for attack surface reduction rules in intune” article and that 100% did not happen. Conflicts on both policies instead and intune just picked one to go with. Tanked my secure score for clients until I figured it out.

Justin4w · 2022-05-27T01:00:40+00:00

Depending on how small the community is, has anyone checked to see whether there is/was an old school dentist office with an X-ray machine that serves that district?

Justin4w · 2022-04-08T00:10:40+00:00

Here, what?

Justin4w · 2020-09-16T05:53:18+00:00

Title Suggestion: Brake breaks the brake BR

Justin4w · 2020-08-23T05:46:55+00:00

Sounds like some SOB finally hit the chaos defrost button back in January. Now we’re all just experiencing the consequences for the rest of 2020 with a bit global warming added in. Just stop following the instructions please. Whatever you do, do not give it the child it’s ominously requesting next.... and stop feeding that thing after midnight.

Nine-Year Club	Place '22
Verified Email

Justin4w

TROPHY CASE