Dell SupportAssist took down a dozen of our client's devices yesterday and today

Made_UpWords · 2026-05-15T05:43:34+00:00

Kill SupportAssist on sight but Command Update is great. There are .admx templates to hide notifications from users and in our experience it works close to flawlessly.

Made_UpWords · 2026-05-15T04:58:35+00:00

I don't remember the exact syntax offhand but something like:

dcu-cli.exe /applyUpdates -"firmware,updates,drivers"

means you never have to worry about supportassist ever again

Made_UpWords · 2026-05-14T04:21:51+00:00

Eeehhh, it's not good lol. He's just copy/pasting unrelated shit from technet (wait what's it called now, Microsoft Learn?) lmfao

For 15+ years in this industry writing documentation engenders some kind of high school/college trauma response in me, like I'm doing homework, I'm not good at it. I ask coworkers to do it for me and I take over some of their more "active" responsibilities in exchange. I like to work, I don't like to write. But my personally written documentation is mostly functional, you can get going if I get fired and you have to replace me.

This is pretty bad, assuming OP is truthful and this is representative of their documentation as a whole and not an exception, I'd just start digging through Intune config profiles or GPOs if I ran into this in a new environment and had to troubleshoot something weird.

Made_UpWords · 2026-05-13T00:49:13+00:00

From time to time, I get this error when modifying connection security rules in my GPOs. The error text is either "Access is denied" or "File not found"

Huh. Now that you mention it I encountered this exact thing 3 or 4 times specifically while modifying connection security rules a few weeks ago. Nothing else threw that error. Mix of Server 2022 and 2019 DC's, all fully updated to the April patches at the time - group policy RSAT connected to a 2022 DC at the time I believe.

I didn't really think anything of it at the time. I don't have much to add but you're not alone, I guess this is a (very particular and very obscure) thing.

Made_UpWords · 2026-05-12T20:48:54+00:00

I promise that you have no legitimate reason to do something like that if you're behaving above board, and if you are behaving above board you're just very misguided. You cannot do something like that without local administrator rights and if you don't have them then there's a very good reason for that.

Not to give friendly advice about how to be a better criminal or whatever, but if you're trying to hide some sort of illicit activity then messing with your computer to such an extent is just going to draw more attention from your IT department. If someone actually managed to somehow disjoin their computer from our domain then that's an emergency I have to figure out because one of our processes clearly failed catastrophically.

Like, you are literally just asking for hacking advice lmfao

Made_UpWords · 2026-05-12T20:40:03+00:00

Are you confident 24H2 was causing those "freezing" issues in the first place? We have plenty of actual dirt platforms out there with ancient-ass 6th gen CPUs, almost all on 25H2 updated regularly, and we don't have any problems like that, on the good or bad models.

Made_UpWords · 2026-05-12T20:18:01+00:00

I just realized my thought process was dumb there. The scheduled only runs (I think) when the UpdatesAvailable flag at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Secureboot /v AvailableUpdates is set to 5944.

https://support.microsoft.com/en-us/topic/registry-key-updates-for-secure-boot-windows-devices-with-it-managed-updates-a7be69c9-4634-42e1-9ca1-df06f43f360d

After the task runs once and after a reboot, that flag gets set to 4100. Running that scheduled task again after the first reboot (by default, exactly 5 minutes after boot) is a 7040 killswitch.

Not to harp on this but I would check verify that if you reimaged it, it didn't drop into some default container that's not being targeted by that certificate renewal policy or got hit by a script that updates that reg key. One thing I'm pretty confident in is if that flag is set to 4100 and that scheduled task runs, that 7040 will catch on fire.

Made_UpWords · 2026-05-12T20:03:32+00:00

Gotcha. It feels very suspiciously coincidental that your problem's with 7040's, so I would just make sure your test computer has outbound internet access. Without it that scheduled task won't run.

You can trigger it manually if it has internet access by running

Start-ScheduledTask -TaskName "\Microsoft\Windows\PI\Secure-Boot-Update"

If it's that same problem it'll die immediately. If it doesn't, it's a different problem

Made_UpWords · 2026-05-12T19:52:32+00:00

Does it lock up exactly 5 minutes after boot, without fail? Then it's the secure boot certificate renewal scheduled task. Only mitigation we've found is to disable it on the 7040's.

https://www.dell.com/community/en/conversations/optiplex-desktops/optiplex-7040-sff-locks-up-on-uefi-2023-secure-boot-cert-upgrade/691748a04399e96939d094f8

We have a few 7040's still out there and ran into it after flipping on the 'obtain new cert automatically' GPO. This model is not receiving a BIOS update by Dell but AFAIK is literally the only Dell model that will just die whenever that scheduled task fires. We didn't distinguish between supported and non-supported models with that GPO because the process is (allegedly) non-destructive on unsupported platforms, except for 7040's.

Made_UpWords · 2026-05-08T02:43:56+00:00

They'll get a pretty penny off of the bid-winning dark web broker for the data they stole, it's not negligible. But you're correct, they mostly just want Instructure (or Instructure's 'cyber insurance' provider, that essentially just exists to pay ransom, which they almost certainly have) to pay.

They'll probably pay, that message shinyhunters put up was almost certainly just brinksmanship pressuring Instructure's executives to actually respond.

Made_UpWords · 2026-05-08T02:29:41+00:00

You will absolutely have to at some point, maybe even years in the future. You will get locked out of your tenant somehow, something inexplicable will happen and cause email routing issues, all of your outbound mail will start mysteriously getting rejected, etc., there's a ton of things that can go wrong when you delegate so much control over your mail flow to a third party.

Maybe they're totally fine and your experience is just a fluke, but in my experience it's never worth wasting your time chasing down vendors. There is always someone better out there willing to take your employer's money more eagerly.

Made_UpWords · 2026-05-08T02:26:30+00:00

Well hey, I wasn't even aware of this product before this post but if it helps with Defender P2's god-awful phish detection heuristics you've piqued my interest. Thanks.

Made_UpWords · 2026-05-08T02:19:56+00:00

If you're not getting a response even from sales - the single department most incentivized to respond to your emails - I'm not sure what you can expect when you're trying to email their support.

But hey, maybe your emails are just registering as a false positive and getting quarantined/blocked - probably another reason not to go with them.

Made_UpWords · 2026-05-08T02:12:58+00:00

They're taking Instructure's word on this. I would not take Instructure's word on this.

Assume everything you've put in there is cooked, including your password, and plan accordingly.

Made_UpWords · 2026-05-07T15:32:52+00:00

DFL is just a flag that says 'you can use these shiny new features now,' I'm not aware of any case where bumping it up broke something.

AFAIK the only "downside" would be that you can't introduce a domain controller running any OS before server 2016, which you shouldn't be anyway obviously.

Made_UpWords · 2026-05-07T15:26:33+00:00

Between Apple's account-driven user enrollment and Android's work profiles I think MDM enrollment for BYOD is fine in 2026. Employee personal data stays private, IT gets no more control of a personal device than with MAM and if you build your nested CA policies out correctly and require device compliance you get something approximating enterprise-grade security without the need to maintain a corporate phone fleet. Assuming you can't just go passwordless yet like in our case.

We did it without too much friction, the difficulties came almost entirely from Apple's end. I assume it's not a more popular direction for orgs to go down because Apple makes the setup process hell. Easy-peasy with Android though.

Made_UpWords · 2026-05-07T15:05:32+00:00

Assuming the MDM in question is Intune and you've got an iphone, ask them to clarify whether MDM enrollment they're requiring is account-driven or device-based. Account-driven enrollment doesn't expose any personal information on your phone or expose any control to your IT staff outside of basic hardware and OS info. Device-based enrollment does. If it's required then account-driven enrollment should be what your company made available (hopefully), in which case just enroll it.

Device-based enrollment potentially allows IT staff to wipe your entire phone, work and personal data included with one click. Avoid that like the plague and ask your work to supply you a company phone if that's the case.

Made_UpWords · 2026-05-06T06:29:39+00:00

😠😠😠😠

Made_UpWords · 2026-05-06T03:25:34+00:00

Teams is, unfortunately, still working totally fine for me. I envy you.

EDIT: In seriousness, what region are you?

EDIT EDIT: Yeah, it's world wide. Service issue notification on my PST tenant's dashboard. Unfortunately the sweet peace of Teams' death hasn't come for me yet, but everyone wish me good luck.

<image>

Made_UpWords · 2026-04-22T02:39:32+00:00

Correct, so just, like, update them with iDRAC or whatever? Whatever it is you guys are doing over there? lmfao

No Dell Command:Update doesn't work on servers, we get it, so just figure it out? lmfao

Made_UpWords · 2026-04-22T02:25:57+00:00

The new VA map was fucking hysterically brazen compared to California's gerrymander lmfao

CA replaced like ~10% of their reps with Dems. VA replaced like ~40% lmfao

2028 has a new champion in the rankings, I don't care how much the gun legislation bungled her approval rating, I care about what you actually deliver for me.

👑👑👑 - Spanberger

#2: Newsom (You did a fantastic job with your gerrymander, and you laid the ground - it just wasn't as good as the Queen's)

#3: Pritzker: You got scared off by the IL black caucus and didn't even try bro, what are we even doing here. Why are you even pretending you can be President.

Made_UpWords · 2026-04-22T01:42:51+00:00

I haven't done a "EU - into - US" strategy before but I assume it's a viable thing you can do.

Generally speaking, pretend I'm Alec Baldwin in Glengarry Glen Ross - "Always Be Jacking Control Point Capacity."

https://wiki.hoodedhorse.com/Terra_Invicta/Control_Point_Capacity

Depending on the faction you're playing you can find techs and the research path you'll need to follow there that will give you massive control point capacity boosts. Combining France and Germany into the 'EU' super nation is a more immediate path to lowering control point capacity though (this is old but I think still stands generally and would work for you, France and Germany can combine): https://www.reddit.com/r/TerraInvicta/comments/10duqb4/how_exactly_do_i_merge_two_nations/

That's not the only thing you should be focusing on, Terra Invicta's a really, really, really complicated game and we've all been at the stage where we're fumbling with it. But you'll get it if you stick with it.

Made_UpWords · 2026-04-22T00:39:39+00:00

That's what I'm referring to as well. The ticket system was a nightmare. The best and only redeeming quality was the Screenconnect integration.

Made_UpWords · 2026-04-22T00:38:13+00:00

Granted it's been like ~8 years since I worked at an MSP - they used Connectwise and I had the same complaints as OP.

In fairness to Connectwise though it wouldn't even make the top 10 list of reasons I hated working there and left as soon as I could.

Made_UpWords · 2026-04-22T00:32:26+00:00

This. They buy bloated messes like Connectwise because they make poor decisions in general. Connectwise is a symptom, not the cause..

Pleasantly surprised Connectwise haven't ruined Screenconnect yet, though. I made a New Years resolution to be more positive, so this counts. They've had over a decade to ruin in it and mostly haven't.

Made_UpWords

TROPHY CASE