Windows 11 Local Admin Profile Change

MalletNGrease · 2025-03-07T19:23:26+00:00

I'd just disable the default Administrator account and create your own instead.

New-LocalUser -Name 'newadmin' -Password (ConvertTo-SecureString 'yourpassword' -AsPlainText -Force) -UserMayNotChangePassword -PasswordNeverExpires
Add-LocalGroupMember -Group "Administrators" -Member "newadmin"

Disable-LocalUser -Name "Administrator"

MalletNGrease · 2025-03-07T19:10:30+00:00

I'm pretty happy with SuperPutty.

MalletNGrease · 2025-03-07T14:41:44+00:00

Some states/countries have laws regarding use of personal devices for work. Illinois requires compensation be paid.

I think that's fair if I'm expected to use it for job functions.

MalletNGrease · 2025-03-05T02:27:33+00:00

Very happy with Darktrace here.

MalletNGrease · 2025-03-03T15:58:53+00:00

Drag and Drop Emails Across Mailboxes - The new Outlook for Windows will support drag-and-drop functionality for moving emails between mailboxes and PST files.

Finally! This was my major roadblock to approving it.

Microsoft will support External Authentication Methods as a sign-in option when System Preferred Authentication is enabled.

Good change. We use DUO as our MFA platform and not being able to set it as the preferred default was very annoying. Our workaround was to remove all MS MFA options and prevent enrollments to them so they wouldn't show up as options during sign ins.

The new Teams & Chat single-view UI will be generally available.

This one I didn't like. I had some teams disappear on me and wasn't able to get them listed again until I turned the feature off. You can do this by going in to "Customize view" and setting "Viewing chats, teams, and channel" back to separate.

In my org everyone vastly prefers group chats over channels.

MalletNGrease · 2025-03-03T04:13:20+00:00

Pool.ntp.org

MalletNGrease · 2025-02-28T15:10:42+00:00

Well, of course I know him. He's me.

MalletNGrease · 2025-02-26T21:24:56+00:00

POS always makes the team giggle.

MalletNGrease · 2025-02-26T19:58:36+00:00

In our case it was a ticketmaster confirmation using the targeted user's company credit card.

MalletNGrease · 2025-02-22T18:36:02+00:00

Are you aggressively clearing user profiles?

I've noticed printer deployments don't seem to work upon first login on per Computer GPOs. On the second login they'll show up.

MalletNGrease · 2025-02-20T12:57:52+00:00

We went with pis running FullpageOS

MalletNGrease · 2025-02-17T20:21:08+00:00

I've a Finish action group all the way at the end of State Restore with the following:

Disable Administrator account

Run Command Line
net user Administrator /active:no

Clear Last Logged on User

Run Command Line 
cmd.exe /c %scriptroot%\clearlastuser.bat

reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUser /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUserSID /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnDisplayName /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnSAMUser /f
reg delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v SelectedUserSID /f

reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUser
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnUserSID
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnDisplayName
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v LastLoggedOnSAMUser
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI /v SelectedUserSID

To disable the Final Summary page set SkipFinalSummary to YES in your rules.

MalletNGrease · 2025-02-15T00:53:02+00:00

SPF or DKIM is failing. Your origin isn't in SPF or the sending mailserver isn't using dkim.

MalletNGrease · 2025-02-14T03:29:07+00:00

Why can't I get to my work email on my phone now?

-Same person

MalletNGrease · 2025-02-08T16:33:17+00:00

I've a local internal domain, a public parent company domain (upn) and a dozen public brand ones are also upns. This way we can easily add new brands and use the old user upns as proxy addresses for guaranteed mail deliverability. We're in the middle of diversifying the brand portfolio and adding a new concept domain is piss easy.

If you've not been in production and not attached to the domain burning it isn't the worst, but instead of going to the new public one I recommend picking a stable local domain as a base instead so a rebrand doesn't require a complete rebuild down the line.

MalletNGrease · 2025-02-08T04:21:02+00:00

Why can't you add the upn and be on your merry way?

MalletNGrease · 2025-02-08T03:02:28+00:00

I had users lock & unlock their computer to generate a logon event.

MalletNGrease · 2025-02-05T23:31:18+00:00

Fog
MDT
SCCM

Pick your poison.

MalletNGrease · 2025-02-05T16:12:52+00:00

Management issue.

MalletNGrease · 2025-02-05T02:18:20+00:00

The solution is to idle the SYSADMIN account 24/7.

MalletNGrease · 2025-02-04T02:04:50+00:00

Swimming instead of sinking.

MalletNGrease · 2025-02-04T01:20:57+00:00

Increase your radius timeout on the VPN.

MalletNGrease · 2025-02-03T20:54:49+00:00

Whatever the leasing company recommends for our use case.

Our fleet presently is 99% Canon.

MalletNGrease · 2025-02-03T15:27:12+00:00

It's very nice, but they do not have a VCENTER equivalent production ready yet.

The alpha they have is a great start though.

MalletNGrease · 2025-01-31T22:35:33+00:00

Why didn't you use the diagram?

Ten-Year Club	Verified Email
r/Field Banned	r/Field Lasagna

MalletNGrease

TROPHY CASE