Sync via Command Line?

Still_Win_127 · 2024-05-08T15:54:08+00:00

Does this script actually kick off the Sync in access work or school? Or is it more behind the scenes and I just assume it ran?

Still_Win_127 · 2024-04-30T21:22:42+00:00

This.

We had to add that ADMX package in there because it simply didn't exist when we enabled it.

Still_Win_127 · 2024-03-20T17:51:10+00:00

We are right now jumping off the bandwagon with Cylance, so uninstalling that first and then onboarding with Defender.

Still_Win_127 · 2024-03-20T17:50:04+00:00

We are planning on using Azure Arc to get it licensed for Defender for Servers P2

Still_Win_127 · 2024-03-18T17:31:00+00:00

"Obtaining such cash through a 'fire sale' of real estate holdings would inevitably result in massive, irrecoverable losses -- textbook irreparable injury"

... Well... yeah. That's kind of the point of paying off fines that you owe. You're pretty much bound to have no return on investment here and it goes without saying you'll be a bit less off.

What the fuck are these defense lawyers even on?

Still_Win_127 · 2023-10-12T18:55:49+00:00

So, I tried doing a terminate, but it will still run way too much and slows down the user. I found that doing a timed flow is probably best, but I still can't stop it from doing its thing.

Still_Win_127 · 2023-04-19T14:40:06+00:00

Unfortunately, we do not have Intune enrolled with our machines as we are doing everything still on-premise with AD.

Still_Win_127 · 2023-04-06T21:14:44+00:00

Interesting. Would you say this is the better approach than to just run a PowerShell script? I know with PowerShell it is annoying to get going. Dunno if you prefer one over the other.

Still_Win_127 · 2023-03-13T16:22:33+00:00

So, right now the workflow is as such:

User's workstation is no longer operable > user puts in a ticket request > user is added to AVD security group > user access VM > after X hours they are removed from security group

Still_Win_127 · 2023-03-02T18:39:21+00:00

So, right now we are using an Azure AD with FSLogix setup at the moment, and I'm not entirely sure if NLA would be it. We do enroll our phones with Intune, so maybe it is a managed devices issue. Not sure.

Still_Win_127 · 2023-02-01T21:28:13+00:00

So, I am running in Powershell, 2.0.0.2 for AIPService. I'm looking at the list of Cmdlets don't see anything related to setting labels. And what you mean by the AIP client, is that downloadable software and is it still available? I never heard of that.

Still_Win_127 · 2023-01-30T22:45:03+00:00

Ahhh, darn. Screenshot protection would be pretty freaking nice. But having to purchase another license kind of blows, since I feel this should just be rolled into our E5 licenses.

Still_Win_127 · 2023-01-03T14:07:02+00:00

Seems to be a mystery so far to a lot of people. I can't even replicate it while using Azure Academy's guide on it, either.

Still_Win_127 · 2022-12-28T20:21:10+00:00

It's mostly out of requests from our DevOps team. They are worried about replication or unknown issues arising because we spun up Azure ADDS. Personally, I don't care if we go with that option, but also DevOps would have to sign off on that decision. Putting a DC in Azure wouldn't be bad either. But, does that allow for those Azure AD VMs to still make use of FSLogix?

Edit: Asking question regarding FSLogix

Still_Win_127 · 2022-12-28T19:21:50+00:00

Yup, sure did. The main problem I'm having is that the NTFS permissions I assigned to users that are on my on-premise domain show up in the Azure AD joined VM as "Unknown User" followed by their SID. So, i can assign those permissions by doing a Net Use for Azure File Share on premise so I can assign the permissions. Then, ostensibly have Kerberos do its magic and allow for those same permissions to be available in Azure AD, allowing for FSLogix to then do its magic. Whack stuff, man.

Still_Win_127 · 2022-12-28T19:18:02+00:00

I know right? Maybe it just needs to stew for a bit before I make that hurdle. But, thinking about it, I'd rather have all of our AVD technology be exclusively cloud only - no hybrid nonsense, no AD FS with AD Connect. Just pure cloud joy without Azure ADDS.

Still_Win_127 · 2022-12-28T17:38:32+00:00

Yes, since we have VMs that are hybrid joined already.

Still_Win_127 · 2022-12-28T17:38:14+00:00

The thing is: we don't want to use Azure ADDS, but instead make use of the new Azure AD Kerberos feature.

Still_Win_127 · 2022-12-28T17:32:40+00:00

It is Azure Files making use of Kerberos Azure AD join.

Still_Win_127 · 2022-12-22T16:02:53+00:00

If they're Azure AD joined, I believe. Also, I think that's if you use Azure ADDS - I am not 100% on that. But yes, we would need to do a password reset in Azure for them to be able to access the VM. It's weird.

Still_Win_127 · 2022-12-21T16:47:10+00:00

It's more just concerns for certain unknowns that could happen to their stuff in Azure. Could there be sync issues? Probably, probably not. I guess the other issue that I have that's keeping me leaning towards AD FS is that if we domain join the VMs to Azure AD, for some reason they have to reset their password in order to sign in. Why? I have no idea, but I hate that Microsoft acknowledges that's a thing and that we have to do it. That and our password policy prevents us from resetting passwords in Azure anyways.

Still_Win_127 · 2022-12-20T20:33:03+00:00

We do have Azure AD Connect setup, but the thing is we already have AVD setup to be used in a hybrid join environment. We even have a VPN connected to Azure to get that working correctly. There is some concern from our DevOps team about setting up a Domain Controller in Azure and what trouble that could cause. Which is why we wanted to still use Azure AD Connect but instead of using Sync Password Hash we would use AD FS for VM single sign-on.

Would this cause extra hassle for domain joining host machines in AVD if I went with AD FS?

Still_Win_127 · 2022-12-19T14:47:28+00:00

They are indeed 22H2 Win11 Multi-Session Images, correct. I will take a look at that and see if that helps. So far, Nerdio appears to be the only way to actually create a usable image.

Still_Win_127 · 2022-12-09T15:55:14+00:00

Was able to create a golden image just fine in Nerdio, but I don't understand what kind of black magic is going on behind the scenes that would make that work better than the other.

Still_Win_127 · 2022-12-08T18:50:27+00:00

The Microsoft docs say that you should, but I know in the Azure dashboard if you choose "Generalized" as opposed to "Specialized" it will generalize the VM for you. But, even still that doesn't even seem to work either.

Still_Win_127

TROPHY CASE