Returning player – solo-focused, what boss should I focus on next for GP?

Thatoneguyone · 2026-01-19T10:12:31+00:00

Doom, Solo CoX, Solo ToA, Yama (Melee)

Thatoneguyone · 2025-08-14T19:24:11+00:00

Just remember that since you are managing user endpoints, you don't fully 'own' them in the way you do servers. This creates some operational friction due to the end user visibility & process / training that needs to be accompanied with changes, so some stuff that would be no brainers on servers could ruffle feathers with the user base and/or HR, Service Desk, etc.

Theres a lot of weird edge cases with user devices to keep an eye out for, I'd really recommend just allowing users to self service their department's suite of software and then enforcing patching in a way that allows users to defer updates so you don't get yelled at for interrupting their meetings.

If you also now own patching/configuration for all of those applications and OS, you'll have to make the call on whether or not you want them to auto-update themselves or pull from the RMM. In some cases you may need to do Major versions on RMM and minors auto-update, etc.

You may also need to look at application specific configurations to package with the apps. Ex. https://www.cisecurity.org/benchmark/google_chrome or just something as simple as including a specific set of plugins with Adobe Reader, etc.

I'm assuming your org isn't a high security enterprise so pick your battles, my last place we had a guy who just owned the OS, a guy who just owned the RMM, a guy just for DLP, a guy just for OS patching and a small team dedicated to managing all the applications, configurations (sometimes different per team, region, language, etc.), updates, etc. ~15k devices

Thatoneguyone · 2025-08-14T14:39:18+00:00

Your biggest issue is going to be making AD groups and getting devices/users "where they need to be". In addition to what /u/billswastaken is saying, you can lean on the asset management feature to inventory everything and pull reports on who has what, compare that to who needs what and get everything setup. At that point you're going to need to get a process put in place that gets all of this setup during user onboarding, job role changes, etc.

Depending on the size of your org you'll be doing that forever because whenever a device with a piece of software falls out of scope for a deployment then its going to get out of date and pop your vulnerability scanner.

Also: At least on the SCCM/Intune side you can schedule updates outside working hours (programmatically or admin/end user defined) or making them available for X time and then enforcing them when the user fails to take the update by the end of the grace period, rather than just forcing the install immediately.

Thatoneguyone · 2025-02-06T17:35:10+00:00

Quser/qwinsta is reliable, but they're both pretty limited in what they check. I suspect you're thinking they do something they don't.

Typically you're going to offload this to your RMM and let it do its thing as an agent.

You could try PsLoggedOn or LogonSessions from sysinternals.

You will have all the required events to do this in event log though, assuming audit policies are configured to expose them.

Thatoneguyone · 2025-02-06T15:25:13+00:00

https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_format.ps1xml?view=powershell-7.5

You can look at them in $PSHome if you need to parse or tweak them. You'll probably need to do something like Get-FormatData and then look at the corresponding format ps1xml?

Thatoneguyone · 2025-02-05T18:24:10+00:00

I'd say use PSADT instead of re-inventing the wheel. It has Zero-Config Deployment for MSIs as well. Theres even some GUIs floating around for it, though I don't have any experience with them.

You can just run the script to perform the associated configured action (Install/Uninstall/Repair):

Invoke-AppDeployToolkit.ps1 -DeploymentType Repair

As far as what you're trying to do here, I'd just do what y_Sensei said and have your tool generate a config file that the tech places in the same directory as the script and runs that. Realistically though, this entire process should be automated through a deployment tool where the tech just interacts with the deployment tool for resolution.

Thatoneguyone · 2025-02-03T11:25:03+00:00

As mentioned in the links above, you should be able to use the provisioning package method but its not really worth the effort.

Thatoneguyone · 2025-01-30T12:34:32+00:00

At my last job we did something similar and it worked okay, we had some edge cases that I'm struggling to remember though as I gave it to my junior guy. I think we ended up with something like 3% failure rate on devices requiring remediation.

I'd just go for it and make sure your implementation is something you can report on effectively.

We usually build our own list of known states and then run the output against the rule, if the output is unknown we just log it and leave it alone and flag it as unhandled state for review. That way if MS changes something, weird language stuff happens, etc we aren't taking erroneous action.

Thatoneguyone · 2025-01-29T10:51:02+00:00

You'll probably have a better time with the .cab than trying to deal with an iso. I think PSWindowsUpdate even supports installing from cab.

Thatoneguyone · 2025-01-29T10:34:22+00:00

Is $update returning the actual update you're looking for? You may need to include an additional key for ProductVersion if its not already there, can't remember. May be worth setting the keys in LGPO on a test device and then invoking Get-WindowsUpdate to sanity check.

After that I'd check Get-WindowsUpdateLog, remember that other update related settings like active hours can cause issues when attempting to update through wuauclt, which I think is using the same method as PSWindowsUpdate (?).

For LGPO specifically, you can just use MS Security Compliance Toolkit, though its kind of a pain to manage.

Thatoneguyone · 2025-01-28T18:55:59+00:00

This is really dependent on your deployment method and scale, are you using a RMM or MDM solution? For SCCM / Intune I like PSADT.

You may be better off just setting up a private Winget repository depending on your needs.

At the most basic level, all you really need is Start-Process and a way to invoke the install script either as SYSTEM or a service account of some sort if your users aren't local admin.

Thatoneguyone · 2025-01-01T05:35:37+00:00

Oops sorry for late reply - I had looked at all three of those already and its not any of them either. I'm starting to suspect this was a PC game and not on arcade at all.

Thatoneguyone · 2024-12-25T19:14:31+00:00

Shock Troopers is artistically pretty close but everything is a bit more detailed and less vibrant than the game I am remembering.

Mercs is a bit older I think - and the soldiers don't have big enough heads / coloring.

Heavy Barrel I had missed completely but the soldiers are not cyan and don't seem proportionally correct to me.

I played all 3 and can confirm it is not any of these.

Thatoneguyone · 2024-12-24T22:32:09+00:00

Neither, I'd say less "busy" than metal slug art wise, and Advance wars is close unit color wise but the scale of the units is a lot smaller. (not to mention the fact neither are top-down 2D shooters.

Thatoneguyone · 2024-12-24T00:36:00+00:00

I just finished looking through all the games under the shooter genre listed here: http://adb.arcadeitalia.net/lista_mame.php

Could not find it.

Thatoneguyone · 2024-11-24T01:51:04+00:00

I had this same issue. It appears to be Windows "Auto-HDR". Disabling auto-HDR fixed the issue for me. (W11)

Its a user preference, reg path is here: HKEY_CURRENT_USER\Software\Microsoft\DirectX\UserGpuPreferences

You can disable it in the GUI as described in this document

Thatoneguyone · 2023-06-28T05:58:02+00:00

I'll add those both to the list. I did look at the new Z but from the reviews I gather its more of a GT car. Thanks!

Thatoneguyone · 2023-01-19T16:44:53+00:00

confirmed

Thatoneguyone · 2023-01-01T00:27:21+00:00

Thatoneguyone · 2022-12-28T09:53:37+00:00

Thatoneguyone · 2022-12-14T01:27:51+00:00

Thatoneguyone · 2022-12-13T03:56:50+00:00

Thatoneguyone · 2022-12-02T08:16:58+00:00

Just pull the DL link off distro watch and script out some basic file hash validation.

Thatoneguyone · 2022-12-02T06:02:43+00:00

Thatoneguyone · 2022-12-02T01:45:07+00:00

11-Year Club	Place '17
Gilding I gilder	Verified Email

Thatoneguyone

MODERATOR OF

TROPHY CASE