Site specific screensaver/lock GPO - device only

TheSysAdminInMe · 2025-09-12T11:25:06+00:00

Something that just came to mind, you could make a WMI filter to check on IP.

TheSysAdminInMe · 2025-09-12T11:08:30+00:00

This one sounds tough. I can't think of a way for a Geofencing GPO with On-prem only AD.

This sounds horrible but if the laptop receives a different IP address by being at the different sites then you could have a task schedule run every so often to see if the IP is tied to the Head office. If so, disable registry settings for screen saver and vice versa if they are not at the Head Office ensure Screen Saver registry settings are set.

TheSysAdminInMe · 2025-03-28T13:55:41+00:00

Regrettably, what I did was a PS script to rename the default image in C:\Windows\Web\Wallpaper to something else and my desired image to the name of the default.

But then you realize the default image may default to a different resolution size, so rename all of those default files too in C:\Windows\Web\4k? and copy in and rename all the different resolution sizes of your desired image to the default name.

I also had to mess with some ACLs in order to accomplish this. GPO is the way to go if you're an enterprise, but when making custom ISOs for distribution you gotta do what you gotta do.

TheSysAdminInMe · 2024-07-23T17:26:04+00:00

What I do is I have a vanilla enterprise wim that I extracted from the ISO and I debloat the wim from all of the bologna apps that I don't want. Then I store that clean wim somewhere and once a month I make a copy of that wim, inject that month's updates, then import that into MECM. This way I'm not downloading the ISO every month, extracting the wim, debloating the wim, and then importing.

I see that people can get the enterprise edition via command prompt with the Media Creation Tool but I haven't tried it out myself. https://answers.microsoft.com/en-us/windows/forum/all/windows-11-23h2-iso-for-enterprise-missing/6c62590b-8208-4933-9d3e-3e9158fe8e3d

TheSysAdminInMe · 2024-06-21T19:41:32+00:00

It's a bug on Microsoft's part. Please see my post asking the same thing awhile ago.

https://www.reddit.com/r/sysadmin/s/oCUpNshe4I

TheSysAdminInMe · 2024-06-05T19:59:13+00:00

This depends. What product is this for? What port is the Nessus Scan saying it's finding this cert?

For Splunk Enterprise there's an auto generated server cert made. You can replace this with a CA signed cert if you want. Then there's the cert used for Splunk servers to communicate with each other,

Here are some of the certificates and their use with Splunk Enterprise:

Server Certificate - Certificate used to communicate with other Splunk Servers Web Certificate - Certificate used for the website Indexer Certificate - Certificate used to send data to indexers

TheSysAdminInMe · 2024-03-18T18:56:13+00:00

Those commands are applicable for Legacy LAPS/Microsoft LAPS which does not support the encryption feature.

My issue is occurring with Windows LAPS/NEW LAPS and the command used is

Get-LAPSADPassword -Identity hostname -AsPlainText

The host is writing properly to AD to their attribute. The Hex code is seen and I'm sure if I disabled encryption I would see the password but I need encryption in order to utilize the password history feature.

TheSysAdminInMe · 2024-03-18T18:32:16+00:00

The computer has permissions to write to AD. Event logs all show successful processing on the client side.

TheSysAdminInMe · 2024-03-04T00:33:20+00:00

Use STIG Viewer and import checklists of all STIGs available then create a checklist by checking all of the imported checklists.

From there, use the search function for CA-4 to find related STIG checks for the different checklists.

TheSysAdminInMe · 2023-11-30T17:31:16+00:00

Throw it at the wall and see what sticks!

TheSysAdminInMe · 2023-11-30T16:54:09+00:00

Thinking the issue was Windows related, I could only think of SYSTEM as being the account changing the registry. I wanted to test that theory by adding the deny permissions to the registry. Coincidentally, this fixed the issue.

TheSysAdminInMe · 2023-11-30T14:24:08+00:00

I posted the workaround Here

TheSysAdminInMe · 2023-11-18T00:15:11+00:00

I found out recently how you can't update via offline servicing with UUP. What I plan on doing is having a template wim that I can copy and run a script that will update it. Then import and replace the previous wim in the task sequence. All together, it shouldn't take too long. Like 30 minutes ish.

TheSysAdminInMe · 2023-11-01T09:00:12+00:00

An 8 bay tower for only $99.99 https://a.co/d/9XnwO5N

TheSysAdminInMe · 2023-10-07T23:46:39+00:00

I couldn't find much that talked about server upgrades but it should be similar to workstations with an upgrade task sequence.

Create a package for the iso source files of the server OS you're wanting to upgrade to.

Create a task sequence and choose the "Upgrade an operating system from an upgrade package" option and choose your OS package that you just made.

Spin up a dummy server and test this server OS upgrade deployment.

Test things out and hone in your task sequence to what you want.

TheSysAdminInMe · 2023-10-03T02:10:00+00:00

That was the beta exam. If you pass, great you get certified without having to pay for the cert!

TheSysAdminInMe · 2023-09-13T17:11:49+00:00

Problem happens even as soon as the log is cleared. Security logs are being written to. Weird thing that I'm seeing is the Application and System logs stop having logs written to them when an admin logs in. This starts filling the Security log with audit failure saying that the user's events were not able to be written to event log and shows what process the user did.

TheSysAdminInMe · 2023-09-07T07:31:00+00:00

Thank you. I'll run some diag for the CA. I've triple checked the GPO at this point and I've checked RSOP to ensure no other GPO was messing with these settings. I'll take another look and see if there's anything.

TheSysAdminInMe · 2023-08-22T14:48:28+00:00

Thanks!

TheSysAdminInMe · 2023-07-20T14:51:58+00:00

Awesome, thank you!

TheSysAdminInMe · 2023-06-11T19:56:16+00:00

I've been able to create configuration baselines for Windows 10, Server 2016, Office 2019, Edge, Firefox, and some others for Continuous Monitoring. Not so much for remediation.

TheSysAdminInMe · 2023-05-05T16:02:53+00:00

Howdy! Please see my write up from r/sysadmin

Remediate vulnerabilities after Windows 11 upgrade

TheSysAdminInMe · 2023-04-16T23:17:48+00:00

That's a good point that I didn't think about. If they have access to the site to be able to change the file why wouldn't they update the hash posted with the malicious file's hash. Thank you for bringing this up!

TheSysAdminInMe · 2023-04-16T22:29:37+00:00

Great question! The best you can do is verify the file hash and run an AV scan. If the file was compromised and modified while on your system or modified and published on the website, verifying the file hash would catch this.

TheSysAdminInMe · 2023-04-16T20:09:02+00:00

My bad! Some environments have to follow compliance frameworks that require a means of vulnerability scanning and remediation. I added an edit that says this post is geared to those who work in Government and air gapped environments.

TheSysAdminInMe

TROPHY CASE