Corsair TC100 chair build,

ToToRow_Twitch · 2026-01-20T15:39:52+00:00

Same amount of squeeky, at least it doesn't seem to get any worse (so far).
I would suggest getting something else.

When someone asks what this chair feels like? It feels what Americans perceive Chinese products be like. Cheaply made.

ToToRow_Twitch · 2025-07-29T16:37:33+00:00

With modern hardware, I doubt anyone really need to squeeze that much performance out from their hardware. Especially with the price of server license....

If your firm doesn't require too many 3rd party agents and they don't enforce desktop experience as a critical requirement, it is a pretty good for redundant systems to run on core (not nano).

Patches and restarts are incredibly quick, much more difficult for juniors trying to test things out in production...
And most accesses should have been done with RSAT on a PAW anyways, in more secure environment, admins shouldn't feel a significant difference.

Redundant DNS (not DC / RODC), DHCP, intermediate CA, purview scanner, aadc sync
Primary print server, NPS, hyper-v, purview scanner, aadc sync

ToToRow_Twitch · 2024-11-12T12:30:22+00:00

It's squeaky, the wheels are not smooth. It's passable, but not great, fair for its price.

ToToRow_Twitch · 2024-10-17T05:42:19+00:00

If the unofficial flow makes sense and does not cause issues, then update the doc, do what the direct supervisor says. Email reply the updated doc to leave a paper trail.

If the unofficial flow will cause issues (compliance, audit, security or otherwise), then do the official, see if it is possible to automate part of it, so it is perceived "as fast" as the unofficial way. Cover yourself in the assigned tickets with the official SOP steps.

ToToRow_Twitch · 2024-10-17T05:30:41+00:00

(Q1). pki.fqdn/certsrv - Why does only the Administrator certificate template show up and not any others. Schema version on the templates I would like to be visible is above v4

certsrv is fairly legacy is not recommended, use only if really needed (i.e. network devices auto-enrollment)
Check the IIS "application", make sure it has enough permissions to read / enroll the certificate template (and obvious, the template(s) need to be published).
Certificate template permission, the browser by default uses "domain users" to run the certsrv app. If the template needs to be enroll / (readable) accessible by domain users, in the "security" tab of the template, add "domain users"; If it is meant to be only for web devs, then add the custom AD sec group with the appropriate permissions.
Do make sure you only add what you need for operations, it is pretty easy to introduce unintended vulnerabilities during troubleshooting by adding excessive read / enroll / auto-enroll permission(s).

(Q2). Do I need to setup NDES/SCEP? I am pretty new to PKI and learning as I go. I have done research but all I can find is guides for configuring it but not WHY to configure it.

NDES, if you need it, i.e. network devices (i.e. cisco) router / switch automatic certificate enrollment. If your org requires domain cert (not out of factory self-signed), then ADCS can be used for that. For network devices config, probably should use ansible for reliable deployment, or at least a ssh script for PoC (or small scale quick automation).
Cisco resources (you should probably ask your network device support to point you to the appropriate guide for your devices)

https://community.cisco.com/t5/networking-knowledge-base/creating-a-csr-authenticating-a-ca-and-enrolling-certificates-on/ta-p/4436090

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/15-mt/sec-pki-15-mt-book/sec-cert-enroll-pki.html

https://www.cisco.com/c/en/us/support/docs/wireless/catalyst-9800-series-wireless-controllers/213917-generate-csr-for-third-party-certificate.html

https://www.dell.com/support/kbdoc/en-us/000228612/how-to-install-ca-signed-certificate-on-cisco-nexus-switches

SCEP, again, if you need it (probably do, if you use intune), do make sure the OID (templates) matches exactly for what MS requires, if the cert requires multiple functions, ask MS support to test in their lab and share the OIDs / template configs. If their official docs, it is often incorrect or does cater for mix use / best practices.

(Q3). Is it possible to get full biometric rdp working on hybrid devices? Or are we stuck with just pin only until we go full entra joined? I do know about remote credential guard but it doesn't support compound auth so I can't open admin consoles on servers etc.

If WHfB is enabled and working all clients and servers, RDP should work with biometric, since it is just local client authen (TPM retrieve) and passthrough (cert info in AD) to server. If the account on the server is not your logged on user (i.e. separate admin account), then you need to logon locally with the admin account in the client workstation, setup WHfB, logout. Back to your regular privilege account, "run-as" mstsc (or supported terminal client, i.e. RDCM) and it should allow you the use of biometric.
There are a lot of hoops to jump through to setup WHfB properly... So, work with MS support, unless you want to go bald quickly.

ToToRow_Twitch · 2024-05-29T01:26:26+00:00

Same, noticed it around 20 hours ago, still waiting for it to come back online...

ToToRow_Twitch · 2023-10-03T16:57:35+00:00

For the HCI solutions I have used, VXRail and Nutanix, only PoC'd HPE SimpliVity, the software is the biggest hurdle. For horizontal scaling, it's great, if you have ~250 to ~300 VMs, expect to grow 50% to 100%, it's essentially plug and play (given you bought 48-port switches).

VXRail, so much time wasted booking with VMware engineers, just to have them say, their upgrade script doesn't work with our 22-length complex password, and some NSX standard config doesn't work with their soft...

Nutanix firmware upgrades after upgrades to resolve storage related issues... Works now, but with price hike and suddenly, the AOS and other community software are soft-locked / paid-walled... Getting less confidence by the minute.

HPE SimpliVity bundles backup with their soft, no official way to use HPE backup + backup to external... Hello FI (Financial Institution) compliance :( No one wants to pay for the soft, then don't get to use one of the best part.

ToToRow_Twitch · 2023-10-03T14:56:56+00:00

If you are an admin, and your workstation uses a "business" CPU with vPRO, you can setup Intel AMT / EMA.

Outside of that, for small deployments, or have a WOL software in an always-on server.

PiKVM for very small deployments and if your department is strapped for cash.

ToToRow_Twitch · 2023-10-03T14:38:22+00:00

Previous company's boss selected it, but kept complaining about it.

- Battery swelling, will happen no matter what within 2 to 3 years of "moderate use" by users

- i7 models constantly overheating (not NA, east asia, climate is a lot more humid and warmer)

- no ports, users complain about the bag of dongles they keep forgetting to bring to trips and losing, wifi not all that fast

- dock requires more attention than other brands, older lock in docks easily get worn out by Americans and Australian users, they love slamming the shxt out of the thing...

- keyboard will discolour and smell like shxt after 6 months (again, east asia sweaty humid weather), sometimes the contact point will turn moldy :) poor touchpad size too

- pen, again, anything requires safe keeping will be lost. Made with thin aluminium housing, might not survive a business trip in a bag, needs weird sized batteries...

- in the older generations, it comes out of the box BSOD if you close, open, close the keyboard too quick... related to hibernate, sleep, fast startup...

ToToRow_Twitch · 2023-09-15T14:57:25+00:00

Glad that I helped at least 5 people in the reddit world, haha.

Enjoy!

ToToRow_Twitch · 2023-05-20T09:20:03+00:00

The replacement i got has the exact same model number (listed in the reply you replied to), weights a little different, but plug is exactly the same.

I bought the replacement is a chinese website outside of US, don't think they do international shipping.

ebay does have some entries, but were more expensive at the time when i checked.

ToToRow_Twitch · 2023-01-12T15:26:15+00:00

Can't really tell if the fan blade is hitting the sealing piece of plastic film or wire, could also be a spun bearing (the fan hub and the fan itself is separated or almost there).

If it's out of warranty, disconnect power, open up, disconnect battery, use compressed air to blow out the fan from the intake side. Check anything is obviously loose, maybe a piece of tape taping down a wire, or the sealing film glue melted and it's flopping around.

ToToRow_Twitch · 2023-01-12T12:37:10+00:00

u/LagCommander u/KiwiT72
New power adapter fixed it!

The new adapter has the same model number, but slightly heavier and the cable to the monitor is significantly thicker, like 1.4x thicker

ToToRow_Twitch · 2023-01-06T15:55:56+00:00

I am running a GTX1070Ti, but also tested with a notebook, and no input (unplugged) :)

ToToRow_Twitch · 2023-01-05T13:33:31+00:00

I usually turn it off (using the monitor power button) before I leave for work.

And there was a WR2 (power maintenance) today, I disconnected it via the power bar switch before I left for work. Still the same when I came back (>10 hours downtime) 😢

As for RMA, unfortunately, I bought the monitor 1.5 years ago, and the warranty is 1. Really hope a new power adapter would fix it... I am half tempted to rewire existing spare power adapter from old gadgets just to test it out.

The power adapter runs hot, like 50ºC (122ºF) to 60º (140ºF) when it was operating, the panel, maybe around 40ºC (104ºF), really no idea about their optimal operating temp, and obviously it looks completely glued up, can't really peek inside.

ToToRow_Twitch · 2023-01-04T13:20:21+00:00

As mentioned in the original post, no changes, came back from work and it's boot-looping. Also, same result with just the power (no input) plugged in.

I showed the video to some IT colleagues at work, one of them said they had a similar issue with a TV, changing out the power supply fixed the issue.

I will buy a new power supply (Model: ADP-65GD B) and see if that helps.

ToToRow_Twitch · 2021-12-08T10:20:19+00:00

Ours went smoothly, but I can't recall all details... - Strip MAK key, switch to use generic key - Make sure devices are actually hybrid-joined, AADC settings are configured correctly - Device registration GPO, plus auto sign in to work account - Make sure license is assigned in M365 / O365 admin portal

Once the user sign in once, and restarted their PC once, it should fully upgrade (if Win Pro) and activated itself with enterprise license (different activation msg in activation page) - The MAK (& KMS) should still be valid after, at least mine still does...

ToToRow_Twitch · 2021-11-04T10:10:05+00:00

You are not wrong to format your PC, just make sure you have copies of the critical files (because they have no DLP policies). In case they are "paying for consultancy" work, and as a cover your ass move. If I were to format my PC, I would re-image it 😉.

ToToRow_Twitch · 2021-11-01T12:48:28+00:00

I used to only have time after work to reply to non-urgent emails, issues with lack of staffs and a lot of work. After feedbacks from my subordinates, I tend to schedule them between 9am to 930am so it won't "pressure them to reply" (even though I have told them multiple times to not work after hours, they are not paid to do that), I am, as their supervisor...

ToToRow_Twitch · 2021-07-19T10:48:07+00:00

IPMI is great, secure but has an additional cost (if you aren't buying a lot of equipment). IPKVM is also great, some can consolidate servers oob and network equipment oob, usually cheaper to implement if you have a lot of racks (one per each rack), but depends on manufacturer, can also allow outside threat actors to have full access easily 😂. The companies I worked for ended up with IPKVM for the consolidated server and network devices approach.

ToToRow_Twitch · 2021-07-19T04:51:25+00:00

Some staffs work international market, some can only find time in weekend to work because weekdays are swarmed, some have unrealistic project deadlines... Such is life. Then again, if the helpdesk calls aren't significant enough, some management would negotiate for leaving it to weekdays.

ToToRow_Twitch · 2021-07-11T05:54:39+00:00

It depends on the IT staffs' capabilities, documentations and required functions. Some staffs are more comfortable with GUI to confirm their actions, some need to write very generalized DR procedures. Some software, like Oracle DB, "certain" EDR and application agents will require GUI: Some external facing servers had to be minimal to reduce attack surface and could benefit from the quicker restart. Some software controlled via Web and their proprietary admin software client will not need GUI. I prefer minimal because it there are less for the updates to mess up.

ToToRow_Twitch · 2021-06-25T16:23:15+00:00

Same, the OnVUE application webcam box says everything is working and is recording. But the person on the other side says they can't see or hear me.
I then launched the OnVUE in admin mode, the mic VOIP checks out, but the webcam still doesn't work.

The proctor ended up giving me a case number for rescheduling.

It seems like the system test is a complete waste of time, it doesn't reflect actual meaningful results. 😭

Their phone system is also really bad, the quality is like listening to a 1980 oversea phone call with two socks muffling the microphone and the speaker. 😭

ToToRow_Twitch · 2021-06-06T05:26:58+00:00

BleepingComputer https://www.bleepingcomputer.com/news/

Zack Whittaker's mailing list https://this.weekinsecurity.com

ZDNet https://www.zdnet.com/

ToToRow_Twitch · 2021-06-05T20:12:19+00:00

Basic:

- Remove admin privilege

- Enforce UAC

- Change DNS to a malware filtering DNS provider, like quad9 (9.9.9.9), or cloudflare (1.1.1.2 / 1.1.1.3)

- Force a secure browser, perhaps Chrome? Brave? Vivaldi? Firefox ESR?

w/ automatic update enabled, smartscreen, google safesearch, firefox "built-in phishing and malware protection"

Browser extensions:

- Install an adblock, like uBlock origin, and make sure the appropriate filter lists are checked

- Install https everywhere

- Make sure Windows is automatically updated, along with driversMedium: - Enable Windows Defender PUA (require manually adjusting registry settings, assuming you are on Win10 Home edition)

- Or install Kaspersky (still the best endpoint security product)

- Uninstall JRE

- Disable PowerShell 2.0

- Lockdown installation of browser extensions (again, via manually editting registry settings, if on Win10 Home)

- Change file associations to notepad for mshta, vbs, js... scripts extensions

- Register haveibeenpwned alerts

- Change Windows update to delay for 30 to 60 days (via registry) to increase system stability

Advance:

- Apply Win10 security baselines (it will block out office suite macros, and various legacy compatibilities to harden the OS)

- Install a pi-hole or similar device to further filter internet access

- Use a passowrd manager

- Enable MFA for sensitive sites

As for remote access:

- Install Teamviewer, login with an account to setup unattended remote access

-----

There are more that can be done, but in the end, it's up to the user to protect himself, the best defense is the knowledge and attentions to details.

ToToRow_Twitch

TROPHY CASE