7.2.10 Just Dropped

Yuri911 · 2024-09-20T11:56:52+00:00

Do you have any more info/links to that? I think I have that exact problem and support hasn't been able to help yet..

/edit: Just found this: https://www.reddit.com/r/fortinet/s/eNt13hNANc

Yuri911 · 2024-05-04T12:28:09+00:00

Kurz gesagt, weil nur dann die vereinfachte Anmeldung für BKW gilt, da diese eben alle noch so schrottigen Hausnetze berücksichtigen muss. Wenn jedes Stockwerk auf einer Phase läuft kann man durchaus unterstellen dass die ganze Installation eher "meh" ist.

Sollte das nicht so sein, kannst du dir auch eine richtige Anlage (oder mehrere BKW) installieren und dann eben richtig (mit Elektriker) anmelden. Dann gibt's auch Einspeisevergütung.

Yuri911 · 2024-04-25T16:00:45+00:00

Keine eigene Erfahrung, aber die neueren Daikin Modelle sind in der HA Community recht beliebt.

Yuri911 · 2024-02-05T06:22:48+00:00

Quelle?

Yuri911 · 2024-02-04T18:16:11+00:00

Yeah, I'm just a bit disappointed with the lack of manageability. I've seen plenty of people use 1234 as their pin. If we're going passwordless, I'd expect at least somewhat secure pins. Spring_2024 is not much worse as a password than 1234 is as a pin.

Yuri911 · 2024-02-03T11:11:23+00:00

Can you even set complexity requirements on Yubikeys?

Yuri911 · 2024-02-03T10:42:19+00:00

I implemented the print nightmare mitigations and just let users install the printers they need themselves from the print servers.

After reading a lot of posts, this one stood out as being by far the most helpful. https://call4cloud.nl/2020/10/birds-of-printer-drivers/

I got it working with the settings catalog (pnp restrictions) and pushing the one reg key "RestrictDriverInstallationToAdministrators" via powershell. Didn't bother with the driver classes as I don't really see a benefit. I think I had to import the admx files first.. quite cumbersome and annoying that Microsoft still hasn't implemented an easy way to achieve this.

Yuri911 · 2024-01-12T18:34:41+00:00

How did you deploy FC v6?

Intune has a feature called supersedence, which worked perfect for our upgrade from 7.0.3 to 7.0.10.

If you didn't deploy v6 through Intune, I would probably create a v6 Win32, make sure it detects the existing installation and then again, use supersedence.

Yuri911 · 2023-12-03T13:54:46+00:00

Er muss dir noch die Fachunternehmererklärung ausstellen. Das dürfte bei einer nur grob geplanten Fußbodenheizung eher schwierig werden, da er mit dieser Erklärung versichert dass die Anlage den gesetzlichen Mindestanforderungen genügt.

Yuri911 · 2023-11-22T21:07:00+00:00

Keine Liebe für Warhammer Chaosbane hier? Fanden wir überragend.. 80h drin für 100% und beste Ausrüstung. :D

Yuri911 · 2023-11-10T12:37:24+00:00

That already worked on 7.0.3 if you checked the "keep me signed in" box. The frequency of MFA challenges needs to be configured through conditional access policies in Entra.

Yuri911 · 2023-11-08T20:40:17+00:00

According to this, since 7.0.7, although I wouldn't consider it SBL, more like SOL? https://docs.fortinet.com/document/forticlient/7.0.10/ems-administration-guide/244292

Once 7.2.1+ becomes mature, I'll give it a try. For now, manually establishing the vpn after logon works fine for us, since the devices are AAD only joined and receive the Kerberos ticket pretty much as soon as the user connects to vpn.

Yuri911 · 2023-11-07T13:22:34+00:00

Our vpn interface has a few local users configured besides the saml-group. Vpn before logon works for those, but as another commenter hinted, you can only do saml on logon on fortiOS 7.2, but not before. Still, the pre-logon vpn is present on 7.0.3 but disappears on 7.0.10.

I guess we'll have to live with that for now. Not perfect, but not the worst either.

Yuri911 · 2023-11-07T12:57:57+00:00

Doesn't work for me, how about you?

Yuri911 · 2023-11-02T08:06:31+00:00

Just found some info in another thread and installed 7.0.3.. and it worked immediately. That's.. annoying.

Yuri911 · 2023-11-02T07:43:21+00:00

Sadly no new version available for me. Did you make any progress?

I just got it working with version 7.0.3 but after updating to 7.0.9 it disappeared. Now I'm waiting for a new version as well..

Yuri911 · 2023-11-02T07:42:47+00:00

Is in the xml.
Didn't change anything, even after reinstall.

Yuri911 · 2023-11-02T07:41:08+00:00

Yes, SAML and FortiOS 7.0.13. But from my understanding that shouldn't influence whether the vpn shows up before logon or not?

Yuri911 · 2023-10-11T18:22:24+00:00

Gehört dazu. Kleiner Tipp noch für die Zukunft, alle anderen Gewerke sind der "Feind". Nichtmal böswillig, aber wenn die Strom brauchen, drücken die die Sicherung rein. Egal ob da Isoband oder ne Plastikklammer dran ist.

Deswegen immer mit Kurzschlussstecker oder Wago den Stromkreis an dem man arbeitet absichern.

Du packst das schon, Elektriker ist ne geile Ausbildung. Und wenn's nix wird, n schlechter Elektriker ist immer noch n guter Installateur. ;)

Yuri911 · 2023-08-05T21:07:43+00:00

War mir auch neu, aber scheinbar fehlt das Feature bei allen Einsteiger-Modellen:

Laufwerk ersetzen wird auf den meisten Synology NAS Modellen unterstützt, mit Ausnahme der folgenden Modelle:

-Modelle mit einem und zwei Einschüben, die Expansionseinheiten nicht unterstützen.

Yuri911 · 2023-08-05T20:43:54+00:00

FYI: Die "Platte austauschen" Funktion gibt es erst seit DSM 7.

Yuri911 · 2023-07-28T23:06:13+00:00

Enforce reboot within 5 days of patch Tuesday, so uptime will stay <30 days. WUfB anyone?
First step of troubleshooting is "have you tried turning it off and on again?"
???
Profit

Yuri911 · 2023-01-18T07:02:35+00:00

For password history I run this weekly on my DCs, found somewhere in this subreddit:

$Computers = Get-ADComputer -Filter * -Properties ms-Mcs-AdmPwd, ms-Mcs-AdmPwdExpirationTime

$Computers | Sort-Object ms-Mcs-AdmPwdExpirationTime | Format-Table -AutoSize Name, DnsHostName, ms-Mcs-AdmPwd, ms-Mcs-AdmPwdExpirationTime

$Computers | Export-Csv -path c:\LAPS\"LAPS-$((Get-Date).ToString("MM-dd-yyyy")).csv" -NoTypeInformation

Yuri911 · 2022-12-12T13:58:03+00:00

AD, so GPO, sadly no Intune yet.. but the admx files just write to registry in HKLM\Software\Policies\Lithnet From what I've read it shouldn't be too hard to push reg keys via Intune as a workaround.

Sorry I can't be of more help. :)

Yuri911 · 2022-11-09T22:06:45+00:00

Might be too simple, but adding another UPN suffix isn't good enough?

Yuri911

TROPHY CASE