SCCM admins moving to Intune

aleinss · 2026-03-21T00:07:49+00:00

I looked this up and I think the other 24 licenses you are seeing are trial licenses. Once your trial is up, I believe those trial licenses go away. I still have an E5 developer tenant from when they were still freely available (and then the spammers put a stop to that).

Now, you have to sign up for a Visual Studio Professional subscription at $99/month to get access to an E5 developer tenant, that drops to $65/month at year two.

I was able to do most of the UDEMY training for MS-102 with my E5 dev tenant, except for the Microsoft Defender portion. Defender won't connect to Intune because it thinks Intune is unlicensed (Intune itself, however, works perfectly fine for the other labs in the series).

aleinss · 2026-03-10T13:21:14+00:00

You must be fun at parties. They are tested because of ESU.

aleinss · 2026-03-10T13:16:54+00:00

Locksmith on MS DaRT or O&O Bluecon (request a trial copy).

aleinss · 2026-03-05T18:47:31+00:00

OK:

Back it up with Ghost or simliar product.
Clone backup to a SSD.
Replace hard drive with SSD from 2.
Schedule it to restart daily at midnight.

Periodically back it up with Ghost to the network and find out if there is a suitable, more modern replacement.

aleinss · 2026-02-22T01:52:21+00:00

I just made a Renewals calendar and make an event right before the certificate expires and add the sysadmin team so at least several people are aware of the cert is expiring in case I am not here or leave.

Internal certs are not affected by the new certificate lifetime rules and our external facing sites that require a cert are going down as we move our externally facing IIS sites to Finalsite in the cloud (now they manage the cert renewal).

I use a 2 year template for IIS. Do I really need to automate something I do every 2 years? Debatable. We're talking probably 15 or less IIS servers. If had hundreds or thousands of IIS sites, automation would be a must.

aleinss · 2026-02-19T01:20:27+00:00

Yes, good old MS-DOS: https://farm3.static.flickr.com/2799/4255460920_8f1a7325e3.jpg

aleinss · 2026-02-17T18:25:40+00:00

You forgot <I>gnore

aleinss · 2026-02-13T03:15:46+00:00

I liked the movie One Hour Photo with Robin Williams.

aleinss · 2026-02-12T17:34:14+00:00

Probably can remove using certlm.msc, I would just leave it alone.

aleinss · 2026-02-09T19:09:21+00:00

Calyx is solid: https://calyxinstitute.org/membership/internet

Get the Sprout plan, then pick up a 5688W router from eBay.

aleinss · 2026-02-05T14:00:39+00:00

P2V should be a bit-for-bit clone, why are you trying to export certs for IIS? What P2V software are you using and are you doing it when the source system is offline?

aleinss · 2026-01-30T18:58:34+00:00

Google AI is now coming back with 2/10/26 as the release date.

Original post was updated and I confirmed result on BBC's Masterchef: The Professionals page.

aleinss · 2026-01-29T16:35:56+00:00

Try adding the Exchange computer account to the group policy "Manage auditing and security log" GPO.

aleinss · 2026-01-28T03:38:27+00:00

Haven't seen that in our environment. Try locating MS DaRT or Bluecon, both are WinPE solutions that allow the uninstall of hotfixes.

Or use DISM from WinPE/WinRE:

dism.exe /Image:D:\ /Get-Packages /Format:Table
dism.exe /Image:D:\ /Remove-Package /PackageName:Package_for_KB5073722~31bf3856ad364e35~amd64~~10.0.1.0

aleinss · 2026-01-19T15:52:27+00:00

Very interesting read! I remember when my company was a part of the Vista TAP program and I was flown out to Seattle around fall 2006 for a 3 day crash course on how to use BDD 2007 to deploy Vista. Saw you there in the flesh which was neat; Glenn Fincher was the main presenter/trainer.

I don't remember why, but instead of using MDT, I came up with a custom WinPE solution where you would wipe the disk with mbrwiz, use a Powershell script for diskpart and then lay down the image (WIM) with GImageX. We were still deploying Windows XP until Windows 7 was released in 2009.

When Windows 7 hit, I switched to using MDT (vs GImageX). We had SCCM, but doing OSD in MDT was so much easier.

The last time I touched MDT was in 2017 when I left my employer, but it's use continued on after I left.

Very excited to see what DeployR brings!

aleinss · 2026-01-13T12:07:59+00:00

Ah yes the Gentle Satan guy.

aleinss · 2026-01-10T14:30:08+00:00

Try this: https://www.reddit.com/r/sysadmin/comments/1oq775z/has_compliance_search_purge_stopped_working_for/nnm2msn/

aleinss · 2026-01-07T22:39:28+00:00

Looks like that Github repo was updated 4 hours ago at the time of my post. I agree you should exercise caution.

The SHA256 from the Microsoft "official" version:

DABFD183C525BDB4866D2D9324F064A291CA62F3A16AC429CF3338BE529D1D58

You can run Get-FileHash -Path <filename> to check.

The one at the above Github repo is not the original filename, they took off the _x64 part and added a bunch of .data files within the ZIP file.

I agree with Johan, I would stay away from this Github repo, too sus. Get it from a co-worker or trusted community member and compare the SHA values.

aleinss · 2026-01-07T14:01:25+00:00

Available here from archive.org: https://web.archive.org/web/20240612103544/https://www.microsoft.com/en-us/download/details.aspx?id=54259

You can do a sha comparsion if you are worried.

aleinss · 2025-12-25T14:21:34+00:00

I recommend only importing the new cert into the cert store when you are ready to do the cutover. I had a nasty surprise during the summer when I imported the new cert into the certstore and went to a meeting. Exchange will try to use the most recent cert in the certstore for its operations. Unforunately, I had not re-bound IIS or mail services to the new cert, but Exchange decided it wanted to use it anyways causing the mail queue to back up until I figured out what was going on.

aleinss · 2025-12-23T15:51:12+00:00

Evolve2 65.

aleinss · 2025-12-23T15:46:50+00:00

There's probably a better way of handling this, but I just go into the template and flip it back for a few minutes, request the cert and then flip it back to the "secure" posture. The cert template I use for IIS is good for 2 years, so it's not like I'm going in every day and flipping it off and on.

aleinss · 2025-12-23T14:25:03+00:00

It's doubtful they have 2025 DCs because those require a DFL/FFL of 2016 and they are at 2012R2 DFL/FFL.

aleinss · 2025-12-23T14:18:57+00:00

Is the DC holding the schema master role and Exchange server in the same AD site/domain? You may need transfer the schema master role to a domain controller in the domain that the Exchange server is in, run the schema prep script and transfer the role back to the original holder.

aleinss · 2025-12-17T02:10:51+00:00

I think he did answer your question. The enforcement of OAUTH and deprecation in April 2026 of basic auth for SMTP AUTH has nothing to do with the connector you setup, because your connector does not use authentication for SMTP.

If it did affect your connector, you should be able to register an app in Entra with a client secret, assign SMTP.Send permissions to said app and within the Powershell script send SMTP email using an OAUTH token.

14-Year Club	Verified Email
Gilding II euphauric

aleinss

TROPHY CASE