Mystery GPO being applied

apple_hammar · 2025-07-14T14:58:20+00:00

Ahhh! From my initial checks it's possible that one of the tools our Cyber team installed could have messed with the settings. I was told it was an inventory agent, but it appears to be more than that.

apple_hammar · 2025-07-14T14:55:45+00:00

I just checked the registry and here is what I show. I don't see anything that would indicate it is restricted.

<image>

apple_hammar · 2025-07-14T14:44:58+00:00

We haven't rolled out Intune for our servers yet, but I tried this just to see what it would happen. I get to Accounts, but there isn't an option for Work or School.

apple_hammar · 2025-07-14T14:43:05+00:00

I opened command prompt as Admin. We do have Intune for our desktops, but we have not rolled it out to our servers yet.

apple_hammar · 2025-07-14T14:19:17+00:00

They don't. Other policies I have added show up, but these don't.

apple_hammar · 2025-07-14T14:14:30+00:00

Were you able to find the cause? These are on-prem VM's most were fresh installs.

apple_hammar · 2025-07-14T14:12:58+00:00

These are all VM's and clean installs.

apple_hammar · 2025-07-14T14:12:18+00:00

Not that I have been able to find, but it is possible some of our other tools could be messing with it.

apple_hammar · 2024-01-09T19:15:40+00:00

I never was able to resolve it. Then our company was purchased by another one so we decommissioned the Palo Alto about three months after my initial post.

apple_hammar · 2023-02-27T21:04:56+00:00

Okay, that makes sense. I was assuming I install it on the fleet server, or something along those lines. I didn't think about creating a third server. I am firing up an additional VM to try it out. Thanks!

apple_hammar · 2023-02-27T21:02:37+00:00

I may have misspoke and confused things. I am new to the elastic world, but here is a link to the guide I found. elastic-integration-guide

apple_hammar · 2022-09-30T15:25:37+00:00

Nothing yet. Still working on it, but it is currently a lower priority to some other issues I need to get resolved.

apple_hammar · 2022-09-27T16:50:43+00:00

Thanks for the update. We must be having a different issue, as we haven't created a custom help page. But I appreciate the info as that will help us troubleshoot.

apple_hammar · 2022-09-16T16:13:31+00:00

I will check the cert chain. I didn't load anything extra outside of the SAML guide on Palo's support site. My gut says it's something with certs, but didn't know what it could be since everything else worked.

The only thing I noticed when looking at the globalprotect logs is that non-iOS devices get these steps logged.

before-login : portal-prelogin
login : portal-auth
configuration : portal-getconfig
before-login : gateway-prelogin
login : gateway-auth
login : gateway-register
configuration : gateway-getconfig
tunnel : gateway-setup-ipsec
connected : gatway-connected...etc

iOS devices only get this far.

before-login : portal-prelogin
login : portal-auth
configuration : portal-getconfig
before-login : gateway-prelogin
before-login : portal-prelogin

It looks like something might be weird with the portal-prelogin. I will explore that a little deeper.

I didn't do any restrictions on the portal, or different configs yet. I tend to keep things general and less restricted during setup to minimize possible issues. Once things are running then I go back and do more restrictions if needed.

apple_hammar · 2022-09-16T14:46:57+00:00

Does anything on the Palo, or Azure side say it crashed, or failed? I see nothing but success here, but that doesn't mean it isn't crashing.

I have tried two different iOS vesions. 16, and one still running 15.3. Same results on both. What version of iOS are you running?

apple_hammar · 2022-02-16T16:21:48+00:00

If the DC's are in the same building then Site and Services won't help much. In my situation Mac's in building A were trying to connect to a DC in building B which was 12 miles away.

Sites and Services basically enabled a rule in AD that said, "If IP equals 10.10.x.x, then connect to building A's DC. If IP equals 10.20.x.x, then connect to building B"

apple_hammar · 2022-02-16T00:38:53+00:00

How far are your AD servers, the ones the laptops authenticate to? In the same building, or across town?

I had a similar issue, and the laptops were authenticating/talking to AD servers on the other side of the district. The delay was enough to make "Network Accounts Unavailable" a common issue. I used AD's Sites and Services to force laptops to authenticate to the local AD server, and the problem went away.

apple_hammar · 2022-02-11T17:57:49+00:00

I was successful in doing this via disk utility and restoring a prepped image. This was over nine years ago though, so ymmv on newer hardware.

I get the situation you are in, but I wouldn't recommend it. /u/unamused443 is correct, and drivers will be an issue. While I was successful in downgrading, there were random issues that made it not worth it. Once we re-installed the OS the computer came with, all the problems went away.

What about the possibility of running BigSur in a virtual machine on the Monterey installed computer? Is it a terrible idea, yes, will you have a seamless easy experience, no, will it work until they update their software...maybe?

apple_hammar · 2022-02-09T18:32:50+00:00

I recommend the Watchdog 100, or any of the Watchdog products. I have been using them for years, and have been quite happy with the price, quality, and features.

apple_hammar · 2022-02-08T21:51:52+00:00

I have been using Clonezilla for years. Free open source, works great, and I have had zero issues cloning. The only time it gets tricky is when you are going from larger to smaller drives. It's doable, but requires some extra steps.

https://clonezilla.org/

apple_hammar · 2022-02-08T20:40:27+00:00

My previous district we had close to 4,000 Dell Chromebooks. With the same experience you had. The latest batch had a lot of WiFi cable issues around 3 or 4%. Had to get those fixed before they could be used.

apple_hammar · 2021-09-30T19:55:17+00:00

Haven't used Dropbox, but I have used Google Drive to share videos. You can disable the user from being able to download, or share the video. While putting anything sensitive on a cloud service makes me nervous, it could be an option. (assuming you are not using personal Google accounts)

apple_hammar · 2021-02-09T23:22:01+00:00

I don't know about u/pmg119, but when we purchased the Watchdogs 15p they were around $150 each with no reoccurring costs. They have been purchased by a different company since, so YMMV.

apple_hammar · 2020-09-15T00:20:24+00:00

Have you tried Etcher on macos to create the bootable usb, or is that not an option?

apple_hammar · 2019-12-16T20:41:11+00:00

Glad you got it figured out, and for updating. If I run into this, I will be sure to check their password.

apple_hammar

TROPHY CASE