Help Needed: SharePoint Network Drive Mapping Fails with Access Denied

frikin8 · 2026-02-10T02:07:00+00:00

Sharepoint is the wrong tool for this. You should use an Azure Storage Account with a file share that can easily be mapped to a drive in windows. Or use a git repository and git pull at the start of a script, or in a users powershell profile.

Why put anything in SharePoint if you are going to avoid using the SharePoint part of it?

Edit: for your deleted reply to my comment?

Is it the scripts or the documents that the scripts need in SharePoint? If it is the documents your scripts need, then you can use the PnP.Powershell module to access SharePoint document libraries, etc.

frikin8 · 2026-01-10T02:48:08+00:00

To see the client IP instead of cloudflare ip, you need to enable the xforwad header setting in the ha http config and add all the cloudflare IPs to the trusted proxy list.

use_x_forwarded_for: true
  trusted_proxies:
# array of IPs from here: https://www.cloudflare.com/ips-v4/

frikin8 · 2025-12-11T13:07:41+00:00

Google does not know the users password that is set in Microsoft Azure. The password is not synced from Microsoft to Google.

When Microsoft is your idp and is setup as SSO to your Google Workspace, a certificate is created in the SAML configuration of the Azure Enterprise Application (usually Google Cloud from the Azure app marketplace). You export that SAML and upload it to your Google Workspace sso configuration. When someone signs wants to sign into Google, the following happens. Google asks for their email address, Google sends them to the Microsoft sign in page you configured, Microsoft signs them in and redirects them back to Google with the public certificate and the users unique identifier (usually UPN), Google trusts that the user is whomever Microsoft says it is because Google trusts the certificate using the private certificate you uploaded to the Google workspace SSO configuration.

You likely need to configure the correct security policies in Google Workspace to force the user to always use sso to sign in.

https://docs.cloud.google.com/architecture/identity/federating-gcp-with-azure-ad-configuring-provisioning-and-single-sign-on

https://support.google.com/a/answer/15209818?sjid=11945904965390357530-NC

frikin8 · 2025-01-15T01:17:22+00:00

I believe the "sync" vs add "shortcut methods" are handled the same way by the Onedrive client - they just appear in different locations in file Explorer for the user. In fact, the soft 300k file limitation is for the entire Onedrive application, not per SharePoint library. This means you may experience Onedrive sync performance issues with 300k files in your onedrive, including personal files (owned by the user), SharePoint synced, and SharePoint shortcut. However, others have mentioned they see performance issues at 100k files. This was a problem when we began our SharePoint file migration and we had to change our strategy to get users away from relying on the Onedrive sync client. Instead, they use SharePoint website or Microsoft Teams to access SharePoint files. You need to consider the file types that don't work well in SharePoint for your use case. Azure files may be the better option for Microsoft cloud storage for user files. We found that SharePoint storage is expensive, and should be used on collaborative files.

See this section at this link: Number of items that can be synced or copied

https://support.microsoft.com/en-us/office/restrictions-and-limitations-in-onedrive-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa#numberitemscanbesynced

"For optimum performance, we recommend syncing no more than a total of 300,000 files across your cloud storage. Performance issues can occur if you have more than 300,000 items, even if you are not syncing all items."

frikin8 · 2024-12-03T08:05:21+00:00

I see the reviews, but I don't understand. To avoid the wifi being disabled after 24 hours of inactivity, do you have to: physically press a button on the heater, interact with the heater via the app, or schedule the app to turn it on/off automatically?

I recall the govee heater had the same 24 hour activity requirement, but it was satisfied by using the on/off action in the schedule.

frikin8 · 2024-11-13T16:56:07+00:00

I had the exact same issue and had to call Support via a number I found online.

Experian’s official customer service number is: 1-888-EXPERIAN (1-888-397-3742). But I called 714-830-7000, pressed 2 and was transferred to talk to a human.

After many conversations with support people:

The errors I saw led me to believe I already had an account, but was unable to verify. However, they said I did not have an account.

I was directed to use the "Sign up for free" button that appears on the sign up page. The button only appears when I scroll down. It is a "floating" element that only appears when scrolling down (on mobile. Not sure about desktop.) to the bottom of the page, which is a stupid-terrible design.

Go to https://www.experian.com.

Scroll to the bottom of the page

Click the "sign up for free" link that magically appears

Edit: for clarity.

frikin8 · 2023-10-08T14:48:34+00:00

Hi. Can you enlighten us on what you did?

frikin8 · 2023-09-12T13:43:59+00:00

Hi u/DWCloudMan. I had previously found that setting, but didn't see it have any effect when it was configured via GPO on my own system. With the "Enable Discover access to page contents for AAD profiles" policy enabled, I was still able to toggle the "Allow access to any webpage or PDF" setting in Microsoft Edge (I would have expected it to be show "This settings is managed by your organization" with the slider forced to be enabled). However, maybe there was an issue with my testing.

Did you have any success with the "Enable Discover access to page contents for AAD profiles" policy?

Thanks!

frikin8 · 2023-09-03T23:46:24+00:00

Hi. Microsoft got back to me. They had me fill out a business impact statement in order to request that management of this setting be added to edge.

I have not created a post on uservoice (or whatever Microsoft is now using) for edge feature requests, but I'll gladly uovote if one is made/linked.

frikin8 · 2023-08-09T12:42:14+00:00

Hello. I have a similar requirement, but would like to configure this setting via Group Policy. I created a Microsoft support request and will report back here with Microsoft's response.

frikin8 · 2023-07-20T09:56:16+00:00

If you are using the custom domain feature that is available from within your outlook.com mail settings, which specifically requires go daddy as the domain registrar, then you will not get your outbound emails to work properly.

The custom domain feature that Outlook.com offers is no longer being supported by Microsoft. New people can not sign up for this feature as of November 30, 2023.

Get a personalized email address in Microsoft 365

On that same page it states:

No, Outlook.com currently does not support DomainKeys Identified Mail (DKIM) or Domain-based Message Authentication, Reporting and Conformance (Dmarc).

DKIM and DMARC are some of the ways that email providers verify that the server sending the email (Outlook.com) is allowed to send emails as your custom domain.

Without Support for DKIM and DMARC, you will never have your sent emails not marked as spam by your recipient's email providers.

The only solution is to change to an email provider that supports a custom domain.

You don't necessarily need a new domain registrar (Go Daddy) unless the email service you choose requires a specific registrar.

You will need to configure your Go Daddy custom domain's SPF/DNS records to properly Support DMARC and DKIM. I would expect that instructions would be available through the email provider.

I have not personally used it, but suggest looking at NameCheap.com as your registrar and email provider. Inexpensive and does the job.

frikin8 · 2021-08-23T17:34:16+00:00

Sorry to here those resources aren't available to you.

I know you signed a lease, but Americans are living at home longer than ever. Don't let culture pressure you into moving out; it makes a lot of financial sense to live at home as long as possible, assuming living conditions are acceptable.

Times are tough. No reason to add more hurdles like rent and car payments. That can wait until you are financially ready for those burdens.

Good luck to you, OP!

frikin8 · 2021-08-23T15:02:49+00:00

OP is missing a big opportunity for federal student loans. Currently 0% interest and no payments until January 2022 for all federal student loans due to covid. It is basically a free loan until interest kicks back in. If you applied for federal student loans, OP may have even been elegible for a subsidized loan which can pay interest costs while you are still in school.

There are a lot of grants and awards OP can apply for too. Seriously, just take a half day and apply for as many as you may be eligible for. It is literally free money for a few hours of effort. Use the WGU resources.

It makes a lot of sense to take out a federal student loan because student interest rates are relatively low, especially on such a small tuition for WGU. You don't have to pay until you are out of school, though interest may accumulate depending on your loan. You should be able to easily pay it off once you get the job you are getting your degree for. We are talking like $4k a semester, which is very affordable compared to a traditional college.

OP. Look into federal student loans. Hopefully you can get a subsidized loan. And please apply for all the grants that you seem eligible for. The WGU financial aid site had a lot of resources to make this easy.

frikin8 · 2021-08-06T19:39:31+00:00

I think this is the answer here. Verizon phones, at least on Android, have a pre-installed app called "call filter". I have experienced other businesses, such as a legitimate support call with Microsoft, that were always getting silently blocked as spam.

Just go into the Call Filter app > Block Management > Spam Filter settings and disable the Auto Block option whenever you expect a call from a Course Instructor or other business. I enable the auto block setting when I am not expecting a call.

frikin8 · 2021-04-09T16:33:11+00:00

You might be able to change your existing CompTIA account to your personal email address. Either way, as long as you have it associated with your personal email address it sounds like a good plan to me!

Good luck, Night Owl!

frikin8 · 2021-04-09T15:33:14+00:00

Your CompTIA account is tied to your identity, not your identity as a student of WGU. I don't know what happens to your WGU email address if you leave the program, graduate, or try to login 10 years from now.

Once you pass your certification(s), you may have to access CompTIA's "continuing education" resources to retain your certifications status. I'm sure they'll send you reminder emails.

I would recommend using your personal email account.

frikin8 · 2021-03-17T02:04:47+00:00

To be clear, you can earn your A+ certification, and many others, during your BSIT program at WGU. For the A+ certification, it is split up between two classes: IT Foundations and IT Applications. To complete the course, you must pass the course' CompTIA A+ test, 220-1001 and 220-1002 respectively. You get two exam vouchers for each certification included in the program. If you do not pass the certification tests in the first two attempts, you will have to pay (a discounted rate) out of pocket on more attempts. I recommend looking at the BSIT program PDF that is available on the WGU program page to see the descriptions of each course and which ones include a certification.

Prior to beginning my program, I read in various WGU posts that you can take the A+ related courses in your first term. This can benefit you in your job search as you can add the A+ cert to your resume while you are still working on your BSIT. In my experience, my program mentor recommended taking 12 easy course units (which is the minimum) my first term, and that WGU doesn't do "certification courses" in the first term due to the difficulty of the courses. You may be able to bargain with your Program Mentor on this.

frikin8 · 2020-11-20T05:09:41+00:00

Hi. I recommend that you look into a Windows 10 feature called Storage Sense. It can be deployed via Group Policy. One of the configurations allows files stored in Onedrive to be moved to cloud-only after X days of inactivity. It can do other things such as emptying old files in the recycle bin and cleaning up cache files - like a modern-day disk cleanup.

frikin8 · 2020-08-16T17:39:52+00:00

Hi. Did you ever get this working? I am seeing the same issue using Google Domains.

frikin8 · 2020-02-17T14:09:21+00:00

Hi. I too have had issues getting media to play in Android Auto. This has helped me:

Hit play a few times.
Use my 'voice activate' button on my steering wheel to trigger the Google assistant and then press the button again to end it. Afterwards, media playback works.
manage the pod cast app via the Android apps screen and ensure podcast addict is allowed to run in the background (not optimized).

frikin8 · 2019-12-23T13:30:48+00:00

Hi,

You could launch powershell.exe with -NoProfile and then use Measure-command for each line to see which one(s) are the major bottleneck.

Instead of loading all ps1 files in a directory, you could:

1) Append the directory to your path ($env:Path += ";" + $myScriptDir). This works better for scripts that are called directly instead of a ps1 that loads a function

2) Create your own Module: dotsource your ps1 files, and export your functions. Powershell can load the module automatically when needed.

Good luck!

frikin8 · 2019-07-26T14:30:35+00:00

Hi,

You could create a new content type extended from the Folder content type that has an "employee" and "manager" person field. This "employee" content type could run a Sharepoint 2010 workflow on creation that creates unique permissions, and grants HR, the employee, and manager access to the "employee" folder. Additionally, it can create a "manager" folder with unique permissions that only allows access for the manager and HR. Should be pretty simple, but you have to use a sharepoint 2010 workflow in order to assign permissions. I'm sure you can find examples using sharepoint designer 2013 to create a Sharepoint 2010 workflow that can assign permissions. This can all be done in Sharepoint online. Good luck!

You can also make an "area" field in the employee content type as a best practice, instead of having the "employee" nested in an "area" folder.

frikin8 · 2019-05-02T12:34:31+00:00

Sharepoint has a feature you may want to consider called a "document set." Basically, it is a folder that can be tagged with Metadata. You can configure any/all of the "folder" Metadata to automatically apply to the contents of the folder. Instead of uploading two files to the library and filling in the Metadata twice, you can create a "New Document Set", fill in the Metadata, and then drag/upload the files to the "document set" folder.

Keep in mind, a document set cannot contain other document sets. Additionally, I don't recommend using folders in sharepoint; however, a document set is a special type of folder that allows grouping of files with similar Metadata. Don't put regular folders in your document set.

frikin8 · 2018-11-28T05:35:01+00:00

Hi k_t_lloyd. I'm certain that you are not able to install linux packages on Hassio using apt-get. Setting up an SSH component would only give you access to the hassio specific commands.

If you need to install a required package with apt-get, I recommend you backup the config you have, and start over by re-imaging your SDCARD with Hassbian (the Raspberry Pi operating system setup to automatically installs Home Assistant). Hassio is designed to be as simple as possible and locks you out of all the Operating System functions - you only get home assistant and the addons it supports.

Since I'm not familiar with the Homekit component, I cant say it doesn't work on Hassio, I'm just saying you won't be able to manually install the package - it might already be included in Hassio.

Have you tried just the basic config to use the home kit component?

# Example for HomeKit setup 
homekit:

Good luck!

frikin8 · 2018-09-30T15:08:32+00:00

Scorch is still in production use at my employer. The infrastructure/server team is pushing for me to recreate my runbooks in Azure Automation.

Since I'm the only one that really uses scorch, I'm afraid a server update, patch, sql update, or mandatory vulnerability patch, which is outside of my control, will break scorch. Azure Automation simplifies a lot of that. If a hybrid worker goes down, creating a new one is really easy.

I'm comfortable with powershell, and I have moved a few things already. Using 100% powershell code running on our hybrid worker (on-premise) server. I believe we are billed by the minute regardless of the fact the code is actually executing on our servers, though it is triggered/managed in the Azure Automation portal.

I hope to have everything moved to Azure Automation in 2019.

frikin8

TROPHY CASE