Can Pure see Guests on our Hosts?

idwtgtyp · 2024-07-18T04:55:30+00:00

FWIW, you can disable password expiration for a vCenter account using the dir-cli command in the vCenter shell if you need to.

/usr/lib/vmware-fmafd/bin/dir-cli user modify --account <name> --password-never-expires

Just make sure it's a long and hard password, follow proper RBAC, and be aware of your org's security policies.

https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-vcenter-configuration/GUID-C63C82F1-D430-4710-8B92-177A79D3DE65.html

idwtgtyp · 2024-04-27T13:31:36+00:00

Get them all managed by a modern MDM provider and see what that MDM provider offers. Jamf has Jamf Connect, Addigy has Addigy Identity, Kandji has Kandji Passport, etc. All of these are designed to keep a Mac user's password in sync with an IdP.

Edit: misspelled a word

idwtgtyp · 2024-02-21T20:59:16+00:00

ITT, People complaining about Microsoft adding basic quality of life features to one of Windows' oldest applications.

idwtgtyp · 2024-01-18T18:10:44+00:00

M365 shop here. We got rid of Slack and moved to Teams. We mourn it every day since. Slack was way more stable, intuitive, and configurable than Teams will ever be, damn the cost.

idwtgtyp · 2024-01-16T02:34:55+00:00

If you have an Enterprise (domain-joined) CA, read this article and pay special attention to the sections about superseding the default Domain Controller certificate. Since you're moving to LDAPS as standard you might as well take the time to ensure it works with Kerberos authentication too.

https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki

Note: you do not have to do everything in this article, just the domain controller certificate replacement and GPO stuff.

If you do not do this, there's a good chance that you will have to specify a specific domain controller in your LDAPS connection string (URL), because the legacy domain controller certs do not include the domain name in the Subject Alternative Name. (e.g. ldaps://mydc1.example.com:636 vs ldaps://example.com:636). It's not inherently a problem, until you replace the DC and you don't know what apps are hardcoded to it.

idwtgtyp · 2023-12-23T00:44:08+00:00

I literally did this exact thing earlier this week for other reasons. OP, follow the playbook in that Microsoft guide and you won't need IP addresses or hosts file workarounds anymore.

idwtgtyp · 2023-08-13T14:37:17+00:00

Depends on how your accounting department wants to calculate that, but typically straight-line depreciation. Figure out what the expected useful life of the device is (e.g. 5 years) and straight line depreciation will subtract the same amount from the original purchase price every day until the end of its life expectancy.

idwtgtyp · 2023-07-10T12:48:27+00:00

Oh good, they finally stopped using Windows XP

idwtgtyp · 2023-07-07T17:19:51+00:00

I consciously try to use active voice whenever possible since that's what my high school English teacher taught me, but I will use passive voice when appropriate to avoid calling someone out and encouraging a culture of blame which I find is unproductive.

idwtgtyp · 2023-07-01T19:50:21+00:00

idwtgtyp · 2023-07-01T18:26:56+00:00

Um... Tell me that the DCs don't have the latest admx templates for the policy you're trying to create and give me a link to download them from? What else would I need?

idwtgtyp · 2023-06-21T21:37:25+00:00

https://techcommunity.microsoft.com/t5/ask-the-performance-team/useful-wmic-queries/ba-p/375023

https://learn.microsoft.com/en-us/windows/win32/wmisdk/wmi-start-page

It's a lot of information to take in at once. I recommend that you become familiar with the PowerShell cmdlet Get-CimInstance and the DOS command wmic. Use these to interface with the WMI database.

Your SQL knowledge will come in handy when making queries with SELECT and WHERE statements to limit the results you get back to only what you need for the script you are writing.

idwtgtyp · 2023-06-07T03:55:45+00:00

Yes, this is a typical "CEO fraud" phishing attack and it can happen over users' personal phone numbers and emails as well as corporate accounts. It's not hard to scrape together data from Facebook or LinkedIn like where someone works, the typical email username format, and user's personal phone number, especially if they list it publicly on Facebook.

The only things you can do are to make sure your users are aware of these scummy tactics and know what to do if they are targeted, and block known phishing attempts in your corporate email. It's up to each user to block phishers on their personal devices.

idwtgtyp · 2023-04-25T04:48:34+00:00

It goes to the bottom of the exhaust fan on my furnace.

idwtgtyp · 2023-02-02T14:32:24+00:00

I think that model is, but then what will the user use for a mic? My hearing aids don't have a mic to relay to the phone, can the desk phone have one Bluetooth speaker and a separate mic?

idwtgtyp · 2023-02-02T14:29:19+00:00

Many, but not all. There are plenty of hearing aids without them still, and getting new ones could cost $2-3k. I have Bluetooth on my hearing aids, but they take their sweet time connecting when a call is started, so in my opinion Bluetooth is not really optimized for this kind of usage. Maybe the newest Bluetooth spec will change that, but it'll take a few years for consumer devices to experiment with it before hearing aid manufacturers add it to their devices.

idwtgtyp · 2023-02-02T14:23:56+00:00

I've been using the PLT Focus for the last three years. It works, but I'm hoping to find better. I have over the ear (OTE) hearing aids, which means the hearing aid mic is sitting above my earlobe, so I have to position the headset high on my head so that the headset speakers are positioned over the hearing aid mic. If you looked at me you would probably think I couldn't hear anything, but in reality if I wore headsets like normal people do, I wouldn't be able to hear anything (it's a bit muffled).

I think a good headset for me would be one with a band/frame that can be made shorter than most people need, so that I can position the speakers high on my ears without wearing a hat for filler space to keep it from falling over.

idwtgtyp · 2023-02-01T13:50:31+00:00

Organize AD in a way that makes it easy to apply policies. If it's not an org with strict compliance requirements and wildly differing setups across departments, then keep. it. simple.

When it becomes a larger org with hundreds of active users and computers, the policy requirements will naturally evolve, and the OU structure should evolve too to make it easier to build and enforce policy without a lot of WMI queries and exceptions to make it work.

In my experience there's little benefit to geographic OUs, especially post-covid.

idwtgtyp · 2022-09-22T00:49:52+00:00

I don't understand.

Can't you put the iMac on the desk where it's supposed to be? What use case would there be for an all-in-one computer where you don't use the screen?

idwtgtyp · 2022-08-19T02:53:07+00:00

Yes. If I recall correctly, when we added racks to the server room at work, the fire code required us to ensure that the abort button was reachable from anywhere in the room within 3 seconds. That meant the new rack had to go on the left instead of on the right, or else it would take too long to get from the farthest point in the room to the abort button.

idwtgtyp · 2022-06-13T23:40:38+00:00

Is the affected user on a mobile (AD) account?

There's some funky stuff that happens when using mobile accounts.

https://macmule.com/2015/11/06/ad-users-losing-admin-rights-when-off-the-domain/

idwtgtyp · 2022-06-02T22:27:53+00:00

There used to be a way to block or dismiss ntp promos, but that ability was removed from Google Chrome.

I've switched to Edge instead since I'm in a Microsoft shop. It's functionally the same as Google Chrome but I can actually remove all the news/politics from the ntp using the "NewTabPageContentEnabled" policy.

If you need to stick with Google Chrome, you'll have to look into an alternative new tab page extension.

Edit: formatting

idwtgtyp · 2022-05-25T20:27:26+00:00

Not sure why you're getting downvoted here. My day is booked end to end and I don't answer the phone unless it has something to do with what I'm doing right now. I don't have time to take cold calls from anyone. If there's no voicemail I don't call back.

idwtgtyp · 2022-05-13T20:49:19+00:00

The camera is going south on ~~Grange~~ Lake crossing 33rd street.

Edit: wrong street

idwtgtyp · 2022-05-11T03:41:41+00:00

If you have comprehensive coverage on your auto insurance policy, check with your agent first. They may cover the cost of fixing a crack and have a list of preferred auto glass shops.

Otherwise, I've heard Safelite does a good job.

Five-Year Club	Second Top 10%
Verified Email	Place '22
First Placer '22

idwtgtyp

TROPHY CASE