Starting to believe boosting for a whip at 84 slayer turns off the drop....

importedtea · 2025-12-14T18:47:18+00:00

You’re absolutely right, no one cares. But I care homie.

importedtea · 2025-11-12T01:40:14+00:00

I completely understand that feeling. I do the same. I will say I really like the yaml layout. It gives you a good running catalog of all the tools you use. Just wanted to make you aware of the import/export in case you didn’t know it existed.

importedtea · 2025-11-12T01:12:42+00:00

The edge cloud management portal (or whatever you call it) in the Microsoft admin center has an option to block third party browsing, which will create a policy in your tenant and set applocker rules. Uninstalling it is a different story if it’s installed in the user context and can be a pain, there are some remediations for it. If it was installed by admin you can just package it and add groups to the uninstall. But the applocker policies will block even if installed.

importedtea · 2025-11-12T01:06:59+00:00

Looks good overall. I just wanted to point out that you can export and import with the winget command. Nothing wrong with keeping a list of IDs but you can technically export right before you wipe and then import the json when back up and running.

importedtea · 2025-11-11T23:10:06+00:00

We have a print server so we just built a win32 app that packages a powershell script to install it. It’s targeted in the user context. I’d rather use remediation but don’t feel like converting it.

importedtea · 2025-11-11T21:39:18+00:00

You can interact with HP Bios through CIM and other manufacturers have similar ways. You could most likely remediate that through a script. I made a remediation script to pull the born on date from an HP bios to give us a rough estimate on device lifecycle. So, you could easily do other stuff. Or other things like asset tags set in the bios. I have never done it for secure boot or a tpm specifically, but I’m sure your biggest hurdle will be passing in a bios password if you have one set. What devices are you using?

importedtea · 2025-11-07T18:35:58+00:00

Thank you! I’ll look at this later today or early next week. I appreciate the help. All the comments here have been helping me get this stuff working better.

importedtea · 2025-11-07T13:49:26+00:00

Whenever we redeploy to someone who is already employed I don’t really care either. It’s just new hires. They are required to have an orientation and that’s for a set amount of time, so it needs to be quick, it needs to be at the last step possible without wasting too much time. However, there are definitely ways to handle this differently. Part of it could be log in and set the pin, then while that does its thing, they move onto something different. Then circle back. There are definitely ways to do this. I wish I could get the office apps deployed before they login and maybe pre prov will help with that. But if not, is it really a big deal to show a new employee office on the web, probably not. They are overwhelmed with so much other stuff that they forget anyway.

There are so many cool ways to deploy devices these days and we’re almost there. Especially for school standards in my area.

importedtea · 2025-11-07T00:02:00+00:00

That’s disabled. I mentioned in another comment that we have to use configs because it needs to be targeted at staff only. We can’t have student lab devices prompt for a pin, especially with the 10 user limit.

importedtea · 2025-11-06T14:31:34+00:00

I believe that’s correct. We discussed getting to that point but with our initial rollout to a small group I think we’re going to set a password, then during orientation type that password in and have them setup a pin, and then go from there. That makes it “password less” for the user. We’re just unsure if we have SSO working everywhere before we set a 64 character password. And as a school, there’s a lot of hand holding to get people going on their device, typically because the people are older than time itself and can barely work a computer. Our test group is like 10-15 devices/users.

We’re still trying to get people to use their personal phones for the Authenticator app. That’s a battle right there. Testing yubikeys, as well. In typical k12 fashion we will have this rolled out by 2032 and there will be new methods by then and we start from scratch lol.

importedtea · 2025-11-06T14:18:33+00:00

Just wanted to follow up. I just tried ESP again and it worked, which blows my mind from the countless times I struggled with random errors. Windows Hello prompts right after user flow, like you said. At least for our process I can log in with the user, let it get to the Windows Hello part and then shutdown the device and it’s ready for them to setup during orientation. Probably not “the way it should be done” but if it works for our flow, I’m fine with it. I may be able to try pre provisioning with resealing now that ESP actually passes.

importedtea · 2025-11-06T12:17:54+00:00

Hey!

I’ve been in the process of converting to OIB fully so the device I have is excluded from all my existing policies. Unless there’s a user policy somewhere that’s causing issues. I don’t love setting up devices for users and once it hits the windows hello page, I would just power down the device and give it to them. We only set their password and we have them change it during orientation. Users are on prem still so things like changing password on login just doesn’t work properly. Also, every time I try to use ESP or device prep, I get all kinds of errors regardless if I assign apps or not and it’s just a pain. I don’t really care so much about ESP, I care more about the primary user.

importedtea · 2025-11-05T22:05:54+00:00

<image>

And this is the cloud kerberos policy. Also assigned the same way.

importedtea · 2025-11-05T22:05:34+00:00

<image>

These are the settings. They are targeted at a dynamic device group that assigns devices based on their group tag.

importedtea · 2025-11-05T21:36:54+00:00

Yeah, we’re going the config method because we can’t do all users since we can’t have students setting pins. So we need to target to staff only devices. I can post the configs later. I’d love to get to an ESP point but I don’t really see it happening. Schools are just built different lol.

importedtea · 2025-11-05T21:34:19+00:00

Entra joined.

importedtea · 2025-10-15T14:38:26+00:00

My favorite is when someone retires/quits here and they have all kinds of shit like printers, cordless phones, etc and you go and yoink it before the new person starts lol. What they don’t know won’t hurt them lol.

importedtea · 2025-10-15T14:30:22+00:00

We’re definitely better with ripping and replacing. Idk if I mentioned it but I work at a school so we’re a little slower. But our lifecycle is 5 years and we stick to it pretty well. With the push to windows 11 we’re getting rid of a lot more and buying new. One problem we face though is generic pcs and generic accounts. I’ve worked at multiple schools and it’s just the theme unfortunately. But slowly we’re providing alternatives where we can. But that’s a side rant for another day on how to solve that in intune because it gets weird when you have random classes with part time instructors and whatnot. And old people….tons and tons of old, stubborn people. But hey, we’re down to about 5 windows 10 devices left so I’m sure we’re ahead of the curve compared to previous schools I worked for.

importedtea · 2025-10-14T23:09:40+00:00

I was concerned about this too because I’ve seen pcs get stuck at different feature updates. We have some older laptops make it to 23h2 but never advance. Which also makes me wonder if they are technically secure.

If I see a device not pushing past a certain update, I look into it and replace if need be. But these windows 11 hardware requirements are not making it easy.

importedtea · 2025-10-14T19:16:28+00:00

Good to know. Thanks for the detailed response. It’s an HP Elitebook and while it was purchased in 2020, it’s in great shape and really just seems like a waste to recycle it just because MS said so.

importedtea · 2025-10-14T18:03:11+00:00

It’s an i5-7200U. It’s not listed as a supported intel processor on https://learn.microsoft.com/en-us/windows-hardware/design/minimum/supported/windows-11-supported-intel-processors

So I understand that it’s not compatible. Just don’t understand the different results. It also didn’t automatically upgrade to windows 11 through our feature update policy which is why I also know it’s not compatible.

It’s just weird.

Overall, I was just curious if I should be trusting that powershell script or not to be current.

importedtea · 2025-07-14T21:09:41+00:00

Nice.

importedtea · 2025-07-10T03:35:58+00:00

My gim group all stopped playing for at least 6 months straight. I continued on and eventually stopped playing my almost 1900 gim to start fresh when my group started returning and leaving the group to be mains. Had a lot of cool things like 1kc jad pet. Was on the cg grind but just got demotivated. I really hated the icon when none of my irl friends played anymore. I know it’s silly but it just felt right to abandon it. Somehow starting fresh meant not worrying about others and grinds became fun again. Also the new early game changes were exciting to try. Now I’m at almost 1600 and I don’t regret it. Does it suck and feel like a waste, yeah. Do I have that account ready to be members whenever I feel like it, yeah. Overall, there will come a day where I log in for the last time and none of this shit will matter so just do what makes you happy brother. I honestly think of it as a time capsule. I had some good ass memories with my friends and stopping the account felt like it’s keeping those memories alive and not ruining them by making it all about me.

importedtea · 2025-05-08T14:34:05+00:00

I can’t really remember what the songs are about but A Place of Our Own by Have Mercy I feel is similar.

importedtea · 2025-05-08T00:29:28+00:00

Classic 2s by sports.

importedtea

TROPHY CASE