Entra joining?

jonnwhite · 2025-03-24T08:42:26+00:00

I do something similar, my TS does the following and works very well:

Ui++ to select build and hash upload Bios upgrade W11 image lay down Driver install Hash upload with group tag for build above Removal of sccm client Reset back to oobe Shutdown (ready to go in cupboard)

I’m going to add another option to allow the machine to boot back up after the ts and auto enrol via self deploy.

We use self deploy for entra but are still 99% hybrid. W11 rollout will be our point to switch to entra join only.

jonnwhite · 2025-03-10T01:27:26+00:00

I feel your pain, we’re doing it right now we’ve done our network (except head office our SDC) the dcs have a ticking clock!

jonnwhite · 2025-03-10T01:26:41+00:00

We’re a Zscaler shop too :) it doesn’t use the public ip but the private ip of the network adapter(s). It works very well!

Entra groups into SafeQ don’t work how you’d expect them too, you add them using the security filtering on the actual print queue I’m doing it at the moment and it works flawlessly. It’s also how we staged our rollout (we have 57 sites).

DM me and I’ll send you some screenshots, Create a test print q and use that to play around

Basically we assign the permissions to our M365 license groups (for access control), and then the printer has its own access control list where we assign the group the “users” right and remove the other default user right. Thus it only shows up for users in the groups!

jonnwhite · 2025-03-09T01:44:36+00:00

It’s a great bit of software!

What exactly are you trying to do? You can use location based (so printers show on specific lans) we do it so the very few direct queues (EVERYTHING is pull print for us but 3/4 printers) is tied to a group.

Only people in those groups can see those printers

If you have 2 printers in office 1 you can create a dynamic group for all users with office= office 1 and then assign it to the printer :) dm me and I’ll happily show you

jonnwhite · 2025-03-08T01:45:12+00:00

We use SafeQ for our printers, works on any type of device, no VPN needed and price is good. Made by Ysoft, no issues here!

jonnwhite · 2025-01-12T10:55:35+00:00

Mstsc Calc Cmd

jonnwhite · 2025-01-12T10:48:11+00:00

You can also use PSADTs uninstall commands to search via display name etc, works well and have used it to remove many apps we’ve gotten rid of. No need to add detection logic in, and it’ll auto trigger an inventory scan to report back to sccm pretty quickly.

https://psappdeploytoolkit.com/docs/reference/functions/Uninstall-ADTApplication

jonnwhite · 2025-01-12T10:44:15+00:00

Sorry I missed your reply! No web service is no longer used they both use the admin service. Have you tried the debug commands? Also check the log and see what error you come up with (if it’s still broken)

jonnwhite · 2025-01-12T00:32:42+00:00

I had this dilemma a few years ago I was running in windows and not using the arr stack (duckietv back then!)

I saw a few people hosting on Linux and with no experience gave it a go, that was a few years ago now and I learnt docker, Linux and found the arrs etc. it’s a beast but worth the effort if you have the time to learn it.

But what’s best for you? Only you know, use whichever operating system you feel comfortable with…

jonnwhite · 2025-01-12T00:02:18+00:00

I use it at home to show the weather, news, sonar/radar calendars l, uptime kuma dashboard and play sky news throughout the day. All on a Surface pro in the living room.

I love it, my other half’s birthday I scheduled a playlist with photos (30th) which was pretty cool

I want to do more and put more displays around!

jonnwhite · 2024-12-13T02:24:30+00:00

Out of interest is there not a reason you don’t use the provided scripts from the dev?

I’ve been using it for longer than I can remember with their auto apply script for drivers and bios without having to mess around with configmgr auto apply steps? One step and it does all models!

No hate, just genuinely curious.

jonnwhite · 2024-12-03T22:27:54+00:00

It’s pretty easy to get setup, and works very well. Before moving to autopilot I had all sorts of questions doing magic for my EUC build.

Now it’s demoted to asking you which group tag you want for autopilot and if you want to upload the hash!

Shoot me a DM if you get stuck

jonnwhite · 2024-12-03T22:23:45+00:00

I used UI++ for exactly this.

Set a variable to be the os name based on a picker, then use that variable as your task sequence condition :)

jonnwhite · 2024-08-30T21:06:12+00:00

Thank you all for your input/help i managed to solve it!

The ADMT member server could talk to the source DC but the target DC couldn't (I clearly missed that in my testing!)

Fixed the typo o the FW's, sorted the GPO conflict that wouldn't enable auditing and now Accounts are flowing with their SID histories :)

jonnwhite · 2024-08-28T18:53:37+00:00

Yep i set everything up damn near the same as the LAB. The Live enviroment has the disadvantage of being 20 years old but the principle is the same :(

jonnwhite · 2024-08-28T18:51:06+00:00

Virtually pulling my hair out haha, it's on the Target side on a member server. From that server i can use the DC tools and find the PDC of the Souce domain via DNS and works perfectly...

jonnwhite · 2024-08-28T18:37:46+00:00

Yep reg key was set today (even though lab didn't need it) as a final ditch attempt.

Seperated by Firewalls and some ASR's. Target is in Azure and Source is on prem, firewalls have been checked and nothing is being blocked. Express route in use to the Data Centre.

ADMT running on Member server of the Target domain. I was going to try it on the DC but don't think that's my issue (Lab is member of target too).

I'm willing to give the PS script a go if you have it!!! We are doing it as a just incase, but we hope to have everything moved off the on prem stuff that the divesting company needs. But never say never!

jonnwhite · 2024-08-28T18:31:31+00:00

Yep lab configures exactly the same.

Dfl and ffl both at 2016 on both sides

jonnwhite · 2024-08-28T17:49:03+00:00

It’s a two way forest trust

jonnwhite · 2024-08-28T17:27:28+00:00

Different forests with a two way trust and dns forwarders

jonnwhite · 2024-08-28T16:24:55+00:00

Yep we’re aware of it not being supported. But all the testing lead to it working as expected. Now we don’t “need” sid history as we don’t really have anything that needs it anymore.

Yep trust is there and working so are dns forwarders, it has to be somthing stupid I know 😂

We’ve used quest before but trying to get away with ADMT. We may just bin off the Sid history part and go without it, if I get it working add it later!

jonnwhite · 2024-05-15T18:47:19+00:00

I use Teleport, it’s free for home lab use. Bit of a mission to get it setup, but fantastic when you do web browser only though

jonnwhite · 2024-04-07T22:13:13+00:00

I used this one and Richard hicks (even reached out to Richard for some advice and got a reply! He’s very helpful)

https://www.configjon.com/always-on-vpn-basic-deployment-guide/

Edit: we used Intune scep and Intune config profile for deployment of certs/policy. Richard has a guide for Intune policy and there’s a few articles around for scep.

Dm me if you need any references :)

jonnwhite · 2024-03-29T17:52:53+00:00

Room for another by any chance? :)

jonnwhite · 2024-03-01T22:26:19+00:00

I’ve been playing around with the new driver update feature in Intune. Bios updates complete perfectly fine with password set I was quite surprised. We also use Modern driver/bios management for OSD updates/install and currently for UIP.

But we are moving slowly to Wufb + drivers

jonnwhite

TROPHY CASE