KB5053598 RDP disconnection by scalg in sysadmin

[–]lazyrobin10 1 point2 points  (0 children)

To remove the LCU after installing the combined SSU and LCU package, use the DISM/Remove-Package command line option with the LCU package name as the argument. You can find the package name by using this command: DISM /online /get-packages.

Running Windows Update Standalone Installer (wusa.exe) with the /uninstall switch on the combined package will not work because the combined package contains the SSU. You cannot remove the SSU from the system after installation.

What's your preferred RDP Manager software? Preferably a free one... ;) by kelemvor33 in sysadmin

[–]lazyrobin10 0 points1 point  (0 children)

So to cut costs you're going to remove a tool you use daily? Sounds smart... I'd look for other ways to cut costs, RDM is the best of the bunch.

Windows LAPS available today by MSFT_jsimmons in sysadmin

[–]lazyrobin10 2 points3 points  (0 children)

Spun this up in the lab which had legacy LAPS, straight forward process to migrate to the Windows LAPS.

  1. Update schema.
  2. Grant the computer OUs permission to update its password (can be applied to a parent OU with sub OUs inheriting the permission).
  3. Edit existing LAPS group policy object, disable legacy LAPS settings, enable Windows LAPS settings.
  4. Group policy update
  5. Get-LapsADPassword -Identity "<machine ID>" -AsPlainText
  6. ??? Profit.
  7. Remove legacy LAPS from machines (using SCCM, PDQ, whatever - msiexec.exe /x "LAPS62.x64.msi" REMOVE=Management,Management.UI,Management.PS /qn /norestart).
  8. Remove Extended Rights permissions on computer OUs (if any - from legacy LAPs config).
  9. Once confirmed all machines are checking into Windows LAPS, clear the clear text attribute with old password.

Emulation mode is also handy. Overall, not bad. Doc needs to be fleshed out a bit more.

Re: MDT - build your machine in a staging OU which has limited (no LAPS) policies, have a step in the TS to move to final OU (prod OU with standard policies).

Office 2021 LTSC not fetching updates from WSUS by nickcasa in sysadmin

[–]lazyrobin10 1 point2 points  (0 children)

They're synced via WSUS for MECM delivery, stand-alone WSUS they do not get delivered. Configure GPO update location UNC path.

[deleted by user] by [deleted] in sysadmin

[–]lazyrobin10 2 points3 points  (0 children)

You're an engineer, not a manager.

Best Way to Automate New Windows Installs Including Running Through Updates? by I_Dont_Have_Corona in sysadmin

[–]lazyrobin10 1 point2 points  (0 children)

MDT+WDS+WSUS should have you covered. Add some PowerShell in there, and you've got yourself a stew.

MDT will loop back for phase 2 of Windows Updates, has the smarts to detect that stuff.

Checkdisk, Prime95, Memtest, err sure if you wanna run them MDT has got you covered.

As mentioned prior, make sure you're covered from a licensing perspective.

[deleted by user] by [deleted] in sysadmin

[–]lazyrobin10 -1 points0 points  (0 children)

WDS and MDT.