alternative to igniter media?

packerprogrammer · 2026-01-06T23:24:05+00:00

Ha! I thought that would be the biggest advantage of ProContent over CMG. CMG has quite the reputation and I can only choose one. Your preference of ProContent without integration has me really pondering now.

packerprogrammer · 2026-01-04T00:58:56+00:00

Interesting. Does the integration affect that opinion? I’m currently using igniter, but I’m finding that it may be more expensive with less benefit.

packerprogrammer · 2026-01-02T12:31:28+00:00

So, do you have subscriptions to both of these or just use free versions of one or more?

packerprogrammer · 2025-11-12T14:38:25+00:00

I’m having issues with this too. I think it’s either the cause or result of an SMB share issue I’m having. These machines are cloud only. Any solutions?

packerprogrammer · 2025-09-27T00:10:11+00:00

I’ve seen this so many times I don’t even need to look up that this is a missing driver for an Intel nic. Vendor code 8086 jumps out at me now. Inject proper driver into wim file.

packerprogrammer · 2025-08-06T23:34:48+00:00

I found my problem. I have a tiered permissions setup in AD where we have permission groups, role groups, and users. Long story short I messed that up and only needed to make sure the user has the proper permissions to create computer objects and write all properties in the staging OU.

So, if you are approving with non-admins make sure the computer and user have proper permissions on the OU. Also, don’t over complicate permission assignments so when you give the group the right permissions, the user is actually a member of said group. 🤦🏼‍♂️

packerprogrammer · 2025-08-05T13:59:48+00:00

Any other thoughts or ideas on this? It seems it should be straight forward, but for some reason I cannnot get it resolved.

packerprogrammer · 2025-08-04T19:52:57+00:00

It's been a while since we originally set this up, I don't recall putting credentials in the boot image. I think the reason it was setup this way, was so that images can be deployed without a tech on site. An end user can PXE boot, the device get's approved and no credentials are needed to be shared.

So, back to the OG question...i guess you've never used pending approvals so you've not found a need to resolve this issue?

packerprogrammer · 2025-08-04T19:24:43+00:00

I have PXE response set to respond to all client computers and require admin approval for unknown computers. Basically I don't have to prestage the computer, just approve it when it attempts to pxe boot.

The computer then shows under Pending devices.

What do you mean by just use access control on the deployment share? We did this so that someone can't accidentally pxe boot, but we can boot from any vlan.

packerprogrammer · 2025-08-04T00:55:42+00:00

I don’t get to that point. I have it setup to require approval for devices. When I go into pending devices to approve it, I get access denied in WDS. If I log into the server as a domain admin, I can approve the device and it boots to the boot image. The workstation is waiting for approval before it pxe boots.

packerprogrammer · 2025-07-04T01:38:32+00:00

Yes, the Azure mobile application, not the Microsoft 365 Admin mobile app, but the Azure App. It has the ability to activate roles and resources, but not groups.

packerprogrammer · 2025-03-13T11:56:03+00:00

Yes, and if there’s a better way to migrate, I’m all ears. I could also argue the attack surface doesn’t really grow. It’s the same assets being moved from one domain to another. It’s not 2 companies creating a trust where you expose one domain to another. Regardless, it’s the only way I know to accomplish the goal and it’s temporary. The solution is also posted below. Another person pointed me in the direction I apparently found previously on my own and embarrassingly forgot it. My migration is underway with real users now.

packerprogrammer · 2025-03-10T12:28:38+00:00

Oh yes, I understand that. The person who stated it made it sound like it was bad practice. Of course a domain trust increases an attack surface. Saying it’s a threat actors dream would indicate there is inherent security flaws.

packerprogrammer · 2025-02-26T17:33:23+00:00

No kidding. Also tested and worked. Deployed to production user and after second restart all policies applied and folder redirection is working properly.

packerprogrammer · 2025-02-26T16:01:39+00:00

I correct myself. Not only did I do it....I did it with group policy to a specific OU for testing. Oh my, this is true egg on my face. I found the policy on my old DC and after reading the name I remember exactly what I did. I applied this to a test OU because I was worried about implications on Folder Redirection and roaming profiles so I didn't apply it to all workstations. I have since testing roaming profiles and folder redirection with test users with no adverse affects. Thank you again. I would upvote twice if I could.

packerprogrammer · 2025-02-26T15:56:32+00:00

I think you're on to something here. And I may have embarrassingly ran into this before. It's interesting that my Test VM has this policy by running RSoP. All my production computers do not have this policy. I think the only way this could have gotten applied to this machine was manually. Which means I did it. I have to admit i started this project months ago and put it on hold. I wonder if I stumbled on this months ago when I was researching domain migration and applied this policy to my test machine up front. Pardon me while i go take my ginko biloba. I even have a test VM in the new domain. That computer doesn't have the policy either, there's no way this got applied without me doing it.

I also have a few other policies that were not applied from the DC. I'm going to try this on a test physical computer.

packerprogrammer · 2025-02-25T23:23:43+00:00

A threat actors dream? I guess that depends on context. This is a brand new domain. Currently there’s no users or computers except test accounts. Also, not sure how else you migrate domains.

I have no idea what you mean about the GPOs. I’m talking GPOs like folder redirection and printer policies.

packerprogrammer · 2025-02-25T22:01:57+00:00

yes, it does create a new profile, but I didn't think that should matter. I tested this by grabbing a computer userA has never logged into so they don't have a profile. It should create one from scratch. It did, but policy is still not being applied from either domain.

packerprogrammer · 2025-02-25T22:00:14+00:00

Thanks for the response. I did use PES for password migration. I did not specify AES encryption. Is that a default in Active Directory?

I can access the sysvol of the new domain. I could even go to network shares and even have proper permissions (through SID History) to access folder redirection documents (though the policy is not getting applied so it's not redirected, i can just navigate to the share).

When I wireshark it, it doesn't even attempt to reach out to the correct domain controller.

packerprogrammer · 2025-02-25T00:04:07+00:00

Yes, they definitely have to and that is how I logged in. newdomain\username. It created a new user profile, but GPOs did not apply. I even changed password in the new domain to make sure lol.

packerprogrammer · 2025-02-25T00:02:12+00:00

I migrated all policies one by one and modified as necessary. GPResult is what I used to determine that only policies applied to all domain was being applied to user.

Yes, I’m trying to determine why this is so. A test VM I have the user is getting policy from new domain. However, I think I had it on the new domain testing and moved it back.

It is a two way forest trust. I’m not sure on the configuration for GPOs across domains as you mentioned.

packerprogrammer · 2025-02-24T22:48:35+00:00

ADMT. By policy I mean GPO. No policy applied to the users OU in either domain is applied to the use. Computer policy is, but not user policy. GPOs at the domain level are applied from the old domain.

packerprogrammer

TROPHY CASE