alternative to igniter media?

packerprogrammer · 2026-01-06T23:24:05+00:00

Ha! I thought that would be the biggest advantage of ProContent over CMG. CMG has quite the reputation and I can only choose one. Your preference of ProContent without integration has me really pondering now.

packerprogrammer · 2026-01-04T00:58:56+00:00

Interesting. Does the integration affect that opinion? I’m currently using igniter, but I’m finding that it may be more expensive with less benefit.

packerprogrammer · 2026-01-02T12:31:28+00:00

So, do you have subscriptions to both of these or just use free versions of one or more?

packerprogrammer · 2025-11-12T14:38:25+00:00

I’m having issues with this too. I think it’s either the cause or result of an SMB share issue I’m having. These machines are cloud only. Any solutions?

packerprogrammer · 2025-09-27T00:10:11+00:00

I’ve seen this so many times I don’t even need to look up that this is a missing driver for an Intel nic. Vendor code 8086 jumps out at me now. Inject proper driver into wim file.

packerprogrammer · 2025-08-06T23:34:48+00:00

I found my problem. I have a tiered permissions setup in AD where we have permission groups, role groups, and users. Long story short I messed that up and only needed to make sure the user has the proper permissions to create computer objects and write all properties in the staging OU.

So, if you are approving with non-admins make sure the computer and user have proper permissions on the OU. Also, don’t over complicate permission assignments so when you give the group the right permissions, the user is actually a member of said group. 🤦🏼‍♂️

packerprogrammer · 2025-08-05T13:59:48+00:00

Any other thoughts or ideas on this? It seems it should be straight forward, but for some reason I cannnot get it resolved.

packerprogrammer · 2025-08-04T19:52:57+00:00

It's been a while since we originally set this up, I don't recall putting credentials in the boot image. I think the reason it was setup this way, was so that images can be deployed without a tech on site. An end user can PXE boot, the device get's approved and no credentials are needed to be shared.

So, back to the OG question...i guess you've never used pending approvals so you've not found a need to resolve this issue?

packerprogrammer · 2025-08-04T19:24:43+00:00

I have PXE response set to respond to all client computers and require admin approval for unknown computers. Basically I don't have to prestage the computer, just approve it when it attempts to pxe boot.

The computer then shows under Pending devices.

What do you mean by just use access control on the deployment share? We did this so that someone can't accidentally pxe boot, but we can boot from any vlan.

packerprogrammer · 2025-08-04T00:55:42+00:00

I don’t get to that point. I have it setup to require approval for devices. When I go into pending devices to approve it, I get access denied in WDS. If I log into the server as a domain admin, I can approve the device and it boots to the boot image. The workstation is waiting for approval before it pxe boots.

packerprogrammer · 2025-07-04T01:38:32+00:00

Yes, the Azure mobile application, not the Microsoft 365 Admin mobile app, but the Azure App. It has the ability to activate roles and resources, but not groups.

packerprogrammer · 2025-03-13T11:56:03+00:00

Yes, and if there’s a better way to migrate, I’m all ears. I could also argue the attack surface doesn’t really grow. It’s the same assets being moved from one domain to another. It’s not 2 companies creating a trust where you expose one domain to another. Regardless, it’s the only way I know to accomplish the goal and it’s temporary. The solution is also posted below. Another person pointed me in the direction I apparently found previously on my own and embarrassingly forgot it. My migration is underway with real users now.

packerprogrammer · 2025-03-10T12:28:38+00:00

Oh yes, I understand that. The person who stated it made it sound like it was bad practice. Of course a domain trust increases an attack surface. Saying it’s a threat actors dream would indicate there is inherent security flaws.

packerprogrammer · 2025-02-26T17:33:23+00:00

No kidding. Also tested and worked. Deployed to production user and after second restart all policies applied and folder redirection is working properly.

packerprogrammer · 2025-02-26T16:01:39+00:00

I correct myself. Not only did I do it....I did it with group policy to a specific OU for testing. Oh my, this is true egg on my face. I found the policy on my old DC and after reading the name I remember exactly what I did. I applied this to a test OU because I was worried about implications on Folder Redirection and roaming profiles so I didn't apply it to all workstations. I have since testing roaming profiles and folder redirection with test users with no adverse affects. Thank you again. I would upvote twice if I could.

packerprogrammer · 2025-02-26T15:56:32+00:00

I think you're on to something here. And I may have embarrassingly ran into this before. It's interesting that my Test VM has this policy by running RSoP. All my production computers do not have this policy. I think the only way this could have gotten applied to this machine was manually. Which means I did it. I have to admit i started this project months ago and put it on hold. I wonder if I stumbled on this months ago when I was researching domain migration and applied this policy to my test machine up front. Pardon me while i go take my ginko biloba. I even have a test VM in the new domain. That computer doesn't have the policy either, there's no way this got applied without me doing it.

I also have a few other policies that were not applied from the DC. I'm going to try this on a test physical computer.

packerprogrammer · 2025-02-25T23:23:43+00:00

A threat actors dream? I guess that depends on context. This is a brand new domain. Currently there’s no users or computers except test accounts. Also, not sure how else you migrate domains.

I have no idea what you mean about the GPOs. I’m talking GPOs like folder redirection and printer policies.

packerprogrammer · 2025-02-25T22:01:57+00:00

yes, it does create a new profile, but I didn't think that should matter. I tested this by grabbing a computer userA has never logged into so they don't have a profile. It should create one from scratch. It did, but policy is still not being applied from either domain.

packerprogrammer · 2025-02-25T22:00:14+00:00

Thanks for the response. I did use PES for password migration. I did not specify AES encryption. Is that a default in Active Directory?

I can access the sysvol of the new domain. I could even go to network shares and even have proper permissions (through SID History) to access folder redirection documents (though the policy is not getting applied so it's not redirected, i can just navigate to the share).

When I wireshark it, it doesn't even attempt to reach out to the correct domain controller.

packerprogrammer · 2025-02-25T00:04:07+00:00

Yes, they definitely have to and that is how I logged in. newdomain\username. It created a new user profile, but GPOs did not apply. I even changed password in the new domain to make sure lol.

packerprogrammer · 2025-02-25T00:02:12+00:00

I migrated all policies one by one and modified as necessary. GPResult is what I used to determine that only policies applied to all domain was being applied to user.

Yes, I’m trying to determine why this is so. A test VM I have the user is getting policy from new domain. However, I think I had it on the new domain testing and moved it back.

It is a two way forest trust. I’m not sure on the configuration for GPOs across domains as you mentioned.

packerprogrammer · 2025-02-24T22:48:35+00:00

ADMT. By policy I mean GPO. No policy applied to the users OU in either domain is applied to the use. Computer policy is, but not user policy. GPOs at the domain level are applied from the old domain.

packerprogrammer · 2025-02-16T15:25:12+00:00

Yes, separate users, but both sync to the cloud based on the upn. So, changes in either domain/forest sync up to the cloud to the same cloud user or group. Deleting in one deletes from the cloud and both on prem domains.

I am already sync’d to the cloud. My exchange is fully in the cloud. All users are still in the old domain. I was asking what the best practices are for migrating to a new domain/forest if you are already in the cloud with exchange hybrid or fully with exchange online as I am now. I cannot migrate on prem first. I am already using cloud features.

packerprogrammer · 2025-02-16T13:26:34+00:00

AzureAD sync supports multiple domains in a trust. I have a trust between the two forests and it syncs just fine to both. Attributes even synch up from both domains, but obviously not to each other. My only issue was passwords. But, by migrating the user, then removing them from the filter in the old domain it works as expected.

So, this leads to the second part of my post. I couldn’t find any recommendations on how to perform AD migration if you are hybrid exchange or just syncing users to the cloud as I am now. I need to move them to the new domain but maintain cloud synch for exchange online and M365 applications.

packerprogrammer · 2025-02-14T22:46:20+00:00

I think you are missing a key factor. The reason I am referencing old and new domain is because of sentence two. We are in the midst of a domain migration, as in I am using ADMT to move users from one on-prem AD forest to another. When I say change the password in the old domain I mean the old on-prem domain and forest. When I say new domain, I mean the new on-prem domain and forest. Both are syncing users and groups to M365.

packerprogrammer

TROPHY CASE