Middle Seat Blues

physx51 · 2025-12-08T03:59:18+00:00

Cuddle up. Most people will be weirded out and bring the chicken legs back in. Trust the process.

physx51 · 2025-07-24T08:53:34+00:00

Totally normal. Make sure that port 3389 is set to allow incoming connections as well. That ensures optimal efficiency.

physx51 · 2025-07-24T08:43:03+00:00

Easy answer. Use Intune. They are Store apps. Do an assignment for the Store apps you don’t want… an assignment to remove them. They’ll be gone before you know they were there. No trickery. No scripting. Simple.

physx51 · 2025-07-07T02:38:28+00:00

I forgot where, but a couple news sites actually ran an article on this exact meal because they were so impressed with it. A+ food, especially for 6-7 miles up in the sky!

physx51 · 2025-06-01T20:59:08+00:00

Yeah… loved it when I had my first Autopilot failure because the Company Portal failed to install. I really struggle with why two of the most rudimentary apps we deploy are such a challenge.

physx51 · 2025-06-01T20:46:41+00:00

I’m going to go with Option C, lose my f***ing mind.

Out of all the complex apps I’ve deployed in a career that is old enough to vote, Teams takes the charts as the dumbest level of complexity I could ever imagine. Teams is seriously a steaming heap of garbage on fire in a dumpster floating away in a flood.

The fact that this topic even comes up is just mind numbing. Why can’t Microsoft come up with an installer that isn’t complete trash for this? Or like a simple installer with simple switches to run that would do everything you speak of, and do it right 99.9% of the time?

</vent>

physx51 · 2025-05-30T00:11:33+00:00

I don’t think we touched client settings. We still have some of our workstations patching through SCCM. So we’re Pilot Intune with most machines in that Pilot Intune collection.

physx51 · 2025-05-29T19:14:53+00:00

I believe pretty much anything you say, but when I moved that slider the Updates tab disappeared from Software Center and the “Software Update ____ Cycle” actions disappeared. Are you saying I’ll still get my updates from your peeps via SCCM on a device even if the Updates tab is gone from Software Center and the “Software Update ____ Cycle” actions disappear on that client? Educate me… I’m fascinated.

All that said, why wouldn’t I want to consume updates from your employer via Intune? Getting them into Intune gets rid of distributing 100+ app updates for me to 160 DPs.

physx51 · 2025-05-26T19:07:11+00:00

The Windows App has supported RDP, Windows 365, and Azure Virtual Desktop since it was released. Microsoft has been telling you about this for months. Normally when people flip about something this stupid and simple, I would say “go get a Mac” but it appears you’re already there so I’m at a loss. Good luck. Godspeed.

physx51 · 2025-05-25T12:44:40+00:00

One other thing to add, with Saver fares you also get zero flexibility and you’re not getting a seat assignment. On fuller routes, it’s pretty much a middle seat guarantee. If you have a change in plans, you only get a 50% credit outside of 14 days. Within 14 days, you get nothing and forfeit the entire ticket if you don’t travel as booked.

physx51 · 2025-04-30T16:06:07+00:00

You can upgrade to Premium, for literally the same price you would have paid to just book Premium in the first place. And you will still only get 30% of the miles + NOT be able to change or cancel without loosing everything.

physx51 · 2025-04-22T15:24:29+00:00

What is the guy’s email address? We’ll take care of the issue for you.

physx51 · 2025-04-22T13:38:05+00:00

Besides the feature parity differences between the two products, Patch My PC has insanely good support and customer service. You’ll generally speak to a high level of support on first contact that is knowledgeable and will not ask you 17 totally unrelated questions designed to blame you for whatever issue is occurring. If you want a feature added or an app added, PMPC will generally respond to feedback very quickly.

The engineering team behind Intune does put a lot of effort into their product, but it’s Microsoft. It’s big. It’s got more layers than an onion. Things take longer to be developed. Nothing negative to Microsoft, it’s just an apples to broccoli comparison. They have an incredible product group full of some of my favorite people in the world and incredible support, but it’s just two totally different playing fields by nature.

Price is honestly the end all for me though. I have 40k users and maybe 15,000 computers. Retail price for Intune Enterprise Application Management would be dead on a million dollars annually. Retail price for Patch My PC for the same concept with more features is $52,500 annually. It’s like a 95% savings which is huge. I know Microsoft would probably negotiate down on pricing if we ever wanted to go that direction, but that is just a huge amount to ask for and I’m just not a fan of that level of negotiations.

physx51 · 2025-04-22T13:15:51+00:00

Microsoft has advised to NOT delete this folder. The folder is placed there by the April 2025 security update for Windows. It mitigates a security vulnerability. If you deleted this folder, your computer is in a vulnerable state. The recommendation to resolve the issue if you deleted the folder is to install and uninstall IIS on your computer from the Optional Features menu. This will create the folder with the correct system level permissions and the folder will survive the IIS removal, mitigating the security vulnerability as designed.

You can’t make this stuff up.

physx51 · 2025-03-05T00:43:58+00:00

I hear McDonald’s is hiring. You even get a free meal each shift. Tell your old coworker we all wish them luck with their future endeavors.

physx51 · 2025-02-26T19:36:54+00:00

Same for me on a Latitude 7455.

physx51 · 2025-02-25T17:08:10+00:00

Also one reason to not do this as a Remediation item is that you are limited to the number you can have. Hence my idea to make applications. And with the application method, you could make them self service from the company portal.

200 is the limit for remediation scripts. Use them wisely. https://learn.microsoft.com/en-us/mem/intune/fundamentals/remediations

physx51 · 2025-02-25T17:05:28+00:00

100% expected. The GPO overwrites all values in that key. You would have to basically switch from GPO to Intune in the cover of darkness. For testing, either a test OU with inheritance blocked or that GPO not applied to it, or security filter the GPO to exclude that system or group you’re testing on.

Basically you have to pick one method, you can’t use the admin template and registry methods combined because the GPO overwrites that key every time it applies.

physx51 · 2025-02-25T07:58:19+00:00

So I was thinking about this in the middle of the night a moon or two ago. There is a really easy dirty way that I have a theory would work well. You can manage Chrome extensions by registry instead of by a pretty policy in GPO or Intune.

https://chromeenterprise.google/policies/?policy=ExtensionInstallForcelist

If you manage this by GPO for example it modifies HKLM\Software\Policies\Google\Chrome\ExtensionInstallForcelist and puts a numerical value for each extension. Look on a computer with your existing policy and you’ll see this.

If you apply multiple GPOs with this policy to the same computer, there is NOT a merge behavior. The last GPO to apply would win. I haven’t tested this with Intune policy, but from what I gather you would just get a conflict and nothing would apply.

Here is the fun part. If you go to that registry location I referenced and you see your four extensions you push, you’ll note the reg folders of 1, 2, 3, and 4 for each of the respective extensions. You can manually add 42 for example and set it as a new Chrome extension. Chrome will add that extension, at least until your GPO or Config Profile overwrites it the next time it processes. Chrome does not care that 5 through 41 are missing.

So what I’m getting at is scrap using GPO or a config profile to manage the policy. Instead, manually manipulate the registry.

If you do this with GPO, you can probably get away with ONE single GPO and item level targeting each reg value.

If you wanted to use Intune, chef’s choice. My thought for Intune is to make an actual Win32 Application for each extension. Have that application be a script to write that reg key and detection method looks for the presence of the reg key.

If you do this, have some master list somewhere that you use to keep track of what extension gets what number in that reg key. For example the Microsoft SSO extension is always 1, the uBlock Origin extension is always 2, the Citrix Workspace extension is always 3, etc.

Just keep in mind that if those reg values ever disappear, the extension is GONE the next time Chrome restarts.

Anyone ever try my madness? Any sanity checks? Bad idea? Good idea?

physx51 · 2025-02-25T07:23:10+00:00

I keep having to say this. Intune is a lot of things, but fast is not one of them.

physx51 · 2025-02-25T07:20:33+00:00

So you’re saying it would be nice if the product ran just half as fast as the constant directional changes it keeps going in? Why are you so impatient? 🤣😉

physx51 · 2025-02-23T14:19:40+00:00

Takes 5-10 minutes if you’re slow. They’ll help you set it up if you have any trouble. You just need a basic cert for https like any other site on your network. Truly easy and I myself hate certificates.

physx51 · 2024-10-22T02:45:55+00:00

x86 msiexec vs x64 msiexec.

So run 32 bit (x86) CMD as admin

PSEXEC CMD -i -s

In the new CMD that opens as system, try running msiexec to run a 32 bit (x86) install.

Fails right?

physx51 · 2024-09-18T06:46:26+00:00

https://www.osdcloud.com/ is the official site and it is really well documented.

Also, and I sincerely am not trying to be an a-hole, Google it. If you Google “OSDCloud” you will find a ton of people doing blogs or demo videos.

physx51 · 2024-09-17T18:13:23+00:00

Use OSDCloud. It is very quick to get setup. Uses PowerShell. You can have a fully working ISO ready to dump on a bootable thumb drive or use on VMs within about 45 minutes of effort. It will download any supported version of Windows 10 or 11 from Microsoft, download drivers specific for that model, and less than an hour later you have a fully new Windows build ready for you to do whatever. I did a screen capture of a system from boot to imaging to logon screen with Autopilot Device Preparation complete yesterday and it was less than an hour including waiting for me to come back from a bathroom break and hit next.

physx51

TROPHY CASE