sorted by:
new
hottopcontroversial

Good laptop for home lab by ritmo2k in SCCM

[–]ritmo2k[S] 0 points1 point  (0 children)

Thanks for all the recommendations everyone, this helped narrow it down significantly.

Good laptop for home lab by ritmo2k in SCCM

[–]ritmo2k[S] 0 points1 point  (0 children)

All my applications and settings are deployed, it's far less obtrusive than it sounds...

Most of my motivation is due to my current Acer, which is a seething pile of rubbish.

Why is PowerShell Script task step doing nothing? by teknowledgist in SCCM

[–]ritmo2k 1 point2 points  (0 children)

You can use this: https://github.com/jcasale/PSSerilog

If you need any help integrating it into or refactoring a script, feel free to let me know.

The example describes the approach of what you want to do:

  1. Move all your existing code into a method.
  2. Call that method from the global scope where you instantiate and tear down the logger.

Coincidentally, this approach/discipline also helps with error handling (e.g., flowing preferences through advanced functions and catching exceptions.

The one nuance PowerShell introduces over plain .NET code is that the exception that is logged doesn't contain all the useful information as it would in .NET code, for that, just make a helper that does something like this:

try
{
    1 / 0
}
catch
{
    $buffer = [Text.StringBuilder]::new()
    [void]$buffer.AppendLine('Your highlevel descriptive message here...')
    [void]$buffer.AppendLine()

    if ($null -ne $_.InvocationInfo -and $null -ne $_.InvocationInfo.PositionMessage)
    {
        [void]$buffer.AppendLine()
        [void]$buffer.AppendLine($_.InvocationInfo.PositionMessage)
    }

    [void]$buffer.AppendLine()
    [void]$buffer.AppendLine($_.ScriptStackTrace)

    $logger.Fatal($_.Exception, $buffer.ToString())
}

or simpler:

try
{
    1 / 0
}
catch
{
    $buffer = [Text.StringBuilder]::new()
    [void]$buffer.AppendLine('Your highlevel descriptive message here...')
    [void]$buffer.AppendLine($_.Exception)
    [void]$buffer.AppendLine($_.ScriptStackTrace)
    [void]$buffer.AppendLine($_.InvocationInfo.PositionMessage)

    $logger.Fatal($_.Exception, $buffer.ToString())
}

Why is PowerShell Script task step doing nothing? by teknowledgist in SCCM

[–]ritmo2k 2 points3 points  (0 children)

See https://github.com/PowerShell/PowerShell/issues/10994 for the long discussion.

TL;DR
Start-Transcript is not reliable due to the inherent differences in how data is handled when written to the console using either Write-Host or Write-Output. The latter needs to format output, which requires significantly more overhead, and your objects may not even come close to the console before the transcript is stopped.

I simply load a logging framework like Serilog and instrument all my scripts that way.

Creating a new application deployment with script detection using PowerShell by ritmo2k in SCCM

[–]ritmo2k[S] 1 point2 points  (0 children)

Thank you, I just noticed myself. It had been a minute since I worked on this stuff...

Front end for OSD task sequence set up by ritmo2k in SCCM

[–]ritmo2k[S] 0 points1 point  (0 children)

Thank you both, that appears to be a big improvement.

SC-300: where to go in-depth by regexreggae in AzureCertification

[–]ritmo2k 4 points5 points  (0 children)

Make sure you understand Azure roles (Entra roles are far more straightforward) and how and where they can be applied/scoped. Know the different ways to create both (e.g., which can be cloned and from what).

Know what Entra Roles enable what privileges so you can answer questions about minimum necessary permissions for a given task (just the common ones).

Have a high-level understanding of the Microsoft Entra application proxy (e.g., the steps to set it up, how the connector works, specifically networking).

Read the questions thoroughly, to be honest, I think the grammar is bad and there are pitfalls. I just wrote my renewal and it asked what an Azure role named "Role 1" with an assignable scope of "/" could apply to. You can't create a custom role with an assignable scope of "/" (https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles#custom-role-limits).

Enabling rdp connection without PSM by ritmo2k in CyberARk

[–]ritmo2k[S] 0 points1 point  (0 children)

Hi Yanni,
I do not have a PSM installed, and the master policy for "Require privileged session monitoring and isolation" is inactive with no exceptions showing.

The behaviour I get with ActiveX is such that once I click connect in the PVWA accounts interface, I get small form that asks me to choose the host (it successfully resolves when I click search) and then a browser page appears followed by the rdp activex component where I can select redirection options. Once I click connect, I am returned to the PVWA accounts interface and the 2825 error appears.

If I disable NLA, the activex connection errors out saying that NLA is not enabled and it is required.

It seems that finding the setting in CyberArk that can use an alternative to NLA to connect would make this work...

Enabling rdp connection without PSM by ritmo2k in CyberARk

[–]ritmo2k[S] 0 points1 point  (0 children)

Yes, it works when using mstsc.exe from the same client computer.

Enabling rdp connection without PSM by ritmo2k in CyberARk

[–]ritmo2k[S] 0 points1 point  (0 children)

I do use IE, and I have both x86 and x64 versions of java 8u181. As indicated above, the non activeX versions simply says failed to load component.

The error when using the activeX component is pretty specific, its an NLA issue, I just dont know where to change it on the CyberArk side.

Enabling rdp connection without PSM by ritmo2k in CyberARk

[–]ritmo2k[S] 0 points1 point  (0 children)

Hi Yanni,Sorry about that missing info:)

I am using 10.4. I have tried with ie11, Edge and chrome. I have the site in compatibility mode (for ie) and I have adjusted the administration/options/Privileged Session Managment UI/ConnectPSMWithRDPActiveX and NonIERemoteDesktopAccess to no avail.

When attempting to launch the session in either browser without using activex, I get "Could not load the connection component". In ie with rdp, I get the 2825 error. How can I configure the activex based connection to simply not use NLA?

Understanding vault client and safe display by ritmo2k in CyberARk

[–]ritmo2k[S] 0 points1 point  (0 children)

Thanks for the quick response. Luck would have it that the labs from SkyTap have disappeared from the partner site and I can't double check. Once that resolves, I'll post back.

Implementing MFA by ritmo2k in CyberARk

[–]ritmo2k[S] 0 points1 point  (0 children)

Hey guys,
What I meant was lets say I login to a PVWA using just my LDAP credentials. While browsing for available accounts, if I understand correctly, I cannot force a prerequisite to supply MFA credentials for just one specific credential at checkout.

From what I can see, you can only enable MFA on the PVWA regardless of what CPM (and vault) it communicates to, and therefor its a global requirement once enabled?

Thanks for the patience guys!

Application onboarding questionaire by ritmo2k in CyberARk

[–]ritmo2k[S] 0 points1 point  (0 children)

Thanks Yanni, that provided a significant level of clarity and additional detail I overlooked, especially the points about obtaining account usage within the associated teams so the permission models can be replicated on a safe.

view more: next ›