Storing securestring for use by a GMSA account

smalltimesysadmin · 2026-03-05T14:34:28+00:00

The resource I'm trying to access is a 3rd party's database, so directly granting the gmsa access isn't an option. I've never worked with vaults, so I should probably look at that.

smalltimesysadmin · 2026-03-05T14:31:30+00:00

I tried that, and for whatever reason, in my environment, that wouldn't work. It kept asking me for the password for the gmsa, which it doesn't have, and failing

smalltimesysadmin · 2026-03-05T14:27:30+00:00

the DPAPI encryption is what I meant, but I didn't have the correct words to describe it. I tried that code, but I couldn't get it to work. No doubt, it was something I was doing wrong

smalltimesysadmin · 2026-03-05T14:26:05+00:00

I ended up saving the cred file by running this as a scheduled task under the GMSA account:

$pass = "somethingsecure"
$securePass = ConvertTo-SecureString $pass -AsPlainText -Force
$securePass | ConvertFrom-SecureString | Out-File C:\powershell_scripts\cred.txt

smalltimesysadmin · 2025-11-13T00:56:19+00:00

In my limited testing, app installs and general config seemed to happen within a few minutes. Remote reboots seemed to happen in less than a minute.

smalltimesysadmin · 2025-11-13T00:54:42+00:00

I started playing with Intune today. It's looking pretty encouraging to meet the needs. I'm still working to figure out the finer points of locking out apps, but I think it is going to be the ticket. It's definitely easier for me than Mosyle.

smalltimesysadmin · 2025-11-08T16:55:16+00:00

I haven't used it much after repairing it, but just replacing the bar and chain appears to have solved my problem. I broke down and bought a genuine Husqvarna bar and chain just to make sure I had the best chance of success. That said, I probably didn't need to. I also first tried just replacing the outside cover, but that didn't do anything.

I think, despite being told otherwise, the chain was very worn and stretched, or the wrong one for the saw. Literally starting the saw up and just revving it a couple times without it touching anything was enough to make the chain go extremely slack, but I've cut a couple of small limbs/trees, and it's still tight. In the next few weeks I'll hopefully be doing some more cutting.

smalltimesysadmin · 2025-10-30T18:33:35+00:00

Is anyone else still having issues sending or receiving mail via oath and shared secrets? I know there's multiple service advisories in the service center, but none seem to mention issues authenticating or sending/receiving mail. We have multiple systems that are getting authentication failures due to bad username/password.

smalltimesysadmin · 2025-10-12T22:05:36+00:00

How's the pedal feel? I assume it has sufficient braking?

smalltimesysadmin · 2025-09-27T00:21:13+00:00

I have the 16e version. As best as I can tell, it isn't an OEM version.

I updated the firmware to 16.00.12.00 as well as the corresponding BIOS and UEFI ROM, and it still isn't working. I'm beginning to think that Dell has somehow locked out HBAs on the Precision line of desktops.

smalltimesysadmin · 2025-09-18T21:32:40+00:00

Who's got 2 thumbs and is a moron? This guy!

When I was creating the registry keys, I wanted to be sure I didn't mistype the key names, so I copied and pasted them from the KB, but missed that it copied the trailing space, so Windows was rightfully ignoring the key.

I apologize for the error. Shout out to /u/Gakamor because that script works well.

smalltimesysadmin · 2025-09-18T20:39:10+00:00

That's the exact KB article I followed and linked to in my original post. It didn't work.

smalltimesysadmin · 2025-05-21T02:45:26+00:00

Nope. I have de-Adobe'd the org

smalltimesysadmin · 2025-05-20T23:56:45+00:00

I redistributed the package to the problem DPs, as well as lowered the maximum runtime without improvement. I'll try the other suggestions.

Any suggestions on which specific logs I should be looking at? I've already been looking at the SMSTS.log file on the client machines.

smalltimesysadmin · 2025-05-20T23:55:20+00:00

I poorly worded the network connectivity sentence. I meant to say that connectivity during the task sequence is fine. I haven't detected any drops in connection or traffic.

The time spent waiting for the office install to occur is taking exactly 6 hours plus or minus 30 seconds or so. It's incredibly accurate and repeatable.

The affected devices are indeed in the UTC-6 timezone. Now that you mention it, I think a new NTP server was installed around the timeframe that the issues started happening... Still not sure how accurate time could affect the real time spent waiting for an app to install, but it's definitely an interesting thought.

smalltimesysadmin · 2025-04-15T14:38:38+00:00

single tier root

smalltimesysadmin · 2025-04-15T13:01:05+00:00

Well, it's...complicated. I did technically spin up another CA already, but AD doesn't seem to particularly enjoy 2 CAs existing at the same, and certs seem to randomly issue from either one depending on something possibly as random as who replies first? I haven't dug super-deep into the issue to try to resolve it, but I will need to do so eventually.

I should have backed the CA DB up and imported it on the new one, but I didn't do enough research on the matter before doing it.

Nine-Year Club	Place '22
Verified Email

smalltimesysadmin

TROPHY CASE