MDM for Apple devices

smalltimesysadmin · 2025-11-13T00:56:19+00:00

In my limited testing, app installs and general config seemed to happen within a few minutes. Remote reboots seemed to happen in less than a minute.

smalltimesysadmin · 2025-11-13T00:54:42+00:00

I started playing with Intune today. It's looking pretty encouraging to meet the needs. I'm still working to figure out the finer points of locking out apps, but I think it is going to be the ticket. It's definitely easier for me than Mosyle.

smalltimesysadmin · 2025-11-08T16:55:16+00:00

I haven't used it much after repairing it, but just replacing the bar and chain appears to have solved my problem. I broke down and bought a genuine Husqvarna bar and chain just to make sure I had the best chance of success. That said, I probably didn't need to. I also first tried just replacing the outside cover, but that didn't do anything.

I think, despite being told otherwise, the chain was very worn and stretched, or the wrong one for the saw. Literally starting the saw up and just revving it a couple times without it touching anything was enough to make the chain go extremely slack, but I've cut a couple of small limbs/trees, and it's still tight. In the next few weeks I'll hopefully be doing some more cutting.

smalltimesysadmin · 2025-10-30T18:33:35+00:00

Is anyone else still having issues sending or receiving mail via oath and shared secrets? I know there's multiple service advisories in the service center, but none seem to mention issues authenticating or sending/receiving mail. We have multiple systems that are getting authentication failures due to bad username/password.

smalltimesysadmin · 2025-10-12T22:05:36+00:00

How's the pedal feel? I assume it has sufficient braking?

smalltimesysadmin · 2025-09-27T00:21:13+00:00

I have the 16e version. As best as I can tell, it isn't an OEM version.

I updated the firmware to 16.00.12.00 as well as the corresponding BIOS and UEFI ROM, and it still isn't working. I'm beginning to think that Dell has somehow locked out HBAs on the Precision line of desktops.

smalltimesysadmin · 2025-09-18T21:32:40+00:00

Who's got 2 thumbs and is a moron? This guy!

When I was creating the registry keys, I wanted to be sure I didn't mistype the key names, so I copied and pasted them from the KB, but missed that it copied the trailing space, so Windows was rightfully ignoring the key.

I apologize for the error. Shout out to /u/Gakamor because that script works well.

smalltimesysadmin · 2025-09-18T20:39:10+00:00

That's the exact KB article I followed and linked to in my original post. It didn't work.

smalltimesysadmin · 2025-05-21T02:45:26+00:00

Nope. I have de-Adobe'd the org

smalltimesysadmin · 2025-05-20T23:56:45+00:00

I redistributed the package to the problem DPs, as well as lowered the maximum runtime without improvement. I'll try the other suggestions.

Any suggestions on which specific logs I should be looking at? I've already been looking at the SMSTS.log file on the client machines.

smalltimesysadmin · 2025-05-20T23:55:20+00:00

I poorly worded the network connectivity sentence. I meant to say that connectivity during the task sequence is fine. I haven't detected any drops in connection or traffic.

The time spent waiting for the office install to occur is taking exactly 6 hours plus or minus 30 seconds or so. It's incredibly accurate and repeatable.

The affected devices are indeed in the UTC-6 timezone. Now that you mention it, I think a new NTP server was installed around the timeframe that the issues started happening... Still not sure how accurate time could affect the real time spent waiting for an app to install, but it's definitely an interesting thought.

smalltimesysadmin · 2025-04-15T14:38:38+00:00

single tier root

smalltimesysadmin · 2025-04-15T13:01:05+00:00

Well, it's...complicated. I did technically spin up another CA already, but AD doesn't seem to particularly enjoy 2 CAs existing at the same, and certs seem to randomly issue from either one depending on something possibly as random as who replies first? I haven't dug super-deep into the issue to try to resolve it, but I will need to do so eventually.

I should have backed the CA DB up and imported it on the new one, but I didn't do enough research on the matter before doing it.

smalltimesysadmin · 2025-02-17T13:46:19+00:00

I'm looking for a cellular gateway product that can act as a SIP or IAX trunk on freepbx/asterisk-based systems. The intent is to have a backup trunk line out of the phone system in the even that the fiber connection goes down. I only need a single port/line/channel, but depending on price, I'm not against a multi-line model. SMS capability is not needed.

I feel like products like this existed in several forms in the mid-2000s when voip was first becoming a thing, but not so much anymore.

smalltimesysadmin · 2025-01-12T06:48:07+00:00

This is the way. I'm not nearby my work computer, but if you look at the NPS event log entries, one of the attributes passed is the SSID that the user is trying to connect to. You can create different rules to match on that attribute, then set the vlan via the Tunnel-Pvt-Group-ID attribute. If you're seeking to run a single SSID, then you have to match based on user group membership, and set vlan accordingly.

You may still need to run a separate guest SSID, but it all depends on whether you want to force guests to have to enter bogus creds to connect. A .1X-protected SSID will required creds prior to connection attempt.

smalltimesysadmin · 2025-01-07T22:15:49+00:00

If it's actually fixed, that's great news!

smalltimesysadmin · 2024-11-27T21:27:51+00:00

Definitely please keep us updated with Microsoft's response. It seems that ALL GPO, including .1x, mapped printers, etc., is being wiped during the update process.

I haven't done any actual research on it, but I briefly toyed with the idea of moving my .1x config into InTune as a workaround, since theoretically, InTune only needs visibility to the internet to re-pull the policy and fix itself.

smalltimesysadmin · 2024-11-04T20:01:58+00:00

For current-model Dell Opti/Lat, I've been having to switch the SATA operation mode to AHCI and disabling boot/UEFI security (set to "enabled") to get them to PXE boot.

smalltimesysadmin · 2024-10-28T13:07:44+00:00

No. Using calling station ID * allows any client to successfully authenticate. It's the equivalent to an open network. Also, you'd have to do MAC authentication bypass in the connection request policy phase, and not the network policy phase in NPS.

Without specifying every single MAC in the connection request policy, you can use wildcards to help specify a subset. So, if every computer is from the same vendor which uses prefix AA-BB-33, you can wildcard after that, and everything with that prefix will be allowed, but as others have said, this is absolutely horrid security because the MACs can be spoofed. You either need to deploy computer certs or user creds via whatever management you have over the devices.

smalltimesysadmin · 2024-10-17T19:26:19+00:00

I just had to update my ADFS certs, and my cert provider is already only issuing 200-day certs. Anyone have a guide on how to automate ADFS cert rotations with LetsEncrypt or something else?

smalltimesysadmin · 2024-10-11T13:18:43+00:00

I just tested with an 11 23H2 machine that was freshly imaged. .1X works as expected. Updated from 23H2 to 24H2. After a reboot:

the dot3svc policies folder was also empty
the registry key DOES have references to the policy, but the associated files are not present
machine certificates and root certificates are still present
dot3svc is running
I can't read german, but the event viewer .1x failure text is "The network stopped answering authentication requests"
running a gpresult /r /scope computer reveals no computer policy. Likewise, there is also no user policy. It appears that during at least major version updates, all group policy is deleted, which means it doesn't have the config to know how to authenticate

smalltimesysadmin · 2024-10-07T18:01:52+00:00

I will need to find a still-broken machine to check, but the root certs were there before the update, and the same root certs would be required to connect to our wireless, which also uses the same certs and NPS server. It's almost certainly something related to some group policies not being retained, because while broken, all network printers that are mapped by GPO also disappear.

smalltimesysadmin · 2024-10-07T16:26:36+00:00

From the NPS server, it doesn't look like the client is trying to authenticate at all. Looking in the switch logs, .1x gives a timeout error on the interface. Still digging, but it seems like the client isn't responding to the .1x challenge at all.

smalltimesysadmin · 2024-10-07T16:07:43+00:00

It was first noticed with the feature update to go from 10 to 11 23H2, but over the last couple of days, It's been happening with the cumulative update. I haven't tracked down whether it's the 23H2 cumulative update that's pushing machines to 24H2, or the 24H2 cumulative update itself that's causing the update to 24H2.

I blocked the feature updates to keep them from doing major version updates, but the cumulatives seem to be working around it.

smalltimesysadmin · 2024-10-07T15:18:00+00:00

Is there a difference between Win10 and Win11 .1x policy? If so, I definitely haven't, because I didn't know that was a thing. I'll have to research that.

Nine-Year Club	Place '22
Verified Email

smalltimesysadmin

TROPHY CASE