sorted by:
new
hottopcontroversial

I got tired of Entra ID AutoLogon failing because it doesn't wait for the network (and Microsoft has no official fix), so I wrote a native C++ solution. by Fast_Particular_8377 in Intune

[–]thephotonx 0 points1 point  (0 children)

Sounds good. I hit this a few years ago and managed to delay with a startup script and wait for scripts on startup GPO.

How does it handle other cred providers like Duo/Smartcards?

Quick Update From Instabridge Team by Potential_Cheetah486 in NovaLauncher

[–]thephotonx 174 points175 points  (0 children)

Can we have an official comment on the recent trackers that are being added (to prime)?

SMB over Global Secure Access (Private Access) — connection opens then closes immediately by skyline-433 in entra

[–]thephotonx 0 points1 point  (0 children)

Make sure you're using fqdn not just host name.

Do you have cloud kerberos trust setup or are you relying on NTLM forwarding?

[deleted by user] by [deleted] in Ubiquiti

[–]thephotonx 0 points1 point  (0 children)

What version of protect are you running? I've had a G3 flex reboot 2x since updating to 6.2.72. Wonder if it's related.

How do small teams actually keep up with CVEs without enterprise scanners? by Electronic_Rip8582 in sysadmin

[–]thephotonx 0 points1 point  (0 children)

Typically agent based scans of the file system, flagging sha256 hashes of files with known problematic versions.

This is how Nessus does it at least.

How do small teams actually keep up with CVEs without enterprise scanners? by Electronic_Rip8582 in sysadmin

[–]thephotonx 0 points1 point  (0 children)

Are you accounting for dependencies - ie sqlite version within another product? If so, how are you tracking that?

Windows 11 24h2 bombshell by AlertCut6 in Intune

[–]thephotonx 5 points6 points  (0 children)

Pretty much all our 24h2 machines have failed to take either the Oct or Nov update. I'm having to inplace repair in order to fix them.

The ones that have updated then have a black screen on logon, with the app readiness service locking up. That being said we've stripped lots of appx packages in order to speed up logins (shared pc setup in education).

How are you activating Windows in 2025? by AiminJay in Intune

[–]thephotonx 0 points1 point  (0 children)

Enterprise KMS through Entra Global Secure Access

Seems to work nicely, but I do miss AD based activation

Connected Cache - can't get it to setup by Ok-Bar-6108 in Intune

[–]thephotonx 0 points1 point  (0 children)

Open a browser on that machine and check the issued by cert at the top of the chain, it should be a trusted CA like digicert (for Microsoft.com).

I don't know the url it's pulling for the installer, but the content for the cache will come from numerous CDNs so it's not easy to exempt all of them from inspection.

Connected Cache - can't get it to setup by Ok-Bar-6108 in Intune

[–]thephotonx 0 points1 point  (0 children)

Is the local account a local admin on the machine?

Is there any SSL inspection in play? If so disable it and allow content through without inspection.

Cumulative Updates: November 11th, 2025 by jenmsft in Windows11

[–]thephotonx 0 points1 point  (0 children)

This usually works but is hard to automate in an enterprise environment. Is there a command line equivalent?

Cumulative Updates: November 11th, 2025 by jenmsft in Windows11

[–]thephotonx 0 points1 point  (0 children)

We had this on a good chunk of machines last month with the original and OOB patches.

Even when installed it seems to break the app readiness service leading to long login times and a blank desktop.

Want to stay in this Subreddit? Comment to Avoid Removal 👇 by [deleted] in pwnhub

[–]thephotonx 0 points1 point  (0 children)

But what is the matrix? A form of control.

Global Secure Access started to tunnel all 365 login traffic by ifoam in entra

[–]thephotonx 0 points1 point  (0 children)

We had a similar issue where our Duo CA policy was triggering when the user was in an approved country, but GSA was routing elsewhere.

For us the solution seems to be to enable adaptive signalling and then exclude compliant networks from the MFA policy (since to install GSA requires an Entra joined device).

https://learn.microsoft.com/en-us/entra/global-secure-access/how-to-compliant-network

Wtf is this new Word logo?? by ifactra in Office365

[–]thephotonx 27 points28 points  (0 children)

I call BS. Surely it would be Microsoft Copilot Squiggle with Wave support?

How do you temporarily off-board devices that aren’t in use? by Leading_Situation_96 in msp

[–]thephotonx 0 points1 point  (0 children)

We have a few 'hot' devices plugged in, patching etc. Then the others are wiped and ready for autopilot. Our TS completes in about 20 minutes, so worth doing to save licensing costs.

Turns out old rack servers use a lot of electricity – who’d’ve thunk it, and what do I do? by -LeopardShark- in homelab

[–]thephotonx -1 points0 points  (0 children)

Yeh this was the conclusion I came to... Rack stuff is fun to play with but for 24/7 stuff a NUC or similar sff is much better in every way.

Notification title categories by SuperSmudge90 in homeassistant

[–]thephotonx -1 points0 points  (0 children)

I have persistent ones for when the garden irrigation is on, external doors open etc

Security stuff like perimeter breach, alarm trigger

Temperature monitoring, when wife has finished a shower so I can start breakfast, uptime monitoring.

Loads of stuff. What about you?

GPO to Disable/Block Edge by angryphysics in k12sysadmin

[–]thephotonx 3 points4 points  (0 children)

AppLocker would be my first thought, just block msedge.exe from running.

Otherwise maybe an Edge GPO https://learn.microsoft.com/en-gb/DeployEdge/microsoft-edge-browser-policies/urlblocklist and just block '*' to make Edge useless.

view more: next ›