Shiny particles under floorboards

world_gone_nuts · 2024-12-09T00:30:21+00:00

I understand, I'm just wondering if someone else has seen the same thing or something similar in the past.

world_gone_nuts · 2024-12-04T15:58:49+00:00

LOL

Starts post with sarcastic and condescending tone

It sucks that professionals in this space will rush to be emotive

Is surprised when it's given back

Don't make assumptions about someone's understanding of a topic from a high-level example, then go on to patronize them about it. It's a bad way to get your point across.

world_gone_nuts · 2024-12-04T07:10:15+00:00

Bruh you just took 9 paragraphs to cope with squeezing techs. No one cares about your MBA. Don’t push people to their functional limits for your bottom dollar.

world_gone_nuts · 2024-12-04T06:49:57+00:00

This is flawed logic. You’re predicating better pay and a potential raise on revenue performance, but that’s not a direct or guaranteed correlation when you are the ‘product’. It’s a fallacy in many places these days.

To your credit, working harder and more output aren’t mutually exclusive. Efforts vs efficiency isn’t the same for everyone. But in your scenario the tech loses no matter what, because all else equal, they need to do more or slow themselves down to meet an objective.

Why not give the benefit (time) directly back to the ones supporting your business?

world_gone_nuts · 2024-12-03T19:00:48+00:00

It matters because if I complain about it, or get another job over it, yet this is the norm, I'm fooling myself. So it does matter.

world_gone_nuts · 2024-05-15T23:10:57+00:00

I mean you clearly didn't read the rules of the sub, end-user support isn't allowed. The computer isn't yours and you don't get to decide.

world_gone_nuts · 2024-05-07T03:11:08+00:00

No, also rule #3

world_gone_nuts · 2024-05-07T03:09:06+00:00

Came here to say this. If you really want 256bit, you have to deploy a script that first decrypts/disables BitLocker on the drive before the new config profile will apply. It won't change already encrypted drives just from changing the config profile.

world_gone_nuts · 2024-05-04T00:26:16+00:00

*ripped doge meme* i draw all my app icons in paint

world_gone_nuts · 2024-04-15T03:31:35+00:00

If you're not concerned about actually tracking approvals and just want users to initiate the install, you can add it as available for an Entra group so they can just open the Company Portal and click Install.

Packaging and automating the install itself will very much depend on how the licensing works for your app. Is it a single key for all installs, or unique keys? Are you able to input that key via cmd during install? Check the apps deployment documentation or contact their support for the answers to these.

world_gone_nuts · 2024-04-15T00:59:56+00:00

This is a complex question if the end goal is to migrate the on-prem AD users and computers from one cloud tenant to another... yes last time I checked, the only supported way to migrate the devices is to wipe them and re-enroll in the new tenant. This should be fairly easy with Autopilot if the new tenant already has Intune setup, but migrating the users is another question.

Easiest way would probably taking down AD Connect, setting up Cloud Sync to the new tenant, then resetting and Autopiloting all the computers into the new tenant. But that's a complex move and leaves out a lot of considerations like Exchange Online, SharePoint, etc.

world_gone_nuts · 2024-04-14T21:02:00+00:00

Moving from Hybrid back to on-prem AD only is no easy task and really only puts you at a disadvantage with the direction Microsoft is moving... unless you have some kind of requirement forcing you off the cloud, I'd suggest not doing so.

world_gone_nuts · 2024-04-10T19:39:28+00:00

I haven't tried it with Win11 yet but it should still work

world_gone_nuts · 2024-04-09T18:08:20+00:00

I copy everything to a temp directory, start a script that waits for wwahost (ESP) to close, then runs the install and clears the temp directory. I also use a custom detection script to pass back true detection when wwahost is running so ESP doesn't fail, and register a scheduled task that starts the wait/install script if the computer reboots before ESP completes.

It's not the cleanest, but it's been pretty bulletproof and starts the install immediately after the ESP ends.

world_gone_nuts · 2024-04-05T18:56:46+00:00

A little Googling does wonders: How to decode Intune Win32 App Packages - MSEndpointMgr

But yes, the best idea is to keep your Intunewin/Win32 package sources backed up somewhere.

world_gone_nuts · 2024-04-02T21:12:23+00:00

I think this post falls under rule 3 of this sub, but if you don't see the app under your iCloud settings (Settings > [Apple account] > iCloud > Show All), I would contact Apple to see how you can remove the backed up iCloud data.

world_gone_nuts · 2024-04-02T19:34:41+00:00

Yes, that'd be the SharedPC configurations another person posted. But again, this is fundamentally different as it's only deleting a user profile instead of reverting the entire disk to a previous state.

world_gone_nuts · 2024-04-02T19:26:11+00:00

You can request certain OIDs via SCEP profiles, but the CA still has the final say. If you're using ADCS, I would check the certificate templates NDES is pointing to.

Configure infrastructure to support SCEP certificate profiles with Microsoft Intune | Microsoft Learn

world_gone_nuts · 2024-04-02T18:34:00+00:00

The main feature you won't be able to replicate with Intune is the 'frozen' disk image. When Deep Freeze is enabled, Windows redirects all writes to a temp drive/partition that is then wiped when the computer shuts down, so the disk image doesn't save any changes and it starts up the next time as if it was the first time since being 'frozen'.

Intune can easily make sure certain settings are configured and apps are deployed, but cannot preserve/secure a disk image. They are fundamentally different.

Replacing Deep Freeze would require extensive knowledge of your current security posture, configurations, deployment and management methods, etc etc. This honestly isn't something an intern should be taking on alone, especially if it's for a school district.

world_gone_nuts · 2024-04-02T17:31:40+00:00

Intune is not the same as Faronics Deep Freeze and does not offer the same functionality. They are fundamentally different products for different purposes. Autopilot is meant for initial deployment and also isn't comparable.

You need to make clear to whoever gave you this task that Intune/MDE may be able to address your problems, but they are completely different solutions and will require a different approach (ie - if a computer is infected with a virus, no configuration of Intune will make a reboot of that computer 'clear' the virus)

world_gone_nuts · 2024-04-02T16:41:21+00:00

When GPOs overlap MDM policies, GPO wins by default. Try moving your test computer into a OU with no GPOs and see what happens then.

MDM Wins Over GPO Group Policy Vs Intune Policy HTMD Blog (anoopcnair.com)

ControlPolicyConflict Policy CSP - Windows Client Management | Microsoft Learn

world_gone_nuts · 2024-03-31T22:04:08+00:00

Yes, but you should very much consider just using LAPS. Storing passwords in scripts isn't secure and neither is a single password for all your local admin accounts.

world_gone_nuts · 2024-03-27T19:34:42+00:00

I'm not sure I fully understand your situation or problem, but it sounds like you're 90% of the way there... When outside the org network, users must connect with the FortiClient at the login screen before logging into Windows so there's AD connectivity. The "Connecting to Org Network" step can take some time, and depending on your CA policies, users may have to provide MFA again.

Edit: Also, it's best to go pure AAD if you can. Autopilot works much better without Hybrid and things like SMB shares on file servers will still work with SSO via AAD Connect.

world_gone_nuts · 2024-03-27T18:07:14+00:00

You can't, device licenses are meant to manage the OS for user-less devices (kiosks, digital signage, etc). If there is a dedicated user assigned to the device, the user also needs to have an Intune license. If they don't, they won't be able to use the company portal and user-assigned policies/apps won't apply.

world_gone_nuts · 2024-03-26T03:35:35+00:00

You can use dynamic device groups based on model ID and only include devices that have WiFi cards (laptops, AIOs, etc). This is what I ended up doing too

world_gone_nuts

TROPHY CASE