Posts made by dbeato

@dave247 What is the version that you have?

@dave247 That won't work on the latest Sonicwall NetExtender client. It doesn't allow for that.

@gjacobse said in What Are You Doing Right Now:

When you have a user call about an app not working.

That is like when they last reboot?

@jasgot Does this happen on any user profile? if not I would try a new user profile and test. Or does it work on another computer?

@dashrender However centrally managed doesn't mean site to site VPN. I don't get MSP that have site to site VPNs to their customers. It is not feasible to maintain, it is a high risk and very old school.

@dashrender This has been around forever but yeah not related to the issues today.

@dashrender said in What Are You Doing Right Now:

@jt1001001 said in What Are You Doing Right Now:

@dashrender as am I and still reading up on it/figuring it out

Do you know - does one deploy autopilot on personalized images? or only on OEM/Enterprise base installs?

You have to install and register the AutoPilot Profile on the device before installing Windows. You would register the device in Intune. Once registered shutdown the device until the profile is created. Once it is created then you can setup your device with internet connectivity and it will go through the process you have including the image and settings and policies you setup for the device.

@scottalanmiller said in Active Directory Domain name:

@stacksofplates said in Active Directory Domain name:

@dbeato said in Active Directory Domain name:

@scottalanmiller said in Active Directory Domain name:

used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

Yeah from a quick search looks like at least GoDaddy and Digicert offered them.

Nov 2015 is when CA/Browser Forum set the standard to not allow internal domains. So looks like most if not all would have supported it before that.

https://cabforum.org/internal-names/

Damn, that's a major security hole! So I could go get a cert issued for a domain someone else used and there had to be zero verification since.... there was nothing to verify!

Yup.

@scottalanmiller said in Active Directory Domain name:

used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

@obsolesce said in windows based FREE imaging app:

@notverypunny said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

they generally come with AV and other crap you don't want at purchase

Oh I see, that sucks. Are the company devices being bought from Walmart or something?

Seriously?

I order these from DCW. I haven't had a laptop not come with at least some third party AV in ages...

I suppose one of the reasons to not order Dell/HP, or at least not the default stuff.

Can't speak to HP, but with Dell, unless you get setup with their imaging program (you provide them with your desired stock image and it's $$$ from what I recall) they're sending you their stock OEM image with a significant amount of bloat-ware. In a corporate / enterprise setup consistency is king so it's normal that you want to reimage with something that's tested and known to play nice in your environment.

Business class devices shipping with trial anti-virus software that is well known to be much worse than the default Windows Defender? That alone is reason enough not to go with that manufacturer (still not a showstopper, as automation can fix that in later steps). If you need to touch a device before an end user gets it, you're wasting a ton of time and money. That's decades old procedures... having your IT department receive the device, reimage, configure, maintain images, and all the requirements that go along? That is a huge waste of resources.

Wouldn't you rather have a device sent directly from CDW to the end-user, without needing a special image, ready to go for the user and the work environment... managed, configured, secured, and compliant as part of the OOBE?

Dell charges a bit more for imaging with your Intune AutoPilot profile but can be arranged and most Dell with Windows Professional and up licensing barely come with bloatware as far as I have been working with them.

@scottalanmiller not really, even in DR there are shortages. Even in the UK as well.

@jaredbusch The only one static IP or IP address is what kills me and so I have to agree that is why we have been shifting to proxies recently.

We use DNS health checks for this, Route53 and CLoudFlare have this but it comes at a n additional cost.

@travisdh1 said in ADUC Set Password Expiry:

@irj said in ADUC Set Password Expiry:

@gjacobse said in ADUC Set Password Expiry:

It's likely we have all had to address this at some point in the last eighteen months or so; A person sent to work from home for whatever reason has just had their password expire. They don't expect to be back into the office for (x) number of days.

Why are they treated any different compared to any other user? You either need AD access or you don't. Working from home doesn't change that aspect.

If they work from home, authenticate to AD every day, then why can't they reset their password?

If they work from home and don't use AD for 90+ days, then why do they even have AD account at all?

Resetting a password remotely does not work automatically like it does on-site. The users have to manually do it themselves before the password expires. I'll give you one guess how many users even know how to change it manually

VPN clients have that availability, so maybe they don't have that?

@gjacobse said in ADUC Set Password Expiry:

It's likely we have all had to address this at some point in the last eighteen months or so; A person sent to work from home for whatever reason has just had their password expire. They don't expect to be back into the office for (x) number of days.

I found a simple Powershell script to reset the countdown timer but it would be also helpful to be able to a expiry date. Just to make sure that my Google results are accurate - is there a process to set an actual date (time) for the password to expire. Or - as I have found / read thus far, is it only value 0 or -1?

Extend Expired Password Using Powershell:
On a machine with access to Active Directory launch Powershell as Administrator.
Run the following command to reset the pwdlastset attribute to 0.
     Set-ADUser -Identity username -Replace @{pwdlastset="0"}

Next run the command to reset the pwdlastset attribute to -1.
     Set-ADUser -Identity username -Replace @{pwdlastset="-1"}

Replace username with specified persons UserID.

Why not use the AD Connect password writeback? It would be so much better.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-sspr-writeback

This will apply to Office 365 Synced with AD so yeah it is limited but it is a good way to allow the user to change their password.

@dustinb3403 It is the worst thing to have a Sonicwall AP

@rojoloco said in What Are You Doing Right Now:

FLAC converter

https://www.freac.org/downloads-mainmenu-33

@jasgot Gotcha, that is very bizarre.

@jasgot What is the Service Pack and CU Leval of that Exchange 2013 Server? What is the .NET Framework installed on this server?

Checking if there is an outage with Google Services
https://downdetector.com/status/google-cloud/