|
https://docs.microsoft.com/en-us/windows/deployment/mbr-to-gpt
|
#
?
Jul 29, 2019 19:23
|
|
|
|
| # ? May 28, 2024 08:00 |
|
|
GreenNight posted:Is there a good tool, free or paid, that can convert an MBR partition to GPT? Need to increase a partition to greater than 2TB. I've had good experience with EaseUS's tools.
|
|
#
?
Jul 29, 2019 19:23
|
|
|
This.
|
|
#
?
Jul 29, 2019 19:26
|
|
|
This is a Server 2019 install with a MBR partition connected to it. Curious if this works on 2019.
|
|
#
?
Jul 29, 2019 19:28
|
|
|
GreenNight posted:This is a Server 2019 install with a MBR partition connected to it. Curious if this works on 2019. https://miketerrill.net/2017/01/15/getting-started-with-mbr2gpt/#comment-3607
|
|
#
?
Jul 29, 2019 19:29
|
|
|
Dirt Road Junglist posted:https://miketerrill.net/2017/01/15/getting-started-with-mbr2gpt/#comment-3607 Ooh nice, thank you.
|
|
#
?
Jul 29, 2019 19:30
|
|
|
MBR2GPT /validate /allowFullOS /Disk:3 MBR2GPT: Attempting to validate disk 3 MBR2GPT: Retrieving layout of disk MBR2GPT: Validating layout, disk sector size is: 512 bytes Disk layout validation failed for disk 3 Bummer.
|
|
#
?
Jul 29, 2019 19:35
|
|
|
code:
|
|
#
?
Jul 29, 2019 19:50
|
|
|
Yeah, it's 4 partitions including the OS partition. They all have 50+ gigs of space free. Nuking one isn't a huge deal. Who cares back Cisco CUCM backups anyways.
|
|
#
?
Jul 29, 2019 19:55
|
|
|
Zero-pass the drive, re-format it GPT, accept the data loss, grieve for it, and learn to love again?
|
|
#
?
Jul 29, 2019 20:07
|
|
|
GreenNight posted:Yeah, it's 4 partitions including the OS partition. They all have 50+ gigs of space free. Nuking one isn't a huge deal. Who cares back Cisco CUCM backups anyways. The recovery partition isn't technically needed if you want to yolo it
|
|
#
?
Jul 29, 2019 20:23
|
|
|
BangersInMyKnickers posted:The recovery partition isn't technically needed if you want to yolo it No recovery partition exists. 1. OS 2. Main file storage for entire org 3. DFS backup from branch office 4. Cisco backups from CUCM
|
|
#
?
Jul 29, 2019 20:29
|
|
|
GreenNight posted:Yeah, it's 4 partitions including the OS partition. They all have 50+ gigs of space free. Nuking one isn't a huge deal. Who cares back Cisco CUCM backups anyways. Kill them with prejudice. No one needs that poo poo.
|
|
#
?
Jul 29, 2019 20:44
|
|
|
GreenNight posted:Yeah, it's 4 partitions including the OS partition. They all have 50+ gigs of space free. Nuking one isn't a huge deal. Who cares back Cisco CUCM backups anyways. 
|
|
#
?
Jul 30, 2019 02:54
|
|
|
GreenNight posted:Is there a good tool, free or paid, that can convert an MBR partition to GPT? Need to increase a partition to greater than 2TB. mbr2gpt runs online and ships with win10 1709+ Edit: god drat it, thants beat me
|
|
#
?
Jul 30, 2019 06:36
|
|
|
boooiiiii they did itquote:Skype for Business Online to Be Retired in 2021 https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/Skype-for-Business-Online-to-Be-Retired-in-2021/ba-p/777833. I'll never have to worry about a weird skype transition with my impending deployment.
|
|
#
?
Jul 31, 2019 00:31
|
|
|
Good riddance.
|
|
#
?
Jul 31, 2019 01:48
|
|
|
So what's the difference between Server and Online? My org just got an email about this but says if you use server then you won't be affected by the retirement.
|
|
#
?
Jul 31, 2019 04:52
|
|
|
On prem Skype is a completely separate product and will have its own schedule for end of support.
|
|
#
?
Jul 31, 2019 05:11
|
|
|
I'm planning to look into this some more tomorrow but does anyone have any ideas why Windows 10 Enterprise (in-place upgrade from a license in Azure AD) on a machine managed by Intune and enrolled with AutoPilot would not have the option to automatically set the time and time zone anywhere in the date and time settings page? As far as I know no location services have been disabled.
|
|
#
?
Jul 31, 2019 20:01
|
|
|
Thanks Ants posted:I'm planning to look into this some more tomorrow but does anyone have any ideas why Windows 10 Enterprise (in-place upgrade from a license in Azure AD) on a machine managed by Intune and enrolled with AutoPilot would not have the option to automatically set the time and time zone anywhere in the date and time settings page? As far as I know no location services have been disabled. I ran in to this with a fresh 1903 install just last week. Ended up going in to the legacy clock control panel applet, manually setting the timezone there, then all the stuff in the new UI stopped being locked out and it worked from there forward.
|
|
#
?
Jul 31, 2019 20:11
|
|
|
This isn't even locked out - the options just aren't there. Is that the same thing you saw?
|
|
#
?
Jul 31, 2019 20:37
|
|
|
I didn't look too closely at it. What I remember was seeing that the clock was in pacific time, so I went in to the modern settings and tried to set the clock there but I couldn't. Said it was doing automatic timezone detection which was enabled and it wouldn't let me turn it off there. Then I hit the link on the right that took me to the classic clock settings and was able to override it there
|
|
#
?
Jul 31, 2019 21:00
|
|
|
Thanks Ants posted:I'm planning to look into this some more tomorrow but does anyone have any ideas why Windows 10 Enterprise (in-place upgrade from a license in Azure AD) on a machine managed by Intune and enrolled with AutoPilot would not have the option to automatically set the time and time zone anywhere in the date and time settings page? As far as I know no location services have been disabled. We had some weird issues with it because of a GPO EntSec demanded we implement. We're still pushing back, because the users are blaming us for it. On mine, going into the Modern Date & time settings says, "*Some settings are hidden or managed by your organization.", but if I click on the "Additional date, time & regional settings" link on the right sidebar, it brings up the Classic control panel and all the options are available over there. (Haha, I should show that to EntSec as a justification for not doing this, since obviously the GPO isn't effectively blocking anything.) So...not sure why they're missing? Is there a registry setting that hides sections of control panels, maybe?
|
|
#
?
Aug 1, 2019 00:44
|
|
|
Thanks for this.
|
|
#
?
Aug 1, 2019 01:17
|
|
|
Are there any restrictions to applying security groups to computer objects? Trying to prevent write-access to a network share on a specific computer that has to stay logged in by someone who has Modify access to that share. $Folder has Read and Execute / Modify security groups Created additional security group called $FolderNoWrite Set NTFS permissions on share to explicit deny Write to $FolderNoWrite Made $Computer member of $FolderNoWrite Gpupdate, logged out and in User was still able to make a text file on the share. Recreated in test network, still did not work when applied deny group to computer object, but did work when applied to the user object.
|
|
#
?
Aug 1, 2019 21:31
|
|
|
How were you testing? What you are doing will block the system account from writing to the share, but its kinda hard to pop a command shell as system these days. What you are doing will not block users logged in to that computer, just the computer context itself.
|
|
#
?
Aug 1, 2019 21:40
|
|
|
The computer object isn't the security principal writing the file, so it won't be stopped. You'd have to block the user from being able to write there. I'm not aware of any sort of conditional access that pairs the origin workstation plus user account
|
|
#
?
Aug 1, 2019 21:41
|
|
|
It sounds like the user who is represented by the user account that is logged in is not the person who will actually be using the computer. Your difficulties are illustrative of Why This Is Bad.
|
|
#
?
Aug 1, 2019 22:00
|
|
|
I don't think loopback processing will work in this situation, but it's the closest solution I can immediately think of. I think LBP only recursively applies user settings to computer objects.
|
|
#
?
Aug 1, 2019 22:00
|
|
|
Useful to know, thanks! Came up with a better solution. Created a separate user account that only has read-only access to the required share (info from the share is displayed on a TV) and restricted its login to only that computer.
|
|
#
?
Aug 1, 2019 22:08
|
|
|
Make an account with gently caress all access if you need it to stay logged in, the actual user can open up an RDP session if they need access to “their” stuff.
|
|
#
?
Aug 1, 2019 22:09
|
|
|
I'm having some trouble with a per-app VPN configuration through Intune and Anyconnect on iOS. The app used to do OAuth authentication using its own UI, which worked great with per-app VPN, but recently it began using a Safari web view - which apparently is considered a separate app since it can't get through the VPN. Is there some way to get the per-app VPN to allow Safari interactions as well?
|
|
#
?
Aug 3, 2019 00:37
|
|
|
klosterdev posted:Useful to know, thanks! This is the semi-good way to do it imo. Best way is to lay down a blanket policy of any machine with a shared user account that stays logged in 24/7 is local access only, no domain connectivity, on a separate wired network behind a firewall preventing it from touching your production systems. Information can be updated by someone in IT transferring data to it from an encrypted USB drive and billing time to the department that wants something set up that way. Yes I work in medical why do you ask?
|
|
#
?
Aug 6, 2019 02:11
|
|
|
Cross posting, I need to do some basic auditing of directory accounts that are assigned special permissions for my application. It writes to only objects in specific OUs but I’m shocked there isn’t a community Powershell script that already does this and I do not want to buy a 3rd Party Program. To be blunt, I'm running this ( https://gallery.technet.microsoft.com/office/AD-Advanced-Permissions-49723f74 ) and I would really just like *.CSV Output to confirm the permissions (like I'd flip this script to merely show the current permissions of the service account) but dsacls doesn't seem to work that way. What am I missing?
|
|
#
?
Aug 6, 2019 02:26
|
|
|
What specific permissions are you trying to check? edit: I've been screwing around with this the last couple hours. I haven't finished the script to do it, but here's some snippets Basically stop trying to do this with DSCALCS is my recommendation I'm using the powershell command Get-ACL for this. Substitute appropriately. You can query AD directly using AD: in your path. code:code:Here's some links that might be useful. https://blogs.technet.microsoft.com/poshchap/2017/10/06/more-on-get-acl-with-active-directory/ https://rakhesh.com/powershell/using-get-acl-to-filter-ad-objects-without-certain-group-acls/ https://community.spiceworks.com/how_to/149278-how-to-get-an-active-directory-ou-permissions-report This thing might actually do what you want https://gist.github.com/indented-automation/7a96a71be7eac9afc750e98fddab488f/revisions skipdogg fucked around with this message at 18:33 on Aug 6, 2019 |
|
#
?
Aug 6, 2019 03:07
|
|
|
For some reason that I cannot figure out, standard users a one client of mine (read: non-admins) can initiate disabling/suspending bitlocker from the bitlocker UI. I have never seen this, across every client I've had that uses it, all functions in the bitlocker UI are locked behind UAC. These are Windows 10 1809, bitlocker was initiated by an admin (ugh), but i also have a GPO out there that would do it if they would just assign it an OU before bitlockering. Anyway, has anyone seen this? I can't seem to find anything related to this.
|
|
#
?
Aug 9, 2019 21:21
|
|
|
That really shouldn't be possible and I don't think there is a canned GPO to permit this kind of behavior. I would dump the details of their security context during logon and give it a sanity check that they aren't inheriting some group giving them local admin permissions.
|
|
#
?
Aug 12, 2019 20:06
|
|
|
BangersInMyKnickers posted:I didn't look too closely at it. What I remember was seeing that the clock was in pacific time, so I went in to the modern settings and tried to set the clock there but I couldn't. Said it was doing automatic timezone detection which was enabled and it wouldn't let me turn it off there. Then I hit the link on the right that took me to the classic clock settings and was able to override it there dump your w32tm config?
|
|
#
?
Aug 17, 2019 07:07
|
|
|
|
| # ? May 28, 2024 08:00 |
|
|
Anyone have any good getting started with SCCM type resources?
|
|
#
?
Aug 17, 2019 15:24
|
|
