|
Correct that is what I'm referring to. I am just looking at an install guide for some app to do SSO/LDAP integration and it has a pre-requisite saying to install it.. which I don't think is nescessary because you just do a ldap over SSL bind to regular AD?
|
#
?
Dec 11, 2021 07:28
|
|
|
|
| # ? May 29, 2024 23:19 |
|
|
Yes, with a slight caveat. A 97% of enterprise apps will work perfectly fine with Active directory LDAPS binds. It is a true and proper implementation of LDAP. You'll probably have to punch in distinguished named objects by hand. (you'll find those in the attribute tab in ADUC) The last 3% are enterprise applications that are absolutely awful and dreadful that may only work with a clean sheet LDS instance (For the aforementioned schema and object writing). Thankfully you indicated that it's an SSO implementation so it's probably ok. Just be aware of the domain controller you bind to and a "general best practice" is make sure they're a global catalog DC.
|
|
#
?
Dec 11, 2021 08:44
|
|
|
My account is in "Protected Users" which does some stuff like disable NTLM auth. Out VMware admins are switching from "AD" auth to accessing AD via LDAPS, and nobody in Protected Users is able to login.
|
|
#
?
Dec 12, 2021 01:22
|
|
|
Pardon the noob question, but I recently took a job in IT for a 60 employee non-profit who has has no internal IT before me. We use Azure AD and it seems like most users have their machines attached to their AD profile but are not local admins. There have been a few times since I started where admin rights were required to complete a task. However, I have not found a way do to this virtually. (Whether using Quick Assist or Teams, the prompt for Admin crews doesn't show). What is the recommended way that Microsoft expects remote IT Admins to support users with installs and other things that require admin privileges? I've seen some articles that say you should change some registry keys to show the prompt on screen but that doesn't seem safe, nor does giving out my actual Admin credentials to end users. So what am I missing? Feels like something simple.... Thanks!
|
|
#
?
Dec 15, 2021 21:51
|
|
|
There's a small business thread here that will probably be helpful to use in the future - https://forums.somethingawful.com/showthread.php?threadid=3723832&pagenumber=80&perpage=40 You're not missing something. It's really dumb there's nothing built in for this. What you'll want to do is get something like TeamViewer that can escalate and see the UAC prompt for credentials as well as control apps launched with admin. Here's a document that covers the topic a bit. https://docs.microsoft.com/en-us/mem/intune/remote-actions/remote-assist-mobile-devices Looks like Remote Help is in preview and may fit the bill. Internet Explorer fucked around with this message at 22:19 on Dec 15, 2021 |
|
#
?
Dec 15, 2021 22:07
|
|
|
Anyone here with a large AD environment have issues with AAD Connect processing a ton of changes. I'm chasing things down in our environment, but our performance is abysmal. It's a large AD environment and it's not uncommon for ID Management or some other group to modify a ton of users and we end up with 30K user updates which kills our sync server... Like half a day to process everything or longer. I'm pretty sure it's an issue with virtual environment/sql and I'm chasing that stuff down, but if anyone else is like "Yeah we process 20K updates in like 45 minutes" that would be helpful. We've been engaging MSFT support as well, and they've offered a couple suggestions, but this has been plaguing us for a while now.
|
|
#
?
Dec 16, 2021 16:18
|
|
|
Where does Intune come up with some of their values? "Number of sign-in failures before wiping device" Can't be any higher than 11 wtf why 11
|
|
#
?
Dec 16, 2021 16:20
|
|
|
Internet Explorer posted:Looks like Remote Help is in preview and may fit the bill. Finally did something smart and just built out the features of a program that is already there. Teamviewer doesn't appear to be in stock anymore at tech soup, which is sad because it integrates with Intune well.
|
|
#
?
Dec 17, 2021 00:28
|
|
|
Remote Help will be one of those things that I just license (almost) regardless of cost, unlike Universal Print which I hate.
|
|
#
?
Dec 17, 2021 18:01
|
|
|
When rebooting a Server 16 instance on VShpere, the OS comes up just fine. But when you try to login, once you put your credentials in and hit enter the mouse changes the loading icon and the entire system freezes. Eventually the password field on the logon screen clears itself but the the whole thing remains frozen. The application this server hosts (McAfee EPO/SQL) does not start either. Does anyone know a way to troubleshoot this without being able to logon? I am going to see if I can connect with WMIC next week. This machine had the same problem a month ago but it was eventually able to logon after like 4 attempts, now no dice.
|
|
#
?
Dec 31, 2021 18:38
|
|
|
Woof Blitzer posted:When rebooting a Server 16 instance on VShpere, the OS comes up just fine. But when you try to login, once you put your credentials in and hit enter the mouse changes the loading icon and the entire system freezes. Eventually the password field on the logon screen clears itself but the the whole thing remains frozen. The application this server hosts (McAfee EPO/SQL) does not start either. Does anyone know a way to troubleshoot this without being able to logon? I am going to see if I can connect with WMIC next week. This machine had the same problem a month ago but it was eventually able to logon after like 4 attempts, now no dice. Boot it in safe mode and take a look at the Application and System logs.
|
|
#
?
Jan 1, 2022 16:13
|
|
|
Thanks Ants posted:Remote Help will be one of those things that I just license (almost) regardless of cost, unlike Universal Print which I hate. Can I ask what you hate about Universal Print? We're considering adopting it, and I'd like some feedback from those that have actually used it.
|
|
#
?
Jan 3, 2022 22:39
|
|
|
It worked fine in our limited testing, but we took one look at how it was licensed and just dismissed it outright.
|
|
#
?
Jan 4, 2022 02:03
|
|
|
Thanks Ants posted:It worked fine in our limited testing, but we took one look at how it was licensed and just dismissed it outright. Yeah, Universal Print sounded neat to me until I got to the pay-per-job part. In other news, I just learned about this fun example of two-digit years causing problems in a way I hadn't considered. Exchange Server posted:Log Name: Application
|
|
#
?
Jan 4, 2022 14:52
|
|
|
Internet Explorer posted:There's a small business thread here that will probably be helpful to use in the future - https://forums.somethingawful.com/showthread.php?threadid=3723832&pagenumber=80&perpage=40
|
|
#
?
Jan 4, 2022 15:04
|
|
|
Hell yeah! Glad to hear it.
|
|
#
?
Jan 4, 2022 15:14
|
|
|
Does anybody have any experience trying to mix a Hyper-V VM with Cisco AnyConnect? I see older stuff online that AnyConnect doesn't support connection sharing and I wonder if that's still true. If it is, do we have any recourse for trying to get a VM to go through the VPN tunnel that AnyConnect creates?
|
|
#
?
Jan 5, 2022 04:52
|
|
|
Rocko Bonaparte posted:Does anybody have any experience trying to mix a Hyper-V VM with Cisco AnyConnect? I see older stuff online that AnyConnect doesn't support connection sharing and I wonder if that's still true. If it is, do we have any recourse for trying to get a VM to go through the VPN tunnel that AnyConnect creates? wait, you're running AnyConnect on a HV host and you want a VM to use the tunnel? honestly just use an Azure VM for slacking off at work
|
|
#
?
Jan 5, 2022 17:46
|
|
|
The anyconnect adapter is a giant pain in the rear end but if you look up instructions on how to get wsl2 to work with anyconnect, you should be able to use the same process.
|
|
#
?
Jan 5, 2022 17:50
|
|
|
Potato Salad posted:wait, you're running AnyConnect on a HV host and you want a VM to use the tunnel? Generally, I want to be able to use a graphical Linux desktop without a lot of latency but I can't blow up my issued laptop with it. Doing remote sessions has just enough trouble that it's not worth it. So I wanted to try a VM. I would do a lot of I/O so I don't want to use VirtualBox. I have found out some stuff that makes me think it would be possible to just stage a workstation at home dedicated to Linux and getting VPN on it, but it's tribal knowledge officially unsupported by our IT.
|
|
#
?
Jan 5, 2022 21:56
|
|
|
Rocko Bonaparte posted:Generally, I want to be able to use a graphical Linux desktop without a lot of latency but I can't blow up my issued laptop with it. Doing remote sessions has just enough trouble that it's not worth it. So I wanted to try a VM. I would do a lot of I/O so I don't want to use VirtualBox. Depending on the exact experience you're looking for, maybe GUI apps via WSL2 can get the job done?
|
|
#
?
Jan 5, 2022 23:51
|
|
|
Toast Museum posted:Depending on the exact experience you're looking for, maybe GUI apps via WSL2 can get the job done? I have to do chroot a lot and WSL2 still couldn't do that when I tried in around November or so. I also tried to get KDE to work on it at that point and it just wasn't having it. I have a WSL instance that's running XFCE right now. I use it mostly as an X server for remoting into other stuff, but I'm trying to cut down on those remote connections. Later in the afternoon, VPN can get spotty and I keep losing those connections. I'm generally just frustrated with the options I have at work since my job involves Linux kernel development right now and I have to do all of that work through a hole in a sheet.
|
|
#
?
Jan 6, 2022 03:00
|
|
|
motherfuckers need to give you a linux laptop, goddamn what a waste of productivity
|
|
#
?
Jan 7, 2022 05:32
|
|
|
How do you schedule reboots these days? It appears you can't use a GPO to do a schedule task of shutdown.exe any more?
|
|
#
?
Feb 2, 2022 15:33
|
|
|
call PowerShell.exe Restart-Computer
|
|
#
?
Feb 2, 2022 19:42
|
|
|
I stopped using scheduled tasks to manage my servers years ago. There are a bunch of better ways to centrally automate task running.
|
|
#
?
Feb 2, 2022 19:45
|
|
|
The Fool posted:I stopped using scheduled tasks to manage my servers years ago. There are a bunch of better ways to centrally automate task running. Open to suggestions. These are end-user machines not servers. Can't really get a clear answer if a GPO can install a scheduled task to a machine anymore. It shows applied to the computers but never shows up in Task Scheduler and never restarts the machine.
|
|
#
?
Feb 2, 2022 19:51
|
|
|
For desktops, PDQ or some sort of RMM tool. ManageEngine comes to mind, but I’m sure there are others
|
|
#
?
Feb 2, 2022 20:00
|
|
|
The Fool posted:For desktops, PDQ or some sort of RMM tool.  we haven't gotten one yet. at some point we have to migrate away from the one the msp is using
|
|
#
?
Feb 2, 2022 20:04
|
|
|
What's the thing that requires these restarts?
|
|
#
?
Feb 2, 2022 20:54
|
|
|
Thanks Ants posted:What's the thing that requires these restarts? People leaving computers on for months at a time.
|
|
#
?
Feb 2, 2022 21:00
|
|
|
Force restarts in your update policy
|
|
#
?
Feb 2, 2022 21:06
|
|
|
The Fool posted:Force restarts in your update policy That's what I've been looking into, trying to time them right.
|
|
#
?
Feb 2, 2022 21:08
|
|
|
I mean, use the update window to force a restart. You should be able to enforce a timeframe and a maximum deferment.
|
|
#
?
Feb 2, 2022 21:10
|
|
|
Active hours and restart delay.
|
|
#
?
Feb 2, 2022 21:12
|
|
|
Since when can't you deploy scheduled tasks with GPO? But even if not, you can create them with PowerShell without going to a third party tool (Register-ScheduledTask). Above posters are right that it's not the best approach for rebooting systems that aren't always online though, reboot preferences around updates work better there.
|
|
#
?
Feb 2, 2022 21:14
|
|
|
ime, setting scheduled tasks with gpo is clunky at best, and disastrous at worst. Use gpo for policy, use a task runner to run tasks.
|
|
#
?
Feb 2, 2022 21:19
|
|
|
PDQ just bought smartdeploy, which is an imaging and agent based software control tool, so PDQ might finally be getting an agent and able to manage remote devices. I assume at minimum a year out since they have to integrate.
|
|
#
?
Feb 2, 2022 21:24
|
|
|
Here's some guidance on Windows Update policies: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178 As people have said, if users aren't rebooting for updates then enforce the reboot in the update policy, don't try and schedule regular restarts.
|
|
#
?
Feb 2, 2022 21:24
|
|
|
|
| # ? May 29, 2024 23:19 |
|
|
I try to force reboots during the times the end user is busiest. Usually during Webex meetings are a pro move.
|
|
#
?
Feb 2, 2022 21:25
|
|