|
Are you in the UK?
|
#
?
May 16, 2019 15:00
|
|
|
|
| # ? Apr 26, 2024 06:43 |
|
|
Thanks Ants posted:Are you in the UK? Yes we are
|
|
#
?
May 16, 2019 15:02
|
|
|
Strongly recommend you get linked up with https://www.eduroam.org/about/institutions/. Faculty and students can then go to any participating school/college/university globally and will connect to the same Wi-Fi network with the same credentials that they use at the school that employs them / they attend.
|
|
#
?
May 16, 2019 15:03
|
|
|
Thanks Ants posted:Strongly recommend you get linked up with https://www.eduroam.org/about/institutions/. Faculty and students can then go to any participating school/college/university globally and will connect to the same Wi-Fi network with the same credentials that they use at the school that employs them / they attend. I'll second that. My institution got on board a couple years ago, and it's quite handy.
|
|
#
?
May 16, 2019 20:24
|
|
|
I'm not sure if I've worded the situation well, so forgive me. Students at the institution can have managed (Intune) or bring their own device which we do not manage. However, because we don't manage them, we can't install proxy cert for MITM and thus want to isolate them on a network without ssl decryption but still with domain filtering to offer at least some protection. We need to track if these students try and access illicit sites, and thus they need to authenticate to the filtering system. Intune connected devices use radius for WiFi but I know a "BYOD" network is needed too. Same credentials, same principal, different subnet. My issue is how to achieve this, I assume I create a wireless subnet, give it a VLAN, and on the draytek allow interlan routing. The issue is whether this lock down will achieve anything as they'll need access to radius.
|
|
#
?
May 16, 2019 21:54
|
|
|
Create a new SSID, make it use WPA2 Enterprise for authentication, point it at your RADIUS servers, make sure the subnet they are put into can get out to the Internet through whatever filtering you have in place. Clients don't need access to the RADIUS servers. I appreciate that it's a larger task than you have been given the brief for, but if this place is an actual school/college/whatever that would be eligible to use eduroam for Wi-Fi then it's really worth putting the time into enabling it on your network. It handles things like certificate installation for you by using a firewalled off open SSID where people can authenticate to receive a certificate, and the end user experience is very good https://www.lboro.ac.uk/services/it/student/wifi/ios/ Because it's just an authentication system, you can still filter all your devices as you do currently.
|
|
#
?
May 16, 2019 22:23
|
|
|
I'm a SCOM admin at my corp, some SECPOL wiseguy just pushed a GPO that disabled the Windows Script Host across the org. I discovered this after getting an alarming amount of new "Operations Manager failed to start a process" alerts, and a horrifying number of servers suddenly in "Not monitored" state. Given that this was done in the name of security, their team is hesitant to reverse course, and I was asked to find a workaround. Here's what I have to work with: -Their GPO disables the WSH via this registry entry: HKLM:\SOFTWARE\Microsoft\Windows Script Host\Settings - DWORD ENABLED set to 0 They also do some filetype association changes (set most of the wscript/cscript stuff to open with Notepad). -I got the idea that I could enable the WSH for the SCOM action account - in our case, it's LocalSystem. So we'd add the following entry HK_Users:\<-LOCALSYSTEM SID->\SOFTWARE\Microsoft\Windows Script Host\Settings - DWORD ENABLED set to 1 The only issue is I'm not sure which SID is the LocalSystem account - I did see LocalService under the Windows NT ProfileList but I'm unsure if that's the same. Any SCOM janitors have any other suggestions to get around this clumsy and overreaching (thus typical) secpol change that was pushed without warning or notice?
|
|
#
?
May 22, 2019 16:14
|
|
|
Local System should be S-1-5-18. In the NT profilelist it's referred to as systemprofile for some reason.
|
|
#
?
May 22, 2019 17:58
|
|
|
Wew 1903 is finally out. Made a service ring to test on my and a coworker's machines. Obviously not looking to get this in production but hey new stuff!
|
|
#
?
May 23, 2019 18:12
|
|
|
ChubbyThePhat posted:Wew 1903 is finally out. Made a service ring to test on my and a coworker's machines. Obviously not looking to get this in production but hey new stuff! Same, internal test ring wants it already and it's passed my basic "will it install and not gently caress everything up" pass so I'll let them figure out what's wrong with it.
|
|
#
?
May 23, 2019 18:15
|
|
|
The start menu likes to blow up and sometimes Cortana decides to gently caress right off so you can't search. Other than that all is good so far.
|
|
#
?
May 23, 2019 18:34
|
|
|
TBF I've had several occurrences of that in 1809 as well.
|
|
#
?
May 23, 2019 18:38
|
|
|
ChubbyThePhat posted:sometimes Cortana decides to gently caress right off I wish Cortana would gently caress off forever
|
|
#
?
May 23, 2019 18:55
|
|
|
1903 disables Cortana popping up in the OOBE, which is an improvement
|
|
#
?
May 23, 2019 18:59
|
|
|
Thanks Ants posted:1903 disables Cortana popping up in the OOBE, which is an improvement Christ, finally. My co-workers are no doubt sick of me yelling, "loving SHUT THE gently caress UP, CORTANA," every time I get stuck on the manufacturer's OOBE.
|
|
#
?
May 24, 2019 03:21
|
|
|
Still love how 1903 puts onedrive back even if you previously removed it via regedit for everyone.
|
|
#
?
May 24, 2019 04:44
|
|
|
https://www.youtube.com/watch?v=Rp2rhM8YUZY
|
|
#
?
May 24, 2019 16:49
|
|
|
I got two seconds in before I had to stop the video in horror. Our hold music in the internal support call center is sad, tinny ukulele music. We had an outage one night that took out an entire contracting agency's ability to log into email, and about 50 people called in at once...to a room of 3 analysts. The guy who got through to me was a frequent caller and in fairly good spirits, so I ended up on the call with him for a while while I got him to relay info and get everyone to hang up and stop hammering us. When he wasn't talking, I could hear our hold music on at least a dozen speakerphones in the background, out of sync and out of tune. It was eldritch as gently caress.
|
|
#
?
May 24, 2019 22:52
|
|
|
It's like the scene in Sneakers, only very very stupid.
|
|
#
?
May 25, 2019 01:43
|
|
|
This is too real. I had to assembly line setup a bunch of horrible, horrible Win 10 tablets that a client bought and I couldn't hit the mute button(s) fast enough Re: Hold music. I was on hold the other day and this song started playing. https://www.youtube.com/watch?v=zh9h4KZpnJU It was funny at first, but by the third play through I wanted to die.
|
|
#
?
May 25, 2019 15:27
|
|
|
I've imaged hundreds of Windows 10 computers, and never had Cortana speak to me. Are these people (and you!) just booting them up on the default factory image?
|
|
#
?
May 27, 2019 07:22
|
|
|
evobatman posted:I've imaged hundreds of Windows 10 computers, and never had Cortana speak to me. Are these people (and you!) just booting them up on the default factory image? Yeah, it's just in the standard OOBE. My image skips that and we have a GPO setting to disable most of the Cortana features, but if I have to boot something up from the factory image, she decides to get involved.
|
|
#
?
May 27, 2019 08:31
|
|
|
There's actually a use case for booting from a factory image if you're using autopilot. Or at least a light touch image that goes through OOBE.
|
|
#
?
May 27, 2019 11:52
|
|
|
Spyderizer posted:There's actually a use case for booting from a factory image if you're using autopilot. Or at least a light touch image that goes through OOBE. Or you can stick a USB in with a .ppkg file in it that will do provisioning to your spec at that point, too.
|
|
#
?
May 28, 2019 16:58
|
|
|
Just lol if you don't have a DVD with the entire task sequence
|
|
#
?
May 28, 2019 17:22
|
|
|
Our laptops and desktops haven't come with DVD drives in years although I suppose you could use a USB drive and be slow as balls.
|
|
#
?
May 28, 2019 17:54
|
|
|
orange sky posted:Just lol if you don't have a DVD with the entire task sequence
|
|
#
?
May 28, 2019 20:52
|
|
|
wolrah posted:Just lol if you're using DVDs. USB is so much faster. I don't think I've booted a Windows install from an actual disc since XP. Windows 7 and prior sometimes get a bit weird if using USB 3.0 drives but a good USB 2.0 drive is still a lot faster than any spinning media could be. Just take care with USB 2.0 vs 3.0 ports. There are some compatibility issues due to drivers that can lead to weird failures during imaging.
|
|
#
?
May 28, 2019 20:54
|
|
|
With Windows 7 you had to inject the USB 3.0 drivers into the Boot Image, but with Windows 10 I haven't had to do this so far.
|
|
#
?
May 29, 2019 11:35
|
|
|
Is there a way to auto-login a local user on a Windows 10 Pro machine? (Specifically a Surface Pro but I doubt that matters). Used to be you could go into netplwiz and set it up there, but I'm not seeing that option anymore.
|
|
#
?
May 29, 2019 13:39
|
|
|
COOL CORN posted:Is there a way to auto-login a local user on a Windows 10 Pro machine? (Specifically a Surface Pro but I doubt that matters). Yes. Go to a Run dialog paste this and hit enter control userpasswords2
|
|
#
?
May 29, 2019 13:40
|
|
|
COOL CORN posted:Is there a way to auto-login a local user on a Windows 10 Pro machine? (Specifically a Surface Pro but I doubt that matters). Editing the registry will get you there. https://support.microsoft.com/en-us/help/324737/how-to-turn-on-automatic-logon-in-windows
|
|
#
?
May 29, 2019 14:00
|
|
|
GreatGreen posted:Editing the registry will get you there. Bingo, thanks.
|
|
#
?
May 29, 2019 14:44
|
|
|
I... I was being sarcastic.
|
|
#
?
May 29, 2019 16:55
|
|
|
orange sky posted:I... I was being sarcastic. Ah, a DVD, Mr. Fancy. 3.5 inch floppies all the way
|
|
#
?
May 29, 2019 17:07
|
|
|
orange sky posted:I... I was being sarcastic. Poe's law... Unfortunately I've met so many idiots who learned how to do something once and then never look for a better way in the future that I'd entirely believe some "professional" IT worker is installing Windows 10 from a DVD right now in any major metro area.
|
|
#
?
May 29, 2019 17:11
|
|
|
GreatGreen posted:Editing the registry will get you there. You might want to use the Autologon tool instead so that the password isn't stored in the registry as plaintext. https://docs.microsoft.com/en-us/sysinternals/downloads/autologon The only downside is you can't really automate that tool because it requires you to accept an EULA pop-up.
|
|
#
?
May 29, 2019 18:08
|
|
|
The EULA acceptance must write a file or registry entry though, so you probably could automate it. Edit: Run it with /accepteula to accept the EULA. Should look like code:Thanks Ants fucked around with this message at 18:18 on May 29, 2019 |
|
#
?
May 29, 2019 18:16
|
|
|
Thanks Ants posted:The EULA acceptance must write a file or registry entry though, so you probably could automate it. Nice, I wish I knew about that switch earlier. You're right about the registry, it saves to \HKEY_CURRENT_USER\Software\Sysinternals\Autologon\EulaAccepted (DWORD 1). I must have only looked in HKLM before.
|
|
#
?
May 29, 2019 18:46
|
|
|
|
| # ? Apr 26, 2024 06:43 |
|
|
That's the first time I've heard of netplwiz not being available for use-- is this a domain-joined Surface? Or a standalone? If it's domain-joined then yeah, netplwiz might not work.
|
|
#
?
Jun 1, 2019 03:48
|
|
