|
tactlessbastard posted:The cookies get blown off the oven conveyor by an air blade and they land on a shaker that sends them through a cooling tunnel that gets the cookies down to nearly freezing before they get dumped right into the gaping maw of the grinder because they grind a lot better cold. the parallels between industrial scale baking and industrial scale metallurgy continue to astound, our heat treat line at the car parts plant dumps engine tappets straight out of the belt furnace into a liquid nitrogen quench.
|
#
?
Dec 28, 2024 14:52
|
|
|
|
| # ? Nov 13, 2025 23:38 |
|
|
A ticket came in requesting USB write access because of how long it takes to transfer data between machines. Me: You should only have one laptop what do you mean multiple machines User: The laptop you gave me isn't powerful enough so I've been doing data analysis on my home server instead. Jimminy Christmas my dude, just request a more powerful laptop instead of creating a drat security incident.
|
|
#
?
Jan 2, 2025 16:27
|
|
|
I'm 35 minutes into a 60 minute onboarding of a new hire, who decided to set up her brand new laptop with her Gmail account so I had to have her reset Windows.
|
|
#
?
Jan 2, 2025 17:06
|
|
|
At the risk of being captain hindsight, it shouldn't be possible to do that, use autopilot so people can only set things up with their new corporate account. Assign the device to that user even.
|
|
#
?
Jan 2, 2025 17:10
|
|
|
Yep, autopilot is on the roadmap. Don't ask me why it's not in use yet, I just work here. E: well to clarify, this laptop was ordered straight from Dell and shipped to her.
|
|
#
?
Jan 2, 2025 17:10
|
|
|
TITTIEKISSER69 posted:
That's fine and auto pilot should support that if you have a account rep that's not a total idiot
|
|
#
?
Jan 2, 2025 17:13
|
|
|
You don't even need a rep, there's an autopilot box in their online store now
|
|
#
?
Jan 2, 2025 17:15
|
|
|
I feel like I'm finally ready to get Intune/Autopilot set up here but every time I try to go through the documentation I feel overwhelmed. It's like every step requires branching off into half a dozen other pieces of documentation.
|
|
#
?
Jan 2, 2025 17:18
|
|
|
klosterdev posted:A ticket came in requesting USB write access because of how long it takes to transfer data between machines. What were they using before then? Hopefully not emailing company data to their private Gmail account. 
|
|
#
?
Jan 2, 2025 18:13
|
|
|
Sywert of Thieves posted:What were they using before then? Hopefully not emailing company data to their private Gmail account. You know in your heart that's exactly what they were doing.
|
|
#
?
Jan 2, 2025 18:52
|
|
|
No, dev team, you setting up some weird system of forwarding inbound emails through your own service and breaking DKIM in the process is not my issue to solve.
|
|
#
?
Jan 2, 2025 20:09
|
|
|
Dick Trauma posted:I feel like I'm finally ready to get Intune/Autopilot set up here but every time I try to go through the documentation I feel overwhelmed. It's like every step requires branching off into half a dozen other pieces of documentation. It’s convoluted only if you want to enroll preexisting machines, otherwise it’s rather straightforward (set a deployment profile in intune, allocate said profile to all machines).
|
|
#
?
Jan 2, 2025 21:58
|
|
|
I want to enroll pre-existing machines.  I'll figure it all out eventually.
|
|
#
?
Jan 2, 2025 22:01
|
|
|
Make a device group (dynamic or manual depending on what you want) and set the autopilot enrolment on that group to add the members to autopilot. You'll be able to watch the devices coming into autopilot, at which point you can reset them if you want and they'll come back as autopilot devices. The setting is "Convert all targeted devices to Autopilot".
|
|
#
?
Jan 2, 2025 22:11
|
|
|
ok i googled this a bit and an answer wasn't immediately forthcoming so - I never worked in desktop IT so Autopilot is foreign to me; it sounds like the exact same thing VoIP phones do where every single device phones home to a provisioning server right out of the box, and if a provider has enrolled the MAC, it'll grab a pointer that directs it to the providers config server so no hands-on preconfiguration has to be done, and phones can be factory reset and as soon as they're done resetting they get their config instantly this sounds like that, but for the lovely latitude work sends you. my question is: is this just baked into windows at this point? because with some voip phones, you can't get them un-bound; if the provider never deleted the MAC out of polycom or ciscos servers it can be infuriating or impossible to repurpose. is it possible that at some point i'll pick up a used laptop, install windows on it from scratch, and it'll come up and just go "lol please sign into your domain" and refuse to proceed like a cloud locked iphone? or does it at least require a particular windows edition to be installed or something?
|
|
#
?
Jan 3, 2025 03:21
|
|
|
cathoderaydude posted:this sounds like that, but for the lovely latitude work sends you. my question is: is this just baked into windows at this point? because with some voip phones, you can't get them un-bound; if the provider never deleted the MAC out of polycom or ciscos servers it can be infuriating or impossible to repurpose. is it possible that at some point i'll pick up a used laptop, install windows on it from scratch, and it'll come up and just go "lol please sign into your domain" and refuse to proceed like a cloud locked iphone? or does it at least require a particular windows edition to be installed or something? lol wait can you seriously not just contact poly/cisco/yealink and have them remove the MAC from whatever ZTP its enrolled in? I've never really looked into it because if someone wants to take their handsets elsewhere we'll happily delete them from ztp, and will never let them enrol byo handsets into our ztp
|
|
#
?
Jan 3, 2025 03:27
|
|
|
selan dyin posted:lol wait can you seriously not just contact poly/cisco/yealink and have them remove the MAC from whatever ZTP its enrolled in? Honestly, I never heard of anyone trying. It's largely a thing of the past with phones, the only vendor I *know* was bad about this was Cisco, but it was also never meant to be a security thing anyway, their ZTP solution was just aggressive due to Cisco's across-the-board incompetence. Since it sounds like Autopilot is supposed to help corporations keep WFH users from loving up their PCs, I can imagine it being super aggressive, so I figured I'd ask.
|
|
#
?
Jan 3, 2025 03:30
|
|
|
Ticket: VPN Down Body: I couldn't get connected to the vpn today but I'm done now and I'm out until monday, left my computer on We're starting the new year off just swimmingly. pointlessone fucked around with this message at 03:51 on Jan 3, 2025 |
|
#
?
Jan 3, 2025 03:48
|
|
|
Thanks Ants posted:Make a device group (dynamic or manual depending on what you want) and set the autopilot enrolment on that group to add the members to autopilot. You'll be able to watch the devices coming into autopilot, at which point you can reset them if you want and they'll come back as autopilot devices. Autoenroll always had issues with me, I’ve found the old powershell in oobe https://www.powershellgallery.com/packages/Get-WindowsAutopilotInfo/3.9 to be more reliable albeit more time consuming.
|
|
#
?
Jan 3, 2025 06:36
|
|
|
It probably helps to think of AutoPilot like Apple's activation lock in terms of problems it can cause if you don't unenroll devices when you get rid of them, except it doesn't stop you from installing Linux or a Home edition of Windows that doesn't know anything about Intune. I would guess that having companies declare that they have released their devices from Autopilot is a tick box on an e-waste collection form, as in "if you want any money for this pallet of laptops then you certify that these serial numbers have been removed from your tenant" in the same way that places buying used iPhones will give you nothing for them if you've not removed them from your iCloud account. OEMs have ways to get devices deregistered so they can put a refurbished motherboard into a warranty service system and not have the thing try and connect to a different company, and MS can do it at their end as well but that requires the person with the eBay laptop to be in a position to raise support cases to Microsoft. On the phone topic, I have had Poly and Yealink support delete their devices from ZTP without too much of an issue, though RingCentral point blank refused to then let one of those devices be used again with their service because it was already registered to an existing account. Thanks Ants fucked around with this message at 09:28 on Jan 3, 2025 |
|
#
?
Jan 3, 2025 09:25
|
|
|
Thanks Ants posted:It probably helps to think of AutoPilot like Apple's activation lock in terms of problems it can cause if you don't unenroll devices when you get rid of them, except it doesn't stop you from installing Linux or a Home edition of Windows that doesn't know anything about Intune.
|
|
#
?
Jan 3, 2025 09:30
|
|
|
I'm not sure I'd go that far. The majority of companies are not in a position to be using Autopilot as they're still clinging to AD join and always-on VPN or at best a Hybrid setup so the numbers of Autopilot-enabled machines is still a tiny fraction of deployed devices. Deprovisioning Autopilot is a step to take when a device is retired, the same as things like removing BIOS passwords or those firmware level security tools. Companies that don't want to do that are going to get much lower prices paid for their used laptops in the same way that they get paid next to nothing now if things can't be resold. Autopilot isn't intended as an anti-theft device, it's to allow remote workers to screw up to the point of factory resetting their machine, having a Dell tech come out and swap an SSD, or shipping a laptop direct to a new hire, and the thing just sets itself up, so I would like to think that a way to deregister a device that you have physical access to would be something that comes in the future.
|
|
#
?
Jan 3, 2025 09:46
|
|
|
One thing worth of mention, if you can provide a valid bill of sale Apple will begrudgingly remove the device from ABM/ASM but there is no way in hell you can do the same for autopilot. If you buy a former business device be very careful if you see globocorp asset tags, cause there is a good chance it’s autopilot registered and it's going to be a mess if you wipe it with another pro license. Windows 10/11 home doesn’t support autopilot so you can sidestep the issue that way.
|
|
#
?
Jan 3, 2025 11:48
|
|
|
You get an opportunity to change the model string on ThinkPads when you do a BIOS flash, so I wonder if that's enough to cause the hardware ID to not match the one stored in Autopilot. In any case, I'd like to see a way to unenroll even if you're booting into recovery to achieve that. It's not a theft prevention feature and shouldn't try to be.
|
|
#
?
Jan 3, 2025 11:50
|
|
|
Thanks Ants posted:You get an opportunity to change the model string on ThinkPads when you do a BIOS flash, so I wonder if that's enough to cause the hardware ID to not match the one stored in Autopilot. I think the core item provided to autopilot is the MAC address of the motherboard network devices, replacing the serial shouldn’t help much. Autopilot systems are hardcoded within the old windows store so I fear that MS won’t touch it too much in the future to avoid major breakages.
|
|
#
?
Jan 3, 2025 12:06
|
|
|
Couldn't you just flatten and reinstall with your chosen *nix to change the MAC of the cards with ethtool?
|
|
#
?
Jan 3, 2025 12:14
|
|
|
Generally that changes the runtime Mac address, not the bios level one that's hardcoded*. *- not true of all cards, especially higher end ones.
|
|
#
?
Jan 3, 2025 14:08
|
|
|
Thanks Ants posted:I'm not sure I'd go that far. The majority of companies are not in a position to be using Autopilot as they're still clinging to AD join and always-on VPN or at best a Hybrid setup so the numbers of Autopilot-enabled machines is still a tiny fraction of deployed devices. Deprovisioning Autopilot is a step to take when a device is retired, the same as things like removing BIOS passwords or those firmware level security tools. Companies that don't want to do that are going to get much lower prices paid for their used laptops in the same way that they get paid next to nothing now if things can't be resold. I know people who work in e-waste and at this point they almost don't bother turning on Apple devices because nobody ever, *ever* deregisters them. something like 99% of the devices dropped off are bricks. for a multitude of "it do be like that" reasons i expect worse compliance rates from businesses so thanks for the heads up
|
|
#
?
Jan 3, 2025 16:42
|
|
|
Now I'm dreaming of a malware that calculates the hardware hash of a Windows Pro machine and then registers it in autopilot using compromised credentials of an M365 tenant
|
|
#
?
Jan 3, 2025 16:54
|
|
|
Thanks Ants posted:Now I'm dreaming of a malware that calculates the hardware hash of a Windows Pro machine and then registers it in autopilot using compromised credentials of an M365 tenant Enroll in tenant, setup bitlocker and save the keys to the tenant, enforce a mandatory bitlocker protector validation(forcing to type the recovery key). That will do far more damage.
|
|
#
?
Jan 3, 2025 17:30
|
|
|
one time i sent some laptops to lenovo for warranty service and they came back locked to the school district in the city where the repair depot was
|
|
#
?
Jan 3, 2025 18:26
|
|
|
i was explaining the autopilot thing to my girlfriend and sarcastically said "now can we think of any reasons that Autopilot might be more popular now" alluding to the post-covid wfh explosion, and she just shoots back "because copilot is drunk at the wheel" and i was so unprepared for a comeback that i lost my poo poo completely
|
|
#
?
Jan 3, 2025 18:41
|
|
|
 
|
|
#
?
Jan 3, 2025 20:33
|
|
|
selan dyin posted:lol wait can you seriously not just contact poly/cisco/yealink and have them remove the MAC from whatever ZTP its enrolled in? https://support.yealink.com/en/portal/knowledge/show?id=66f6643926ea3d0f08095029
|
|
#
?
Jan 3, 2025 21:43
|
|
|
unknown posted:Generally that changes the runtime Mac address, not the bios level one that's hardcoded*.  Fake edit: Actually, might be a fun weekend project. I haven't bothered setting up my second work laptop so testing if I can gently caress with that has no risk.
|
|
#
?
Jan 4, 2025 03:00
|
|
|
https://packaged-media.redd.it/e8lj...61b8e01a098e677
|
|
#
?
Jan 8, 2025 19:25
|
|
|
That's that new 5000w PoE
|
|
#
?
Jan 8, 2025 19:28
|
|
|
That computer is receiving too much internet.
|
|
#
?
Jan 9, 2025 02:57
|
|
|
Arquinsiel posted:I dug a bit to check and the docs claim that ethtool can write to the EPROM on the card.
|
|
#
?
Jan 10, 2025 12:57
|
|
|
|
| # ? Nov 13, 2025 23:38 |
|
|
Funnily enough I didn't get to test ethtool because work failed to provide me with a charger for this second laptop. I don't even know where to raise a ticket.
|
|
#
?
Jan 10, 2025 15:36
|
|