|
Anyone else testing 1803 yet? It seems to be reapplying the default user profile after upgrade and I'm wondering if it's just us or not.
|
#
?
May 3, 2018 14:22
|
|
|
|
| # ? Apr 25, 2024 13:26 |
|
|
I've updated our image to 1803 and pushed it down to new PC's and also updated my PC, laptop, and a few coworkers with the media creation tool and haven't seen that. It just put OneDrive back after I reghacked the default profile not to use it 
|
|
#
?
May 3, 2018 15:37
|
|
|
Absolutely gently caress trying to do any sort of actual endpoint management using Intune. 99% of the "hey this would be neat" features involve doing it yourself in PowerShell.
|
|
#
?
May 3, 2018 17:47
|
|
|
Thanks Ants posted:Absolutely gently caress trying to do any sort of actual endpoint management using Intune. 99% of the "hey this would be neat" features involve doing it yourself in PowerShell. They also claim that new features are going to Intune before System Center. But I would appreciate feature parity for alot more System Center features within Intune before they start working on new features again...
|
|
#
?
May 3, 2018 18:19
|
|
|
It just seems like a completely half-baked product. Their vision is that we can use AutoPilot, Azure AD Premium and Intune to have users take a new device out the box, login, and then run as a standard user but have the machine managed by Intune. But I've just had it confirmed that there's no way of deploying software that needs the installer to run as an administrator, which is what Group Policy from a decade ago could manage without difficulty. So in the best case scenario I still need to have a full AD infrastructure in place and if the endpoints are mobile I need to deploy Enterprise Windows to run DirectAccess to keep some sort of management in place when people aren't in an office.
|
|
#
?
May 3, 2018 19:09
|
|
|
Although I have done this a million times already, is there anyway to do bitlocker deployements that don't force rebooting? As in, Every deployment I have ever done has gone through a partion phase, reboot, then the rest of the deployment.
|
|
#
?
May 3, 2018 19:49
|
|
|
I seriously doubt it. Key escrow from TPM or password unlocking for a boot volume require fingerprinting from various hardware attributes by default and I suspect that even if you disable all that MS is still assuming it as part of the workflow.
|
|
#
?
May 3, 2018 20:04
|
|
|
Thanks Ants posted:It just seems like a completely half-baked product. Their vision is that we can use AutoPilot, Azure AD Premium and Intune to have users take a new device out the box, login, and then run as a standard user but have the machine managed by Intune. But I've just had it confirmed that there's no way of deploying software that needs the installer to run as an administrator, which is what Group Policy from a decade ago could manage without difficulty. So in the best case scenario I still need to have a full AD infrastructure in place and if the endpoints are mobile I need to deploy Enterprise Windows to run DirectAccess to keep some sort of management in place when people aren't in an office. If you pay for EM+S, and have the infrastructure to spare, i would look into System Center with Intune. It makes Intune much more usable.
|
|
#
?
May 3, 2018 20:40
|
|
|
Beefstorm posted:If you pay for EM+S, and have the infrastructure to spare, i would look into System Center with Intune. It makes Intune much more usable. Do you also find that to be true when you only want to manage iOS and Android? I find Intune portal much easier to use and faster to apply poo poo E: also wouldn't having an SCCM server imply a domain? Can it just live by itself managing Intune in a workgroup? orange sky fucked around with this message at 20:55 on May 3, 2018 |
|
#
?
May 3, 2018 20:48
|
|
|
orange sky posted:Do you also find that to be true when you only want to manage iOS and Android? I find Intune portal much easier to use and faster to apply poo poo Nope. Requires a domain. The things it manages have no such requirement, but the SCCM server itself has to be a domain member.
|
|
#
?
May 3, 2018 20:51
|
|
|
I think the point of AutoPilot with a limited user account is if you're also kicking the machine through an Enterprise in-place upgrade and then into Active Directory (presumably with a VPN that then gets removed once GPO applies a DirectAccess policy. I wish Microsoft would distil some of their Ignite presentations into written documentation (and then update them in line with the product) because their docs are reasonable at explaining what each feature does but they do a very poor job of explaining how everything stitches together. I accept it's sort of on me for just assuming that doing an AutoPilot Intune join as a standard user account would provide me with a managed endpoint that wasn't a paperweight but the documentation on this feature makes no mention that Intune needs the user to be running as a local admin for any of the LOB app deployment to actually work.
|
|
#
?
May 3, 2018 22:05
|
|
|
Thanks Ants posted:It just seems like a completely half-baked product. Their vision is that we can use AutoPilot, Azure AD Premium and Intune to have users take a new device out the box, login, and then run as a standard user but have the machine managed by Intune. But I've just had it confirmed that there's no way of deploying software that needs the installer to run as an administrator, which is what Group Policy from a decade ago could manage without difficulty. So in the best case scenario I still need to have a full AD infrastructure in place and if the endpoints are mobile I need to deploy Enterprise Windows to run DirectAccess to keep some sort of management in place when people aren't in an office. Over the air AD is at this point a commodity, have you actually tested any products out?
|
|
#
?
May 4, 2018 02:26
|
|
|
There is not a single “over the air” directory service product that provides feature parity with “on-prem” active directory. E: vvvv- 
The Fool fucked around with this message at 03:18 on May 4, 2018 |
|
#
?
May 4, 2018 02:50
|
|
|
Potato Salad posted:Over the air AD is at this point a commodity, have you actually tested any products out? 
|
|
#
?
May 4, 2018 03:02
|
|
|
DomainAnywhere/DirectAccess/whatever their branding their IPsec tunnel as this week is pretty much the way to go if you want clients to maintain full AD functionality while roaming.
|
|
#
?
May 4, 2018 14:00
|
|
|
Or go 3rd party with something like Zscaler. Time to deployment was hilariously fast, and we are ramping up deployment to replace our F5 for VPN. It works seamlessly once you’re off network, you just have to define per-application tunneling rules.
|
|
#
?
May 4, 2018 14:03
|
|
|
Does anyone have a handy link that explains how to configure a PowerShell Script to Run as a Scheduled Task in Server 2012, but entirely done with the command line/powershell? I can find the steps to run through the GUI but I need to automate everything with code. Thanks in advance.
|
|
#
?
May 4, 2018 18:24
|
|
|
SnatchRabbit posted:Does anyone have a handy link that explains how to configure a PowerShell Script to Run as a Scheduled Task in Server 2012, but entirely done with the command line/powershell? I can find the steps to run through the GUI but I need to automate everything with code. Thanks in advance. https://docs.microsoft.com/en-us/powershell/module/scheduledtasks/new-scheduledtask?view=win10-ps e: Alternatively, us a CI/CD tool of choice to orchestrate your powershell tasks from a central location. The Fool fucked around with this message at 18:37 on May 4, 2018 |
|
#
?
May 4, 2018 18:33
|
|
|
The Fool posted:There is not a single “over the air” directory service product that provides feature parity with “on-prem” active directory. there is, it's ms ad
|
|
#
?
May 5, 2018 12:51
|
|
|
As far as I'm aware there's DirectAccess and the only alternative in the MS world is Azure AD join pushing devices into Intune, which has the limitations that I'm seeing at the moment.
|
|
#
?
May 5, 2018 13:15
|
|
|
Potato Salad posted:there is, it's ms ad What the gently caress is ms ad? Microsoft has AzureAD/AADDs/intune, and while that is a perfectly useable solution for some environments, it is not even close to having the same options as regular Active Directory.
|
|
#
?
May 5, 2018 16:48
|
|
|
Yep it's Microsoft Active Directory
|
|
#
?
May 5, 2018 17:24
|
|
|
Except that’s what I was already talking about?
|
|
#
?
May 5, 2018 18:12
|
|
|
there's a good username
|
|
#
?
May 5, 2018 18:25
|
|
|
Clever
|
|
#
?
May 5, 2018 18:56
|
|
|
Anyone have experience with the AHV hypervisor in a large-scale environment? We're switching 100% towards it and moving away from VMware, but the maturity just doesn't seem to be there let alone integration for third party services and products. Not my call, but I'd be happy to hear some takes from anyone actively using it in some capacity. Prism seems...ok, I guess. Anything is better than vSphere though from a usability perspective, so the bar isn't super high there.
|
|
#
?
May 6, 2018 03:24
|
|
|
Azure App Proxy works with Remote Desktop Gateway and the results are pretty spectacular. Learnt a lot today, it's easier than the documentation might lead you to believe.
|
|
#
?
May 9, 2018 22:14
|
|
|
Not sure if this is the right thread for this... but file access auditing. I'm using lepide auditor, and one of my reports is a deleted files and folders report. The report shows files that were edited, I assume because 'editing' translates to deleting the old file and replacing it with the edited file. I can't find anything on google about this. Do other auditing software suites handle this more cleverly somehow, or is it just a fact of life in auditing?
|
|
#
?
May 9, 2018 22:47
|
|
|
BangersInMyKnickers posted:DomainAnywhere/DirectAccess/whatever their branding their IPsec tunnel as this week is pretty much the way to go if you want clients to maintain full AD functionality while roaming. This is only included with Enterprise, correct?
|
|
#
?
May 9, 2018 23:04
|
|
|
Thanks Ants posted:Azure App Proxy works with Remote Desktop Gateway and the results are pretty spectacular. Learnt a lot today, it's easier than the documentation might lead you to believe. Whoa, I never thought of this... hows the performance? Would this work with the new HTML5 RDP?
|
|
#
?
May 10, 2018 03:08
|
|
|
Moey posted:This is only included with Enterprise, correct?
|
|
#
?
May 10, 2018 03:25
|
|
|
Is there a customization wizard for the o365 installer like the msi installer ? I would like to set the default cache setting to like 6 months or a year. It seems the gpo is a policy and it doesn't allow users to change the setting after it's set.
|
|
#
?
May 10, 2018 18:11
|
|
|
lol internet. posted:Is there a customization wizard for the o365 installer like the msi installer ? I would like to set the default cache setting to like 6 months or a year.
|
|
#
?
May 10, 2018 18:41
|
|
|
Offline mail cache presumably. If you write it into the registry in the user hive as an “add” policy then can users edit themselves if they don’t like the default?
Thanks Ants fucked around with this message at 18:51 on May 10, 2018 |
|
#
?
May 10, 2018 18:48
|
|
|
I think we can safely say what a shitshow this week. 1803 breaks fairly broken out the gate GPOs for 1803 are broke Server patches break RDP Windows patches break network adapters Windows patches break RDP
|
|
#
?
May 11, 2018 00:20
|
|
|
Has anyone seen a newly added CNAME record resolve back as blank? I just added 6 CNAME's and an A record to a Windows 2008 R2 Domain Controller, and only the A record actually comes back with a result. The CNAMEs all come up like this: ``` > em3967.domain.com Server: dc1.contoso.com Address: 127.0.0.1 Name: em3967.domain.name > ``` This happens even from the host I added it on, and these entries are showing as valid in DNS... Haven't seen this before...
|
|
#
?
May 11, 2018 02:28
|
|
|
Usually I think that means that whatever the CNAME points to can’t be resolved. Double check you can resolve the A record directly and you typed it correctly in the CNAME record?
|
|
#
?
May 11, 2018 13:41
|
|
|
Wicaeed posted:Has anyone seen a newly added CNAME record resolve back as blank? Put nslookup in debug mode and re-run the query. Should give you more verbose output.
|
|
#
?
May 11, 2018 14:27
|
|
|
 Teams Direct Routing is in preview now https://techcommunity.microsoft.com/t5/Microsoft-Teams-Blog/Direct-Routing-NOW-in-Public-Preview/ba-p/193915
|
|
#
?
May 16, 2018 19:10
|
|
|
|
| # ? Apr 25, 2024 13:26 |
|
|
Thanks Ants posted:
Any idea what SBC pricing looks like? Specifically, can I just buy something for $2-3k, some e5 licenses, hook up an sip trunk, and have this work? The Fool fucked around with this message at 19:34 on May 16, 2018 |
|
#
?
May 16, 2018 19:29
|
|