We keep it simple, vanilla PC through Autopilot if possible, or set up PC with work or school account. In either case, sign in with Okta account and Intune takes over... Config, compliance, policies, remediations, required apps, settings, etc. Typically from opening box to end user working in less than 15 minutes without IT ever having touched the device at all.

@Obsolesce said in Is Real Estate Actually a Good Investment on Average?:

Additionally, had you put 202K into an index fund in 2005,what would it be worth today?

Looks like gains of nearly $400K (s&p index fund) after adjusted for inflation, nearly $600K without.

@Dashrender said in Is Real Estate Actually a Good Investment on Average?:

@Mario-Jakovina said in Is Real Estate Actually a Good Investment on Average?:

This source (and others) says that prices of houses in US have risen more then 100% percent in 20 years, so it is much faster then inflation:

This is pretty much true here in NE, but that's mainly during/post pandemic - leading up to the pandemic, it might have been around 30% more than I paid...

Bought my house in 2005 for $202K, today 'valued' at $380+

As for my actual income - it's been raising around 1%/year

Curious, over the last 20 years, how much interest have you paid? How much in insurance? How much in maintenance and repairs? How much in upgrades and add-ons? How much in other things? How much did you miss out on because of not wanting to move for better income being held back by a house? What about after adjusted for inflation?

Additionally, had you put 202K into an index fund in 2005,what would it be worth today?

@DustinB3403 said in Windows SDK to build an MSI:

@Pete-S said in Windows SDK to build an MSI:

@DustinB3403 said in Windows SDK to build an MSI:

Hey all, long time since I've posted. To summarize the ask is anyone familiar enough with Windows SDK to build an MSI out of an EXE? Hoping for a crash course on this.

The software vendor provides only loose instructions to building an MSI, but it's all for SCCM and not SDK.

Thanks

Why not convert the exi (as it is) to msi file without building it as an msi?
There are wrappers and converters out there that will do it.

Or are you looking for special customization of the msi files?

The exe has no options at all, I did try a wrapper but it failed to work. So I figured might as well go down the road that's been paved..

What options are required?

@DustinB3403 said in Windows SDK to build an MSI:

@Pete-S said in Windows SDK to build an MSI:

@DustinB3403 said in Windows SDK to build an MSI:

Hey all, long time since I've posted. To summarize the ask is anyone familiar enough with Windows SDK to build an MSI out of an EXE? Hoping for a crash course on this.

The software vendor provides only loose instructions to building an MSI, but it's all for SCCM and not SDK.

Thanks

Why not convert the exi (as it is) to msi file without building it as an msi?
There are wrappers and converters out there that will do it.

Or are you looking for special customization of the msi files?

The exe has no options at all, I did try a wrapper but it failed to work. So I figured might as well go down the road that's been paved..

You've tried those like /verysilent and such?

@DustinB3403 said in Windows SDK to build an MSI:

Hey all, long time since I've posted. To summarize the ask is anyone familiar enough with Windows SDK to build an MSI out of an EXE? Hoping for a crash course on this.

The software vendor provides only loose instructions to building an MSI, but it's all for SCCM and not SDK.

Thanks

Why can't you install the EXE? Why does it have to be MSI?

@JaredBusch said in Hyper-V 2012R2 unable to add boot device:

@Obsolesce said in Hyper-V 2012R2 unable to add boot device:

@JaredBusch

Does deleting the DVD drive, applying that, then adding it again get it listed?

It did not add it to the list.

But when I first click New DVD drive, the Firmware changes to say boot entry changes pending.

but nothing is changed in the end.

Very weird.

Do you have enough free space to duplicate the disk and attach it to a new VM? Not sure if that'll work, might be worth testing with a test VM and disk with same OS.

@JasGot said in Hyper-V 2012R2 unable to add boot device:

@Obsolesce Where? Can you circle it?

Go create a gen1 VM, look at the settings, then look at Jared's screenshot. It'll be 1000% clear.

@JasGot said in Hyper-V 2012R2 unable to add boot device:

@JaredBusch Is the VM Gen1 or Gen2?

Look on the Summary tab at the bottom of Hyper-V Manager when the VM Server is highlighted.

You can easily see it's Gen2 by the settings window in his screenshot.

@JaredBusch

Does deleting the DVD drive, applying that, then adding it again get it listed?

@scottalanmiller said in What Are You Doing Right Now:

I'm in Houston. Getting some work done before turning in for the night. Long, but good, day of travel.

How long you going to be in Houston?

@WrCombs said in Task Schedule Failed:

@Obsolesce said in Task Schedule Failed:

@WrCombs said in Task Schedule Failed:

SO Iknow whats causing the issue, I'm just not sure how to fix it.

Windows 11 device, Task is scheduled to start a program

c:\program files (x86)\Parent Director\Subdirectory\program /switch1 /switch2 /switch3 

It shows Last Run results 0x4 Which I find out means "System can't access path/file"

I Changed user, and tried running it again (different admin user) no change, same status.

I go to CMD to see if I can path to it - Can't find path specified - tried writing it a different way (with spaces, without spaces)

Having a hard time understanding why it can't run this program - it's needed to import sales into a different system every day.

The owner of the software suggested making sure DotNetFramework 4.5 or higher was installed and repair it. which it is, 4.8 is installed currently.

Any ideas how I can resolve this?

Export the scheduled task as xml so we can get a clearer picture of what it is. Clean it up before posting.

what do you mean "clean it up before posting" ?

As in censor sensitive info before posting it publicly.

Having the xml export of the scheduled task will show us exactly all configured options and settings of the scheduled task.

And yes, it would have shown that you were missing quotes in the command / paths.

@WrCombs said in Task Schedule Failed:

SO Iknow whats causing the issue, I'm just not sure how to fix it.

Windows 11 device, Task is scheduled to start a program

c:\program files (x86)\Parent Director\Subdirectory\program /switch1 /switch2 /switch3 

It shows Last Run results 0x4 Which I find out means "System can't access path/file"

I Changed user, and tried running it again (different admin user) no change, same status.

I go to CMD to see if I can path to it - Can't find path specified - tried writing it a different way (with spaces, without spaces)

Having a hard time understanding why it can't run this program - it's needed to import sales into a different system every day.

The owner of the software suggested making sure DotNetFramework 4.5 or higher was installed and repair it. which it is, 4.8 is installed currently.

Any ideas how I can resolve this?

Export the scheduled task as xml so we can get a clearer picture of what it is. Clean it up before posting.

@JasGot said in How Do You Replace Active Directory?:

@scottalanmiller said in How Do You Replace Active Directory?:

Just use local accounts. It's so easy that you can manage the whole environment for less effort than maintaining AD.

Curious.... How are you enforcing password changes at the local PC for users?

If you are using corporate identities for employees on corporate owned devices, there's no need for local user accounts. You can use, for example, Okta/Azure AD/etc as your identity provider along with MFA with Azure/Okta/Duo/etc and the users can use their corporate provided identities to log on to their devices. Using that method there is no need to do anything there locally on the device.

@Dashrender said in How Do You Replace Active Directory?:

@scottalanmiller said in How Do You Replace Active Directory?:

@Dashrender said in How Do You Replace Active Directory?:

@scottalanmiller said in How Do You Replace Active Directory?:

@Dashrender said in How Do You Replace Active Directory?:

@scottalanmiller said in How Do You Replace Active Directory?:

@Dashrender said in How Do You Replace Active Directory?:

@scottalanmiller said in How Do You Replace Active Directory?:

@siringo said in How Do You Replace Active Directory?:

I saw @jt1001001 mention they could upgrade so they can use Intune &/or Azure AD. Azure AD is AD, but Intune is an MDM.

Azure AD is not AD. It's a directory service, but in no way is it AD. It's no more AD than JumpCloud or Okta is AD. They are all directory services, but that's where the similarity ends.

Intune is MDM, that is true. And MDM is a vastly better way to do system management than GPO. GPO is horrible. One of the biggest problems with GPO is the lack of an agent, which is really what is needed. So something that is MDM or MDM-like in that way is exactly what you want as an alternative to GPO.

Why do you dislike the lack of a client? Sure it's LAN-centric, and we should be looking for LANless options these days...

Reliability. Hoping that the operating system will successfully pull GPO without an agent is a flaky process. You can make a lot of billable hours getting paid to troubleshoot GPO failures because Windows doesn't have a good way to get the data, process the data, and report on that processing. It's the agents that do all the things that make this type of process reliable.

I guess I don't follow. Something in Windows Pro is what tells the PC to pull and process the GPO - there are logs for that process in Windows. of course I've had issues before - are you saying you've never had issues with something that has a third party agent before?

I'm saying that the GPO system is flaky and useless. It's pathetically complex and unreliable. Those that use it tend to either have to keep it very, very basic or do a ton of work to make it work and rarely can you find a shop that's really confident that it is working.

The very idea that you have to go onto the endpoints to look at logs shows how big the problem is. There's no warning, no alerting that something has failed. No central repository. You have to build out some kind of log monitoring solution with an AGENT and deploy it to the end points to bandaid the kind of centralized data into GPO that you'd just expect with any modern solution (or competent solution.)

Everything "has" problems. But how often they have problems, how the agent handles problems, and how you have to deal with problems are what matters. And obviously nothing you'd actually deploy should have the kinds of unreliability or difficulty in monitoring as GPO. If it even comes close, it's not something you'd trust.

You are asking "GPO is bad, so you are saying other solutions are perfect?" Do you see why that is a bad question? Nothing is perfect, why do you ask if other solutions are perfect but don't expect GPO to be?

The way that you ask these questions makes you sound crazy. Don't ask if GPO is perfect. What you should be asking is something like "Oh, so you've found that the good third party agents are reasonably more reliable than the native GPO?" It's logical, it's rational, and it doesn't imply that perfect is a requirement, because obviously it is not.

I guess I've just had good luck. I haven't had to poor huge amounts of time into my GPOs not working.
not zero - but no RMM type solution would I expect zero issues with when setting up.

No, not zero for sure. GPOs tend to be better when you have a very LAN-centric, very homogenous environment. The more variation you add, especially in terms of latency and connection, the harder it gets. GPOs start to get flaky, especially over the WAN, and you start getting a lot of time spent just trying to get them to process.

yeah - that definitely makes sense.

I'm curious - haven't dug in enough yet - how much Intune notifies you of non compliant machines?

You can get total sight and notification of any kind of compliance you want. The default no-setup-needed compliance policies are a great start, and now you can use your own custom compliance scripts. Additionally, through automation, the possibilities are endless.

@siringo said in Migrating to xxxxx:

Questions that dig into how a person thinks and solves, rather than past job history.

That's one thing to look for when you are the one being interviewed. I've interviewed for shitty companies that don't know how to interview and I basically let them know afterwards I'm no longer interested in the position.

@siringo said in Migrating to xxxxx:

But how do you/we get around the problem of an interview panel asking " so how much experience do you have with Ansible, Salt, AD etc"

Either don't interview for those positions, or get experience doing the stuff you want to be doing.

@scottalanmiller

@scottalanmiller said in Wsus for remote vpn and on-premise users:

There is little different between an MSP and internal IT.

They are basically the same thing. In many cases the internal IT is a separate entity that basically bills the company and/or child companies, but is on the payroll of the company.

@pete-s said in Password Managers:

That why there are plenty of vulnerabilities and bugs in everything.

You can't take from them something they don't have...