The STiffs return to podcasting after a very long week. The cloud has changed, Loop still isn't a thing, Viva and Entra are around, and Linux Mint vs Windows 11!
Extended show notes available at https://hthpc.com
Boot-up (AKA, "LAST WEEK, ON HOPE THIS HELPS")
Windows 11
Co-Pilots
The end of Windows?
The Year(s) of Linux
Outro - "Plus Delta"
Error messages, meeting etiquette, MFA improvements and concerns, PowerShell with MS Graph, PowerShell Crescendo, random PowerShell things, in a short-but-packed episode!
Extended show notes available at https://hthpc.com
=====Boot-up=====
BSoDs and error messages
Phrases I don't wanna hear anymore: "Thank you for your time."
Microsoft Teams - Send praise to people
Better meeting etiquette
The stigma against accepting a meeting as "tentative"
Accepting and not sending a response
Shower thought: There should be a "Mute Mic AND Turn Webcam Off" button in Teams
Parasocial relationships
Real-time followup: There's a PowerToy for it! Go check it out.
Microsoft Authenticator improvements
Suspected Russian Activity Targeting Government and Business Entities Around the Globe
=====PowerShell Drunk Jawer (it's like a Junk Drawer shut up)=====
Microsoft Graph PowerShell got way easier + Azure AD Temporary Access Pass
Tiff asks: Why are Enterprise Apps and App Registrations in two different places?
Azure AD security attributes
Microsoft Graph API: The dangerous line between script writer and developer. It's a high barrier of entry to a non-developer.
Graph PowerShell Module
The Ups and Downs of Connecting to the Microsoft Graph Using the PowerShell SDK
Installing modules in PowerShell 7 vs Windows PowerShell (admin level vs user)
PowerShell Crescendo Release Candidate - But why JSON? What's wrong with advanced functions?
PowerShellGet 3.0 Preview 12 - More useful for developers developers developers?
Global variables in PowerShell 7 are funky if you use -UseWindowsPowerShell with import-module
Make test accounts with this one simple trick! 1..300|%{$_}
Correction: This technically isn't an array
Range Operators in PowerShell
Always make your functions return psobjects containing data. It's better for you, the environment, and your pets.
=====“Unplanned Outage” (Sponsor section - “Hope this Helps is helped by…‘)=====
The rewind button. Be sure to rewind this podcast when done listening so the next person doesn't have to
=====Outro - "Plus Delta"=====
Montero (Call Me by Your Name)
We help you, you help us: Rate us on iTunes
Microsoft Ignite 2021 hot takes! Multi-Cloud MultiBall, Loop, Teams, Viva, PowerShell install variations, and Zune on macOS!
Extended show notes available at https://hthpc.com
===Boot-up===
We help this hopes
===Microsoft Ignite 21H2===
Defender madness - so many confusing name changes!
Multi-Cloud MultiBall
"Now, native support for multicloud environments is available through the extension of Cloud Security Posture Management (CSPM) and Cloud Workload Protection capabilities to Amazon Web Services (AWS)."…Do other clouds actually want Microsoft to butt in?
Actual quote from someone (Mary Jo Foley?) at Microsoft: "It's like a Big Mac: Have it Your Way"
Tiff's experience working at Wendy's
LOOP THERE IT IS
Does it replace OneNote?? (No)
Does it replace Whiteboard? (Maybe?)
Clarification: Loop is an Office app.
The feature imparity between Windows and Mac versions of certain Office apps
MS Roadmap updated and has moved MS Teams connect to March 2022, I just want shared channels.
Speed/ease of use - When people choose illogical/unexpected solutions
Remember Viva?
PowerShell's store version versus the standalone MSI version
Frustrating differences between them
VS Code integration for Store version is off
Running as a different user can get hairy
Just install the MSI version, the Store version is annoying
Installing PowerShell on macOS via HomeBrew is fantastic
===This is the way===
Microsoft presents for a long time about why passwords suck
Types of Passwordless auth
Unlock your Mac with your Apple Watch
iOS Security Guide - Page 8 - Passcode supersedes biometrics at first boot
Are passwords and policies truly worthless?
Counterpoint: They have their place in the correct use cases.
===State of the Zunion===
Steve's attempts to get Zune working on macOS Big Sur
The Apple Event, Windows 11 features, Defender for Endpoint updates, Docker, Terraform, and fingers!
Extended show notes available at https://hthpc.com
Note: Our apologies for wavering audio quality, we had some technical difficulties again!
The Fork-Up
-Don't Fork your Parent
-Finger
Boot-up
-Apple Creates the World's Best Computer...of 2009? New Macbook pro has real ports
-The Surface event
Win 11
-Vista 2.0? Not really
-Windows 11 WSL 2 is almost as quick as running Linux natively
-Installing Wine using Homebrew on macOS
Player One DFEated
-Defending Windows Server 2012 R2 and 2016
-"The solution does not use or require the installation of the Microsoft Monitoring Agent (MMA)."
-There's an installer now!
-So what about Server 2012 support?
More Apple things
-Apple Music "Voice Plan" - Bad for accessibility. What about those who are mute? Inconvenience for a lower price?
-Pumpkin HomePod
Hope This Helps Tip of the Something
-Don't sudo rm -rf your docker storage folder
-Things that may happen:
-Images gone
-Errors trying to update containers
-If a container is restarted it will not come back
-Portainer will explode
-You'll have to rebuild all your docker-compose stacks in Portainer (hope you had a backup)
Terraform
-Tiff's experience with WSL + Linux + Docker + Terraform
-Enabling Virtualization in AMD BIOS is oddly esoteric
-F7 for Advanced Mode - CPU Configuration - SVM Mode - Enabled - Guide
Microsoft Exams, Passwordless login, Identity and Access Management, Microsoft 365 landmines, and more!
Extended show notes available at https://hthpc.com
Note: Our apologies for wavering audio quality, we had some technical difficulties!
Boot-up
Delilah
Human Robots + Cyborgs
Remember on-premise? There's a cert for that
Microsoft exams are hard!
Passwordless login
New identity partnerships and integrations to accelerate your Zero Trust journey
Metroid: Other M and Privileged Identity Management
DEFCON Patch Alerts It's like the French Toast Alert System for patches
Apple zero-day vulnerability
Update/correction: Snow Leopard was last updated in early 2016 just so you could jump to a newer version of OS X in the Mac App Store.
Update/correction: Steve meant the 2010 Macbook Air's ability to run Catalina, not the 2011 one.
Bo Burnham's "Inside"
Various M365 landmines to be aware of
Via Joe Stocker (@ITguySoCal)
We go over almost everything listed here: https://twitter.com/ITguySoCal/status/1431734989792563201
M365 vs O365 vs Azure
Some things are the same between the two
Where do they link/not link?
Two user portals
Things change and documentation isn't always updated
Exchange Online's dual portals
Exchange scripts/Documentation still referencing Skype for Business
That is Accurate
SSH and Secure Shell have the same amount of syllables
Outlook Web Access, Scrum, Windows Admin Center complaints, Defender for Endpoint complaints, and the world of InfoSec, among other things!
Extended show notes available at https://hthpc.com
Boot-up
OWA Suggested Pre-reads on meeting reminders, interesting idea
Not mad, just disappointed: Cloud shell kinda sucks, I'm complaining about it
Set-MSOLUserLicense is going away
The importance of learning programming/scripting/CLI/DevOps, Infrastructure-As-Code, etc.
Steve figures out git branching
Scrum, orgs adapting to agile, etc
Windows Admin Center annoys me immensely, but it does work I guess
Ongoing follow-up from HTH episode 20 and 24 regarding WAC
Stupid little things, some complaints from HTH0020 are still in play
Remote PowerShell feature is really picky (and buggy)?
Must specify credentials in a certain way
UserVoice pages are 404'd in documentation
Speed/efficiency issues
Can't do advanced things like take ownership of registry keys or values, still need regedit to do that
Semi-related: Manage Active Directory Objects with the New Windows AD Provider for HashiCorp Terraform
Defender for Endpoint device inventory/search/dashboards/reports could be better
I wish it would support wildcard searches
Is really picky about exact matches
Duplicate/misleading entries: Workgroup vs domain
Removing a device other than waiting for it to age out?
Fix unhealthy sensors in Microsoft DFE
Reordering columns isn't possible
Have to stretch out the browser window across multiple monitors to get full width
Entire interface is inefficient, sort of like WAC
InfoSec - The new Sysadmin
CISO MindMap 2021: What do InfoSec Professionals Actually Do?
How To Get A Job in Cybersecurity
Look at all this stuff!
Are they actually sysadmins?
What IS a sysadmin?
The OWA Experience
Missing UI elements
Flagged items in a sidebar
Has a "To Do" panel but it doesn’t include flagged items
Calendar flyout is not expanded by default
Categories (already discussed at length in our blog)
[old man complaint] Forward as Attachment is different
GMU.edu guide on how to do it in OWA
Meeting notifications aren't prominent/obnoxious enough
No unread "group by folder" view
Can't add an Office 365 Group as a favorite like you can in Outlook
Table management in OWA email composition is bugged
Can't set specific to-do dates for flagged items?
Windows 11 is a thing, Solarwinds is still a thing, Zune is still a thing, PowerBI regional migrations, and Windows 10 learns a new trick. Hope This Helps is back!
Extended show notes available at https://hthpc.com
Pre-Boot
Windows 11 and the TPM
Golf is boring, unless it's mini-golf
LinkedIn is like the golf course of the internet
Boot Up
Tiff and Steve's desktop computers, Macs
Proof of Work vs Proof of Stake
Solarwinds hacks + version number madness
Get them on the payroll!
Remember LulzSec? / LulzSec Leader 'Sabu' Flips on Friends for FBI
Orion web console tells you one thing in the web console, Database Manager tells you something different
Version number schemes don't line up…Product Upgrade Advisor uses YYYY.MM based versions while the database still uses legacy 12.x version schemes
What the heck is Bonjour?
Bonjour chat
Barrier uses Bonjour to find other Barrier nodes
Windows 11 phone integration
Android apps
Gripes about macOS Catalyst/"Project Marzipan" apps being half-baked
macOS uses Home/End keys wrong
More Windows 11 thoughts
Windows 11 will require TPM 2.0, UEFI, and Secure Boot
Surface Studio 2 can't run Windows 11
People is Removed
Brief tangent on disconnecting from social media/cloud services/Windows
State of the Zunion
Elon Musk's tweet
Steve's Zune-to-M3U-to-AirSonic PowerShell script for playlists
PowerBI data migrations + general cloud frustrations
Configure Multi-Geo support for Power BI Premium
Originally you could only pick one region, but more options expanded over time
Egress costs are expensive - On-prem datacenters wouldn't see these OpEx costs
It's a headache when moving regions
MS can sometimes even lose your data during a regional migration?
Out-GridView is temporarily (?) dead (on Mac/Linux)
No more work is being done on Avalonia-based Out-GridView until we move to .NET MAUI
Let's talk about how great Out-GridView is on Windows and how nobody knows about it
Windows 10 News (literally)
The new Windows 10 taskbar "News and interests" widget
Why exactly was this shoved into a cumulative update? This is a new feature.
Disabling "News and Interests" causes entire notification area to go blank
The actual content is low quality
Microsoft service disruptions, Exchange Plus Addressing, UserVoice, Ignite 2021 Recap, Defender for Endpoint, Zune, Outlook Signatures, and more!
Extended show notes available at https://hthpc.com
Boot Up
What even are NFTs, anyway? Nobody knows.
Blog post about PSWindowsUpdate and Outlook Categories
Outages + Microsoft lying about service issues
Exchange Plus Addressing
An SMTP email address uses the basic syntax: <local-part>@<domain>. For example, sean@contoso.com. Plus addressing uses the syntax: <local-part>+<tag>@<domain>. For example, sean+newsletter@contoso.com. Use case: newsletters, junk email, alternate smtps that users can handle on their own
Replying to individual messages in any chat coming to Teams
Microsoft breaks Win10 thrice in one month
No more UserVoice - A Loss For Words
Ignite Recap
Mesh and bubbles
Inna-Gadda-Da-Viva Baby
MARKETING
“Unplanned Outage” (Sponsor section - "Hope this Helps is helped by…")
"No Hello"
Defender for Endpoint "Deef"
The portal changed to https://security.microsoft.com/machines from https://securitycenter.windows.com/machines
Bug in a Defender/SCEP GPO
Server 2012 is in extended support till 2023, so why is it excluded from DFE while 2008 R2 is still supported?
Correction: The PowerEdge 2850 can run 2012 but not 2012 R2. Steve got the model number wrong.
State of the Zunion
Fix Zune software native video conversion! Swap out wmvcore.dll with the 1511 version.
Outlook Signatures are still a nightmare
Organization-wide message disclaimers, signatures, footers, or headers in Exchange Online
Parting Words / “Unplanned Outage” (Sponsor section - "Hope this Helps is helped by…")
"Consider your environment before printing this podcast"
Outro - "Plus Delta"
We help you, you help us: Rate us on iTunes
Yammer and Defender for Endpoint Rants in a quick Midlife Crisis episode of Hope This Helps!
Extended show notes available at https://hthpc.com
<meta name="awa-kb_id" content="3209361" />Cloud service talk, modern workplace thoughts, DevOps versus ITIL, Docker Container of the Week, and a bunch more!
Extended show notes available at https://hthpc.com
Boot Up
[Semi-off topic variety section] What kind of alcoholic beverage is each cloud service?
Azure=Tequila, the more you drink it, the more things change
The VibrationSensorHub Azure IoT lab
Zune Squirting - 3 Plays or 3 Days
Pronouncing Azure
WarHammer / Your state of being at work
AWS=Jim Beam?
Google=Bud Light
Our review of Super Bowl LV
The first 5G Super Bowl
iCloud=Heineken
The 5 minute rule prevails
Along with rubber duck debugging
No more old Edge - "Spartan Down"
CORRECTION: Brave is based on Chromium, and yes there are privacy concerns
Microsoft meddling with the hosts file
Viva las Dashboards
Workspace 365
Various grumblings about the whole idea
Modern Workplace
Microsoft and the workplace of the future: How AI can help you build more productive relationships with your colleagues
Talking (mostly grumbling) about Yammer, Teams distractions
How far is too far?
Microsoft patented a chatbot that would let you talk to dead people. It was too disturbing for production
Magsafe is back I guess, what are your thoughts?
Pacemaker compatibility issues
DevOps versus ITIL
How to Win the Battle Over Change Management
"ING found it was able to modify ITIL to work within its new DevOps appr oach. “Don’t do everything the ITIL book says,” advised Jan-Joost Bouwman, ITSM process owner at ING. And yet, following ITIL for practices such as incident management are “still the best way to do it, because everybody knows what to do and you don’t get confused about the rules.”"
Look at all this licensing
Get your fresh licensing maps at m365maps.com
Docker Container of the Week
Plex vs Jellyfin
Plex's Privacy Policy (see the data collection sections) https://www.plex.tv/about/privacy-legal/
Recent Plex DDOS issue via SSDP https://arstechnica.com/information-technology/2021/02/ddosers-are-abusing-the-plex-media-server-to-make-attacks-more-potent/
Slight correction: Plex started out as freeware
Outro - "Plus Delta"
Lock the Taskbar https://youtu.be/WEWG6kSYqlY
We help you, you help us: Rate us on iTunes
HTH Turns 1 year old! We catch up on cloud happenings, productivity score ethical debates, bad naming schemes, Solarwinds, M365 deathwatch, and more!
Extended Show Notes available at https://hthpc.com
===Boot Up===
• HTH Turns 1 year old
• M365 email forwarding dashboards aren't great
• Productivity Score - Remember the human (stop being creepy)
○ Microsoft says no to Productivity Score for individual users
○ Concerns remain about Microsoft Teams employee analytics
○ Microsoft responded to the criticisms by anonymizing the data, and making other changes, but the truth is that the data is still being collected – it is simply no longer being packaged up as neatly for the use of managers.
○ Methods of focusing differ from person to person
○ Read Only Friday: Let’s not mess with people‘s eyes with webcam AI
• Worst name - "Tasks By Planner and To-Do"
○ Xbox naming is awful
• Flash is dead
○ HTML5 is not a replacement
○ Recent MacOS bugginess/nagging prompts
• One More Outlook
○ The OneNote fiasco
○ Talking about email in general
• Solarwinds/Solorigate
• FiOS outage
• 2021 IT predictions
○ DevOps/SysOps merge
○ More Hybrid
===M365 things dying in 2021===
• 2021 End-of-Support Milestone in Microsoft 365
===Teams===
• Native notifications are coming
===State of the Zunion===
• Article from The Verge Zune's afterlife
===That is Accurate===
• You can float on air
===Ask the Stiffs: Question of the Week===
○ What is the current hot tech you should learn as a sysadmin?
○ Kubernetes, basically
===Outro - "Plus Delta"===
• We help you, you help us: Rate us on iTunes
• We applied to be Ignite speaker moderators!
Control Panel is going away, SMS based MFA is bad, Project Management is good, SCCM/MEMCM payload tips, MS product name frustrations, and more!
Extended Show Notes available at https://hthpc.com
Boot Up
How are you?
Life Cereal
Giving up Control (Control Panel going away)
Alternate UWP Control Panel
GodMode: Make a new folder named GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
Administrative Tools???
Tiff's Outlook for Mac New Experience Rant
AskWoody changing hands
Microsoft sez: No more SMS-based 2FA
NIST said this in 2016
Hope this helps! Bookmark this: Microsoft Portals https://msportals.xyz/
Dangling Domains
PROJECT MANAGEMENT
PMO IS GOOD
Don't be afraid of failing projects
When A Problem Comes Along, 7-zip it
Deploy SCCM/MEMCM/SMS Payloads better: Large applications with large size & many files? 7-zip it!
Include the 7-zip executable and DLL, and include a script to locally extract and THEN install.
Microsoft's product names are annoying
Defender ATP is called what now?
Moffice 365?
Sharepoint Syntex? WTF is this
Some new Teams Features
Timed statuses
Statuses from Skype for Business/Outlook (OOO/Invisible)
That is Accurate
Tiff and Steve are Advanced Glasses Users
Ask the Stiffs: Question of the Week
What is the dumbest acquisition you can think of?
Microsoft buys OnlyFans and makes it a social network merged with Yammer
Outro - "Plus Delta"
12/8/20 4pm Australian time - Tiff and Adam Fowler - How to Keep Up with Microsoft https://youtu.be/LqeNXx3cxTI
We help you, you help us: Rate us on iTunes
Send us a Tweet, or a Yam, follow us on OnlyFans
Long-winded rants about cybersecurity, Teams Updates, Google Play Music, and the future of IT. Other stuff too!
Extended show notes available at https://hthpc.com
Boot Up
How are you?
Linode and OpenVPN connection attempts
Youtube-DL RIAA DMCA
YouTube Rolling Cypher
National Cybersecurity Awareness Month
ArnoldC - Get to the Chopper - "Program with your favorite Terminator"
October Teams Updates and other things
Where are break out rooms?
Why isn't Teams a Docker container or a PWA?
Office PWA Installs Caused by Microsoft Edge Bug
Still not 100% functional in Firefox
Outlook for Mac Preview features
OWA Light mode: Start on https://outlook.office365.com/owa/?path=/classic and Go to the cog in the top right and scroll down to "Mail" under "Your app settings." Expand "General" and select "Light Version," checking off "Use the light version of Outlook" and click "Save." Sign out, then sign back in, Light Mode should work. If you ever need to get out of Light mode, go to Options->Outlook Version, uncheck "Use the light version" and sign out/back in.
115 Million Users daily
MS Office Mouse and Trackpad support iPad
Cybersecurity Awareness Month Fail: Nintendo
Nintendo Sez: Open up all your ports
"Within the port range, enter the starting port and the ending port to forward. For the Nintendo Switch console, this is port 1 through 65535."
The IT DEEP STATE / State of the Zunion Combo Segment: RIP Google Play Music
2011-2020
Self-Host your music using LMS
ITIL - Org Structure's and Ops
What do future IT orgs look like, and how should traditional Infrastructure and operations teams be shifting?
The relationship between infrastructure/ops/cloud/devops
Gartner Research: Evolve Your Infrastructure and Operations Organization to Remain Relevant in the Cloud Era
Saying yes to new ideas
Be the department of "yes"
Ask the Stiffs: Question of the Week
What should a truly accurate sysadmin job description be?
iPhone Event feelings, Microsoft 365 Outage feelings, Help Desk feelings, Therapy feelings, M365 Audit feelings…all kinds of feelings!
Extended show notes available at https://hthpc.com
Boot Up
iPhone event
RIP Office 2010 and Exchange 2010 - Tombstone
Brief eulogy
Microsoft 365 won't support TLS 1.0 as of October 15 2020
Patch review for October 2020
Clarification: The 32-bit .msg Preview Pane issue is only for File Explorer:
"The Windows preview host requires a 32-bit application previewer. When 32-bit Outlook is installed, it acts as the previewer. Without 32-bit Outlook installed, there is no previewer available for .msg files."
Microsoft 365-hours-of-downtime
(365 hours=15 days)
Speaking of dead: M365 goes down once again 10/7/20
Admin portal down again 10/14/20 for 4 hours
EX223890: Admins intermittently can't create or migrate mailboxes in Exchange Online
Happened AGAIN EX224151 (Started 10/13/20, ended 10/14/20, MS appeared to merge info with EX223890)
AGAIN! EX224497 - Admins are unable to migrate mailboxes to the Exchange Online service 10/19/20
EX224266 - Some users may be unable to send email messages
MO222734 (10/14/20) and MO224234 (10/14/20) - admin center down
MO224463 Admin Center health status down 10/18
Improve your change management ASAP!
What's their SLA, anyway?
Teams/Exchange Online SLA
Azure services SLA: Broken down by service (too many)
Biased towards Azure (measured against ALL Azure services)
"Multiply SLAs to determine overall SLA of the solution"
What makes a good help desk?
If a customer says "The tier 1 people don't know anything" it's not a good help desk
"If I need something done, I know [which Tier 3 people] to ask" <--a bad sign that Tier 1 is failing
Foster confidence in the customer by having a great tier 1 that can actually do things
Is the best support person a Tier 2/3 employee?
Common sense and technical skill and customer service ability
ITIL and shift-left
Great documentation for self-service
Empower Tier 1 to get the customer to the answer
The Therapy Angle
Feelings
Moo With Me
Advanced Audit in Microsoft 365
Coming 2021
Now requires an additional license if you have 10 years or more of data
Ask the Stiffs: Question of the Week
Should Microsoft rebase Windows to Linux?
Linux Apps Coming to Windows
Correction: Linux apps are planned for the future but probably isn't a lock for the 20H2 update.
Outages, Microsoft Ignite reactions and feelings, Excel Vlookup is cool, a story about wifi, a new "That is Accurate," and Question of the Week!
Extended show notes available at https://hthpc.com
Boot Up
• SLACK OUTAGE
• M365 outage
○ MO222965 - What is the point of posting this to a portal nobody can get to?
○ Root Cause Analysis posted
• Ignite post-game show
○ Thoughts overall
○ NO SWAG!
○ Also the Vmware VMWorld post-game show within a show
○ Physical Ignite is so much better
○ Azure VMware Solution
○ Microsoft Announces Ignite, Part 2, is Happening in March
○ Exchange – Here, There and Everywhere - External Forwarding Command Center and Certificate-Based Authentication (CBA). On-prem Exchange now subscription only
○ PowerShell Unplugged - Challenge Edition
○ Taking your automation to the next level with PowerShell 7
○ Microsoft Mechanics 2020
○ RIP Defender ATP, new name Microsoft Defender for Endpoint
○ Video Hub
• Random bug of the day
○ When using multiple Container tabs/accounts for the same website, Twitter/Anchor in Firefox seems to require a cached reload (CTRL F5) for likes/retweets/notification counts to clear. Anchor needs it for certain settings to save.
ALL HAIL VLOOKUP
• Why Vlookup
○ Say your master server inventory is inconsistent with your VMWare inventory, how do you find out what's missing? Vlookup
• How Vlookup
○ Syntax: Source cell, Range to look up, column index, exact match (false most of the time)
• Who Vlookup
○ People in a hurry
• Where Vlookup
○ Say you are trying to merge multiple lists of data. How do you link them? Vlookup + copy + "Paste values"
Declassified Sysadmin Stories: The impossible wifi project
• (What happens when a sysadmin attempts a wifi project by himself)
• Project was in 2016
• Replace ancient HP Procurve wireless infrastructure with Cisco infrastructure
○ ProCurve 420 and 530 WAPs
○ Rebootable via PoE, they frequently died
• Perform tests all over campus, run scans, tests, learn a lot of about radios
○ Test with lights on, lights off, doors open/closed, microwaves, bathrooms, water, etc
• Vistumbler, Airport Utility, RSSI
• Carts with long cables
• Limited number of Cisco APs (30 Aironet CAP1602i), not enough to cover the campus
• MAC-Daddy registration for all standard wifi devices, ancient Linux box, student project from years past that became production
• Learned all about RADIUS (NPS)
• MAC registration for non-802.1x compliant devices
○ Test things like Zune HD, Wii U, Wii U in Wii Mode, PS3, PS4, Xbox 360, Xbox One, 3DS, Android Tablets, TVs, etc
○ Visual Studio .NET app called MacDaddyJr - Form to CSV - PS Scheduled Task to create AD Users for MACs, add to group, change primary group
• Manually build out two Cisco WLC 2500s for the APs to talk to + interface with parent company controller
• Summer of wiring
• Impossible fiber line repair: Line going from campus to building we didn't own with difficult owner to athletics building/hangar that was rarely used in the first place
That is Accurate
• Azure has the most Global regions than any other cloud provider
Ask the Stiffs: Question of the Week
• What is your favorite current piece of tech [wrong answers only]?
Outro - "Plus Delta"
• We help you, you help us: Rate us on iTunes
Microsoft Ignite 2020 hype! iOS 14 Mail changes, software KVMs, Zerologon exploits, SSU/LCU follow-ups, Teams/Exchange Online Issues, stories about imaging computers, and a variety of other topics!
Extended show notes available at https://hthpc.com
Boot Up
• #MSIgnite 2020!
• Steve hates sticky monitor edges
○ NSFW: Arm workout: The Denny's Grand Slam
• Software KVMs: Synergy versus Input Director versus Mouse Without Borders
○ CORRECTION: Input Director still exists.
• Denny's at 3am isn't THAT exciting but Ignite at Denny's is an option
• iOS 14 Mail changes - "admin approval" needed
• Enterprise application name (same ID) and permissions appear to have changed with iOS 14
• Supposed solution: update permissions to "re-approve" app or grant permissions for <org>
• Or just use Outlook for iOS, it lets you accept calendar invites without sending a response!
• Terrible places to put physical conference rooms (directly adjacent to bathrooms)
• Changing app icons in iOS 14 via Shortcuts
• Quick follow-up from HTH0025: CVE-2020-1472 has a proof of concept. Patch sooner rather than later.
• Follow-up from HTH0027: SSU/LCU merge is not for Server OSes
• Monetizable rage: Apple Watch AppleCare rant
○ Why do I have to send it in and wait for shipping? Why can't an Apple Store do it?
○ Had to wipe it before they would even ship the return box
○ 5 days of no watch for nothing
• Losing the Exchange Online Lottery: "A very limited number of users may intermittently be unable to access Exchange Online via any connection method ID" - EX220974
• Delayed Teams messages
• Phishing issues
• DigiCert emails fail SPF?
• MICROSOFT IGNITE final thoughts
• The Bud Light Showtime Cam - feature people with better cameras/internet please
• The LG VX8100 and Tiff's first phone
Declassified Sysadmin Stories
• Steve was hired for SCCM imaging
• That one time Steve had to build an SCCM server from spare parts (PowerEdge 1950)
• Imaging labs and classrooms with WDS/SCCM - Network congestion, Before and After
• Image cleanup and optimization
§ What do you mean pushing out a 100GB+ image is insane?
• Tiff went from imaging mac labs to an exchange admin
That is Accurate
• MAC is not the same as Mac
• MAC Filtering and MAC randomization
• Side note: Game Boy is two words, not one.
• Lego versus Legos
• An insane way to pronounce Symantec
Ask the Stiffs: Question of the Week
• What are some of your favorite free tools/utilities you use as a sysadmin?
○ Steve likes: VS Code, Windows Terminal, Everything, ShareX, RoboCopy, WinDirStat
○ My work computer -Tiff
Outro - "Plus Delta"
• We help you, you help us: Rate us on iTunes
• We're on Amazon Music
• Check out Steve's solo podcast (coming in October 2020 hopefully): Things Learned
Ignored Windows bugs, Apple vs Epic, updates and incidents across the Microsoft ecosystem, and Microsoft 365 E3 trials.
Extended show notes available at https://hthpc.com
Boot Up
It's conference season! Register for VMWorld/Ignite/anything! They're all online!
A modest list of bugs in Windows 10 that Steve submitted in the Feedback Hub that got ignored/no upvotes
Slow finger touch response time on Surface Pro 6 vs pen/mouse
Most files called "hosts" are removed by Windows Defender
System tray context menus pop up under the taskbar in Task View
Run box randomly won't remember history
Action Center cannot intake large quantities of notifications
Thoughts on Apple vs Epic Games
HTH Update Corner
Ready the Bud Light Showtime Cam (not sponsored) - Teams NFL experiences
Linux file systems accessible in Win10 Insider Build 20211
Simplifying SSUs
Grab a copy of 2004, before the next big FU!
Touch-enabled File Explorer
Exchange Security Updates Sep 2020
CVE-2020-16875 for Exchange 2016/2019
Teams "new conversation" button so that one coworker can stop making a new thread any time they want to reply
What did Microsoft hose this week?
EX221227 - "Admins may be unable to migrate some mailboxes"
Start time: 8/26/2020 7am UTC
End time: 9/8/2020 5:27pm UTC
Official Issue not posted until 5 days later…"Start time: August 31, 2020 6:38 PM"
"Root cause: A recent service update to Exchange Online caused issues with migration requests."
"We're reviewing our validation and update procedures to prevent issues like this from occurring in the future."
"Approximately 1.6 percent of migrations encountered this issue, and admins can now resume their migrations or restart those that encountered a failure."
TM221283 Users who are given control by a presenter during a Microsoft Teams meeting are unable to control the screen
"Depending on how impact is presenting itself for your organization, there are workarounds available. If no mouse or keyboard actions are working, users may click on one of the side rail items (such as Chat, Teams or Calendar) and then return to the meeting screen to mitigate impact. If a user has issues controlling the top of the screen, the sharer needs to move the shared app (such as a web browser or the Outlook client) down 40 pixels to mitigate the impact."
"We've determined that a recent service update is causing the problem."
"Our telemetry suggests that approximately three percent of meetings may experience impact."
Setting up a Disposable O365 Training environment
30 Day O365 E3 Trials
Use cases: Demos, classes, need Office in a pinch
Be sure to clean up PII afterwards
Outro - "Plus Delta"
We help you, you help us: Rate us on iTunes
Teams August updates, EXOL external forwarding changes, Patch survey results, M365 E5/A5 licensing, SYDI, separating work data from personal data, squeaky lobster, and more!
Extended show notes available at https://hthpc.com
We had a few audio glitches, apologies for the quality variance.
Boot Up
Ever want to feel better about your day? IT blunder permanently erases 145,000 users' personal chats in KPMG's Microsoft Teams deployment
The name "KPMG" stands for "Klynveld Peat Marwick Goerdeler". It was chosen when KMG (Klynveld Main Goerdeler) merged with Peat Marwick in 1987.
Original goal: remove one user from the retention policy
What actually happened: "In the execution of this change, a human error was made and the policy was applied to the entire KPMG Teams deployment instead of the specific account"
Patch survey results
RE: Wine/Running Windows applications/games on non-Windows: Valve's Wine implementation on Linux is called Proton
Teams August Updates
Forward March
M365 External Email Forwarding changes
Basically a follow-up HTH0010 and this
Transport rule vs. anti-spam policies
We are also moving to disable external forwarding by default so organizations are secure by default.
The World of E5
So many new changes to the Security and Compliance Center
Defender for Android (it's also coming to iOS)
Best Practices
We Built this SYDI on Rock and Rollllll
Use SYDI to document servers
GitHub page
Usage:
cscript.exe 'C:\sydi\sydi-server-2.4\sydi-server.vbs'
<At the prompt, Enter the server name (FQDN) you want to grab documentation on>
Also honorable mention to the AD Topology Diagrammer
Separating work from twerk
Keeping work from personal endpoints
When it's okay to use a personal machine
Cloud-based stuff
Non-VPN resources
Keep internal network/on-prem to work-issued hardware
If using a personal system: Don't download; Use web portals when able!
The OneDrive debacle (syncing things to non-work systems)
When does your personal system become a work asset?
That Is Accurate
Squeaky lobster is the name of a toy lobster in an MS Exchange love story, and would forever change MS influence MS product development.
Ask the Stiffs: Question of the Week
What is something you suck at as a sysadmin?
Steve's perpetually bad at subnetting
Tiff - anything networking (squee)
Outro - "Plus Delta"
We help you, you help us: Rate us on iTunes
We do weddings, we do funerals, first communions, post-incident reviews
August Patch Tuesday review, Mozilla problems, Server 2012 Update issues/fixes, IE11 EoL, Teams bugs, Portable Exchange Servers, and a bevy of other topics!
Extended show notes available at https://hthpc.com
Boot up
○ Post-mortem on why HTH0024 was a bit shorter than other episodes (YouTube Music)
○ Dark clouds at Mozilla
○ Threat management team laid off
○ Mozilla to refocus on its own commercial products
○ Google contract extended
○ CORRECTION: Thunderbird isn't exactly a community-only project. Some things have also changed, Thunderbird was transferred to MZLA Technologies Corporation from the Mozilla Foundation.
○ CORRECTION/MINI THAT IS ACCURATE: Gmail Launched 4/1/2004.
○ August Patch Tuesday plop
○ Circle the wagons: CVE-2020-1472 | Netlogon Elevation of Privilege Vulnerability…especially bad if you have 2008 R2 as a DC. Extended support needed for the patch, otherwise you need to mitigate.
○ "It’s rare to see a Critical-rated elevation of privilege bug, but this one deserves it," said ZDI’S Dustin Childs. "What’s worse is that there is not a full fix available."
○ Win10 2004 no longer searches online for Drivers by default
○ Server 2012 update checking/service being bonkers lately
○ Bye-E11 - M365 no longer supports IE 8/17/21 HOPE YOU'RE READY!
○ Will MS have ported over IE-exclusive SharePoint features (WebDAV "Open in File Explorer" links?)
○ Teams in the browser / Teams rant
○ Inconsistent/buggy notifications in Firefox
○ Photos not showing - UserVoice
○ Tiff returns to the land of Macs.
○ macOS Catalina didn't learn from Vista
Exchange errors: Real or Fake?
○ Microsoft.Exchange.Data.Directory.SystemConfiguration.UnsupportedBrowser
○ Microsoft.Exchange.Data.Directory.SystemConfiguration.OverBudgetException
○ Microsoft.Exchange.Data.Directory.SystemConfiguration.OutOfMoneyException
○ Exchange 2019 System Requirements
Declassified Sysadmin Stories: Pocket Exchange
○ That time Steve built a portable Exchange 2010 server
○ Purpose: Teach people Outlook in a pre-cloud era at onsite trainings
○ Dell Latitude D630 running 2008 R2…4GB(?) RAM Core 2 Duo
○ (A later version was a newer Precision M4700 laptop and/or Thinkpad X201 running 2012 R2)
○ Server 2008 R2 Hyper-V VM running Exchange 2010
○ Exchange built according to a guide
○ Pre populate AD, users/mailboxes, and make fake sample content (e-mail, calendar events, etc) built to a Microsoft guideline
○ Server connected to a router, classroom laptops connect wirelessly (no internet access), static DNS manually set on laptops to point to router
○ Outlook configured on each laptop for a specific user
○ OOO wouldn’t work without massaging DNS/autodiscover, which needed manual fixing after restoring the snapshot every time (delete and re-add the autodiscover A record in DNS then bounce the DNS services)
○ A brief discussion on SPF, DKIM, and DMARC
That Is Accurate
○ The Netscape ISP home page is still up.
○ Various internet nostalgia
Ask the Stiffs: Question of the Week
○ What was the worst password you ever created
○ What was your first password? ;)
○ Various computer nostalgia
Outro - "Plus Delta"
We help you, you help us: Rate us on iTunes
Windows Admin Center corrections, Win7 being actively exploited, Robocopy is amazing, ITSM/ITIL escalation tips and tricks for Tier 1/2/3, and more!
Extended show notes available at https://hthpc.com/shownotes/HTH0024.html
Boot up
WAC Corrections from HTH0020:
You can successfully add a group to the local administrators now it seems. When adding a user, enter the group in the syntax of "domainname\groupname"
Shared Connections pane now loads in Firefox it seems.
Salty Teams Logs
Patch KeePassRPC again - for additional protections (not as urgent)
FBI: Get off Windows 7 - Exploits being used in the wild
...But who cares because there's Vulnerabilities Inside ™
Maybe Apple knew this in advance and that's why they're moving to ARM…
Discussion: Intel has really fallen behind in terms of progress
MS has had enough of the App Store rules - xCloud has been denied
I <3 Robocopy
Differentials
Retries
Works over spotty VPNs
Logging
Multithread options
The /mir switch
robocopy "C:\myfolder\thingtocopy" "D:\destfolder\thingtocopy" /mir /eta
Why isn't this just default in the GUI? PowerToys?
The Color Picker tool was recently added, so why not this too?
ITSM Escalation Do's and Don'ts:
Don't:
Escalate with no details
Leave Illegible notes
Leave too many useless notes (verbosity/extracurriculars/chat logs)
Promise impossible things to the customer
Escalate to a more expensive team if you can help it - "Minimize overall cost of support by resolving most issues with less costly resources and automation and filtering only the more complex issues to more expensive, less available support resources"
Tie up Tier 3 IT and prevent them from working on capital projects/etc.
Do:
Ask the dumb questions, no matter how dumb
Do the dumb things: Check the network, ping things
Take screenshots
Google it
If you think it might need approval, seek it out
Look good for promotion opportunities
Check AD (you probably have read access), pull logs
That Is Accurate
"ALASKA" is the only geographical state whose name can be typed on the keyboard using only one row. Not accurate for AZERTY or DVORAK though.
Ask the Stiffs: Question of the Week
How do you organize your piles and piles of emails?
CORRECTION: Exchange Rules Quota range is 32KB to 256KB
Gmail labels vs Outlook categories vs Folders
It's too bad Microsoft doesn't consistently support categories