The default setup of Windows Active Directory is no central store. A central store is a central place to store your group policy definitions. If you only have one domain controller and make all your GPOs (Group Policy Objects) on that domain controller this likely wouldn’t be much of a problem. The limitations start to…
Recently I needed to expand a disk on a Windows 10 VM and a Windows Server 2022 VM, but I couldn’t because the Recovery Partition was in the way. When searching for a way to do this I discovered that the internet is full of posts about simply deleting the Windows Recovery Partition. I am…
Right out of the box the initial configuration of Microsoft 365 (aka Office 365) isn’t bad, but there’s a lot more you can do to harden it and to make it fully yours. By default all Microsoft 365 tenants are in a state that is called dehydrated. Microsoft places all the tenants in this state…
When you are managing devices with Microsoft Intune aka Microsoft Endpoint Manager it’s great to control BitLocker but silently enabling BitLocker for all devices is even better. Here is everything you need to know to silently enable BitLocker with Intune. Disk Encryption Policy Profile First up we need to create a disk encryption policy profile…
VMware Horizon’s web portal has a decent appearance out of the box. However, I wanted to customize it to make it look like my own. If you have a customized login background on your Microsoft 365, it could be beneficial to create a consistent end-user experience by making them look similar. I couldn’t find any…
Having a backup is great, but it only helps if you know how to restore it. Previously I showed you how to take an ESXi Config Backup. Now let me show you the process to restore that ESXi config backup. The Process If you aren’t sure how, here’s a post I made about how to…
Recently I’ve been playing with some Nvidia/Mellanox switches specifically the SN2410. An issue that I ran into was that I didn’t have the BIOS password. All of the documentation says that the default BIOS password is admin. That password did not work on my switch. You can absolutely use the switch even without the BIOS…
Intune aka Microsoft Endpoint Manager can be extremely powerful but as it always goes with great power comes great responsibility. To make sure I’m only targeting the devices I want, I like to make a few dynamic device groups that I’ll use for various Intune policy targeting. The dynamic device groups I create are: By…
On Lenovo servers the default configuration has a physical presence policy enabled. When a physical presence policy is enabled it prevents you from doing a few tasks on the system either in BIOS or IPMI. Lenovo calls their IPMI XClarity Controller (XCC). With an enabled physical presence policy your only options to do some of…
Duo Authentication for Windows Logon and RDP is great tool that I like to use to add MFA to Windows systems specifically servers, as it could help prevent lateral movement in the network. When you only have a few systems running Duo Authentication for Windows Logon and RDP upgrading it is short and painless. When…
