User Profile
derekliu
Copper Contributor
Joined May 31, 2019
User Widgets
Recent Discussions
Remotely manage Windows 10 Devices without On-Prem AD
We are in the midst of a cloud migration project for our managed desktop infrastructure, and one thing that we used to be able to do is manage machines remotely, and perform management tasks such as the following: 1) invoke compmgmt.msc against a remote computer, view event logs remotely, manage local users and groups 2) access c$, copy files to and from the computer 3) start / stop processes and services remotely 4) make WMI queries We did these things via the "allow inbound remote administration exception" and "allow file and printer sharing" GPOs, but since we are migrating into a cloud-only, AAD + EMS environment, we no longer have the ability to leverage the traditional identity management stack. I find that I am able to set the requisite firewall exceptions using a Intune configuration policy, but I get an access denied error when I try to view events or do computer management remotely. The account I'm using is an Azure AD "cloud device administrator" account. This account gives me the ability to manage a computer if I am logged on to it interactively. If I create a local admin account, I am able to use that to do remote management. But since LAPS in Azure is still "in planning", we don't want to create local admin accounts on machines without some central way to administer them. Does anyone know if there is a way to leverage Azure AD identities to manage client endpoints remotely? I know there is teamviewer, and Intune has some features that allows remote assistance. This is not what I am looking for. What I am looking for is a way to manage a computer non-intrusively, without the user getting involved. Sometimes you just want to get in, do your thing, and get out, but you want to do this while keeping the bad guys out, too.2.4KViews0likes0CommentsRe: Privacy Settings not Suppressed during AutoPilot OOBE (1903)
Yes we are still seeing the privacy screens using the regular csv import method. We just decided to live with it for now - we can adjust the privacy settings using a configuration policy; also this might be something that will be fixed in the future at some point.4.8KViews0likes0CommentsAutoPilotConfiguration.json disappears during OOBE Windows 10 1903
We are using the "autopilot for existing devices" workflow, and in our VM testing, we are finding that sometimes the autopilotconfiguration.json files disappears during OOBE. 1. autopilotconfiguration.json copies successfully during task sequence 2. it is not on disk at the welcome screen 3. machine does not get added to autopilot devices group (configured with enrollmentprofilename value) This essentially breaks our workflow as we have configuration policies and apps deployed to the autopilot devices group. Thanks!1.2KViews0likes0CommentsPrivacy Settings not Suppressed during AutoPilot OOBE (1903)
We are using autopilot for existing devices workflow. Our Autopilot profile has "hidePrivacySettings=True", but ever since yesterday, every machine we've built using this workflow is prompting the user to make privacy setting choices. Why is this?5.1KViews0likes12CommentsRe: AutoPilot requires 2 logins
SamTeerlinckThank you, we implemented this and yeah it's working out a little bit better for us. We were still getting non-compliant for the "require bitlocker" item no matter how many times we restarted (made sure there were no pending updates), so we switched over to the less stringent "require encryption of data on device".4.3KViews1like0CommentsAutoPilot requires 2 logins
I've noticed as of late (maybe in the past couple of weeks) that autopilot requires 2 logins, one at the welcome screen, and another one at the account setup. We are expecting our users to login, walk away, and come back to find their computers business ready. Now it looks like when they come back they have to login again to finish the account setup. Is this change by design or is there some configuration anomaly in my setup, since this introduces additional friction in the user's experience. I'm also finding that compliance and configuration policies often fail for the system account. Is there a way to alleviate that?4.5KViews0likes3Comments
Recent Blog Articles
No content to show