User Profile
RobinCM
Brass Contributor
Joined Oct 09, 2017
User Widgets
Recent Discussions
Re: Fido passkeys blocked by policy
For me this was just a timing thing. I'd just recently enabled passkeys as an authentication method and registered my first passkey. Then I tried to use it to authenticate into a remote desktop session and got the error. I left it a while (maybe an hour - might not need to leave it that long) and then it worked fine. I'm pretty sure I didn't change anything else in the interim.278Views0likes0CommentsFailover Cluster Manager error when not running as administrator (on a PAW)
I've finally been trying (hard) to use a PAW, where the user I'm signed into the PAW as does NOT have local admin privileges on that machine, but DOES have admin privileges on the servers I'm trying to manage. Most recent hiccup is that Failover Cluster Manager aka cluadmin.msc doesn't seem to work properly if you don't have admin privileges on the machine where you're running it from. Obviously on a PAW your server admin account is NOT supposed to be an admin on the PAW itself, you're just a standard user. The error I get when opening Failover Cluster Manager is as follows: Error The operation has failed. An unexpected error has occurred. Error Code: 0x800702e4 The requested operation requires elevation. [OK] Which is nice. I've never tried to run cluadmin as a non-admin, because historically everyone always just ran everything as a domain admin (right?) so you were an admin on everything. But this is not so in the land of PAW. I've run cluadmin on a different machine where I am a local admin, and it works fine. I do not need to run it elevated to make it work properly, it just works. e.g. open PowerShell, cluadmin <enter>. PowerShell has NOT been opened via "Run as administrator" (aka UAC). I've tried looking for some kind of access denied message via procmon but can't see anything obvious (to my eyes anyway). A different person on a different PAW has the same thing. Is anyone successfully able to run Failover Cluster Manager on a machine where you're just a standard user?Re: Licensing Windows Server 2022 - 2 Core and 16 Core.
Just wanted to update this based on it being a search hit whilst I was trying to find the same info - hopefully this will help some people out now. Windows Server 2022 Datacenter and Windows Server 2022 Standard are licensed under a core-based license model. For both Datacenter and Standard , the number of core licenses required depends on whether a customer is licensing based on the physical cores on the server or by virtual machine. The option to license Windows Server by virtual machine was added in October 2022, and is available to customers with subscription licenses or licenses with active Software Assurance only. • When licensing based on the physical cores on the server, the number of core licenses required equals the number of physical cores on the licensed server, subject to a minimum of 8 core licenses per physical processor and a minimum of 16 core licenses per server. • When licensing by virtual machine, the number of core licenses required equals the number of virtual cores in the virtual operating system environment (i.e., virtual machine), subject to a minimum of 8 core licenses per virtual machine and 16 core licenses per customer. From https://aka.ms/WindowsServerLicensingGuide31KViews1like0CommentsRe: Locking down the Microsoft Store
Rudy_Ooms_MVP Hmm, yeah not sure what I had been reading... I was on a bit of a rant about how annoying the situation is/was - apologies for that Also, have you seen the interesting (but sadly [hilariously] broken) new Store "integration" with AppLocker since Store version 22303.1401.5.0? Could be really good if they hadn't messed up the version checking...42KViews0likes0CommentsRe: Onboarding guide: Preview of Unified Update Platform (UUP) on premises update management
thad_martin Hi, I know I'm a bit late with this, but I've just tried to do the "normal" offline servicing to my Win11 22H2 wim via SCCM offline servicing with the 2023-04 monthly update and it's failed - are UUP updates compatible with offline servicing, and if not how do I keep my Win11 2H2 wim up to date? Thanks.6.7KViews0likes0CommentsAzure AD Connect computer object sync delays?
I've joined a new machine to my on prem AD and run an Azure AD Connect delta sync but the computer is still not showing in Azure AD (30 mins later). We run a sync every 30 mins anyway, so I'm just wondering why the machine didn't sync during the delta. I ran the Azure AD Connect diagnostics and it essentially told me everything I knew: Machine is in on prem AD, Azure AD Connect knows about it in it's database, but it couldn't find it in Azure AD. Can somebody please enlighten me? And ideally let me know how I can get new AD computers to appear in Azure AD faster? Does the AD machine need to have had a user logon to it before Azure AD Connect will sync it? This machine has just popped out the end of an SCCM OSDeploy task sequence so no real users have ever logged onto it. The reason for this is that we require devices to be Hybrid joined to access most of our 365 services, and they can't get hybrid joined if they're not synced to Azure AD in the first place 😉 Thanks in advance.6.7KViews0likes4CommentsRe: Azure AD Connect computer object sync delays?
The sync works fine otherwise, so it's not AV/firewall/etc. That machine still hasn't synced over a day later. I'll try an initial sync but I'd like to know why the delta isn't picking this up. What exactly is the criteria for a computer object within the sync scope being synced?5.9KViews0likes1CommentRe: Locking down the Microsoft Store
Rudy_Ooms_MVP Blocking the store completely isn't an option due to the amount of Windows functionality that would never update if you did, and some manufacturers are delivering drivers and support software through the store, e.g. it seems to be the only way to get the Waves MaxxAudio driver. No Store = no audio functionality on your machine 😞 It's a shame Microsoft have made such a mess of being able to manage it, this stuff has been possible on other platforms for a very long time, and was possible on Windows until fairly recently. It's bizarre that any product manager would think the current situation is acceptable for a release product used in business (i.e Windows Pro/Enterprise).74KViews0likes6CommentsRe: Locking down the Microsoft Store
It's a complete mess, the only way we found to lock the store down was using AppLocker. You can add all the default Windows apps to a policy really easily if you install GPMC onto one of your endpoint devices and edit the policy from that. The user experience isn't ideal - you just get an error message if you try and install a non-approved app, but it works and stops apps you haven't approved from being installed. I'm using this on Win11 but it'll work on Win10 too. Make sure you have a policy entry to allow administrators to run any application.75KViews0likes8CommentsWindows 11 Hyper-V and 12th gen Intel CPUs
Hi, I'm looking for some official info about whether or not Hyper-V in Windows 11 supports the 12th gen Intel CPUs. These CPUs have two sets of cores, Performance (P) and Efficiency (E). I have read things on some other forums that seem to suggest that Hyper-V does not understand these new core layouts and that you have to disable the E cores in the machine's firmware in order to enable Hyper-V to work. Can anyone confirm or deny this? I'm currently having to delay buying 12th gen CPUs until I know that this works properly. Thanks.12KViews1like4CommentsRe: Send Windows Event Logs Into Log Analytics Workpace
Is this definitely true? Azure Sentinel gives you preconfigured options for only sending certain Security Event IDs, see https://docs.microsoft.com/en-us/azure/sentinel/connect-windows-security-events. It seems like the functionlity to only send specific events from certain logs is there in Microsoft Monitoring Agent, but I've yet found any info on how we can configure that ourselves. Sending everything from the System log on all my devices would cost way too much, and I am only interested in a few events.8.9KViews0likes3CommentsRe: Quarantine User Access
I had this, and found that the links worked ok if they were opened via IE but not if other browsers were used. Might be the result of a conditional access policy only allowing hybrid domain joined machines to access Office 365, and if running on an older version of Windows 10 (e.g. LTSB 1607).5.1KViews1like0Comments
Recent Blog Articles
No content to show