User Profile
treestryder
Steel Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Safe to delete the Surface Hub 3 "admin" account?
We manage our Surface Hubs with Teams Rooms Pro (and Intune where needed). The Windows default local administrator account is disabled during enrollment by the Deployment policy. Intune is configured to add an Entra group to the Local Administrators group, whose membership we manage with an Identity Governance policy. We are all set for administration. And if we were ever to be locked out of a Surface Hub, we would re-image it and begin again. During the Out-of-box experience, a new administrator account named ".\admin", with a well-known simple three letter password, is added to Surface Hub 3 devices. Presumably, the account is added a "convenience". All my testing and research has shown that this account is not needed or used. Is it safe to delete ".\admin" account? Or later, will I find Microsoft expected to use that account in some way? Thanks, in advance.44Views0likes0CommentsRe: Turn on Windows Narrator for all users?
Just found an article on this topic: Enable or Disable Automatically Start Narrator before Sign-in in Windows 11 Tutorial | Windows 11 Forum (elevenforum.com) The answer is: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Accessibility] "Configuration"="narrator"369Views0likes0CommentsRe: Can a Guest User Log Into WIndows 10 AAD Joined Machine?
DonQuixoteAAD Saw a new feature "federated sign-in for Windows devices" was introduced to "Windows 11 SE, version 22H2 and Windows 11 Pro Edu/Education, version 22H2". Configure federated sign-in for Windows devices - Windows Education | Microsoft Learn I guess that I will have to study up on what it would take to add and manage a handful of Education edition PCs in our environment. And manage their guest accounts in Entra.3.5KViews0likes0CommentsTurn on Windows Narrator for all users?
Is there a way (registry setting, command, script, Intune policy, etc) to turn Windows Narrator on for all users? I'm aware of the keyboard shortcut for individuals, but we have dedicated devices currently running JAWS and finding this setting is a first step in possibly replacing them.485Views0likes1CommentAre Defender Device Groups the only way to target Web Content Filter policies?
We are moving from Cisco Umbrella to Microsoft Defender's Web Content Filtering. We fully understand that they are not a 1 to 1 match. We have accounted for the differences with one exception. We have an Entra group of PCs where we need to block additional Web Content Categories. I suspect they will later require additional custom indicators to be blocked. And, if this is successful, I can see additional groups of PCs needing their own content filter settings. I could be wrong however, my understanding of Defender Device Groups is that they configure many other aspects of a PC, including RBAC within Defender. If true, attempting to keep those configurations in sync (especially when we are not aware of what all they might be) could be difficult. With my limited understanding of them, they feel like overkill for assigning additional filters to a subset of otherwise identical PCs. Are Defender Device Groups the only way to target Web Content policies? If it matters any, we are Autopilot enrolling PCs to be Entra Joined and Intune managed. Bye-bye on-prem AD, Configuration Manager, old-skool drivers, and someday... old-skool apps.2.3KViews0likes3CommentsRe: Are Defender Device Groups the only way to target Web Content Filter policies?
Thank you. Here is the documentation to the future functionality: Global Secure Access documentation | Microsoft Learn Here is the current link to the interface: https://entra.microsoft.com/#blade/Microsoft_Azure_Network_Access/WebFilteringPolicy.ReactView2.1KViews0likes0CommentsRe: What's the technical reason on why WCF isn't supporting user/group based policy
vsarawanan Following this post, as we have a similar need. All of our PCs have the exact same configuration. Except for a select group of users, or if we must, the PCs these folks are likely to use, they must be disallowed from further web categories and likely some custom indicators.326Views0likes0CommentsCataloging Modern PC Management Ready PCs, Peripherals, and Software
I have started a shared spreadsheet for the community to share their experiences with "Autopilot Ready" PCs, Peripherals and Software. My hope is this will help admins find the rare gems and push OEMs to get with the times. Please contribute your own findings to the spreadsheet and discuss suggestions here. https://1drv.ms/x/s!AgG_boPR-xfWjN9i2Z_y_8ErM6t--A685Views0likes2CommentsRe: How do I create a Sharepoint glossary without using an app?
Here are links to more information about Acronyms answers in Microsoft Search: * Introducing acronym answers in Microsoft Search https://techcommunity.microsoft.com/t5/microsoft-search-blog/introducing-acronym-answers-in-microsoft-search/ba-p/1122809 * Manage Acronyms answers in Microsoft Search https://docs.microsoft.com/en-us/microsoftsearch/manage-acronyms23KViews2likes0CommentsRe: Creating a Teams phone using a Wi-Fi only Android or iOS phone in kiosk mode.
My company now has two Android "candy bar" phones deployed. We ended up using a Google Pixel 4a, with an Otter Box Defender case. I assigned the Teams App, a Wi-Fi configuration, an Android configuration (see attached screenshot), as I did not find a way to configure everything, I wrote some instructions for the remaining setup (see attached screenshot). Hiding the notification tray would be great, security and reliability wise, but you lose access to things like the time, Wi-Fi state, brightness and password/biometrics settings. The only feedback I have heard from the users is that they sometimes find it hard to use the fingerprint reader with the Otter Box case on. Though, I never had a problem with it.3.5KViews0likes0CommentsRe: Duplicate AAD devices when using "Convert all targeted devices to Autopilot" option
I'd love to know. I found using "Convert all targeted devices to Autopilot" to be a mistake. If the AD object is deleted before the device in AAD gets enrolled, it breaks Autopilot when the synchronized AAD object also gets deleted.3.4KViews0likes0CommentsRe: WiFi Device Configuration Profile - Error WindowsWifiEnterpriseEAPConfiguration 0x87d1fde8
RossLyons, thanks for reminding me, that I forgot to update this thread... I have worked around this problem by using the following instructions to export a working Wi-Fi profile's configuration XML, then deploying this through Intune. Import Wi-Fi settings for Windows 8.1 and later devices in Microsoft Intune Here is an example of the export command, which requires Administrator rights. netsh wlan export profile name="WiFiProfile" key=clear folder=.\ Here is documentation for the XML export schema, in case you might need to customize it. https://docs.microsoft.com/en-us/windows/desktop/eaphost/eaphost-schemas https://docs.microsoft.com/en-us/windows/win32/eaphost/eaphost-schemas39KViews1like1CommentRe: Very sub optimal application sign in experience with new Surface Hub 2s
Adding a "Me too" to this thread. We are finding this same behavior on three Surface Hubs which we recently joined to Azure AD, with more planned. Entering anything into the first username field causes the next dialog to flash for a moment, then disappear. cezarcretu, all of our UPNs have a matching SMTP address. If this is a "known issue", could someone point me to where this has been shared by Microsoft? It would have been helpful if there were a note near the documentation I followed to join the Surface Hubs to Azure AD. As to the workaround of using a local account. Is there a reason to use a local account, over On-Prem Active Directory? What are the implications of either, over joining Azure AD? Thanks.1.2KViews0likes1CommentRe: What is the procedure to reassign an Intune managed AAD joined Windows 10 device?
I finally had an opportunity to perform the "Wipe, without Retain enrollment state and user account" function in Intune. In the end, I had to perform this action twice. Both times, left a the original Intune object, after changing its Azure AD Device ID to "00000000-0000-0000-0000-000000000000". The first attempt, the laptop had a Device Name template from a different Autopilot Enrollment Profile applied, though it showed as having the correct profile assigned. The second time I tried to Wipe the laptop, the device name was fine. Maybe the answer is to "Wipe" the machine through Intune and, once re-enrolled, delete the original Intune object?40KViews0likes2CommentsRe: Intune PowerShell scripts
Nikola NenadovicTry setting "Run script in 64 bit PowerShell host (when available)" to "Yes". I have found some very strange behavior when the scripts run within the 32-bit emulator. Things like, registry setting changes that only affect that Powershell session.2.3KViews0likes0CommentsRe: What is the procedure to reassign an Intune managed AAD joined Windows 10 device?
Had need to reassign a device to a new user and tried the "AutoPilot Reset (preview)". Unfortunately, it did not bring the device back to its AutoPilot ready state, nor remove the former owner from AAD and Intune. Where I expected the device come up at the OOBE and no longer have an owner, the experience looked like this: I searched for the device in Intune and clicked "AutoPilot Reset (preview)". The device displayed a popup that stated that the user should restart the machine to begin the reset process that an administrator had initiated. Thinking an administrator should be able to control the whole process, in Intune I tried to force the reboot by clicking "Restart". When the reboot did not begin after nearly 10 minutes, I clicked "Sync". When still nothing happened for another 10 minutes, I manually rebooted the PC and the reset process began. When the Reset completed, the machine came back to the normal Windows 10 logon screen, without the former user profiles, but still registered to the former owner. Until a better solution is found, I plan to delete these devices from AAD, then delete from Intune, re-enroll the device, then run the local system reset. This process will also handle a related problem, when we need to change the Order ID / Group Tag.40KViews0likes0Comments
Recent Blog Articles
No content to show