First, A shout out to Peter Rising | LinkedIn for delivering the blog title. We had a nice movie discussion, which movie is better: Terminator 1 and 2…. We also talked about the Matrix… Guess where the blog name came from. This blog will be about an Idea I had to use proactive remediations to create a sort of LAPS (Local administrator password solution). I have mentioned it a lot, you will need to make sure your end-users do not…
This blog will be about problems you could encounter when you are deploying Adminless and of course how to solve each problem. I will guide you through the whole Adminless process. When you are migrating to the Modern Workplace you will need to make sure, your end users do not have local admin permissions. There should really be no discussion. *Source: Microsoft Vulnerabilities Report 2021 | BeyondTrust (great report!!) Okay so what options do we have to make sure the user is…
This short blog will be about some Windows 10 time sync issues and how to deal with them. It’s summertime again, time to set your clock one hour forward. Windows 10 has a built-in mechanism to configure the clock/time automatically for you. If it’s working, it’s great but yesterday some customers called. Their Windows 10 device did not automatically changed the system time. When you have admin privileges you can manually sync the time, but you don’t have this luxury…
This short blog will be about why baselines are very important and why you need to keep them up to date. I am not talking about security baselines this time. What I will be talking about, is the app baseline you need to deploy to your users Windows 10 devices to make sure users can install apps on their own. It’s best practice to implement adminless. *Source: Microsoft Vulnerabilities Report 2021 | BeyondTrust (great report!!) Of course, nowadays users are…
This short blog will be about, why users don’t need admin permissions to delete the public desktop icons. There are not a lot of reasons why your Azure Ad users need to be local admins on their devices. You can do a lot even without admin permissions. To summon a few: -Restarting services can be done without local admin permissions The non admin user: The battle of restarting services – Call4Cloud -Installing applications The PowerShell Win32 App Express – Call4Cloud -Installing…
Some time ago, Oliver Kieselbach discovered a very great new method to start the IME sync process with just a simple command: “intunemanagementextension://syncapp”. You could push a shortcut to with command to all your user desktops. An excellent new approach. Like Oliver was mentioning, you could restart the Microsoft intune management service, which also triggers the sync. But when your users have no admin privileges, this is not possible. This got me thinking, shouldn’t it be possible to restart some…
In this blog I will give you my opinion on how I prefer apps to be deployed. When deploying a zero-trust modern workplace you need to make sure your users are not members of the local admin group. Take a look at my blogs if you want to make sure a user is never a local admin. When your users are no local admin anymore, you can implement an AppLocker policy to make sure your devices are secure. But here…
This blog will be about some weird RunOnce behaviour when your brand new Win32 App failed installing with out some proper error code. This week, a customer asked me to push their Nuance Dragon speech software to some specific devices. I guess I am a nice person, so I immediately created a new Win32 App with some parameters. To start testing, it’s always recommended to have a dedicated M365 test tenant for testing purposes with some test virtual machines. I…
This blog is going to show you 2 options you have, when you want to make sure the end user without admin permissions could still install printer drivers when needed Implementing adminless can be hard, especially when a user is accustomed to the possibility of installing printers on their own. To take away some of this trouble of introducing adminless, you can give your end-users the possibility to install printer drivers on their own. Of course, Printix or Microsoft Universal…
Granting your users local admin permissions when deploying Windows 10 is really really best practice…I’m joking, no it’s not! I must be saying this a lot lately. You need to be certain all of your endpoints are managed, so you can make sure your users don’t have local admin permissions. You don’t believe me that your endpoints need to be managed? Take a look at these two examples (Alex Fields): Removing local admin permissions mitigates a lot of critical Microsoft…