Browsed by
Category: Adminless

The LAPS: Reloaded / Revolutions

The LAPS: Reloaded / Revolutions

First, A shout out to Peter Rising | LinkedIn for delivering the blog title. We had a nice movie discussion, which movie is better: Terminator 1 and 2…. We also talked about the Matrix… Guess where the blog name came from. This blog will be about an Idea I had to use proactive remediations to create a sort of LAPS (Local administrator password solution). I have mentioned it a lot, you will need to make sure your end-users do not…

Read More Read More

Dude, Where’s my Admin?

Dude, Where’s my Admin?

This blog will be about problems you could encounter when you are deploying Adminless and of course how to solve each problem. I will guide you through the whole Adminless process. When you are migrating to the Modern Workplace you will need to make sure, your end users do not have local admin permissions.  There should really be no discussion. *Source: Microsoft Vulnerabilities Report 2021 | BeyondTrust (great report!!) Okay so what options do we have to make sure the user is…

Read More Read More

Windows 10: The Sands of time

Windows 10: The Sands of time

This short blog will be about some Windows 10 time sync issues and how to deal with them. It’s summertime again, time to set your clock one hour forward. Windows 10 has a built-in mechanism to configure the clock/time automatically for you. If it’s working, it’s great but yesterday some customers called. Their Windows 10 device did not automatically changed the system time. When you have admin privileges you can manually sync the time, but you don’t have this luxury…

Read More Read More

Applocker on the Company portal Express

Applocker on the Company portal Express

This short blog will be about why baselines are very important and why you need to keep them up to date. I am not talking about security baselines this time. What I will be talking about, is the app baseline you need to deploy to your users Windows 10 devices to make sure users can install apps on their own. It’s best practice to implement adminless. *Source: Microsoft Vulnerabilities Report 2021 | BeyondTrust (great report!!) Of course, nowadays users are…

Read More Read More

Public Desktop icons and Adminless: The far side of Intune

Public Desktop icons and Adminless: The far side of Intune

This short blog will be about, why users don’t need admin permissions to delete the public desktop icons. There are not a lot of reasons why your Azure Ad users need to be local admins on their devices. You can do a lot even without admin permissions. To summon a few: -Restarting services can be done without local admin permissions The non admin user: The battle of restarting services – Call4Cloud -Installing applications The PowerShell Win32 App Express – Call4Cloud -Installing…

Read More Read More

The non admin user: The battle of restarting services

The non admin user: The battle of restarting services

Some time ago, Oliver Kieselbach discovered a very great new method to start the IME sync process with just a simple command: “intunemanagementextension://syncapp”.  You could push a shortcut to with command to all your user desktops. An excellent new approach. Like Oliver was mentioning, you could restart the Microsoft intune management service, which also triggers the sync. But when your users have no admin privileges, this is not possible. This got me thinking, shouldn’t it be possible to restart some…

Read More Read More

Company App: Unchained

Company App: Unchained

In this blog I will give you my opinion on how I prefer apps to be deployed. When deploying a zero-trust modern workplace you need to make sure your users are not members of the local admin group. Take a look at my blogs if you want to make sure a user is never a local admin. When your users are no local admin anymore, you can implement an AppLocker policy to make sure your devices are secure. But here…

Read More Read More

The chronicals of Win32 App installations: The RunOnce key, Onedrive and Adminless

The chronicals of Win32 App installations: The RunOnce key, Onedrive and Adminless

This blog will be about some weird RunOnce behaviour when your brand new Win32 App failed installing with out some proper error code. This week, a customer asked me to push their Nuance Dragon speech software to some specific devices. I guess I am a nice person, so I immediately created a new Win32 App with some parameters. To start testing, it’s always recommended to have a dedicated M365 test tenant for testing purposes with some test virtual machines. I…

Read More Read More

Birds of Printer drivers

Birds of Printer drivers

This blog is going to show you 2 options you have, when you want to make sure the end user without admin permissions could still install printer drivers when needed Implementing adminless can be hard, especially when a user is accustomed to the possibility of installing printers on their own. To take away some of this trouble of introducing adminless, you can give your end-users the possibility to install printer drivers on their own. Of course, Printix or Microsoft Universal…

Read More Read More

Guardians of the Local Admin rights

Guardians of the Local Admin rights

Granting your users local admin permissions when deploying Windows 10 is really really best practice…I’m joking, no it’s not! I must be saying this a lot lately. You need to be certain all of your endpoints are managed, so you can make sure your users don’t have local admin permissions. You don’t believe me that your endpoints need to be managed? Take a look at these two examples (Alex Fields): Removing local admin permissions mitigates a lot of critical Microsoft…

Read More Read More