Use Fingerprint Card
Among the many products that FEITIAN offers, it is possible to use a Fingerprint card. I receive my kit yesterday and i can write this blog post.
Windows Update for Business
Windows Update for Business allows you to perform maintenance on Windows devices. The post has the latest security features. Updates are retrieved directly from Windows Update Service. The different Windows 10 and Windows 11 workstations can be configured using a group policy or via Microsoft Endpoint Manager (MEM) With Windows Update for Business, the IT department no longer needs to manage the approval of updates. The workstations automatically retrieve the patches from the Microsoft servers. However, it is possible via…
Send Event log to Sentinel
Why send Event log Security is an important issue these days. Sending security event logs to Sentinel provides an additional level of security for onPrem servers. For this, we rely on Azure Sentinel, the SIEM from Microsoft. However, this operation has an Azure cost, so it is preferable to limit the events sent to the necessary logs (security, defender, etc.) In this post we will first set up the transfer of events on a collector via WinRMS and then configure…
Migrate ADCS
In Best practice, it is important to have an offline root certificate authority and an Subordinate certificate authority that distributes certificates. We will look at how to migrate these two server (Windows Server 2012 R2 servers to Windows Server 2019).
Convert CMG
Microsoft Endpoint Configuration Manager 2107 permit to convert the CMG (Cloud Management Gateway) with classic cloud service to virtual machine scale set. I write a post few month ago here for configure CMG with virtual machine scale set. Change parameter When you convert to virtual machine scale set, you can proceed to change some parameters.
Migrate your sccm server to a newer server
After several years of use, it is necessary to migrate the SCCM infrastructure to one or more other servers. It is possible to migrate the server to another server or to migrate role by role. If the infrastructure remains the same, the first solution is preferable because it is faster. In the case where the roles are redistributed, it is preferable to use role by role.
CMG – VM Scale set
Customers with an Azure subscription through a CSP (Cloud Solution Provider) could encounter a lot of problems to set up the CMG. Since the 2010 version of Configuration Manager, it is possible to set up the functionality Cloud management gateway with Azure VM scale set.
Task Sequence over Internet
The deployment of a task sequence to customers can be done via the Internet. This scenario, which has already been present for several versions of Configuration Manager, has been improved with the 2010 version. It is now possible to start the update or installation of a Windows 10 workstation from a boot media.
Orchestration groups
Orchestration groups start with Configuration Manager 2002. This features permit to create a group for control the deployment of Software update. With this orchestration group, you can update devices based on percentage, explicit order, etc…. The member can be any Configuration Manager client. You can apply rules to any collections and all software update groups.
Change Krbtgt password
Recently one of my customers want to change KRBTGT password for security reason. This account present in Active Directory is used by Key Distribution Centre. He is disabled and he can’t be deleted or enlabled. It’s recommanded to change his password two or four times by year.