CategoriesEndpointsInfrastructureServersWindows

Windows 10/11 in 2024 SOE

Rolling out an SOE in 2024 without an Azure/EntraID platform

So this is 100% a work in progress.

How do you deal with an SOE rollout without a centralised SOE, intune, terraform, SCCM platform?

If you don’t have VPN site-to-site access ,etc?

We have GPO’s but they are local? we have constraints and considerations ,etc.
Well, without violating an NDA or giving too much details I’m going to share with you all how we achieve this!

CategoriesInfrastructure

OFF-GRID SOLUTIONS

No I’m not running! (WIP)

I Have parentals that are retiring soon and wanting to move around Australia (both sides of the fam) but still have some form of connectivity. I mentioned Skymuster NBN satellite being junk and expensive trash; Pretty sure those were my actual words!

Where the Sky Muster will point
see look, it’s trash!

So going by the actual NBNco’s own mappings….

Skymuster isn’t up to muster so to speak.

Now let’s look at Starlink: there’s also LORA if applicable and viable? (https://www.iot-store.com.au/collections/lorawan/products/lora-and-gps-hat-for-raspberry-pi-long-range-transceiver)

So basically skymuster will provide the bare-minimum for most aussies *10mbits/s. Yeah good job libs….

Starlink on the other hand is getting rave reviews on whirlpool and ausnog.

It is about $1kAUD for the setup. and then $130/month AUD.

Currently I pay $108 for shitty “business” NBN 100mbit unlimited with VOIP ,etc.

We are on our 4th NBNco tech call-out and I imagine there will be more as this house was built by a toddler I’m fairly convinced… (the front steps would trip up even Steven Bradbury….)
We had DVB-T issues and when I got someone out to have a look he said **i’m not para-phrasing here…. “Mate it looks like someone literally didn’t want to get into the roof and frisbee’d the antenna amplifier into place….” I’ve secured it for you and hard wired it in ,etc. – Awesome I’ll forward your invoice to the real estate….

fibre to the curb (FTTC) – BYO modem
I hope they get a bulk discount because this is number 4 for us…..

Anyways…. enough about my rental issues. (It’s actually a lovely house and reasonable landlord/price/neighbors ,etc) but mate NBN is FUCKED. I see NBN techs come all the time for other properties…. the DPU in the pit and our NCD (FTTC white box) get’s replaced nearly monthly from lightening strikes lately

So starlink…. I’m going to order one.

Lets see where this leads figuratively and literally

4G is fine I guess as long as you have a big ass pole on your caravan? BUT wouldn’t it be so much better to just throw out your dish (literally no matter where you are in aus) and then you just have high-speed internet?

Furthermore would it not be worth (once up and confirmed running with a somewhat static IP), a toolset to test this

An actual icon or systray icon to display if they have internet YES / NO or re-position your dish ,etc.

I think many remote aussies would benefit from this script if I were to share it perhaps?

We then go further into possibilities of connecting remote communities as we only need a single starlink of say 100mbit/s and then shared via various wireless tech. **just a thought! is there gov grants for this stuff?

CategoriesActive DirectoryAuthenticationOauthOTPSecurityServersWindows

MFA AD, RADIUS ,etc anyone got this working?

I’ve gotten various aspects of this working…

And If I had a large enterprise WLAN community to cater for this might be worth while but I dunno?

The cred provider can run locally without a server>client setup so i MIGHT look at that!

The problem is in my honest opinion is the sync…. between AD and RADIUS. If I’m going to do that I may as well either just run a linux LDAP server or move to Azure where it’s officially supported ,etc.

Don’t get me wrong here guys… the team at MULTIOTP have done a fantastic job! especially with their scripts, binaries, dockers, OVA’s, etc. so good! But I feel I’m trying to implement better security by opening more security holes ,etc?

I can hear all you sysadmins yelling at me saying dude just use DUO! And don’t get me wrong… I LOVE cisco. CCNA was one of my proudest moments. But it’s expensive yeah?

Not to mention all the addons I believe like securing end users and the RDS gateway and terminal/apps servers ,etc.

I just don’t think we are there yet….

Which is hard because microsoft is forcing this on some of us/you. That’s right they are literally picking at “random” clients to test forced OAuth on. hence the recent printernightmare which is a whole extra shit show on it’s own.

Don’t submit me a printer ticket… seriously….

I’m digressing as usual but that’s OK because it’s MY blog!

It might honestly be easier to just get hardware keys and incorporate that software into our SOE for now? I have some for my PC’s/laptop ,etc and it works great…

TrueCrypt asks for the passphrase first.. once the bootloader is unlocked then the windows login asks for creds (user/pass) but if my yubi-key nano isn’t plugged in you simply can’t log in! I’ll do more research but like i said.. On prem AD and MFA is still JUST not there yet sorry 🙁

multiOTP open source strong two factor authentication PHP library, OATH certified, with TOTP, HOTP, Mobile-OTP, YubiKey, SMS, QRcode provisioning, etc.
https://github.com/multiOTP/multiotp
71 forks.
317 stars.
11 open issues.

Recent commits:

CategoriesUncategorized

Hello world!

Standard intro post! MY name is Nathan Ash!

This site is still heavily under development!

You’re welcome to look around whilst it’s a mess! Happy trails!

…oh yeah buy some DOGE or SHIB too!