CategoriesEndpointsInfrastructureNetworkingServersWindows

Windows 10/11 in 2024 SOE – finalization

Basically, powrshell.

A few key criteria:

1 > Is windows 10/11 activated? true or false

2 > Is there any driver issues? as far as powershell goes, this is basically a 1 or 0 like the license.

3 > is the main ethernet connected network adapter running at 1gbps? I have a quick job for this in Datto like the windows license!

4 > if this is a client, is there a mapped drive (M:) to the master PC? if this is a mster PC, is there a shared folder?

5 > My last task is to prompt the user for 1, the Windows serial number; Pretty sure I can do this autonomously. Lastly, What is the PC serial number? I may consider putting up a GUI or google form to enter this. Although: Recently we have a way of getting this detail from the vendor so it’s a bit moot?

Rolling out an SOE in 2024 without an Azure/EntraID platform

So this is 100% a work in progress. However, I’ve mostly worked this out! with help from EA*!

How do you deal with an SOE rollout without a centralised SOE, intune, terraform, SCCM platform? This statement still stands as we don’t have intune or SCCM or otherwise. That said. I’ve been advised that we have some software management in the pipeline! From my understanding, it still won’t help us here but maintain the SOE and standards, etc. Wish me luck!

If you don’t have VPN site-to-site access ,etc?

We have GPO’s but they are local? we have constraints and considerations ,etc.
Well, without violating an NDA or giving too much details I’m going to share with you all how we achieve this!

CategoriesActive DirectoryAuthenticationOauthOTPSecurityServersWindows

MFA AD, RADIUS ,etc anyone got this working?

I’ve gotten various aspects of this working…

And If I had a large enterprise WLAN community to cater for this might be worth while but I dunno?

The cred provider can run locally without a server>client setup so i MIGHT look at that!

The problem is in my honest opinion is the sync…. between AD and RADIUS. If I’m going to do that I may as well either just run a linux LDAP server or move to Azure where it’s officially supported ,etc.

Don’t get me wrong here guys… the team at MULTIOTP have done a fantastic job! especially with their scripts, binaries, dockers, OVA’s, etc. so good! But I feel I’m trying to implement better security by opening more security holes ,etc?

I can hear all you sysadmins yelling at me saying dude just use DUO! And don’t get me wrong… I LOVE cisco. CCNA was one of my proudest moments. But it’s expensive yeah?

Not to mention all the addons I believe like securing end users and the RDS gateway and terminal/apps servers ,etc.

I just don’t think we are there yet….

Which is hard because microsoft is forcing this on some of us/you. That’s right they are literally picking at “random” clients to test forced OAuth on. hence the recent printernightmare which is a whole extra shit show on it’s own.

Don’t submit me a printer ticket… seriously….

I’m digressing as usual but that’s OK because it’s MY blog!

It might honestly be easier to just get hardware keys and incorporate that software into our SOE for now? I have some for my PC’s/laptop ,etc and it works great…

TrueCrypt asks for the passphrase first.. once the bootloader is unlocked then the windows login asks for creds (user/pass) but if my yubi-key nano isn’t plugged in you simply can’t log in! I’ll do more research but like i said.. On prem AD and MFA is still JUST not there yet sorry 🙁

multiOTP open source strong two factor authentication PHP library, OATH certified, with TOTP, HOTP, Mobile-OTP, YubiKey, SMS, QRcode provisioning, etc.
https://github.com/multiOTP/multiotp
76 forks.
364 stars.
13 open issues.

Recent commits: