@scottalanmiller said in Windows 2022 Disk Defrag Freezing System:

@Obsolesce said in Windows 2022 Disk Defrag Freezing System:

You should never Defrag SSDs except for very specific reasons.

Which is why it is surprising that in the SSD era, Windows 2022 has it on by default.

Has Microsoft changed how they handle TRIM yet? I know years ago they only ran TRIM when defrag was run. Why? Because Microsoft is still that bad at managing storage.

A few years ago I met a bit bitdefender.
Leaving aside the antivirus part.
You can control mobile devices of iOS and Android users, block websites, lock screen and remote wipe.
Also in windows you can block websites etc.

For the corporate version, the licenses are for devices and have a centralized administration console, you can select cloud at no cost or on-premise.

For something so small I also think a family or small business license can work but in this case you should install the additional parental control application.

@Pete-S said in Force password change on first login over RDP:

Great, so it works if you use RDWeb.

But if you RDP directly to any Windows server or workstation it won't.

Nope. It won't. There's no way around that.

We also have Exchange on-premises so OWA works for that password change.

We find that if we rename the PC, then allow more than a day to go by before restarting, this can happen.

Also, if we rename a PC, then the user allows the PC to go into Lock mode (screen saver timeout with login required to return) they will encounter this upon wake up/re-logon.

In the above two cases a reboot usually resolves it, when it doesn't, we go in as local admin and disjoin then rejoin the domain to resolve it.

Also, in the above two cases, we did not lose the computer in active directory, so after the disjoin/rejoin you'd want to remove the orphan computer from AD.

There's an article online somewhere about why you should NOT disjoin and rejoin the domain in this case, but we have always done it this way and have never experienced ill effects.

@DustinB3403 said in Microsoft Finally Deprecated WINS:

@scottalanmiller Finally. . . I have a customer who insists that WINS is as good as it'll ever get. . .

Now maybe I can put their nose into it. .

How many clients even know what it is? Wow.

@scottalanmiller said in Windows Server 2022 and Suspect Edge Instability:

Tested the fix of changing nesting to disable. So far, so good. But it'll take time to know.

Another day, no crashes. So far this fix is working and is really easy.

Thanks I'll give this a try today

@dashrender said in Removing Windows Installed Packages with Powershell:

@dustinb3403

Sure, but to Gene's point - you're not going to be installing crapware with Chocolatey - but the MS Store pre-loads your machine with a shit ton, and really, the only way to get rid of if all is using PowerShell.

I love the first post for info sake itself... I just don't see the need to mention Choco in the same thread - it serves an entirely different purpose - not to mention the fact that it isn't even loaded by default, so if it's there - YOU know it's there.

And again, you know how to install and uninstall applications with Chocolatey.

But you may not know (or want to know how to learn to use Microsoft's App Store) and maybe you prefer to use a shell to remove applications from add and remove.

While you know what you've installed with Choco, doesn't mean you know how to remove programs like in the OP which, again installed during the evening hours without me having installed it.

@dustinb3403

Oh, yeah that changes things... advanced ip scanner as others have suggested might be the safest thing.

We've pushed the config to "Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks."

Option 2 at the link below:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

@dustinb3403 said in Checking multiple Directories to confirm all files are identical:

I know I could use a tool like Create-Synchronicity to force 1 other directory to match the source, but I would prefer to find and list the differences in the directories.
Maybe powershell can help?

Yeah, PowerShell can help with this in the same way closing the front door of a house will fix a fire inside of it.

@flaxking said in Windows Defender Application Control:

@obsolesce said in Windows Defender Application Control:

@ccwtech said in Windows Defender Application Control:

@obsolesce said in Windows Defender Application Control:

@ccwtech said in Windows Defender Application Control:

Has anyone played with Windows Defender Application Control, specifically Group Policy to turn it on for each workstation?

I have a request from a client to do this, but I am very leery of using group policy for something like this.

Are they all running Win 10 Enterprise?

For sure no... Win 10 Pro.

Then it won't work as it's a requirement.

I think specifically it's using Group Policy for WDAC that's enterprise edition only, right?

Yes, you can use it in Pro, just not enforced by a GPO