Hybrid Azure AD Domain Join Without an SCP

The standard method to configure hybrid domain join is to open up Azure AD Connector and follow the wizard. However this isn’t suitable for every environment – for a start it needs to write forest-level configuration data, create a Service Connection Point (SCP), and if you want to link multiple tenancies to a single AD forest you’re in for a hard time.

Luckily we can hybrid join with some registry settings on the client devices, and don’t need to set up an SCP. Here’s how I’ve managed it on my network.

Continue reading “Hybrid Azure AD Domain Join Without an SCP”

Enabling BitLocker with MEMCM

Enable BitLocker to protect your data in case of device theft.

MEMCM comes with a Bitlocker Management section (under Endpoint Protection), however as far as I can tell this just allows you to set the Bitlocker policy but not force drives to be encrypted – at least I couldn’t get it to do anything on devices it claimed were compliant.

I’ve got an OS deployment task sequence which installs Windows, and has a few BitLocker steps – however I forgot to set a variable telling it to use the TPM chips without additional PIN/password/keys for Bitlocker – so my computers built without Bitlocker being enabled.

Not wanting to go through the build process again for all these devices, I decided to push it out to existing devices through MEMCM. Continue reading “Enabling BitLocker with MEMCM”

Delving into the “Last PXE Advertisement” flag

This post has actually come from having a look at the search queries coming up in my blog visit stats – “all active pxe flag deployements” – which seems like a good thing to look into.

If you’re trying to make a device collection you’ll find the LastPXEAdvertisement doesn’t appear to be available through the query builder UI. Here I’ll look into getting the data through PowerShell and then also putting it into a Device Collection within MEMCM. Continue reading “Delving into the “Last PXE Advertisement” flag”

PHP: Mailing through Office 365 using the Graph API

The Graph API is a great way to get your application to send/receive mail through Office 365 in the background

A while ago I needed to update my PHP applications mail handing scripts, as Microsoft are disabling basic authentication and they connected using EWS with basic authentication. I took the opportunity to update them to use the Microsoft Graph API instead.

My systems generally run mail as a background process, e.g. sending/receiving mail to the helpdesk mailbox, so this article is written in that vein. If you wanted to access mail in an interactive way (so the user is sat in front of the browser at the time mail is accessed) you’d need to switch to Delegated rights, rather than Application, and the user would log in rather than the script logging in. I’ve not looked at this so not able to say much more about it.

Continue reading “PHP: Mailing through Office 365 using the Graph API”

UEFI Network Boot Across Subnets

UEFI style network boot – press Enter, not F12!

A few years ago when UEFI became much more common on new PCs I wanted to use the UEFI network boot, rather than the old style PXE boot, for imaging machines. This worked fine for computers sat on the same subnet and VLAN as the server, but getting this to work when the client device is in a different subnet took a bit of work.

Continue reading “UEFI Network Boot Across Subnets”

Wake on LAN revisited

If only it were as simple as a BIOS setting any more!

A couple of years ago I wrote about the pain of getting Wake on LAN to work on HP switches. While this got some of my machines to work, there was still quite a large proportion (about 60%) that weren’t playing ball.

I’ve finally had a bit of time to look into this, so here’s everything I’ve gone through to get a lot more of the PCs powering up on command. Of course there will always be some PCs which just refuse to work (we have some Gigabyte H81M based machines where they just don’t Wake on LAN – whatever you do the LAN link drops when the power is turned off), and some older H61M based machines that are a bit hit and miss. Continue reading “Wake on LAN revisited”

Environment variables

Environment variables are really useful when doing scripts, folder redirection or GPP items

As I’ve been configuring a bit of folder redirection in group policies, I often forget what environment variables there are (there’s a lot more than you ever realise!) So I thought I’d list some environment variables that may be useful when editing GPOs or registry settings, and what they resolve to by default (assuming I’m logged in to the domain contoso.com as CONTOSO\Katy from contoso-wk-1), with my home drive set to map N: to \\file.contoso.com\users\katy

You can view the full list of environment variables for the currently logged on user on your system by opening a command prompt and running “set”. You can also see them by going into System Properties -> Advanced -> Environment Variables however this will show you the variables in the SYSTEM context, i.e. %USERNAME% will show as SYSTEM. Continue reading “Environment variables”

Automated shutdown of devices

Scheduled Tasks to shutdown pushed out through Group Policy Preferences

In a drive to reduce power usage, I’ve tried a few times over the years at a way to shutdown computers but not if they are in use. I’ve tried using scheduled tasks set to only run when idle – in reality this doesn’t really work as we tend to have quite a lot of mice that move ever so slightly on their own, so the PCs never think they are idle. Even wrote a client/server application where the client reports when someone logs on, logs off, or switches user and when prompted to shutdown by the server, the client asks the logged on user if they want to go a head or cancel. This worked fine for a while but when we updated to Windows 10 it stopped working and needed a lot of time spent on working out what had changed. So I moved away from that method. Continue reading “Automated shutdown of devices”

MEMCM Support Centre

Tools installed as part of the Support Centre

I’m not sure how long it’s been around, but one of the neat things I discovered lately is the Support Centre. The installer for this can be found on your MEMCM server, in the installation directory\tools\SupportCenter.

The Support Centre contains a variety of tools to help troubleshoot all things MEMCM. I’m just going to do a very brief look at it here so the best thing to do is install it and have a look for yourself!

Continue reading “MEMCM Support Centre”

PaperCut Print Release using RFID cards

RFID reader fitted to copier

A couple of years ago we replaced our copier fleet and moved to PaperCut MF, with a single print queue for the entire site and users had to go to their nearest copier and enter their code to release their printing. Almost perfect setup but people struggle to remember 5 digit codes, so I had a look at using their existing student/staff ID cards instead. We already sync Active Directory to PaperCut so the ideal solution would be storing the RFID codes in Active Directory, and using that data as the user’s login code in PaperCut.

Continue reading “PaperCut Print Release using RFID cards”