Windows 10, Azure AD Join and Password Changes

Posted on November 8, 2019 by Dale

So we are deploying Workspace One, and our devices are joined to Azure AD.
We have found an issue when the user is prompted to change their password.

Issue
When the user is prompted to change their password, they are directed to https://account.activedirectory.windowsazure.com/ChangePassword.aspx

The user successfully changes their password, and then finds that they cannot connect to our on-premise Active Directory resources.

Cause
The Local Profile (Cached) Password on the workstation is not being updated with the users new password.

Fix / workaround

User still changes their password via https://account.activedirectory.windowsazure.com/ChangePassword.aspx
They then immediately LOCK their workstation (Windows + L)
They unlock their workstation, with their NEW password.

Why this works
It forces the local workstation to validate the password with Azure AD, and then this updates the copy of the password which is stored in the local workstation user profile.

References
The Old New Thing – Why does it take longer to reject an invalid password than to accept a valid one?
Microsoft – Cached credentials security in Windows Server 2003, in Windows XP, and in Windows 2000

Workspace One–Useful blog links

Posted on November 7, 2019 by Dale

The Bearded Wonder From Down Under
EUCSE
Camille Debay’s Blog
Brooks Peppin’s Blog

Deleting missing or dead iTunes music entries

Posted on September 25, 2019 by Dale

The song could not be used because the original file could not be found. Would you like to locate it?

For whatever reason, I ended up deleting some MP3 files from my music storage, and my iTunes Library still had (now "dead") links to the files.

To find these dead links I wrote some Powershell code …

Continue reading →

Adobe PDF printer hangs on Windows 10

Posted on September 13, 2019 by Dale

with Adobe version 9.5 –> 11.

The fix is to grant all "Users", "Full Control" to the HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Acrobat PDFMaker Registry Key
(on a 64-bit system, this will be HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Adobe\Acrobat PDFMaker)

I thought Y2K stopped this silly date nonsense …

Posted on September 10, 2019 by Dale

Date Not Valid

Yet, in the case of a major cloud vendor, it did not.

ISO 8601, and it’s recommended date format (CCYYMMDD….), was supposed to solve this.
(the issue is that the "backend" is expecting a MMYYDD format, and is complaining when it sees "23" for the MM-Month value)

Disputed computer ownership is …

Posted on September 4, 2019 by Dale

a thing in large corporations.

And one way to find out who has the computer, is to flag it at next logon.

I used this idea at a few organisations, and it always works well.

The Windows 10 “Hardware Hash” for AutoPilot

Posted on August 19, 2019 by Dale

You can get the script to export the value from a computer here.

The main thing the script does is call WMI to get the DeviceHardwareData value. It’s a real shame that you can’t generate this data yourself. In Microsoft’s own words:

References:

Why you shouldn’t do something on the cheap …

Posted on May 13, 2019 by Dale

(or the tale of ‘Two indicator stalks’)

$5
Is the net minimum cost* of this replacement part each time it’s replaced.
($5 being the cost from an Auto Wreckers)

$25
to fix it properly, from a parts store.

* – not including my time, and skinned knuckles.

Continue reading →

Some things to do/see in Tasmania

Posted on February 10, 2019 by Dale

The Spirit of Tasmania

Penny Royal – Launceston

Mt Elephant Pancakes

The House of Anvers Chocolate

Salamanca Market – Hobart

Ball and Chain Grill – Hobart

Wine Glass Bay Cruises

Port Arthur Historic Site

The Taste of Tasmania Festival – Hobart

The New Sydney Hotel – Hobart

"… Just get through the day …"

Posted on November 11, 2018 by Dale

“First of all, I do not want you to give in to the pressure of the moment. Whenever you’re hurting bad, just hang in there. Finish the day. Then, if you’re still feeling bad, think about it long and hard before you decide to quit. Second, take it one day at a time. One evolution at a time.

Don’t let your thoughts run away with you, don’t start planning to bail out because you’re worried about the future and how much you can take. Don’t look ahead to the pain. Just get through the day, and there’s a wonderful career ahead of you.”

– Captain Joseph Maguire, as mentioned in Lone Survivor: The Incredible True Story of Navy SEALs Under Siege

wisefaq.com

Stories, and bit rot, from the IT Support Trenches