Search

Håvard Siegel Haukeberg

Paste life: Ctrl+C -> Ctrl+V

Create a GPO Registry Key Script Package for Microsoft Intune

Here is how you create a script that adds a registry setting to the computers managed by Microsoft Intune.

Navigate to:

C:\Windows\System32\iexpress.exe

Right click it and select “Run as Administrator”

iexplore

12345678

9
Click Browse and select where you want the file to be saved

101112

success
You now have a EXE file that you can upload and deploy in Intune

Forgot login credentials and need to reset Windows 10 – Use Advanced Startup

If you are stuck on this screen and forgot your login there is a simple way to reset your device.

IMG_20160229_094507
Logon screen and you can not log in.

 

 

IMG_20160229_094527
Hold the “SHIFT” key and keep holding it while tapping/clicking on the power button and select restart

 

 

IMG_20160229_095023
Advanced startup. Press troubleshoot and then press “Reset this PC” 

Thanks to: http://www.tenforums.com/tutorials/2294-advanced-startup-options-boot-windows-10-a.html

 

 

Disable PIN code when joining Azure AD *UPDATED 2018

*THE AZURE AD PORTAL EXPERIENCE HAS BEEN UPDATED, TO FIND THIS SETTING IN THE NEW PORTAL LOOK HERE: Enable or Disable Windows hello in new AAD portal

If you are a larger organization or a school, simply asking your users to enter a pin and start authenticating with a phone might be challenging. Even more so when they have never done that before.

Here is how you disable PIN challenge and phone verification when joining Azure AD

UPDATE: In Azure.

  1. https://manage.windowsazure.com
  2. Go to Active Directory
  3. Select your Domain
  4. Select Applications
  5. Select Microsoft Intune
  6. Select Configure
  7. Under manage devices for these users, select All and click Save.
apps
Apps in Azure AD
configure
Configure the Intune app
manage all
Turn on MDM

In Intune.

  1. https://manage.microsoft.com
  2. Go to: Admin > Mobile Device Management > Windows > Passport for Work.
  3. Select: Deactivate Passport for Work on registered devices

Thats it.

deactivate passport

Azure AD join on Intune MDM classic agent channel *UPDATED

You can join Azure AD and use the Intune device agent for MDM and not the MDM channel when you enroll. It is a bit tricky and require manual touch on the device.

The best experience is to include the Intune agent in the Windows Image. If can not do this then here is how:

You need this:
  1. Azure AD Enrollment Administrator
  2. Microsoft Intune Agent on USB
  3. Windows 10 clean install (OOBE)
  4. Configure Azure AD to only MDM enroll
  5. Create a group for Security Group with all students
  6. Target Intune to only do MDM for that Group
Optional: Passport for Work registry disable script

Here are the steps:

In Azure AD:

  1. https://manage.windowsazure.com
  2. Go to Active Directory
  3. Select your Domain
  4. Select Applications
  5. Select Microsoft Intune
  6. Select Configure
  7. Under manage devices for these users, select Groups then browse and select the all students group. Select it and click on the check mark. Click Save down on the bottom bar.
appsconfigureselect eleverset groups

In Intune:

  1. Create an enrollment administrator in the Intune Console
  2. Go to ->Admin->Administrator->Device Enrollment Administrator Enter an Azure AD user as a device enrollment admin e.g. deployment@yourdomain.com
  3. *Create group for the devices that the Device Enrollment Administrator is a part of so that all his devices get targeted for a script.
  4. *Disable Passport for Work by pushing a Script to that group. This script Disables Passport for Work on the local machine so that you do not need to enter a pin.
  5. *Here is how you create the script: Create script
  6. *Here is how you package the script: Script Deployment
  7. *Here is how you deploy the script: Deploy custom script
  8. *One client is visible in Microsoft Intune you need to either distribute the software on all clients or on a client that you manually move into a specific group.
  9. That software will be pushed down in time. you may force the install on the device by pressing install on the client or refreshing the policy in Intune.
  10. Get the Intune agent from Admin->Download Client Software and save it to a USB stick.
*Only nessecary if you want to disable the “Create PIN promt” on login.

 

deployment admin
Enrollment Admin Creation

On the Device:

  1. Boot the clean device.
  2. Under the OOBE experience Select “My company owns this Device”
  3. Log on with that enrollment administrator and complete the setup.
  4. As the admin you will be challenged with a PIN prompt and you need to verify so bring your phone.
  5. Plug in USB and run the EXE file. Remember you need both the EXE and that small certificate file to be in the same folder for the enrollment to be toward your account.
  6. Let the machine sit if you can. The longer it sits, the more stuff will be downloaded so your next user do not have to wait.
  7. Log of your enrollment admin and give the PC to the students and let them log in with their user that is in the Student security group.
  8. The next user that logs on will be a standard user.
  9. He/She will be prompted for a pin but it can be bypassed by doin this:

Configuring Conditional Access to Exchange Online (365) with Intune

You can configure Microsoft Intune to block devices that do not comply with a “standard” access to Office 365 Exchange Online email.

Here is how:

  1. http://manage.microsoft.com in a silverlight browser.
  2. Create a Compliance Policy
  3. Policy->Compliance Policy->Create New
compliance policy
I will demand a password of minimum 6 digits and 1 minutes before screenlock.
Setting the Conditional Access and blocking Exchange Active Sync
  1. Policy->Conditional Acces->Exchange Online Policy
  2. Click following:
    • Activate Policy for Conditional Access
    • Select Specific Platforms
    • Check iOS (my rules will now only apply here, rest can read email.
    • Check: Require Compliance for Mobile Device
    • Select “Block access to e-mail for devices not supported by Intune”
    • Select “All users”
    • Select “No exception users”

The iOS users will now have to enroll in order to read email and when they do they need to set a 6 digit password.

Caution with using Active Sync only:

  1. If the user has allready configured email, he might not be blocked.
  2. If the user has been associated with that device earlier, he might not be blocked.

Enrollment procedure:

  1. Enter Your email in the native mail client by going to settings
  2. You recive an email with instructions on how to get access to your mail.
Follow that instruction.

 

Ikke gjør dette når du velger kontorpult!

Kjøpte en IKEA ALEX skrivebordspult. Den var fin og greier men….
IMG_20160213_125541

Husk at du skal ha beina under pulten også når du velger skrivebord. Derfor er det ekstremt upraktisk med skuff under bordet. for å gjøre vondt værre så er det også en metallstang under der igjen. Lite plass!!

IMG_20160213_125613

Du får også ikke stolen helt inntil så du må klemme beina for å få armlene høyt nok så du unngår det som skjer på nederste bilde

IMG_20160213_125623

IMG_20160213_125643
Armen kommer her i klem grunnet høydeforskjell. Nå sitter jeg behagelig med bena, men ubehagelig med armen
IMG_20160213_125648
Sirkulasjonen blir klemt av og er nødt til å heve stolen

BMW i3 Self Parking – Park Assist

What a perfect parking and best of all, I did not do it!

IMG_20160215_143657
BMW i3 with Park assist

Here is a video of the whole thing. Smart, right?

The Smartest Doorbell

I was listening to a podcast and they did a good ad from Ring.com. I just had to go online and look at it. And what do you know it was all that cool.

IMG_20160207_175740
TIP: you can not have it charging when you set it up. then it will not work

 

It is a standalone one-way video two-way audio doorbell that lets you answer any ring or motion outside with voice. It also records the motion and rings for you to look at later.

Look at these videos:



 

The doorbell comes in a nice box with all the tools you need.

IMG_20160207_173956
By mistake I got a US adapter on the CHIME unit

 

You do not have to plug it in to power as the built in battery will last a long time and you can charge it with a standard USB cable.

IMG_20160207_173930

You do not need to buy extra chimes as one chime unit comes in the box, but here make sure that you specify an international package. I did not know that the orginal box came with a chime unit so I ordered that aswell.

IMG_20160208_073202

Ethernet RJ45 Cat5 wall Socket

I was lucky and in my new house there were two CAT 5 TP cables that ran to two separate outlets on each floor and back into a compartment under the fusebox.

I am not very good with cables but putting a cable box on the wall socket was suprisingly easy.

This is what you need:

  • The outlet box from Jula
  • A flat screwdriver
  • A clipper, i used a small nail clipper actually
  • An ethernet tool to remove the plastic around the cable (you can also use your fingers)
Take the box apart and thread the cable through the plastic.

IMG_20160112_203738

Now just push the small wires down on the respective clips. The clips are color coded so you can not do wrong. If you do not have the cables inside your wall, just strech them alongside the wall and use this kind of outlet from Jula

IMG_20160112_203441

IMG_20160112_204526

Blog at WordPress.com.

Up ↑