Відео

I found the problem, I had a exe file and didn't download yours. Chatgpt Made me aware of the possibility, that the exe file isn't a full version. So I downloaded the file again and o voila it worked.

Hi, oh getting that error, pretty generic error, I would look at the program that runs what is specified there and also the content of the intunewin file. You will find more in "C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\IntuneManagementExtension.log" file, not always so helpful but it will tell you what command it executed at least. Also check if the program is there? sometimes it is just the detection method that is incorrect etc...

Hi, great questions, you target the EntraID group but if you want all, you put under Assignment, the requirement to "All Devices" Firefox will upgrade existing. I usually set a detection method so it checks firefox.Exe and version, if older then run, if the system already have a newer version than packaged, then the detection sees that and just says all is good without running it (detection comes later in the course and goes through all the ways)

@@IntuneVitaDoctrina many thanks. I already watched the detection course as well. I like how you explain things step by step with different methods as well. Are you only doing UA-cam video or is there any courses which I could attempt?

@@IntuneVitaDoctrina evrytime a new Firefox version is published, I must download it and upload the new file to intune, is that correct? Isn't there a way which the system is pulling the new update by itself?

Thanks for comment, Yes you can totally do it without Company Portal, I did it because I don't have an Apple School Manager or Apple Business Manager for my UA-cam video environment so I must do it by Company Portal, but not you :) If you have Apple's Volume Purchase Program (VPP) you can deploy it there also.

Hi, interesting. Is the app itself installed under c:\progam files? or under user profile or elsewhere? If you let me know which app it is the wingetID, I'll take a look. You could do the upgrades for them, by running a remediation script every day, and have SYSTEM update it, unless like you say it is a user app, but user apps normally doesn't require local admin as it is installed in the users own space. please give me more info and I'll do my best to help you

@@IntuneVitaDoctrina I am pushing through MDM Jump Cloud with all use able switches it downloaded the required updates at the installation ask for non admin users to provide password like I update Adobe Acrobat Reader

Thanks, within a few days publish one more game play :) thanks

Thanks, this is one of my oldest videos on my channel, what wasn't so clear? (so I can do better next time)

Oh I have waited for this comment :) thanks, I already have one game to publish, it is more or less ready, so my next game will the one you mention above here :) I actually often wins, it is difficult, but I go quickly to north America and establish myself there, and yes you be late in all, but in the end usually win :)

I would have needed to put all Battleships on it and even then not sure to take it. The game was to send up a space ship and not be so aggressive (even then I think I was pretty aggressive also at some parts of the game :)

​@@IntuneVitaDoctrina Oh but you took the other Russian cities so easily. It would have made the game too easy if you took it I think

yeah you are right, I thought also keeping Battleship in previous taken city as defense but it ended that I lost all so probably should have continue attack

good comment, thanks a lot!

Very good question, hmm, I don't know actually, is it even possible? if you import into ABM, you don't know who the user will be until it is enrolled.

Don't remember, relooked, maybe was afraid Battleship would die and then lose the other Russian cities I took, but yeah I should have taken all Battleship and try take it. The goal of this game wasn't to be so aggressive and do space ship but I guess I could do both :)

Thank you so much!! love to read comments like this, thanks

Difficult one, and it is the same appleID/password you used to setup in Intune? if you reset the password and try again?

true, Musketeers got 3 defense, if veteran (barrack) adds 50% and fortified another 5%, so in total 6 in defense which is high, maybe that would have been smarter, yeah I really want railroad and factory :D

It's all good. You're way better than me. I learned a lot of new tricks

happy you learnt something, there are so many strategies and ways to win, so hard to tell which one is the best to use

if you are Enterprise enrolled, and you deploy directly to client? or issue to deploy Company Portal? normally that should work fine, did you experience something else?

@IntuneVitaDoctrina so i am using company portal to enroll the mac book pro. it enrolls successfully i am able to remotely restart/ shutdown device. but configuration/conpliance policys and app deployment do not get pushed to the laptop. i look at the managed apps inside the device section of the specific laptop, and it says waiting on installation status . ( Also, i tried most trouble shoot steps you can think off lol)

@IntuneVitaDoctrina the only thing i found was a specific agent that gets downloaded with company portal (intune management agent) that is scoped around apps(possibly configs/policies) to be deployed from intune --> company portal ?

If enrolled from Company Portal, possible, I always go to this page (the PDF on it, shows the limitation) but what you mentioned here deploy apps and so should work flawless: learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-macos

Sorry don't understand the reference? you mean when you take a hut and get a knowledge? :)

That is a really good question, one I'm fighting with right now myself. I think Apple VPP apps have pretty much software, like 365 apps, however their version of OneDrive doesn't support Folder Redirect so I don't use that version. It installs good, updates good when it works, the problem is when it fails to update, I got no extra tools to fix it. I think it is pretty good for self service software that not so many use, so you don't have to package it, since it auto update from store, but still most software I prefer PKG/DMG and manage updates, either with the built-in auto update or package a newer version and push.

Thank you very much for this nice comments, those gives me energy to do more videos

Close, Swedish :)

Hi, all good here, hope with you too. Back in the days I tried to block USB storage with GPO, and had to work with a lot of hardware ID, don't think I got it to work so well. I have seen this exact question on a few forums, so it interest me a bit. I'll see if I can try it out and if it works I'll do a video about it, thanks for a good suggestion.

@@IntuneVitaDoctrina thanks John for your reply, what i don’t understand is since this is the most basic requirement for any Endpoint protection solution and it works well with other solutions but why Microsoft Defender is not able to provide a simple and easy way to achieve it 🙄.

that is a pretty cool tactic, they are forced to take peace with you and they always want to speak after you captured a city (or lost one) :) you can even sell buildings in their cities you take over to buy a new nuke :) They will break peace deals after 1AD if you are the strongest player of all, they break it very easy but you are just one turn a<ay from another nuke and another city anyway :) specially if they have railroad you can use that to take next city, plus you can make the troop follow the nuke to go around the blocking zone a troop has

Thanks! those column in Admin Web Portal aren't visible by default and you had to re-add them each time you are there. Pre-remedition output is what ever you put in Write-host command in detection script and Post-remediation is the Write-host in remediation script. The error is the error for each part. Filter, did I use that, you can target a EntraID group, but then have a filter, didn't go through those, but you can have a filter that finds all with manufacture "Dell" and then target all Sales users but exclude filter Dell devices hope that helps!

@@IntuneVitaDoctrina for the error, how do you write your script? With a Try and Catch?

yes that i the best way, honestly I don't often use that, I just use detection script and if it exit with 1, then run remediation script and use that none-error output, but if troubleshooting then yes

Thank you so much :) I got another game but so lazy so edit, a 5 hours game play, but it should be published within 2 weeks. I have so much fun playing this game :)

@@IntuneVitaDoctrina Yeah, no argument there. I can clearly see how much you enjoy yourself.

Thanks! would that be printers on-prem, such as \\server\print01 installation?

Did you download the .deb file here www.microsoft.com/en-us/edge/business/download?form=MA13FJ ? (not RPM) then you run it. There are other ways, this page explains different ways, one even use terminal only, hope that helps www.omgubuntu.co.uk/2021/01/how-to-install-edge-on-ubuntu-linux

Hi, excellent question, I don't have that experience unfortunately, I did a search and you can do this: While the Google Play Store has a size limitation for direct uploads, you can host the APK file on an external server or a cloud service and then reference it in the Managed Google Play. So you can host the over 200mb apk file in Amazon Web Services S3 bucket or alike, and then reference it in the Managed Google Play, I would try that, not sure how easy it is

@@IntuneVitaDoctrina thanks John for your reply, i am opening a case with Microsoft and will update you with their recommendation.

thank you, I'll be interested to hear what they recommend and I hope in the future they increase this limit of the file also.

So winget.exe can exist in some different places, in user profile, so the admin one probably got a path to a bad winget. The admin account, if you locate winget path, check path, try to run this command from that path winget source reset --force and winget source update You can be sure you done it right and it is a local profile/file issue,. is it Windows 11?

@@IntuneVitaDoctrina yes its win 11. i couldnt start it from my local PC but the rollout with intune worked. now, after 2 weeks, my package doesnt work anymore, but i did no changes there. Any ideas?

Hi, excellent question, and unfortunately I don't know of any. I used an old iPhone X and used free TeamViewer to remote in. Apple normally isn't so supportive of virtual OS since they do most of their money on the hardware they sell. Search around, maybe this one works if you request a trial to use it for free.? www.corellium.com

That is an excellent question, I don't think you can remote lock with a new passcode, you can lock but then it is still same passcode and as you said the thief know the passcode :( You can wipe or reset which is the normal action for stolen device.

Thanks for your comment :)

true story, probably would go under without those. I have had games where the computer is so advance... drop a settler on my land, built a city.. I took the city and stolen "Steel", built one battle ship, bring a boat with a militia or something, take a coast city with battleship and the militia dropped, get more technology and advance from there :) Battleships are really too good :)

thank you so much for this comment :)

Hi, Very good question! ESP a la Enrollment Status Page we know who have authenticated, and we can group per user, Deployment Profile is assigned to a device before it really exists, and anyone have authenticated so therefor you cannot assign it to a user or a device in Intune, it doesn't know that yet. Hope that clears it up a bit more

Good question! when you enroll, adding a MDM profile to your iOS device you can see WHAT it can access on your device. If it is Personally Enrolled as in my video, you cannot see or do much. Mostly device info, maybe free space, model, apps installed by Intune (not your personal apps) etc.. Here is a link showing some more: learn.microsoft.com/en-us/mem/intune/user-help/what-info-can-your-company-see-when-you-enroll-your-device-in-intune

@@IntuneVitaDoctrina Thanks !

Glad you enjoyed it! Thanks a lot for your comment, that gives me energy to do more videos :)

Well done! yeah a normal PowerShell script that runs once works also. With Remediation script you can get output back and stats and re-run if it stops again. PowerShell is nice! :) thanks

Hi, it doesn't run as a service, but there is a registry key that can be added to disable Quick Assist, if you want I can post a remediation script for that? let me know and I try to write it down during the day. Doing it without remediation script would be these steps: For users on any edition of Windows 10/11, you can disable Quick Assist through the Windows Registry. Open Registry Editor: Press Win + R, type regedit, and press Enter. Navigate to the Key: Go to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Quick Assist. Create a New DWORD Value: If the Quick Assist key does not exist, you may need to create it. Within the Quick Assist key, create a new DWORD value named RestrictQuickAssist. Set the value of RestrictQuickAssist to 1 to disable Quick Assist. Close Registry Editor: Close the editor and restart your computer for the changes to take effect.

@@IntuneVitaDoctrina Anything will be helpful. Remediation script, csp, or Just a powershell script that can run from Intune. I tried but didn’t work for me. I need it for both windows 10 & 11. The path seems to be different in both cases. In win 10, it is in system32 but in win 11, program files\windows app. Thanks a lot!

@@IntuneVitaDoctrina I wanted to deploy it from Intune to all devices. How can i do that?

You can assign it to all devices, detection script picks only those that really needs it anyway

Not tested, so please do, but this should do the job: # Define the path to the registry key $registryPath = "HKLM:\SOFTWARE\Policies\Microsoft\Windows\Quick Assist" # Check if the Quick Assist key exists, if not, create it if (-not (Test-Path $registryPath)) { New-Item -Path $registryPath -Force } # Define the name and value for the new DWORD $dwordName = "RestrictQuickAssist" $dwordValue = 1 # Create or update the DWORD value New-ItemProperty -Path $registryPath -Name $dwordName -Value $dwordValue -PropertyType DWORD -Force # Output the result to confirm Write-Output "Registry key updated successfully. Quick Assist is now restricted."

Tested your script just in PowerShell ISE, and the Detection Script works fine for me. Does it work also for you when you run it manually and just fails when running it through Intune Remediation scripts?

Thanks, that is a GREAT question, unfortunately Apple restrict this setting, so you can create a PPPC setting to change "Screen Sharing" (think the setting is called Screen Recording from disabled (in Sonoma, previous had that as default), to allow user to allow it for Teams, but no supported way to force that setting. I think that is sad that Apple doesn't use as Administrator of a device we own force these settings, but they seems to put privacy to the end user higher. I got same issue for TeamViewer on macOS, I have to have the techs apply the PPPC and then manually enable/allow screen recording :(

Thanks and yes the IF for service is disabled is a great idea. The detection script can look both and exit out on 1 if any of the if statements are true and the remediation script can change service from Disabled to Manual startup and then set it to running.

Thank you so much for this nice comment, it is comment like these who makes me keep going and do more videos, thanks!

Thank you so much for commenting. There is often a reason why a service isn't running, maybe it is crashing, then it is better to solve that, but sometimes you just need to start a service on multiple devices (or one) then this could be useful

Thank you very much for this nice comment!

You are correct, it dies require a special license, mentioned here: learn.microsoft.com/en-us/mem/intune/fundamentals/remediations#prerequisites Remediations requires users of the devices to have one of the following licenses: Windows 10/11 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5) Windows 10/11 Education A3 or A5 (included in Microsoft 365 A3 or A5)

Thanks, if things goes as planned I'll do a video response to this question today, then you get a full solution you can just copy and paste but I will explain in the video also, hope to get it done today :)

Done a video that explains this today :) ua-cam.com/video/Owc56Zu2ONI/v-deo.html&ab_channel=Intune%26VitaDoctrina

@@IntuneVitaDoctrina thanks a lot John, really appreciate your effort. Big thank you once again 😊

Ah happy to hear! thanks for taking time to comment.

yes it is exactly that. Personal devices can enroll but you can only manage a few things, if it is Corporate enrolled you can do a lot more. Unfortunately I don't have a private Apple Business Manager account to show that part

Thank you so much! this last series about Apple iOS isn't my proudest work, it goes through everything but missing an Apple Business Manager account to show the real cool stuff. Got some ideas for next videos that will be pretty interesting :)

yes! it is pretty rare but it happens, it is not random, it calculates your starting point and if it thinks you have a disadvantage it gives you an extra settler and technology, here is the calculations for it :) forums.civfanatics.com/threads/number-of-starting-settlers-and-techs.494994/

@@IntuneVitaDoctrina Oh my god I always thought otherwise I feel I was dumb for 40 years lol

hahaha please don't (dumb) I also have played for 35 years playing this and learnt like a year ago thanks to a comment on one of these videos how to calculate which grasslands give shields and which doesn't, this game surprises me still after all these years :)

Hi, is it a Silicon mac or Intel? the package you deploy is it a DMG or PKG or something else?. Script shouldn't ask for password if it runs as root and not as the user? Interesting that it works if no software is installed, just upgrade fails, please let me know a bit more of the format etc and see if I can help.

@@IntuneVitaDoctrina Hello, I find out. I removed the "sudo" command in my installation script and it worked. Sorry for the late response, but I'm on a big issue with a multiple feature PKG package on Mac (M3 Pro Mac, Silicon I presume). Maybe you already solve this, with Cisco anyconnect, I only want to install the VPN.

@@petere8971 well done! yeah sudo is great for testing but in Intune it runs as "root", thanks for sharing