The Consolidated B&EC "Quick Question" Thread.

Discussion in 'Business & Enterprise Computing' started by looktall, Jun 6, 2015.

  1. mr626

    mr626 Member

    Joined:
    Jul 17, 2011
    Messages:
    2,746
    Client is installed and active, and I'm manually triggering the install (well, trying to) via client notification -> computer policy
     
  2. exodushunter

    exodushunter Member

    Joined:
    Sep 22, 2005
    Messages:
    134
    Location:
    Vic
    Sorry I was wasn't clear, EP client isn't installed until enabled in Client settings.
    It isn't enabled by default.

    Click to view full size!
     
  3. mr626

    mr626 Member

    Joined:
    Jul 17, 2011
    Messages:
    2,746
    I owe you a beer :thumbup:

    Somehow, the client settings I use for AV had not been deployed to the device collection I was working with, hence no AV install. I swear I've deployed to that group before so no idea what happened there :confused:

    Many thanks
     
  4. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,183
    Location:
    Melbourne
    ok, stupid question.

    iphone has an exchange account setup, let's call it john@thedomain.com.au
    john is trying to add another Exchange account, also john@thedomain.com.au which is hosted somewher else (office365)

    iphone is at the newest version, however it keeps giving "could not verify"
    We've tried resetting the network ad can logon via owa on the phone, so it's not a credentials issue
    It's via 3g rather than wifi at present.

    Is it possible this is iOS's way of shitting itself and sayin "you can't add two accounts with exactly the same address but different endpoints" ?

    I don't want to tell him to remove the old one yet if possible
     
  5. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,414
    Location:
    Narrabri NSW
    Probably. That errors comes up no matter what you mess up creating an account, so I wouldn't be surprised if it's just one error message for the entire account creation section.
     
  6. Great_Guru

    Great_Guru Member

    Joined:
    Sep 5, 2001
    Messages:
    1,225
    Location:
    Australia
    How is autodiscover setup on thedomain.com.au DNS records?

    As I understand it you have 2 providers,

    A ) Shonky Exchange Guys (assuming this is already setup on phone)
    B ) Office 365 (trying to be setup on phone)

    Assuming you have MX records for both providers against that domain?

    So you've verified the domain in office 365 and the account you're trying to verify has a upn of john@thedomain.com.au

    Have you tried putting in the wrong credentials and having IOS ask you for the server details? outlook.office365.com will work.

    Alternate path: You can setup the UPN to be different to the primary email address. Setup the UPN to be john@tenant.onmicrosoft.com or use another customer owned domain if available to keep IOS happy. You will need to use powershell to set the UPN to something other than your primary (well you used to, it may be in the web console now).

    EDIT: Also why do you have this issue? Can you not just do an Office 365 Cut-over method? stream/sync all the content from the shonky exchange host via OWA and cut them over. Configure autodiscover correctly and mobile devices should be pretty seamless unless you want to delete existing content for clean-sake.
     
    Last edited: Jul 28, 2015
  7. Iceman

    Iceman Member

    Joined:
    Jun 27, 2001
    Messages:
    6,647
    Location:
    Brisbane (nth), Australia
    Er.. what?

    I think the iPhone is trying to save you from yourself. Why on earth do you have two distinct servers configured to handle the same address?

    Email shouldn't work that way.
     
  8. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,887
    In the middle of an emergency migration/changeover.

    New e-mail is delivered to one account, but old e-mails exist in another, and access to both is required.
     
  9. EvilGenius

    EvilGenius Member

    Joined:
    Apr 26, 2005
    Messages:
    10,532
    Location:
    elsewhere
    Can you configure one account using the outlook app, and the other using the built in mail app?
     
  10. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    12,984
    Location:
    Brisbane
    Just gonna bump this again :)
     
  11. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    13,887
    I'm gonna say no.

    If someone is local admin, then they have the ability of negating any blocks you put in place.

    Whats the issue you're trying to solve? they may be a better way

    Especially one that involves not giving people local admin.
     
  12. TehCamel

    TehCamel Member

    Joined:
    Oct 8, 2006
    Messages:
    4,183
    Location:
    Melbourne
    yea, although mostly the email is all done now
    however, when he rings me tomorrow if I can't make it work i'm in for a shitfight.. :)
     
  13. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    12,984
    Location:
    Brisbane
    More a personal curiosity. Was on site with a client where they configured the few domain accounts with local admin rights to only have local admin for very specific items (e.g. by default you couldn't add local users), but as soon as you escalated to system those are obviously gone. Obviously with local admin you can fuck around with GPO's and whatnot, but those can also to an extent be restricted. Was curious if there was some kind of mitigation anyone had ever observed :)

    I'm aware that you can fuck around with modifying services and whatnot (stickykeys huehue), and you can query this in a kabillion ways via command line and whatever, I guess I'm seeing how much you can prevent a user with google from trivially fucking around with the system.
     
    Last edited: Jul 28, 2015
  14. colmaz

    colmaz Member

    Joined:
    Jan 8, 2007
    Messages:
    419
    Location:
    Perth, WA
    I've got this feeling that AppLocker might be able to do what you want, but I don't have access to a system that I can use to check.

    If you think that you'll never need to run PSExec, I think you could block it with either a publisher or file path rule. PSExec creates a Service on the machine, so block the binary for that (C:\Windows\PSEXECSVC.exe), and allow it for non-PSExec users.

    Otherwise, you could prevent the creation of Services (which is how PSexec runs under other credentials) if that's an option. You'd need to delegate the access to a non-PSExec user though.
     
  15. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,414
    Location:
    Narrabri NSW
    For those who really want to know how PSExec manages to do it's stuff, have a read of this (first Google result - no other reason I picked this one): http://xcybercloud.blogspot.com.au/2008/10/great-psexec-and-how-it-works.html

    Note that it's only really copying a payload to a known location, then asking Windows via RPC to load it as a service. PSExec isn't really doing anything magical or special.

    I don't think you'd even need to shove the exe into the place PSExec does... Does Windows care where a service process loads from? You could potentially use a UNC path, right?
     
  16. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    12,984
    Location:
    Brisbane
    You can do it remotely too if you have enough privileges, so yes :)
     
  17. lavi

    lavi Member

    Joined:
    Dec 20, 2002
    Messages:
    4,004
    Location:
    Brisbane
    ....or maybe not
     
  18. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,414
    Location:
    Narrabri NSW
    OK - got a small business that's asked about cloud storage. They have like 2 users in an office and another 2 or 3 mobile users. They aren't using heaps of space (about 25GB they say) but internet speeds are not fantastic so even the small savings from delta syncing would be handy.

    Throw some cloud storage names at me please...
     
  19. Smokin Whale

    Smokin Whale Member

    Joined:
    Nov 29, 2006
    Messages:
    5,180
    Location:
    Pacific Ocean off SC
    What other services are they using? Google Apps? Office 365? I usually try to stick them to something that's native to what they're currently using where possible. Saying that Google Drive works great and is what I suggest to most small businesses. I tend to avoid OneDrive due to some teething issues with the service but it can work well if you are very MS centric. Just make sure to sync them up on a proper connection before sending them out on 3G/4G

    If LAN syncing is a priority though, you won't have much choice apart from Dropbox.
     
  20. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    17,865
    Location:
    Canberra
    OneDrive for Business is shit.

    dont.

    Even Personal Dropbox is better.
     

Share This Page

Advertisement: