.Net said .No so this says .Youbetterorelsebuddy

 I was having trouble with .net framework install on new computers.  I'm not sure why it didn't work repeatedly, but found that if you pop a flash drive in with windows 11 on it, and use the following command it works.  

C:\Windows\System32>DISM.exe /Online /Enable-Feature /FeatureName:"NetFx3" /All /LimitAccess /Source:"D:\sources\sxs"

Inventory + Excel + VBA = ❤️

 If you are like me and you have to look at a lot of spreadsheets with things like lists of inventory, you probably start seeing the cells dance as you try to track across the row.  Is that just me?  Maybe it is a touch of dyslexia. 

I asked AI to help me find a solution and my AI buddy delivered.  Thank you AI overlord ❤️

Here is a simple VBA code snippet that you can use to highlight the row of the active cell:

1. Press Alt + F11 to open the VBA editor.
2. In the VBA editor, find your workbook in the Project Explorer window.
3. Double-click on ThisWorkbook to open the code window for the workbook.
4. Copy and paste the following code into the code window:

Private Sub Workbook_SheetSelectionChange(ByVal Sh As Object, ByVal Target As Excel.Range)

    Dim ws As Worksheet

    Set ws = Sh

    

    ' Clear previous highlights

    ws.Rows.Interior.ColorIndex = xlNone

    

    ' Highlight the active row

    ws.Rows(Target.Row).Interior.Color = RGB(255, 255, 0) ' Yellow color

End Sub

        5.  Close the VBA editor and save your workbook as a macro-enabled workbook (.xlsm).

Now, This code will highlight the row of the active cell in yellow. You can change the color by modifying the RGB values.

Security and the boy who didn't want to go touch every computer because of a printer driver update...

DON'T DO THIS.  I REPEAT  DON'T DO THIS

Open Group Policy Editor:

• Press Windows + R to open the Run dialog.
• Type gpedit.msc and press Enter.

Navigate to Security Options:

• Go to Computer Configuration > Policies > Windows Settings > Security Settings > Local Policies > Security Options.
• Find the policy Devices: Prevent users from installing printer drivers.
• Set this policy to Disabled.

Allow Non-Administrators to Install Drivers:

• Navigate to Computer Configuration > Policies > Administrative Templates > System > Driver Installation.
• Find the policy Allow non-administrators to install drivers for these device setup classes.
• Set this policy to Enabled.
• Click the Show button under the Options section and enter the following GUIDs:
• Class = Printer {4658ee7e-f050-11d1-b6bd-00c04fa372a7}
• Class = PNPPrinters {4d36e979-e325-11ce-bfc1-08002be10318}

Disable Point and Print Restrictions:

• In Group Policy Editor, navigate to Computer Configuration > Policies > Administrative Templates > Printers.
• Find the policy Point and Print Restrictions.
• Set this policy to Disabled.

Restart Your Computer

Windows print to PDF

It's Friday and it's 4:02 PM. I have nothing more clever in me. I'm just ready to go home and pet my dog Lucy. Here's a poem about Lucy.

With fur like clouds, a snowy heap, 

Lucy the fluff, in slumber deep. 

A gentle giant, soft and white, 

A cuddly dream, a pure delight. 

Her paws like pillows, big and grand,

A wagging tail, across the land.

A loving gaze, a happy sigh,

My fluffy Lucy, reaching high!

Go to a command prompt and enter this command
dism /Online /Disable-Feature /FeatureName:"Printing-PrintToPDFServices-Features" /NoRestart
After it finishes, enter the following command and you should be good
dism /Online /Enable-Feature /FeatureName:"Printing-PrintToPDFServices-Features" /NoRestart

Awkward Introductions & Windows Hello

You know that feeling when you meet someone new and it just starts off a little awkward? You are then thinking to yourself it sure would be nice if I can start over. Well, this sometimes happens when you set up Windows Hello. IF you want to say goodbye to windows hello and start over, enter this command into powershell.

certutil -deletehellocontainer

My New Friends for Windows Hello for Business

I just wanted to list a couple sites that have recently been very helpful for me in regards to the Windows Hello for Business configuration in Intune. The first one is Nicklas Ahlberg with Rockenroll.tech. https://www.rockenroll.tech/2024/06/17/windows-11-whfb-disablepostlogonprovisioning/ Create a new custom Windows configuration profile Add a new row: Name: W11 – DisablePostLogonProvisioning OMA-URI: ./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/DisablePostLogonProvisioning ❗(replace {TenantId}with your TenantId). Data type: Boolean Value: True The next new friend is dannyda.com. This link will give you fun command lines to use for changing WHfB behavior. https://dannyda.com/2020/01/14/how-to-enable-disable-windows-hello-windows-hello-for-business-via-group-policy-registry-command-prompt-cmd/

The Wizarding World of PowerShell Calendar Permissions

1. Open the PowerShells and connect to the Exchanges:
   Install-Module -Name ExchangeOnlineManagement
2. Log into the Exchanges:
   Connect-ExchangeOnline -UserPrincipalName <your_username>
3. Take a look at who has access to a calendar:
   Get-MailboxFolderPermission -Identity "Snoop@Dogg.com:\calendar"
4. Give permissions to Martha:
   Add-MailboxFolderPermission -Identity "Snoop@Dogg.com" -User "martha@Dogg.com" -AccessRights Reviewer
5. When you finish, don't forget to close the session:
   Get-PSSession | Remove-PSSession

 Extra Credit:  If you would like to see what rights Martha has to every account in your M365 tenet you can use the command below.  This will take a long time if you have a lot of accounts.

Get-Mailbox | ForEach-Object {Write-Host "Processing mailbox: $($_.PrimarySmtpAddress)" Get-MailboxFolderPermission -Identity "$($_.PrimarySmtpAddress):\calendar" | Where-Object {$_.User -like "martha@Dogg.com"} | Select-Object Identity, User, AccessRights

Microsoft Entra hybrid device pending

Failure to launch?  You can't unsee some things.  That Terry Bradshaw scene in the forementioned movie still haunts me.

This part is from Microsoft...

Resolve Microsoft Entra hybrid devices in pending state

During the initial phase of the hybrid join process, the device state is expected to be pending until the registration process is complete.

A device may remain in a pending state for the following reasons that an admin can address:

Microsoft Entra Connect device synchronization changes

Problems could occur if a change made in Microsoft Entra Connect caused the device ID to be out of sync with the machine. Validate Microsoft Entra Connect is functioning as expected and there was no recent configuration changes.

Required Microsoft endpoints may be blocked by network

Devices must be able to communicate successfully with the following Microsoft endpoints:

• https://enterpriseregistration.windows.net
• https://login.microsoftonline.com
• https://device.login.microsoftonline.com
• https://autologon.microsoftazuread-sso.com (If you use or plan to use seamless SSO)
• Your organization's Security Token Service (STS) (For federated domains)

After confirming the above scenarios aren't contributing to the pending state, run the following command ”dsregcmd /leave” in an elevated command prompt and restart the device to attempt to rejoin the machine. Changes may take up to an hour to show in Microsoft Entra.

If the issue is persistent after following the steps above,  for further assistance.

Am I too old to view the software installed on a remote computater?

Yall, I couldn't remember how to stealthy, geeky, and command liney check to see what was on a remote computer.  I thought I had a post about it but I could not find it.  So, here's an easy way to get your geek on.

Get-CimInstance -Class Win32_Product -Computer YoReplaceWithRemoteComputerName | where vendor -eq 'YoReplaceWithVendorName' | select Name,Version

If Peter Parker were to manage the Googles - GAM

 

GAM is an open source command line tool for making changes to objects in the Google Admin console. It is thoroughly documented at the Github Wiki. The options available for use with GAM are displayed in specific sections on the right-hand side of the GAM Wiki.

I always quote Peter Parker's Uncle Ben when discussing a tool like this.  
"With great power comes great responsibility" 
GAM is a powerful tool, and it could be easy to break a lot of stuff rapidly.  Google support may not be super forgiving if you tell them you deleted all your user accounts while using GAM.

If you need help, this page should be your next click.

Directory Commands

In my case, I needed a way to suspend a little over 1700 accounts that had been improperly processed for a few years.  Below is the command I used to suspend all the user accounts in the Inactive Students organizational unit.  Please note suspend 0 will make accounts active and suspended 1 will suspend the account.

gam ou "/Inactive Students" update user suspended 1

I should say, I'm not really sure what GAM stands for.  I assume it is Google Admin Manage(r) or something like that.  I couldn't find it listed anywhere.  

M365: I guess it's time to hybrid join

 Well, they finally pushed us to hybrid join all our clients to Microsoft Endpoint (otherwise known as intune).  It is actually really cool and made me excited about Microsoft again.  

You can do cool stuff like

• Finally, ditch WSUS servers in favor of Windows Update Rings (WUR)😍
• Deploy software packages and configuration profiles while the client is offsite
  
  Instructions to hybrid