• Hi,

    Could someone please direct me to a good template I could use to generate our own procedure incorporating best practice for patching live systems?

    Alternately is there someone who would be willing to share the procedure they use in their own company?

    Thanks in advance, greatly appreciate it.

  • Thanks Travis. I wish they would go one more step and stop that. They (MS) must have a good reason for not doing that already. I just can't think what it might be. It certainly goes against least privilege.

  • A question on this.

    The Administrative unit will restrict 'edit' access to the rest of AzureAD but it does not stop a priveledged role from seeing and opening objects outside the their Administrative unit from what I can tell.

    Is there a way to restrict a user admin of an administrative unit to only see objects in that unit and not the whole of AzureAD?


  • Hi,

    As with staff from most companies mine took their laptops home. We did not have too much time to prepare so missed a few things, like;

    • How AD and Windows 10 profile passwords will be kept in sync
    • How apps like Office and possibly even windows will communicate with KMS
    • How Windows computer accounts will stay current

    The laptops are all Windows and are domain joined and staff use domain profiles. KMS is on the DC’s.

    We thankfully have Cisco AnyConnect on the computers but I don’t know how to set it up / the firewall to deal with the above 3 points. I also don’t want to give full and unfetted access to the Domain Controllers from the laptops.

    Can someone please offer me some suggestions. I’m guessing others will be in the same boat?

    Thanks 🙂

  • Stephen Boyd became a registered member 2 years, 8 months ago

© 4sysops 2006 - 2022


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account