The Microsoft Error Lookup Tool... it ain't pretty, but where has this been all my life?

From https://github.com/MicrosoftDocs/win32/blob/docs/desktop-src/Debug/system-error-code-lookup-tool.md I got the download link: https://download.microsoft.com/download/4/3/2/432140e8-fb6c-4145-8192-25242838c542/Err_6.4.5/Err_6.4.5.exe

I moved `Err_6.4.5.exe` to `C:\Windows` so I can run the command directly from the prompt.

Syntax:

```
Err_6.4.5.exe <error code>
```

Example:

```
>Err_6.4.5.exe 0xc0000005
# for hex 0xc0000005 / decimal -1073741819
ISCSI_ERR_SETUP_NETWORK_NODE iscsilog.h
# Failed to setup initiator portal. Error status is given in
# the dump data.
STATUS_ACCESS_VIOLATION ntstatus.h
# The instruction at 0x%p referenced memory at 0x%p. The
# memory could not be %s.
USBD_STATUS_DEV_NOT_RESPONDING usb.h
# as an HRESULT: Severity: FAILURE (1), FACILITY_NONE (0x0), Code 0x5
# for hex 0x5 / decimal 5
WINBIO_FP_TOO_FAST winbio_err.h
# Move your finger more slowly on the fingerprint reader.
# as an HRESULT: Severity: FAILURE (1), FACILITY_NULL (0x0), Code 0x5
ERROR_ACCESS_DENIED winerror.h
# Access is denied.
# 5 matches found for "0xc0000005"
```

#MicrosoftErrorLookupTool #Err_6.4.5

Run winget as system: https://github.com/telan/code/blob/c0d0b99efab492385f42884d5fe362a988113b4d/PowerShell/winget-system.ps1

Useful when your #endpointmanagement service runs as system...

#powershell #winget

Random thought about IT support structures.

IMHO For user satisfaction, most places have it upside down.

You want your most technical people on the front line (picking up phones, replying to email, answering chat) able to resolve issues without transferring.

Let your least experienced tech go deskside. Remember, chances are that end-user has spent hours struggling with this box-that-sits-on-their-desk-making-them-question-their-intelligence. The end user is frustrated beyond belief. So, seeing a tech (even a green one) struggle and have to call in for advice will console their egos.

It's a bit of theatre, but it works.

#helpdesk #itSupport #deskside #phoneSupport

https://m.slashdot.org/story/23/09/09/069226/security-concerns-caused-three-day-internet-outage-at-the-university-of-michigan-last-week

No answers here.... Something I've been thinking about is how cyber insurance works and who is liable for the cost of a breach. Say they find that this Michigan breach is because some staff member or professor used their clout to insist on an insecure configuration because they thought they knew more than everyone else. Say FERPA or some other data was leaked. Say there are fines associated with those leaks. Who pays? Well, the university for one. But will the university force the academic or administrative dept share the burden? Will the university force the IT department to also share the burden? I'm sure every university will deal with it slightly differently depending on the exact circumstances. Like I said at the start. No answers just something I've been wondering about.

Commands to clear and effectively disable #macOS #dock.

```
defaults write com.apple.dock "autohide" -bool "true"
defaults write com.apple.dock autohide-delay -float 1000
defaults write com.apple.dock tilesize -float 1
defaults delete com.apple.dock persistent-apps
defaults write com.apple.dock persistent-apps -array
defaults delete com.apple.dock persistent-others
defaults write com.apple.dock persistent-others -array
killall Dock
```

#jamf #endpointManagement

A #script for when you want your #macOS #HostNames and #LocalHostNames to (minus special characters) match their #ComputerNames.

```
COMPUTERNAME=$(scutil --get ComputerName)

scutil --set HostName "$COMPUTERNAME"
scutil --set LocalHostName ${COMPUTERNAME//[$' \'\t\r\n']}
```

Add special characters to be removed as needed.

#jamf #endpointManagement

I have a recurring #BigFix fixlet that is reapplied 1/day if the last #gpupdate was more than 24 hours ago. This helps mitigate off-site devices that may only have brief VPN connections. Failures help identify devices having issues.

BigFix #RelevanceLanguage: `( ( maximum of (time generated of it) of records whose (source of it contains "SceCli") of application event log < now - 24*hour ) OR ( not exists ( records whose (source of it contains "SceCli") of application event log ) ) )`

Note: If you do not have #DirectAccess or a similar solution, I would advise adding a relevance phrase to make sure the endpoint has a secure connection to a #DomainController... perhaps by IP range or subnet.

BigFix #ActionLanguage: `waithidden gpupdate /force`

#endpointManagement

#Forticlient #CLI

When I implemented for Windows and macOS via #BigFix and #Jamf respectively, the command needed to be run as the logged in user.

#Windows

```
c:\Program Files\Fortinet\FortiClient\FortiESNAC.exe -r|--register <address/invitation> [-p|--port <port>] [-v|--vdom <site>]
c:\Program Files\Fortinet\FortiClient\FortiESNAC.exe -u|--unregister
c:\Program Files\Fortinet\FortiClient\FortiESNAC.exe -d|--details
```

Source: https://docs.fortinet.com/document/forticlient/7.2.0/administration-guide/95591/fortiesnac-cli-commands

#Linux

```
/opt/forticlient/epctrl -r|--register <address> [-p|--port ] [-s|--site]
/opt/forticlient/epctrl -c|--cloud <invitation code>
/opt/forticlient/epctrl -u|--unregister
```

Source: https://docs.fortinet.com/document/forticlient/7.0.5/administration-guide/41299/appendix-e-forticlient-linux-cli-commands

#macOS

```
/Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -r|--register <address> [-p|--port ] [-s|--site]
/Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -c|--cloud <invitation code>
/Library/Application\ Support/Fortinet/FortiClient/bin/epctrl -u|--unregister
```

Extrapolated from Linux commands. Not documented and probably not supported. Registering to and unregistering from a #FortiEMS server worked.

#CommandLine #EndpointManagement