32: IGEL Weekly: How to Login using Active Directory on IGEL OS

Sep 28, 2021

In this blog, we will discuss  how to:

  • 00:00 Introduction
  • 03:40 Create Active Directory Login Profile
  • 06:15 Test Active Directory Connection
  • 08:00 Configure Session Passthrough
  • 09:30 Configure the screenlock
  • 11:20 Configure a Local user for Emergency
  • 13:30 Check if your user is working actually

Host:  Andy Whiteside
Co-Host: Chris Feeney
Co-Host: Seb

WEBVTT

1
00:00:02.790 –> 00:00:08.550
Andy Whiteside: Everyone welcome welcome to episode 32 of Idaho weekly i’m your host Andy whiteside crispy knees with me, Chris was just.

2
00:00:09.599 –> 00:00:17.130
Andy Whiteside: letting us know that he had to get some dental stuff for his family, taking care of kind of urgent call last night, Chris it when you have a family never ends right.

3
00:00:18.300 –> 00:00:24.330
Chris Feeney: Now you think you’re getting close to the finish line and then and then just stuff happens to appear out of nowhere so.

4
00:00:25.770 –> 00:00:31.860
Chris Feeney: joys of parenting right, I want to go watch that Steve Martin film called parenthood again just so I could laugh my tears away.

5
00:00:34.110 –> 00:00:37.650
Andy Whiteside: If you just had a US or you could just push down exactly what you want to happen.

6
00:00:37.830 –> 00:00:39.360
Chris Feeney: As a result, would be fantastic.

7
00:00:39.630 –> 00:00:45.450
Chris Feeney: Somebody needs to invent that thing son plug yourself into the ice let’s let’s take care of this right.

8
00:00:47.610 –> 00:00:52.860
Andy Whiteside: Well, we also have said, with a sub as the newest member of the linkedin Community so welcome.

9
00:00:53.970 –> 00:00:54.900
Chris Feeney: Welcome said.

10
00:00:55.350 –> 00:00:57.120
Chris Feeney: You have no idea what you just signed up for.

11
00:00:58.500 –> 00:01:08.760
Sebastien Perusat: yeah that’s apparently is simply that they are since yesterday evening, but yeah i’m late on the party like I said but i’m there, I mean i’m promised it a long time ago and now it’s time not sure how.

12
00:01:09.180 –> 00:01:12.210
Sebastien Perusat: That but it’s it’s exciting feeling.

13
00:01:12.600 –> 00:01:20.310
Andy Whiteside: it’s a great professional repository to find people and reach out to people, unfortunately, that means people can find you and reach out to you, I must get like.

14
00:01:20.880 –> 00:01:28.620
Andy Whiteside: 10 messages a day from somebody random that wants to be my my life coach or my exercise coach my health coach or or my business coach.

15
00:01:30.960 –> 00:01:36.480
Andy Whiteside: I probably need a coach for all that all those things, but if I did, I would just sit around get coached all the time that’s right.

16
00:01:37.170 –> 00:01:40.230
Chris Feeney: put me in coach i’m ready to play and he’s ready to play.

17
00:01:43.260 –> 00:01:51.030
Chris Feeney: i’m playing he’s playing right there’s there is there is something to be said about sharpening the saw pulling off just kind of get things and then.

18
00:01:51.810 –> 00:02:07.170
Chris Feeney: I think there’s a great story, I came here if it’s real or just sort of one of these things where Abraham Lincoln was asked you know you got to cut a tree down how much time, so well, I spent eight hours sharpening my saw in one hour cutting a tree right like.

19
00:02:08.880 –> 00:02:10.260
Chris Feeney: There it is anyway.

20
00:02:11.370 –> 00:02:14.250
Chris Feeney: there’s certainly we ready to cut some trees, right now, every.

21
00:02:15.300 –> 00:02:17.610
Andy Whiteside: This is, this is the sharpening the saw section.

22
00:02:17.730 –> 00:02:25.080
Chris Feeney: that’s what we’re doing good that’s right you’re sharpening the saw for all you listeners out there, said, what do you got teed up for us today.

23
00:02:27.330 –> 00:02:37.980
Sebastien Perusat: What I would suggest is to take over the active directory topic for today just because there was some misunderstanding that i’m seeing on the database on the on the agile community regarding.

24
00:02:38.430 –> 00:02:56.580
Sebastien Perusat: domain joy and logging into active directory using active directory through I CG and how’s the password process attached as working and which means essence we have and what possibilities and opportunities we have if you use active directory instead of going directly into the desktop.

25
00:02:57.330 –> 00:02:59.340
Sebastien Perusat: So Sarah was able to just for today.

26
00:02:59.700 –> 00:03:04.140
Andy Whiteside: Let me set that up with some you know real world consulting experience i’ve had.

27
00:03:04.830 –> 00:03:12.360
Andy Whiteside: You know my first interaction and most people’s first interaction with an eye gel solution let’s say in the citrix or vmware world is kind of.

28
00:03:12.810 –> 00:03:15.540
Andy Whiteside: Where you take this really powerful Linux operating system.

29
00:03:16.050 –> 00:03:22.890
Andy Whiteside: And you manage it down to basically a zero client now zero client has a long history, may have talked about on the podcast before but.

30
00:03:23.130 –> 00:03:31.950
Andy Whiteside: there’s thin clients and then there’s zero clients zero clients pretty much mitigate all functionality and just take it straight into whatever the uc solution of choice is.

31
00:03:32.670 –> 00:03:37.920
Andy Whiteside: Zero client was a gimmick from day one, where it just took great existing stuff skinny down a little further.

32
00:03:38.310 –> 00:03:46.080
Andy Whiteside: And then, and then limited it to going into one solution or another period, you can only do one or the other but the the experience for the user.

33
00:03:46.710 –> 00:03:56.880
Andy Whiteside: was simply they turn it on it comes right up to let’s say the citrix workspace APP that’s all you can log into you log into that you hit your citrix environment, you get out of that or disconnect from and it logs you back out.

34
00:03:57.450 –> 00:04:07.200
Andy Whiteside: very minimal experience what we found with customers who needed more advanced functionality, where they truly needed a thin operating system, but not a zero operating system.

35
00:04:08.460 –> 00:04:13.440
Andy Whiteside: Is where they need to actually log in to the thin client first the thin client operating system.

36
00:04:13.800 –> 00:04:24.060
Andy Whiteside: And then, they need to go from there, wherever they go, it could be web Apps to be you see of flavor extra flavor why and we found that we really needed people to login in a.

37
00:04:24.750 –> 00:04:36.630
Andy Whiteside: More enterprise way and that’s where something like active directory, which is you know curb rose space system from back in the day from Microsoft still really very, very relevant it’s like the phone book right it knows who.

38
00:04:36.840 –> 00:04:39.840
Andy Whiteside: knows what your device operating system is knows who you are.

39
00:04:40.050 –> 00:04:48.690
Andy Whiteside: knows what your password for both is and how you should be coming into the system and even does things to proactively like change the machine account password.

40
00:04:49.890 –> 00:04:59.190
Andy Whiteside: I think we’re going to talk about here and tell me if i’m wrong is that we need that you’re gonna help us understand how that works and how we bring a system into an active directory world as a machine account.

41
00:05:00.720 –> 00:05:11.910
Sebastien Perusat: yeah I would go maybe not that far, because the machine account, in that case wouldn’t match directly, we are really focusing in how to login into the active directory by using.

42
00:05:12.660 –> 00:05:21.510
Sebastien Perusat: By using username and password coming from the active directory, though, the goal of this active directory part of our configuration is.

43
00:05:22.200 –> 00:05:40.200
Sebastien Perusat: Obviously, first of all to give a little bit more security, since we released that have no six version i’m just jumping to that because it was one main argument of the active directory topic before 1106 that as soon as you brought up an agile device, it will go directly into the desktop.

44
00:05:41.220 –> 00:05:53.070
Sebastien Perusat: So even if the address is safe and we have a lot of security layers you are still some malicious people on the desktop and you could start, something which is already there.

45
00:05:54.330 –> 00:05:54.600
Sebastien Perusat: So.

46
00:05:56.190 –> 00:06:07.380
Andy Whiteside: yeah and you’re and you’re assuming, which is more often than not, or almost 100% accurate that that device is now at a desktop and has access to maybe some basic Apps maybe a browser APP maybe a command line APP.

47
00:06:08.070 –> 00:06:18.360
Andy Whiteside: you’ll see a lie and it’s plugged into or wireless wirelessly connected to that important resource of the companies, which is the network right, we want to we don’t want just let them jump right on the network like them.

48
00:06:19.260 –> 00:06:20.010
Sebastien Perusat: he’s like i’m.

49
00:06:20.700 –> 00:06:22.170
Sebastien Perusat: Adding also some sorry good.

50
00:06:23.010 –> 00:06:33.660
Chris Feeney: No, I just want to say so, I think you were referring to earlier said, you are not joining I jell O s to the active directory domain it doesn’t becoming machine object.

51
00:06:34.410 –> 00:06:44.100
Chris Feeney: Like you would a normal windows machine so for those windows admins out there, active directory admins that are kind of used to that type of thing that’s not what’s happening here if you’ve ever i’m going to bring up our.

52
00:06:44.700 –> 00:06:54.000
Chris Feeney: Competition, unfortunately, because this is the most equivalent thing I can think of right, but if you’ve ever seen delfin ios you can turn on a login screen but you’re not joining that to the domain.

53
00:06:54.480 –> 00:06:58.410
Chris Feeney: you’re just pointing it at some authentication source and that’s what’s happening with I jail.

54
00:06:58.950 –> 00:07:05.910
Chris Feeney: I mean you’re welcome to create a domain object out there, you can do that, but it’s not going to be relevant because you’re not using any of that to manage the.

55
00:07:06.270 –> 00:07:13.530
Chris Feeney: device is still going to be you, Ms maybe that’s pretty well known, but I suspect there may be some confusion out there, so I bring it up.

56
00:07:15.570 –> 00:07:25.410
Chris Feeney: So, and then of course there’s and while we’re talking here and he’s browsing the difference between a user versus a computer object so.

57
00:07:27.120 –> 00:07:35.730
Andy Whiteside: Is it possible, is it possible to associate the machine with active directory or it’s always just going to be the user and I gels use cases.

58
00:07:36.660 –> 00:07:39.060
Sebastien Perusat: How the moment it’s only the user only.

59
00:07:39.090 –> 00:07:46.200
Sebastien Perusat: On we have some requests or we had some requests coming from the market to join a some azure.

60
00:07:46.920 –> 00:07:52.230
Sebastien Perusat: Active directory is etc, and we have also some enterprise level customers who wanted to have that feature.

61
00:07:52.740 –> 00:07:59.490
Sebastien Perusat: But I would say, in most cases, as soon as we showed how the US is working now the profiles are working.

62
00:08:00.210 –> 00:08:09.270
Sebastien Perusat: The domain join wasn’t required anymore, so we have this it’s not covered there because it’s something that we have not enabled by default, but to have this real real D.

63
00:08:09.810 –> 00:08:20.880
Sebastien Perusat: Which is the ability to join computer to the active directory, even if it’s an Linux device which would work in specific cases, but it’s not part of what we call today so.

64
00:08:21.600 –> 00:08:26.610
Sebastien Perusat: We might have something that that in the future, but for the moment it’s really just logging into dexterity like Chris mentioned.

65
00:08:28.620 –> 00:08:29.010
Andy Whiteside: user.

66
00:08:29.460 –> 00:08:30.180
engineers.

67
00:08:31.260 –> 00:08:33.420
Andy Whiteside: User login the active directory yeah.

68
00:08:34.470 –> 00:08:44.430
Sebastien Perusat: that’s right and that’s where as soon as the device boots up you are already on the desktop and you might have also maybe access to the background blue, which is there, you might have some.

69
00:08:45.900 –> 00:09:00.780
Sebastien Perusat: session name which might give you a first first information about the company you’re looking at so, then you can go a bit deeper and some attacks, but something that we want to avoid by using a pre login window.

70
00:09:02.130 –> 00:09:10.230
Sebastien Perusat: And just mentioning 11 or six because there we have an even better way to solve that which wasn’t the only them you’ll find, which is the pre boot classification.

71
00:09:10.680 –> 00:09:22.680
Sebastien Perusat: might be topic of an upcoming tactic to save your Professor moment just saying as soon as the West boots up you get a login master you cannot bypass that looking master you have to enter bedded credential.

72
00:09:23.430 –> 00:09:29.430
Chris Feeney: So i’m gonna say might be too must have that as a protective Tuesday just just put on the list.

73
00:09:31.110 –> 00:09:32.070
Chris Feeney: I want to join on that.

74
00:09:32.970 –> 00:09:34.650
Chris Feeney: Let me know yeah.

75
00:09:36.150 –> 00:09:36.570
Chris Feeney: awesome.

76
00:09:37.110 –> 00:09:39.000
Chris Feeney: So yeah.

77
00:09:39.240 –> 00:09:48.150
Andy Whiteside: let’s talk them into the blog reviewing is actually a vlog right the video blog that Sam did and the name of it is how to login using active directory on ios video.

78
00:09:48.600 –> 00:09:57.990
Andy Whiteside: And this is from September 16 but what we’re going to talk about here is we’re going to talk about you know talk through what’s in the video I think we’ve pretty much covered the introduction piece.

79
00:09:59.040 –> 00:10:03.630
Andy Whiteside: To have you want to talk through what you do in the video to create an active directory login profile.

80
00:10:04.080 –> 00:10:05.190
Sebastien Perusat: Oh yes, for sure.

81
00:10:07.500 –> 00:10:11.070
Sebastien Perusat: Like moralism ever tutorial i’m trying to.

82
00:10:12.480 –> 00:10:20.250
Sebastien Perusat: avoid some misunderstandings, because it was big about active directory a lot of our users and I guess, something which is absolutely human.

83
00:10:20.610 –> 00:10:27.450
Sebastien Perusat: Thinking about some specific configuration that already have in our agile your mess so just before even starting the topic.

84
00:10:27.870 –> 00:10:33.120
Sebastien Perusat: Logging into the active directory login in a standard way not speaking about your workspace.

85
00:10:33.570 –> 00:10:41.370
Sebastien Perusat: mean that had nothing to do with the active directory end up feature that you have under enormous administration active directory data.

86
00:10:42.030 –> 00:10:57.090
Sebastien Perusat: it’s not mandatory, to have that configured to login from the endpoint into the active directory just wanted to mention that, because that is a little bit misleading for our side when it comes to the kb article so that’s just one.

87
00:10:57.390 –> 00:11:02.670
Chris Feeney: As a good point, you can have the US setup to point to active directory.

88
00:11:03.930 –> 00:11:13.620
Chris Feeney: An extra benefit is, if you then want to set up your LM s admins to use your domain account rather than the local ones you set up that’s not necessary for this.

89
00:11:14.430 –> 00:11:25.320
Chris Feeney: But we do need to be able to talk to a domain controllers, I should say, in order for it to set up either the share workplace feature or just a regular active directory login so.

90
00:11:25.740 –> 00:11:35.700
Andy Whiteside: hey guys, can we did so is the video here and the concept that we’re going over here is this for machines that are on the the network, the land or the way in or are these machines coming in remotely through ice.

91
00:11:36.750 –> 00:11:37.980
Sebastien Perusat: And that gets really fun.

92
00:11:39.390 –> 00:11:52.590
Sebastien Perusat: We have another piece of software which is called SVP so up so shall workplace, which covers looking into territory through as EG without the need to having a vpn started.

93
00:11:53.100 –> 00:12:01.740
Sebastien Perusat: But that’s really not a specific topic for its own because workplace is yeah it’s not the same that just logging into that directory.

94
00:12:02.160 –> 00:12:20.610
Sebastien Perusat: There you got the ability to assign profiles to an active directory user, which makes it even more user friendly when it comes to user base configurations, but it doesn’t it isn’t minute of it to use the chat feature for just logging into the active directory.

95
00:12:21.270 –> 00:12:26.610
Andy Whiteside: Is the place feature, the only way to come in through the outside yeah.

96
00:12:27.150 –> 00:12:27.990
Chris Feeney: Without well.

97
00:12:29.100 –> 00:12:37.770
Chris Feeney: If you’re going to use ad login in your often network going through ice, then you would need share workplace in order to do that.

98
00:12:38.610 –> 00:12:49.680
Chris Feeney: because, obviously, if you’re not if you don’t have that setup you’re off the network there’s your devices talking to the domain controller, you have to have the ice, to be able to do that so that’s what the share workplace feature comes into play.

99
00:12:49.950 –> 00:13:01.170
Andy Whiteside: And just so people are confused, we can steal from off the network talk to the citrix front door the vmware front door the Microsoft front door, but if we want to authenticate against active directory we’ve got to use shared workplace through the ice.

100
00:13:01.470 –> 00:13:07.770
Chris Feeney: yeah right, I know I have tested this where i’d use shared workplace I log in off network.

101
00:13:09.030 –> 00:13:14.250
Chris Feeney: And then i’m able to use curb rose to pass through credentials into like a citrix session.

102
00:13:16.110 –> 00:13:27.900
Chris Feeney: been a while, since i’ve tested that but i’m pretty sure that that that workflow right authenticate first and then use those credentials to get into a domain base that’s using the past, you know you’ve got that list coming up here.

103
00:13:28.950 –> 00:13:29.880
Chris Feeney: On this vlog.

104
00:13:31.080 –> 00:13:47.400
Andy Whiteside: Alright So hopefully I haven’t confused people boat today we’re talking about creating an active directory profile profile in new Ms that allows for active directory login of the user that can then be passed along to other things like the citrix workspace APP yeah okay.

105
00:13:47.670 –> 00:13:55.860
Sebastien Perusat: All right, sorry, in the first place even First is the local login which make the device or a bit more secure because you’re not arriving Darren and his desktop.

106
00:13:56.280 –> 00:14:05.220
Sebastien Perusat: But then the next step is obviously yes to get them to have that information into a session like citrix exactly So what we do on.

107
00:14:06.060 –> 00:14:21.000
Sebastien Perusat: A pov or on a customer site as soon as it comes to active directory it’s The easiest way to go into your profile and check that specific configuration, which is under Security active directory.

108
00:14:22.020 –> 00:14:24.840
Sebastien Perusat: that you have a domain name said there and.

109
00:14:25.860 –> 00:14:35.940
Sebastien Perusat: that’s something which is more as mandatory if it’s not propagated on the network, having an address or address list of domain controllers, where the endpoint can speak to.

110
00:14:37.530 –> 00:14:47.490
Sebastien Perusat: One thing I just want to mention because it’s, even if it sounds simple it’s one of the most common causes of issues when it comes to active directory logins.

111
00:14:48.090 –> 00:15:01.500
Sebastien Perusat: Please always check about the time and date on the domain controller on the cms server even if it’s not mandatory, and on the endpoint are more or less in sync so that you don’t have.

112
00:15:02.670 –> 00:15:14.430
Sebastien Perusat: 15 minutes or one hour of delay between all of them, because that can cause issues when it comes to this ticketing of the capitalists information that’s just a mandatory thing.

113
00:15:14.700 –> 00:15:15.090
Andy Whiteside: To say.

114
00:15:15.120 –> 00:15:15.630
Chris Feeney: But yeah.

115
00:15:15.720 –> 00:15:24.360
Andy Whiteside: it’s five minutes on curb rose unless you changed it so it needs to be within five minutes and timezone doesn’t really matter as long as it aligns once you adjust, for the time zone.

116
00:15:26.010 –> 00:15:28.890
Sebastien Perusat: Is timezone not relevant, but you have to stay in sync exactly.

117
00:15:29.520 –> 00:15:39.240
Chris Feeney: yeah I was gonna say, one of the things that when I came to I Joe I I dealt with the world of smart cards, and this was always a key piece.

118
00:15:40.200 –> 00:15:49.080
Chris Feeney: Using NTP setting up if you can do an ad login with that card, and then you know pastor but you had to make sure that that was.

119
00:15:49.530 –> 00:15:55.650
Chris Feeney: correctly, now the other piece of chemo is through to you point to a domain controller a windows domain controllers your time source.

120
00:15:56.280 –> 00:16:06.750
Chris Feeney: I learned years ago don’t do that point actual NTP source, I know other people have done it before and it might work, but I I i’ve seen where that can get.

121
00:16:08.190 –> 00:16:19.800
Chris Feeney: haywire down the road so i’ve i’ve always been coaching them point at an actual NTP source, whether that’s a public NTP or the time, Sir, that you set up on your network or something.

122
00:16:21.030 –> 00:16:21.780
Chris Feeney: Would you concur.

123
00:16:23.610 –> 00:16:31.200
Sebastien Perusat: can even be complicated if you the mcg because if the endpoints of having a current date, especially date.

124
00:16:32.250 –> 00:16:46.860
Sebastien Perusat: The certificate validation process will not be successful, and even if the connection that everything is set up properly the device will not registered, so I mean just common sense when it comes to certificate certificate checks smart cuts definitely to.

125
00:16:48.210 –> 00:16:53.160
Sebastien Perusat: That you need something here, but I just want to mention it because, even if it’s mentioned thousand times.

126
00:16:53.580 –> 00:17:01.680
Sebastien Perusat: So that’s a specific use cases where it wasn’t set up, especially on the enterprise side because it’s a dump the clients are dumb endpoint.

127
00:17:02.190 –> 00:17:20.040
Sebastien Perusat: In that case, definitely NTP terminate matters and that’s something which is let’s say equally important than having a proper DNS working, because as soon as we get into the active directory and also into the domain name resolving.

128
00:17:21.090 –> 00:17:26.280
Sebastien Perusat: A proper said nt sorry NTP DNS is when entering.

129
00:17:27.060 –> 00:17:42.450
Sebastien Perusat: Because even if we said everything in our profiles if the DNS is not working as expected, or if you’re not using the right, so if it’s DNS server which I use for resolving the domain itself, we will fail and then it’s getting a little bit difficult to get the result sorted out.

130
00:17:43.320 –> 00:17:48.210
Chris Feeney: yeah that makes a great point I mean when you’re setting this up, you could certainly punch in an IP address.

131
00:17:49.260 –> 00:17:56.490
Chris Feeney: But it’s an active directory environment use DNS if you don’t have DNS setup right at some point it’s going to probably come back and get you.

132
00:17:57.390 –> 00:18:06.690
Chris Feeney: Could tie into certificates and the friendly names and all the other stuff just you know, make sure your DNS is accurately set up make sure I jill’s.

133
00:18:07.380 –> 00:18:16.020
Chris Feeney: You know, we can resolve that type of thing, but certainly you amass because you mess is is going to have some piece of that where they’re talking to the domain controllers but.

134
00:18:17.460 –> 00:18:18.960
Chris Feeney: Carry on carry on.

135
00:18:19.320 –> 00:18:28.500
Andy Whiteside: Oh comma proposal that is it not true that Okay, we can use DNS, but we should probably point to a load balancer that front ends a set of DNS servers.

136
00:18:31.020 –> 00:18:39.120
Sebastien Perusat: You can I mean if you’re speaking about Jeunesse from robbing request that’s something that we usually do yes.

137
00:18:40.740 –> 00:18:43.290
Sebastien Perusat: That was what she when it comes to an example.

138
00:18:44.250 –> 00:18:54.930
Chris Feeney: yeah i’ve seen that before where it’s like ld s dot domain dot whatever and that resolves to I don’t know, three or four different domain controllers or something.

139
00:18:57.780 –> 00:19:09.660
Andy Whiteside: yeah yeah that’s definitely how we recommend doing it in unless you just really want to keep it simple and load balancing is something that your organization doesn’t have it doesn’t have knowledge of how to manage.

140
00:19:11.100 –> 00:19:17.910
Andy Whiteside: Okay um regarding the the the video that where are we at in terms of the the breakdown, you have here in the in the blog on the video.

141
00:19:18.360 –> 00:19:29.280
Sebastien Perusat: Let me check so from the timeline we are at three dot 40 so three minutes 40 create active directory login profile.

142
00:19:30.030 –> 00:19:46.650
Sebastien Perusat: And, knowing that from memory, so I don’t have a director man in front of me, but just wanting to share that that this is a preparation for having the device, be able to talk to the active directory now we have to set up also the configuration for the.

143
00:19:47.670 –> 00:20:02.040
Sebastien Perusat: Light DM greeter, which is the login masks that we have everything on our end point for passing through any kind of login information to something else, in our case, we want to add that, to the active directory.

144
00:20:02.550 –> 00:20:11.310
Sebastien Perusat: So we have a security log on a specific submenu which is called active directory slash cover us, if I remember right where you have.

145
00:20:11.820 –> 00:20:27.480
Sebastien Perusat: Also, to say to the end day as soon as you boot up don’t start into the desktop but start into the active directory login mask and that’s just a small checkbox that you need to remember and it just log into a domain phone number right.

146
00:20:29.040 –> 00:20:35.760
Sebastien Perusat: All the other stuff that you have there is fine tuning, so you can say that you don’t want to keep the last user name.

147
00:20:36.510 –> 00:20:48.990
Sebastien Perusat: If you want to use a smart card, you can do that too, but mainly that’s enough for login to the active directory, so we might cover an advanced course on active directory login in the near future, but in that case.

148
00:20:49.830 –> 00:20:58.350
Sebastien Perusat: Enough so just assigned a project with the endpoint and the endpoint will restart the graphical user interface, and you should see.

149
00:20:59.460 –> 00:21:21.660
Sebastien Perusat: I don’t know the English English term for that color is, but I would say some green blue corner with our was our local have a user and and username and password fee, and as soon as you have that can usually enter your active directory login details hit enter and you should see the desktop.

150
00:21:22.830 –> 00:21:31.260
Sebastien Perusat: Before having people in the podcasts discussions asking, yes, we can customize a lot of stuff from this window, because I know that.

151
00:21:31.980 –> 00:21:41.250
Sebastien Perusat: Some people would like to have it like on windows, some would like to have their company logo so most of the component that you’ve seen that login mass Yes, our country.

152
00:21:42.210 –> 00:21:53.250
Sebastien Perusat: Not everything from the profile, we had from the registry or by using some custom commands that you can easily find on the agile Community calm and our slack community.

153
00:21:53.790 –> 00:22:03.690
Sebastien Perusat: are also asking you idolize ease or support but that’s that’s an advanced topic, but from the pure login mechanism that’s enough, and then you on the desktop.

154
00:22:04.770 –> 00:22:24.150
Sebastien Perusat: Basically, what you do, then, is starting a session, but in a typical on that in a perfect world, you don’t want to enter again your active directory login Informations you want to pass through what you entered in the login dialog into that client but that’s what we call.

155
00:22:25.290 –> 00:22:39.840
Sebastien Perusat: The session path through feature which is not limited to citrix are would you can use also for adp would you can use also for vmware horizon but, just in case because the question came up quite often from a standard point of view.

156
00:22:41.400 –> 00:22:49.740
Sebastien Perusat: browser and not supported at the moment, so if you have let’s say your storefront or Netscape in a retro session in a standard way.

157
00:22:50.160 –> 00:23:01.380
Sebastien Perusat: we’re not be able to pass through the active directory login information to the web browser session so there you have to use the normal stop Ross feature that we have another citrix storefront configuration.

158
00:23:04.500 –> 00:23:12.870
Sebastien Perusat: On the configuration itself it’s pretty easy you don’t have to think about too much different configuration, we can do there.

159
00:23:13.770 –> 00:23:24.600
Sebastien Perusat: You have you benefit from the session you’re looking at my case, I will just cover the citrix session, you have your citrix session, then you have citrix.

160
00:23:25.200 –> 00:23:35.220
Sebastien Perusat: storefront and then you have your session and under that session, you should find login or log on window and there.

161
00:23:35.670 –> 00:23:42.360
Sebastien Perusat: Is no front lobby and, if I remember right yeah just one checkbox or just partying it’s us path through authentication.

162
00:23:43.290 –> 00:23:59.010
Sebastien Perusat: hit that one don’t enter something as I don’t change or to login or whatever just use patent application save your profile assign it and then, if everything works fine the device should login directly into your citrix.

163
00:24:03.330 –> 00:24:04.680
Sebastien Perusat: Did I miss something Chris or.

164
00:24:05.400 –> 00:24:09.930
Chris Feeney: i’m just going through the setup here that end is kind of scrolling through on the screen.

165
00:24:11.400 –> 00:24:16.650
Andy Whiteside: So guys so so you’re doing the active directory authentication and then you’re going into your.

166
00:24:16.920 –> 00:24:23.130
Andy Whiteside: uc APP of choice at this point citrix and saying, allow the Ad authentication to flow through you.

167
00:24:23.400 –> 00:24:35.220
Andy Whiteside: into whatever the back end system is now so i’m assuming and i’m looking through the video now did you did you create the Ad profile and then go test it and then back back out and then go try that yes, you did it in steps.

168
00:24:35.970 –> 00:24:56.190
Sebastien Perusat: Exactly, so you have at I guess it was a two minute eight something like that we have the password configuration itself and they’re going through the profile that i’m usually deploying to customers citrix I guess i’ve covered NDP and you are rising covered.

169
00:24:57.210 –> 00:25:09.180
Sebastien Perusat: Some other sessions, but I guess I mentioned them and, yes, exactly so as soon as I created that profile assigned it to my end point I re logged in to make this directory.

170
00:25:09.540 –> 00:25:21.780
Sebastien Perusat: And then had my session automatically starting without the need on entering anything other than the standard process of starting a session in an auto start a double click on the desktop.

171
00:25:22.920 –> 00:25:24.300
Andy Whiteside: And then i’m gonna give you kudos.

172
00:25:25.350 –> 00:25:35.070
Andy Whiteside: kind of scrolling through the video now and you actually have just like it is in the blog here, you have the titles broken out, as you just scroll through, I was in there glancing at the screen trying to figure out where you’re.

173
00:25:35.070 –> 00:25:35.250
Andy Whiteside: At.

174
00:25:35.820 –> 00:25:38.010
Andy Whiteside: You actually have it sort of shows up in the slider that’s really.

175
00:25:38.850 –> 00:25:40.230
Chris Feeney: nicely done there so.

176
00:25:40.440 –> 00:25:45.510
Chris Feeney: you’re getting your YouTube skills, really, I mean i’m very impressed sit under your tutelage.

177
00:25:47.970 –> 00:25:59.040
Andy Whiteside: So let’s use the slider so you test your active connection, just like you have in the blog here you configure the session pass through and then anything else to talk about in terms of passing it through and getting.

178
00:25:59.640 –> 00:26:00.390
Andy Whiteside: The results.

179
00:26:00.930 –> 00:26:04.500
Sebastien Perusat: One extreme important information when it comes to citrix.

180
00:26:05.880 –> 00:26:14.730
Sebastien Perusat: You might have a situation where you configure everything like in this tutorial and you will still fake and when I say fail, I mean that the citric session is starting.

181
00:26:15.270 –> 00:26:24.720
Sebastien Perusat: You might have something like an authentic authentication happening, but no Apps on this on the desktop know session is able to be open.

182
00:26:26.040 –> 00:26:36.750
Sebastien Perusat: one small thing to consider another citrus expert at also i’ll just give you what I found in my lap because the domain information that you haven’t a citrix storefront and.

183
00:26:38.070 –> 00:26:46.500
Sebastien Perusat: Separate configuration have to match one on one the configuration of the domain name that you entered in the actual profile.

184
00:26:47.010 –> 00:26:58.230
Sebastien Perusat: means if you have your domain called home depot like it’s Mike in my case and i’m logging into the end on with home depot.net which has the full qualified domain name in my case.

185
00:26:58.860 –> 00:27:14.580
Sebastien Perusat: It will fail, so I have to be exactly the same like in my in my lab so like in my trusted domain this from six configuration it’s not a big deal because it’s usually function, but if you see something like that it’s highly.

186
00:27:16.500 –> 00:27:20.310
Sebastien Perusat: That it’s related to the trusted domain configuration, which has not happened.

187
00:27:20.880 –> 00:27:30.390
Andy Whiteside: and serve as that assuming you’re using net bios name is not not the user principle names, yes, exactly have you just use your producer principal names which we all.

188
00:27:31.020 –> 00:27:41.310
Andy Whiteside: agreed to do like 20 years ago it’ll just pass through that and it will see it and understand what it is, but in most cases, people still use net bios names short names for their usernames right.

189
00:27:42.750 –> 00:27:43.170
Exactly.

190
00:27:44.820 –> 00:27:52.980
Sebastien Perusat: So just a smart in for myself, because I know that I lost a little bit of my ass on some curious at the beginning and I wasn’t even sure where to look at.

191
00:27:54.420 –> 00:28:14.130
Sebastien Perusat: yeah that’s I just met a screenshot of my lab so everything that i’m seeing something like that, under Jim posting that configuration window where i’m referring to, and in 99% of the cases as soon as this configuration is corrected the complete path was education is, what can I expect.

192
00:28:15.180 –> 00:28:17.190
Andy Whiteside: i’m sorry to hear what.

193
00:28:21.420 –> 00:28:22.800
Andy Whiteside: He lost a little bit of your what.

194
00:28:22.890 –> 00:28:23.400
Your first.

195
00:28:25.650 –> 00:28:27.780
Sebastien Perusat: yeah yeah like by the FCC.

196
00:28:27.900 –> 00:28:28.650
Chris Feeney: Very careful.

197
00:28:29.760 –> 00:28:37.140
Andy Whiteside: These things I always have to check a box, whether it’s explicit or not, and I never have had to check that box and now because it says he’s on linkedin.

198
00:28:37.170 –> 00:28:37.860
Sebastien Perusat: So sorry.

199
00:28:39.990 –> 00:28:40.620
Chris Feeney: yeah.

200
00:28:42.120 –> 00:28:45.090
Chris Feeney: Well, we have a lot of fun here we just gotta Be careful boys and girls.

201
00:28:46.560 –> 00:28:48.180
Chris Feeney: No, no, I was gonna ask you.

202
00:28:48.270 –> 00:28:49.200
Andy Whiteside: That one doesn’t count.

203
00:28:49.260 –> 00:28:49.740
Andy Whiteside: i’m sure that.

204
00:28:51.120 –> 00:28:59.010
Chris Feeney: I mean there’s worse things that have been on TV but uh I was gonna ask you do you touch on the domain realm mapping.

205
00:29:00.870 –> 00:29:01.380
Sebastien Perusat: and

206
00:29:01.440 –> 00:29:02.010
Chris Feeney: In the.

207
00:29:02.520 –> 00:29:18.540
Chris Feeney: US yeah it’s honestly i’m trying remember if I ever had to use that in any circumstance and nothing’s coming to mind right now but it’s out there certainly maybe somebody on the Community has had to deal with that, but.

208
00:29:19.740 –> 00:29:22.080
Chris Feeney: anyways lori’s let’s move on.

209
00:29:22.110 –> 00:29:23.250
Sebastien Perusat: No, I didn’t call it, but.

210
00:29:24.840 –> 00:29:33.270
Sebastien Perusat: I must admit that i’m the same page and Q Chris didn’t have to do so much with that, I mean I know it there, and I hope that in the moment we have a customer in front of me.

211
00:29:33.870 –> 00:29:39.480
Sebastien Perusat: With wanting to other feature integrity can speak with them and give him the feelings that I understand what he’s referring to.

212
00:29:40.500 –> 00:29:41.430
Sebastien Perusat: But, to be honest.

213
00:29:43.140 –> 00:29:44.070
Sebastien Perusat: I never had to deal with that.

214
00:29:46.890 –> 00:29:48.450
Sebastien Perusat: that’s The short answer.

215
00:29:49.980 –> 00:29:56.040
Chris Feeney: No problem there’s a lot of what we have 7000 features in your mess i’m sure we’ve only touched on, maybe 200.

216
00:29:56.940 –> 00:29:58.200
Sebastien Perusat: yeah definitely.

217
00:30:00.780 –> 00:30:04.590
Andy Whiteside: I know what we’re going to talk about may sound trivial to people, but the ability to enable a.

218
00:30:05.820 –> 00:30:11.850
Andy Whiteside: password protected via username active directory username and password screen lock.

219
00:30:12.960 –> 00:30:22.920
Andy Whiteside: It does it’s like a necessity, every time you do a project that includes this sub you want to talk through this part of the the video that you created.

220
00:30:22.950 –> 00:30:24.600
Sebastien Perusat: Yes, for sure.

221
00:30:26.370 –> 00:30:27.780
Sebastien Perusat: that’s I would say it’s.

222
00:30:29.040 –> 00:30:36.930
Sebastien Perusat: Especially actually with 11 or six version, one of the main advantages of the active directory login on the end on.

223
00:30:37.950 –> 00:30:52.650
Sebastien Perusat: Let me just cover one thing which is only a playable on citrix if I remember right we already have a feature which is called synchronize citrix passwords that mean that even if you’re not using the active directory login.

224
00:30:53.790 –> 00:31:09.060
Sebastien Perusat: And you just put up into the depths of your stature citrix session you’re leaving your workspace for lunchtime, and you don’t have a specific hotkey pre configured by your actual presets people which lock the endpoint.

225
00:31:09.540 –> 00:31:14.070
Andy Whiteside: Well, hold on says, assuming I use your does that hockey so let’s just assume they don’t.

226
00:31:14.100 –> 00:31:15.240
Sebastien Perusat: Because they don’t exactly.

227
00:31:15.450 –> 00:31:24.720
Sebastien Perusat: Go ahead exactly so you leave your your workspace and, obviously, your session will be there on to the citrix time what will hit.

228
00:31:25.920 –> 00:31:43.860
Sebastien Perusat: But that’s sometimes pretty long can be half an hour an hour sometimes not configured at all, or maybe removed for some reasons and what we do, there is, we synchronize the active directory password that you enter the citrix workspace client with a local screen.

229
00:31:45.420 –> 00:31:53.490
Sebastien Perusat: So even if you’re not using the negative territory you’re still able to have the screensaver from I just starting.

230
00:31:54.570 –> 00:32:00.750
Sebastien Perusat: And having your personal active directory password to unlock the screensaver.

231
00:32:01.170 –> 00:32:04.590
Andy Whiteside: So said you’re actually thinking that or you’re just calling on that.

232
00:32:05.190 –> 00:32:16.530
Sebastien Perusat: Note there it there it’s definitely something but but it’s not related to that topic directly what we’re looking at at the moment because it’s not relate to as the active directory login process.

233
00:32:16.920 –> 00:32:25.740
Sebastien Perusat: i’m just telling you that there is this feature this configuration on the citrix storefront plugin now would you can activate even if you’re not using the active directory level.

234
00:32:26.190 –> 00:32:27.690
Sebastien Perusat: Okay, do you know what is the same.

235
00:32:28.260 –> 00:32:32.700
Sebastien Perusat: Like the active directory login but without having that pre identification.

236
00:32:33.810 –> 00:32:34.770
Sebastien Perusat: mechanism happen.

237
00:32:35.760 –> 00:32:39.090
Andy Whiteside: Okay that’s good to know i’ve been in that situation before I know how to solve that where you.

238
00:32:39.750 –> 00:32:55.290
Andy Whiteside: You need to be able to lock the screen, but you don’t want to give everybody you don’t want to use the same generic local password to unlock it yeah you’re saying it syncs with the Ad password so that I guess it can read your ad password and bring that down local or.

239
00:32:55.320 –> 00:33:02.310
Sebastien Perusat: Yes, modest, I mean, I will not go into detail because it’s it’s a really complex process, but just.

240
00:33:02.910 –> 00:33:09.450
Sebastien Perusat: In a few words we modified a little bit the citrix workspace a plugin mechanism, and then we were able to use.

241
00:33:09.900 –> 00:33:27.750
Sebastien Perusat: Still encrypted and secure your password with the times of need to re enter it somewhere and that’s that is macadam that is doing the synchronize password look like I said it’s only on citrix, just in case on the horizon, on a dp is not there okay.

242
00:33:28.290 –> 00:33:33.390
Andy Whiteside: So that’s a way to get around the the need of needing to lock the screen, so people can you know sneaker net behind you.

243
00:33:34.620 –> 00:33:38.250
Andy Whiteside: You know just browse up behind you when you’re going to the bathroom or lunch or whatever.

244
00:33:39.960 –> 00:33:53.760
Andy Whiteside: But a better, more holistic way of managing the experiences to have you use the your active directory username password and pass that through and then use that to unlock the screen lock, which I think we’re going next.

245
00:33:54.090 –> 00:33:54.750
Sebastien Perusat: yeah exactly.

246
00:33:54.780 –> 00:34:02.880
Chris Feeney: So I was thinking that that’s feature i’m looking at it now it’s under sessions citrix citrix global storefront login synchronized citrix password with screen lock.

247
00:34:04.080 –> 00:34:09.030
Chris Feeney: That would be something you would use if you have not already set up an ad off into Idaho.

248
00:34:10.410 –> 00:34:16.050
Chris Feeney: So there’s typical boot up I tell you get to that I Joe desktop and then you log into citrix from there.

249
00:34:16.680 –> 00:34:26.070
Chris Feeney: But you want to put a screen lock on that’s what that it would be, for we should probably have a session on that at some point so back to this scheduled program keep keep moving along here sorry.

250
00:34:27.660 –> 00:34:30.300
Sebastien Perusat: Thank you very much for for completing that.

251
00:34:32.220 –> 00:34:40.380
Sebastien Perusat: This cleanup password in general, so coming to the active directory topic again we have the ability to use that feature still.

252
00:34:40.980 –> 00:34:49.740
Sebastien Perusat: That Chris just mentioned, with the synchronized password but, in our case we’re just it’s a standard way so as soon as you start your screen.

253
00:34:50.130 –> 00:34:58.620
Sebastien Perusat: It will automatically use the active directory login mechanism so as soon as let’s say five minutes after leaving your your workspace.

254
00:34:59.040 –> 00:35:07.890
Sebastien Perusat: Your screen separate starting, you will have to enter the active directory path that he was in for us using it in the password field, and then you are not your PC.

255
00:35:08.820 –> 00:35:20.940
Sebastien Perusat: But now let’s imagine that you as an administrator needs an access to the desktop so you have let’s say some maintenance that you want to achieve and you need an access to the to the endpoint.

256
00:35:22.320 –> 00:35:34.980
Sebastien Perusat: that’s something that you can configure under user interface screen lock, and they are you have a specific option on the option which is called is clean up password that you can create.

257
00:35:35.610 –> 00:35:42.720
Sebastien Perusat: And this password is obviously, but that is 90 plus two audio endpoints of be extremely careful with the kind of Pennsylvania up there.

258
00:35:43.230 –> 00:35:56.730
Sebastien Perusat: But it would give you as an administrator the ability to unlock the local edge operating platform to do something about it mandatory to have it in SA but it just sometimes the best practice, yes.

259
00:35:56.820 –> 00:36:07.470
Andy Whiteside: So, have you covered something briefly, which was Okay, when you set a screen like policy by default if the users logging in with active directory they’re gonna be able to unlock that screen lock using that what you’re talking about here is.

260
00:36:07.800 –> 00:36:22.800
Andy Whiteside: A workaround in case the administrator of the ideal environment needs to walk up and unlock it because you know somebody locked in and he needs to get in this is that that global local universal back nano coated back door, but override.

261
00:36:23.790 –> 00:36:24.720
Sebastien Perusat: Exactly yes.

262
00:36:24.750 –> 00:36:25.890
Andy Whiteside: Okay, great.

263
00:36:28.500 –> 00:36:47.160
Sebastien Perusat: that’s more or less it on the screen up passwords like I said is still one of the main feature of the active directory again that you want me to use if you’re not on citrix i’m just mentioning our next topic that i’m looking at the list is a local user forum agency.

264
00:36:49.110 –> 00:36:53.940
Sebastien Perusat: I must say that to retest it because I had a couple of issues in.

265
00:36:55.140 –> 00:37:07.830
Sebastien Perusat: Earlier burdens on 10 Oh, I guess, it was until six and then never tried it again on a seven or four, five and six, which you mentioned the following.

266
00:37:09.090 –> 00:37:20.010
Sebastien Perusat: The device booting up into the active directory login mask and you have not 100 devices that you want to manage locally, because you want to check some stuff.

267
00:37:21.570 –> 00:37:30.990
Sebastien Perusat: You would have to log in every time was active directory login which is pretty easy if you are coming from the same company, if your your Internet service he.

268
00:37:31.020 –> 00:37:36.990
Andy Whiteside: said, let me Let me set this up for you real quick isn’t the world of windows right it’s it’s good to use active directory.

269
00:37:37.290 –> 00:37:48.930
Andy Whiteside: group policy manager to push out a local user with a local username and password that your whole team knows that you can systematically change and manage through active directory, but this is kind of the.

270
00:37:49.230 –> 00:37:59.520
Andy Whiteside: The way the workstation workstation admins always have a way to get into a system even maybe if it’s offline or something yeah the good practice not often done but a good practice.

271
00:38:00.120 –> 00:38:06.900
Sebastien Perusat: definitely yes so that’s what we try to cover it in that in the next section.

272
00:38:07.980 –> 00:38:16.380
Sebastien Perusat: let’s imagine the field service know, coming from a company, and you will not give some external workers some active directory login just to look into an endpoint.

273
00:38:17.250 –> 00:38:25.200
Sebastien Perusat: that’s one approach now thought the thought is maybe but 10 other approaches, where you will need to look at user but that’s the first that came to my mind.

274
00:38:26.400 –> 00:38:32.160
Sebastien Perusat: And there we have the ability to use a local user that you can configure in our profile.

275
00:38:32.970 –> 00:38:45.960
Sebastien Perusat: The standard configuration and that’s something that you might expect, as soon as you see the login screen front manager, there is a small other users on the bottom left part of your of just cream.

276
00:38:46.860 –> 00:39:00.510
Sebastien Perusat: My expectation, I have been to click on that enter the user user, which is in case, our local you with a matter of us and enter no password or maybe the password user and I would be able to login.

277
00:39:01.770 –> 00:39:20.520
Sebastien Perusat: It will not function, so you can’t do that that’s the reason why we have a specific feature which is again on the security and again under log on, and again in the same submenu like the active directory, which is called local user.

278
00:39:21.960 –> 00:39:33.930
Sebastien Perusat: And if you remember that we set a specific password it just before and the screen lock feature, you can say hey give the local he was the same password.

279
00:39:34.860 –> 00:39:54.450
Sebastien Perusat: Like the screener password that you created just before on your profile so as soon as we did that just enable this local log on screen lock password for the local user, you will be able to login into the agile rise operating platform, without having to enter an active directory.

280
00:39:55.830 –> 00:40:07.500
Sebastien Perusat: that’s good for emergency reasons can be a great reason for updating, we can do that locally, for your field service, maybe offer local it administrator charity on site.

281
00:40:08.730 –> 00:40:13.860
Andy Whiteside: yeah I love it, I mean one of my first jobs, and it was i’ve run around updating a bunch of workstations one of the time.

282
00:40:14.850 –> 00:40:25.470
Andy Whiteside: And I had a local user ID that I would use and it took me years to realize how this systematically man and system had a local user ID that you know was correct everywhere, I went.

283
00:40:27.270 –> 00:40:31.470
Andy Whiteside: At some point, I worked with a really smart guy and I saw him do it and it all made sense that’s exactly what you’re doing here.

284
00:40:33.390 –> 00:40:39.600
Sebastien Perusat: that’s one of the let’s say 10 or 15 different approach web this configuration makes sense.

285
00:40:39.960 –> 00:40:49.170
Andy Whiteside: But your advice is not to make that password like simple 123 right you want to make it somewhat hard to guess and and and probably change it every so often.

286
00:40:49.920 –> 00:41:10.800
Sebastien Perusat: Absolutely, and even if it’s let’s say not extremely dangerous to have that password leaked, I would even recommend to create a master profile for that matter, profiles, just as a short reminder is the highest priority of proof of that we haven’t yet told us.

287
00:41:12.120 –> 00:41:24.870
Sebastien Perusat: which cannot be overwritten by a standard profile and which cannot be edited by a non administrator your misuse or like I said it’s not mandatory, but my best practice would say hey as soon as it hits a password.

288
00:41:25.980 –> 00:41:37.920
Sebastien Perusat: Remote access, like the shadowing function depending from the customer, where we are speaking to i’m recommending to use the mass of cool feature but that’s another topic, but absolutely yes.

289
00:41:38.220 –> 00:41:39.300
Chris Feeney: I would concur with that.

290
00:41:39.990 –> 00:41:51.990
Chris Feeney: yeah definitely I would concur for a global settings and master profile is a very nice feature, by the way, it is not on, by default, you have to go into a mess and turn on that as well as the template stuff.

291
00:41:53.400 –> 00:42:02.760
Chris Feeney: That you could leverage, so one example, for me the master profile, I have a standard location where I point all my firmware updates to.

292
00:42:04.350 –> 00:42:12.390
Chris Feeney: So that always has that address said it never changes and then, what does change, I have a template where i’m pointing at.

293
00:42:12.960 –> 00:42:20.760
Chris Feeney: different versions of firmware so I just you know, create a new value for that and that plugs into that one little spot on the firmware updates so.

294
00:42:21.330 –> 00:42:30.150
Chris Feeney: You could use master profiles for all kinds of things, but a bit of password or security baseline profile would probably be a great example of use case there.

295
00:42:31.860 –> 00:42:36.390
Sebastien Perusat: To present yes definitely provide for that specific use case.

296
00:42:38.040 –> 00:42:40.920
Andy Whiteside: So said I kind of moved forward a little bit.

297
00:42:42.420 –> 00:42:51.780
Andy Whiteside: And you’re the very end here and you’re actually showing in this video how to understand the legend of what it means for a machine, the list of certain way, and you, Ms.

298
00:42:52.320 –> 00:42:54.900
Andy Whiteside: All this time I never realized this thing was even here and.

299
00:42:55.260 –> 00:43:04.530
Andy Whiteside: And i’ve always just kind of been guessing and too lazy to go look it up and well there, it is the way just to look and see what the different colored screens and icons mean in us.

300
00:43:05.100 –> 00:43:10.680
Sebastien Perusat: And that’s just a small piece of information that we haven’t actually your mess, but, just in case I want to mention it, because.

301
00:43:11.490 –> 00:43:18.660
Sebastien Perusat: Besides the fact that a lot of people are not knowing the differences between the different icons slicing magenta color or the orange for the update.

302
00:43:19.530 –> 00:43:26.010
Sebastien Perusat: You still have the ability, without going to the kb that agile.com website to open the legend locally in the US.

303
00:43:26.430 –> 00:43:37.080
Sebastien Perusat: Justice more features that was introduced, I can’t remember and five or nine or six one I can’t remember when, but if you go to help and two legends that menu.

304
00:43:37.590 –> 00:43:48.540
Sebastien Perusat: You will get accomplished, the east of the icon and what they mean and especially if you look at, if we look at the future we’re talking today about the active directory login.

305
00:43:49.320 –> 00:43:58.380
Sebastien Perusat: You will see inside of you, if your device is let’s say in use by someone that mean that is not in the active directory login mask.

306
00:43:59.520 –> 00:44:07.980
Sebastien Perusat: Or if it isn’t the active active directory login my switch would have to you as an administrator to say hey I need to push an update in lunchtime.

307
00:44:08.460 –> 00:44:15.060
Sebastien Perusat: The user is not logged in on the end point, there was a high probability that he’s not working at the moment, come on just hit update.

308
00:44:15.660 –> 00:44:25.260
Sebastien Perusat: without having to interrupt the engine because he’s not about the working and this small legends really helping a lot of our customers to better understand the state of the endpoint.

309
00:44:26.760 –> 00:44:28.740
Chris Feeney: yeah that’s a great point on that is a.

310
00:44:30.540 –> 00:44:33.690
Chris Feeney: If you haven’t seen it, you should definitely go check it out, because it is.

311
00:44:34.770 –> 00:44:46.950
Chris Feeney: I think it wasn’t really a large fanfare feature, I would say, but it is when you see it and it’s color coded really nice, I mean it really kind of help you fully understand what are those icon colors actually mean.

312
00:44:48.060 –> 00:44:57.090
Chris Feeney: case in point, I never saw the black one right the black one says the device has never been connected how it got to that spot I can’t remember but i’ve seen that before and.

313
00:44:57.780 –> 00:44:58.590
Chris Feeney: i’ve tried.

314
00:45:00.120 –> 00:45:01.740
Sebastien Perusat: Can you give an example, if you like.

315
00:45:01.800 –> 00:45:03.240
Chris Feeney: Sure yeah go ahead, the.

316
00:45:03.300 –> 00:45:13.410
Sebastien Perusat: The easiest way to reproduce, that is, you have an import your csv file, or you create the end on the right click devices new things new endpoint.

317
00:45:14.340 –> 00:45:19.440
Sebastien Perusat: To hit a new device, and as soon as you enter their the MAC address of the device that you might have.

318
00:45:19.950 –> 00:45:32.790
Sebastien Perusat: One month to joining your your mess so without having the need to activate the enabled automatic registration without mechanism for the device will stay black until the moment where it first connect to your mess.

319
00:45:34.920 –> 00:45:45.030
Chris Feeney: So sort of like a pre populating of devices and then they come in and then I can map up and obviously license and from there okay exactly.

320
00:45:46.080 –> 00:45:54.360
Andy Whiteside: Because i’m jump in here and talk about you know I gel the company, the the amount of stuff I learned on every one of these calls just kind of reinforces the idea that this is.

321
00:45:54.840 –> 00:46:05.340
Andy Whiteside: This is, I gels business, this is what I gel does and and when you try to compare it to another product out there, that that you know doesn’t focus on nuance like this.

322
00:46:06.180 –> 00:46:15.030
Andy Whiteside: it’s not even close it’s just you i’m five years into this idol experience of mine and i’m still learning stuff a ton of stuff.

323
00:46:15.390 –> 00:46:21.660
Andy Whiteside: All the time I was, I was a have a machine behind me here this morning that used to be ideal had to convert it to something else for some testing and.

324
00:46:21.900 –> 00:46:28.200
Andy Whiteside: I just don’t get to play in the eye gel I tell us world my team now runs are you, Ms server I you know.

325
00:46:28.920 –> 00:46:40.920
Andy Whiteside: I would love to get in and play with this stuff more it’s just not my job anymore, but always impressed with how I Joe has features that i’m I didn’t know I needed but it’s in here and there, it is right in my face.

326
00:46:42.810 –> 00:46:58.230
Chris Feeney: yeah i’m sitting here, looking at some of these things, and especially as we were going through some of the ad local login kind of setup and i’m like thinking to myself that I run into a customer situation where I said no, and the answer was actually yes, because I just didn’t know.

327
00:46:59.310 –> 00:47:05.040
Andy Whiteside: i’m that’s what i’m saying I i’ve had experiences not past like I don’t think you can do that, and now I found out, you can Am I go I was.

328
00:47:05.340 –> 00:47:07.020
Chris Feeney: Right yeah.

329
00:47:08.580 –> 00:47:08.940
Chris Feeney: well.

330
00:47:10.290 –> 00:47:16.140
Chris Feeney: If you’re not sure I guess the short answer is maybe, let me check okay to get it it’s okay to get back to somebody.

331
00:47:18.000 –> 00:47:18.270
Chris Feeney: But.

332
00:47:20.550 –> 00:47:25.290
Andy Whiteside: Well, I think I don’t know and the next step next step is, let me call SEB and find out.

333
00:47:26.640 –> 00:47:27.900
Chris Feeney: he’s on linkedin let me hit him up.

334
00:47:28.410 –> 00:47:36.960
Andy Whiteside: You guys seem to know all this stuff know where it’s buried, I mean i’ve had great resources that I do still do it man said this constantly shows me something new every every one of these calls.

335
00:47:38.070 –> 00:47:38.850
Sebastien Perusat: Between that.

336
00:47:40.470 –> 00:47:45.960
Andy Whiteside: said, you want to move to North Carolina and come hang out with us i’ll put you to the office, right here, right here.

337
00:47:46.440 –> 00:47:53.160
Sebastien Perusat: And just give you already give you one arm with with linkedin don’t ask for the second time there’s something would happen.

338
00:47:54.270 –> 00:47:55.470
Sebastien Perusat: I kind of promised that again.

339
00:47:56.760 –> 00:47:59.520
Chris Feeney: The weather’s nice here nice a great time even.

340
00:48:01.560 –> 00:48:03.300
Andy Whiteside: Though I won’t ask again for another week.

341
00:48:03.750 –> 00:48:04.770
Sebastien Perusat: that’s right perfect.

342
00:48:04.830 –> 00:48:05.910
Chris Feeney: The crowd is going to be like.

343
00:48:06.000 –> 00:48:09.000
Chris Feeney: That graph is going to show up on this by guess stop trying to take my guy.

344
00:48:09.180 –> 00:48:11.670
Andy Whiteside: When I say take it like I said, having come see you.

345
00:48:12.180 –> 00:48:12.660
that’s right.

346
00:48:13.890 –> 00:48:17.220
Chris Feeney: it’s a relocation right he works for Joe he just happens to be in North.

347
00:48:17.220 –> 00:48:17.820
Chris Feeney: Carolina now.

348
00:48:17.910 –> 00:48:19.110
Chris Feeney: Exactly so.

349
00:48:20.070 –> 00:48:27.630
Andy Whiteside: Alright guys well, I appreciate the time today i’ve got a i’ve got to move on to my other job, which is, I gotta go meet with the Bank and find out how to.

350
00:48:28.170 –> 00:48:38.040
Andy Whiteside: fund more money for my service now practice, so I I go from being kind of the interviewer of awesome technical resources, like you, guys to begging the Bank to give me some more money.

351
00:48:40.470 –> 00:48:42.390
Chris Feeney: i’ll do your thing man do your thing.

352
00:48:43.320 –> 00:48:44.790
Chris Feeney: And look forward to.

353
00:48:45.930 –> 00:48:53.430
Chris Feeney: Another one of these in a couple weeks we added a couple more topics we could probably deeply dive into for next time or future one so.

354
00:48:54.360 –> 00:48:57.900
Andy Whiteside: If you’re out there listening look for an eye gel disrupt somewhere near you.

355
00:48:59.430 –> 00:49:03.390
Sebastien Perusat: Absolutely, yes, this one is Frankfurt in two days, I will be there.

356
00:49:04.830 –> 00:49:05.610
Andy Whiteside: Alright guys.

357
00:49:05.730 –> 00:49:06.750
Chris Feeney: Thanks thanks Andy.

358
00:49:07.020 –> 00:49:09.360
Sebastien Perusat: Thanks settings again have a good week.