How to share port 443 and other with IIS

2019-08-122019-08-12 / Camille Debay / Leave a comment

By default IIS bind on 0.0.0.0 (IPv4) and :: (IPv6), this is because IIS do Socket Pooling.

To force IIS on a specific IP address, you need specify an IP address to listen on with netsh to modify http.sys which IIS rely on.

IPv4

netsh http add iplisten ipaddress=x.x.x.x

IPv6

netsh http add iplisten ipaddress=::x

Result

netstat -nao | findstr :443

  TCP    X.x.X.1:443         0.0.0.0:0              LISTENING       3956
  TCP    X.x.X.2:443         0.0.0.0:0              LISTENING       4

Optional Feature CSP

2019-07-172019-08-12 / Camille Debay / Leave a comment

One of the common things with Windows is to activate or deactivate while provisioning a machine are Features.
Good for us there is a CSP available since Windows 1903 to manage those.

Continue reading →

Install Workspace ONE UEM SCIM Adapter on Photon OS

2019-06-112019-08-12 / Camille Debay / Leave a comment

Joe Rainone & Matt Williams have created an awesome piece of work called Workspace ONE SCIM Adapter, it has been released as a fling, read more about here: https://blog.virtualprivateer.com/2019/06/08/ws1-uem-scim-adapter/
In a nutshell, it provides capability to do SCIM provisioning into Workspace ONE UEM.
This blog post is about installing this component on VMware Photon OS, it is meant to be educational so no script here :).

Continue reading →

Deep Dive – ADMX Ingestion on Windows 10

2019-05-222019-08-12 / Camille Debay / 2 Comments

As I have solved the issue on ingesting the Office16.admx, I thought I would review the whole ingestion process to help understand how it works under the hood and how to manage it.

Since Windows 10 1703, ADMX can be ingested and processed by the MDM layer via the policy CSP with the URI

./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/

For this article, I will use ADMX files that I have created for each situation. The name of the example application is CamilleApp and published by DebayCorp company.

Continue reading →

MDM, EAS Profile and ActiveSync Policies

2019-04-292019-08-12 / Camille Debay / Leave a comment

Back in the past to secure mobile devices, ActiveSync allow to apply some policies around passcode and other security settings.

While we can deploy EAS profile on the Windows Mail client, it will behave the same way as an EAS client even if the profile is installed by a MDM server.

Continue reading →

Mobile SSO iOS and Bundle ID: the Wildcard option

2019-04-052019-08-12 / Camille Debay / Leave a comment

When we configure Mobile SSO on iOS with VMware Identity Manager, the documentation indicate that, you have to list the applications bundle IDs that will do Mobile SSO, however sometime it can be cumbersome to every single one of them.

Continue reading →

Application installation in Workspace ONE UEM, do you need admin rights ?

2019-04-032019-08-12 / Camille Debay / Leave a comment

One of the thing that come back often is: do I need admin rights or not ?!. While most of the people will think that this question can only be asked for a user context, it is not true and this apply to device context too.

Continue reading →