Daphne needs to upgrade Bluebeams, apparently Greg installed it. I need to add Bluebeams into Intune for automatic deployment because yeah, it's asking her for an admin username and password to do the upgrade. So I'm downloading the MSI right now, I'm going to upload it to Intune, I'm going to create the Intune package, upload it to Intune, uninstall Bluebeams from her computer, and then deploy it with Intune so it can be managed by Intune, including the updates, and then I'll uninstall on her computer and let it deploy with Intune. I don't know why it's prompting her system admin credentials, my mind is blank right now because this shouldn't be happening, sorry, I need to compose my thoughts for a second.

Yeah, and the update is not even showing up in the Action 1, but I'm just going to do that, add it to Intune, and then let Intune manage it.

All right, I created the Visual C++ redistributable WinTune file and I deployed that. Now I'm going to do the repo.

I've added it into Intune. I'm just going to see if it installs on Daphne's computer now.

Just waiting for the install of Bluebeams to finish.

I'm not sure what's going on and I don't have remote access anymore so I'm just gonna try to install her boobies without anything else.

I tried repackaging the Intune file. I'm going to upload it now and deploy. It's possible maybe it corrupted or something. I'm going to try to do it as a forced install for Daphne just to get her up and working.

Alright, I really have no idea. I created a new Bluebeams Revu Intune file and a whole new app package and I uploaded it and while I was doing that in the apps, um, what the fuck. One has an install pending, one has, I have no idea what is going on but somehow Bluebeams has installed on the other computer, on Daphne's computer. I really have no idea what is, what is going on and it's still showing as a failure in Intune and the other one is showing as a pending install but somehow it's installed on her computer. I have no idea. I need to go eat breakfast and lunch.

So I spent a whole day pretty much dealing with Bluebeam update. So Greg had installed Bluebeam, and because of the way that it was installed, Daphne wasn't able to update it. So I was thinking, okay, well, I'll just add this into our software repository on Microsoft and Intune, because it's going to have to be done at some point. And so I did that, and the Bluebeam OCR ended up working, which I think still didn't install correctly, but it ended up installing, and the Visual Studio dependencies ended up installing. But then Bluebeam Revu wouldn't install, and it kept failing. And coincidentally today, Action One, the other management tool that I use, they had some network issues or whatever they had, and I lost communication with the remote computer. So I had to proceed with doing this in Intune.

I tried to deploy it a number of ways, and in the end now what I've figured out is, first of all, Action 1 is being installed as a line of business app, and all the other apps that I have are Win32 apps, which use Intune Management Extension to install everything. And apparently there's a possibility, because they all use their own instances of InstallShield, and InstallShield can only do one install or uninstall at a time. Line of business would use, if we had two apps that were being installed simultaneously, a line of business and a Win32 app, what would end up happening is that one of the installations might fail on IME, because the install may already be running for the line of business, and the Win32 may be starting up, so there's going to be a lock on the installer. And I believe that's what was happening earlier.

So the solution to that is simple, that I just convert the LOB Action 1 installer into an Intune package as a Win32 app, but there's a second part of it.

So the other thing that I realized is the installation could have failed because of lack of admin privileges. So I assigned Daphne, so you can't assign individual users, but I assigned Daphne into a user security group because that's how I'm setting everything up. I want to have a security group for different departments, so ideally what I would have assigned this application to would have been operations estimating. And so everybody in estimating in the company portal would be able to see this app, but somebody from accounting necessarily wouldn't. And in this specific instance, it doesn't matter, and what the issue was is that, let's say Alex is in accounting and Daphne is in estimating. Daphne is using one computer that's assigned to her, Alex is using another computer. And so if each user was user-based, and each user only had one device, because then it'd be device-based. How do I explain it?

What it is, is that a computer can have more than one user even though the primary user of the computer is assigned, Alex could theoretically log on to Daphne's computer. And so by including Daphne in a group, for example, operations estimating, and letting her have access to that, it would install the application, not system wide, but in the user context, even though you select system context, when I'm setting up the Intune package, and it should be installing under system context. It doesn't, because it's possible that a different user may end up using that machine, so it never uses the administrative privileges. And the reason for that is because if you don't authorize somebody to use an app exclusively, so for example, I don't authorize Alex to use it, but Daphne installed it with admin rights, and he logs in, technically it would still work. And again, not an issue with this specific application, but maybe for more sensitive apps, it could be an issue, and I guess that's why Microsoft does this.

So, the simple solution for that is to enable all the apps for all devices. So don't do individual user targeting, target all the devices and enable the app in the company portal. This goes around that issue, allows the application to use administrative privileges while doing the install, not user contact privileges, and it installs system wide. And again, I believe that this is a bit of a flaw. There is one way that I can work around this, and it's by creating an additional security group for example, estimating computers. And then I can create a dynamic group, and I'd have to create a rule that would take all the primary users, or all the devices, how would it be, it'd be user targeting but for devices. Anyways, I'd have to put a script that would say if the principal user is in, for example, the accounting group, then add the device as well, and then it would add it. Maybe I don't even have to create a new group, I could probably even do that in the existing group, in the existing accounting estimating group, I can create a rule that will include the devices in that group as well, but I think it would be better to have a separate security group just in case.

Anyways, a lot of headache to figure this out, but this is kind of a learning curve, and you know, it's something that a general IT department has to deal with every day. It's like, these are the standard challenges that happen with IT, and it's a pain. And this is why I really don't like Intune. Yeah, anyways, so right now I'm converting the Action 1 into an Intune package. I'm going to create a Win32 app for Action 1, set it as device-wide, all devices required, and then I'm just going to convert the assignments on the other applications and the Visual C distribution to be available to all devices company-wide. And yeah, that's what I'll be doing now.

This is really starting to piss me off, apparently Alex's computer is not part of the MDM and Intune anymore. This is really fucking pissing me off.

Jesus. Now, Carol Ann personally enrolled a device, the TV, under her management. Like, fuck, man. If it's not one thing, it's another.

I'm going to need to look over the enrollment policy, but I thought that I disabled everybody except for administrators from domain joining computers.

Yeah, I just made a big mess. I'm trying to clean it up. I don't know. I'm gonna have to stop soon because my mind's fucking fried.

All right. I'm giving up. Lydia just called, and I vented a little bit about all the issues that I'm having today with everything taking a long time. Apparently, like, when this issue started for me, it was about 1 p.m., I think, or maybe, like, noon or something, like, somewhere around the noon time. Apparently, all of the government was having tech issues as well today. So I don't know what's going on, but all I know is I've been fighting this all day and simple things are not working. I think the Intune app install was my fault, maybe, but I don't even know anymore because if there was issues going around everywhere, then it could have been part of that issue and not even related to me. I don't know what it is anymore. Anyways, I removed the domain join that Carolann did. I'm going to have to block that somehow. I mean, I blocked it in the settings now in Azure, but I want to block it on those computers because those are shared TVs and they shouldn't join the domain, I don't think. I mean, I could eventually down the road join them in a domain, so maybe I'll just set a group policy on them manually that will block it. I don't know, but apparently everybody was having issues, like, everybody at the government, and when they reached out to IT, their IT department said, don't even try to do anything today because nothing is working. So, I don't know if it's an internet thing, a Microsoft thing, but I noticed that even Action 1, which is not part of Microsoft, it's separate, and I specifically did that to have, like, a redundancy, but even Action 1 wasn't working today, and even now it's kind of hit and miss working. I can connect to some computers that are not domain joined, but other ones that are domain joined I wasn't able to connect to, then I finally was able to connect to them, and it started working, then I pulled up one of the Surface tablets that I have here and tried to domain join it, or not domain join it, but connect, and it wouldn't work, and it was right in front of me. I don't know.

So long story short I'm done for today. I'm glad that I didn't do any networking today because if I would have that would have driven me up the wall and it would have been a whole day thing.