The scenario: you have computers that are only bound to AzureAD and you need to deploy a customized version TeamViewer to those computers. Me too! Here’s what I did.
On the left hand side of the screen, choose Design & Deploy
You’ll see two tabs: Custom Modules and Policies.
The Policies tab has the custom settings used by the client (such as whitelisting, auto-starting, and auto-adding to groups).
Each custom module can only use one “Policy,” but each policy can have all possible settings. If you need to create a new policy, use the “Add policy” button at the top of the screen.
To change a policy, click the edit button next to the one of the policies. (The “enforce” checkbox for each setting prevents the end-user from being able to change that setting). These policies are checked by the client during installation.
Once the policy is setup, go to the Custom Modules tab. Create a new module with the Add Custom Module button or click the edit button on a existing module.
Customize the look of the TeamViewer app however you’d like.
Make sure the TeamViewer policy selected is the correct one from the Policies tab and you’ve selected the group you would like the devices added to under the “Automatically add computers to a group in your Computers list.”
Copy the API token and the Configuration ID. You will need these when creating the app in Intune.
Click the “Download MSI” link as well. Without any options, this MSI will just do a basic TeamViewer Host installation. Only when passed your configuration ID and API token during installation will it give you the customized client and add itself to your TeamViewer groups.
Package the Installer
The MSI file will come in a zip file; unzip it. Inside you will find two more folders: Full and Host. Go into the Host folder and copy the TeamViewer_host.msi file into another folder. I named mine “teamviewer-host”. Make sure there is nothing else in that folder.
Under Detection Rules choose “Manually configure detection rules”
Click + Add
Choose MSI for rule type. Intune will automatically enter the correct MSI Product code. Keep “MSI Product version check” as “no” so that the app won’t re-install if upgrades are done on the client side.
No Dependencies are needed.
Finally, assign it to whatever device groups you need. Devices in those groups will automatically download the TeamViewer Host app as well as place an icon called TeamViewer on the desktop.
That’s it! Your custom TeamViewer host should install on the selected devices and be ready for remote management.
I recently needed to track down who had recently used a device bound to AzureAD. We don’t tend to make use of the Primary User field, since our devices tend to be handed out in bulk to large groups of people at once, rather than one-at-a-time. This meant I had to track down who was using which device in a more roundabout method.
To accomplish this, you’ll need to use both Microsoft Graph and Microsoft Endpoint Manager.
Lookup the Device ID
First you’ll need Azure’s device ID for the computer.
Make sure to sign into graph, or you’ll only see the sample data.
Query type: GET
Version: beta
URL: https://graph.microsoft.com/beta/deviceManagement/managedDevices/[device ID here]
Click Run Query
You’ll only see the first several lines, which probably won’t show the logged on users.
Click the Expand button
Scroll down to where it says usersLoggedOn then select and copy the ID inside of the quotes.
Go back to Endpoint Manager
Click Users on the left.
Paste the user ID into the search field. This should tell you the name of the user who logged into that device. If there were multiple people recently signed in, they’ll all be in the usersLoggedOn array.
I’m going to show you how to fix a problem that’s driven me crazy literally for years. If you’re using KRDC to remotely access a computer with VNC, the Scale button, by default, does nothing. It’s actually a super easy and kind of silly fix. If you prefer video, see my YouTube video on this embedded at the bottom.
If you click the Scale button nothing happens
If you look at the KRDC config file you can see that scaling defaults to 100.
~/.config/krdcrc
For some reason, this causes the scaling button to do nothing. To fix this, you could hand edit the krdc config file every time you have a new connection, or, you can just add the Scaling Factor action to the toolbar.
Go Settings then Configure Toolbars
Scroll down and select Scaling Factor Click the right arrow to add it to the toolbar Click the up arrow to put it next to Scale Click OK
If you click Scale, still nothing happens. Turn Scale on and then drag the slider and scaling will start working!
Turn on Scale and adjust the slider
At this point you won’t have to drag the slider anymore. Once scale is off of its default value, the scale button works as expected. Simply do this for every new VNC client you connect to.
When I add Android support for Unity on Linux as an additional module in Unity Hub, I find that Unity is unable to the SDK.
The problem appears to be that Unity does not set the binaries included as executable after extracting. I believe this may be fixed on newer versions of the Editor, but this is an issue for me on 2020.3.28f1.
The simple fix is to make all files in the AndroidPlayer executable. If Unity is open, close it.
Open Konsole or another terminal app.
cd ~/Unity/Hub/Editor/[Unity version]/Editor/Data/PlaybackEngines/AndroidPlayer
find . -type f -exec chmod +x {} \;
When you re-launch Unity, it should have no problem using the Android SDK.
One of my favorite things about running KDE’s own distro, KDE Neon, is how it defaults to using the KDE file UI in Firefox. I’m not sure why Kubuntu and Fedora KDE don’t know this, but it’s easy enough to configure.
Installation
The magic behind this is Firefox’s ability to use an XDG desktop portal. You probably already have the KDE XDG desktop portal installed, but if not, simply run:
Fedora
sudo dnf -y install xdg-desktop-portal-kde
Kubuntu
sudo apt install xdg-desktop-portal-kde
Configuring Your Shell
Next, we tell GTK apps, like Firefox, to use the KDE file dialogs if they’re able. We do that by setting in a variable in either our ZSH or BASH configuration (whichever your default shell is).
ZSH
echo export GTK_USE_PORTAL=1 >> .zprofile
BASH
echo export GTK_USE_PORTAL=1 >> .profile
Now just log out and back in and you get should native KDE file dialogs when saving or opening files with Firefox!
One of the reasons I switched to Fedora recently was it’s support for Flatpaks. Sure they’ll work anywhere, but having them be such a big part of Fedora (check out Fedora Kinoite) really intrigued me. I love the idea of having the same version of apps across distros that’s also the latest (or nearly) version of the app.
I also like when every app looks like it’s part of the same ecosystem. The KDE and Gnome devs have done an awesome job of that by making themes that work in both GTK and Qt (KDE) apps. Unfortunately, Flatpak apps using GTK on KDE don’t automatically use the theme you’ve set in System Settings.
To fix that, I’ll show you how you can use the Flatseal app to set the GTK them for Flatpak apps. You can do this through the shell for individual apps and universally, but I prefer this way to give myself flexibility.
I’m assuming you’re using Breeze or Breeze-Dark here. Otherwise, substitute with the theme you are using. If the theme you are using is not in flathub, you might need to choose one that is.
I’m a serial distro jumper. I have been as far back as I can remember. I’d been on Kubuntu for quite a while, happy as can be, which obviously made me bored. With all the hype surrounding Fedora 35, I thought I’d give it a whirl! In a sense, it’s “coming home” for me: I started out on Mandrake way back in the late 90s followed by RedHat and Fedora Core for quite some time. So far, I’m loving Fedora! Here’s some quick tips and tricks I used to make Fedora my own.
ZFS Encrypted Home Directory
I love ZFS and disto-hopping, so using ZFS on a separate drive as my home directory was a no brainer! Here’s my guide on how you can set this up on Fedora or Ubuntu/Kubuntu.
RPM Fusion is where many of the apps and utilities you’ll want to use, but Fedora can’t/won’t distribute, live. Amongst these are the NVIDIA propriety drivers, HEIF support, etc.
RPMFusion is more or less “official” and is often referenced in the Fedora documentation. You can fairly safely add this repository without fear of configuration explosions or security risks.
One of the great things about Fedora is it’s becoming built around the idea of having all of your apps installed as Flatpaks. This increases system security, ensures you always have the latest versions of apps, and make it easy to always run the same version of apps across multiple distros. This is really handy if you’re sharing files across distros.
While Fedora hosts many Flatpacked (I think that’s a verb) apps on their infrastructure, I prefer Flathub which tends to be a bit more up-to-date, has more apps, and is available on pretty much every distro available.
Gwenview is KDE’s default image viewer. It’s a great application, but it’s missing HEIF image support out-of-the-box. If you have an iPhone, this probably the format all of your photos are stored in. Luckily, adding HEIF support fore Gwenview is very simple in Fedora!
For reasons I still can’t suss out (and I had these same issues with Kubuntu and Thunderbird installed from apt), I always end up with 24 hour dates in the mail list. Now, arguments over the best format aside, I’d really just like to see them as eg: 2:15 PM.
To fix this, 1st open Thunderbird then go to Preferences. Scroll to the bottom and click “Config Editor.”
Type in: intl.date_time.pattern_override.time_short Click the “+” symbol to add a new config and choose “string” Set it to: h:mm a
If you using Unity3D, you may find you have issues with Visual Studio Code, Omnisharp, and the version of mono that comes with Fedora. Here’s my quick fix:
I tend to hop from Linux distro to Linux distro. One of the things that makes doing so much easier is keeping my home folder on a separate disk. That way I can re-install distributions to my heart’s content without fear of losing my files and settings.
I’m also a big fan of ZFS (ZFS on Ubuntu Server). That means jumping through a few extra hoops to setup ZFS on a separate drive as well as re-importing the zpool every time I swap distributions, but I find it’s well worth it. Here’s a handy guide on how to do just that! I’ll be showing the steps for Fedora and Kubuntu, but they should generally apply to other distros as well.
Disclaimer: I’ve not a ZFS expert, but these steps have worked very well for me on multiple systems. YMMV.
One quick note: ZFS works best with plenty of RAM (it will use everything available to keep data cached). If you are on a RAM-limited system, you can do something similar with encrypted XFS or EXT4.
Pre-Step: Setup Encrypted Home Drive
I’ll be configuring ZFS to use an encryption key stored on the root drive. This is only secure if the root drive is also encrypted. Make sure when you install Linux you tell the installer to use drive encryption.
It will look like this in Fedora:
Encrypted root drive in Fedora
And like this in Ubuntu:
Encrypted root drive in Kubuntu
You’ll be asked to set a password that’s used to encrypt your root drive. You cannot change this password and you’ll be asked to enter this password every time you boot your computer, so make sure you do not forget it!
Don’t worry about configuring your 2nd drive with your home folder during the installation. I find it’s much easier to have the distribution do it’s typical install, then go back and mount your new /home. Just make sure that you create yourself as an administrator or have a root password set.
Once you’ve installed your new distro, reboot into it, but don’t log in. Your computer will get grumpy if you’re logged into a desktop environment while swapping out your home directory.
Press Control-Alt-F3 to get to a terminal window then log in as yourself if you made your account an administrator, or ‘root’ if you did not.
ZFS Installation
Fedora
Make sure Fedora up-to-date
sudo dnf -y update
If there are any updates, reboot (sudo reboot), press Control-Alt-F3, and log back in.
If you already have created a home drive and are re-attaching after re-installing Linux, skip to Importing an Existing Home Drive.
To make things easier, I’ll be running all of the commands as root by first running:
sudo -s
Create an encryption key that will be used to encrypt and decrypt your home drive. Make sure this is only stored on an encrypted root drive and that you have backed up this key somewhere safe. If you lose this key you will lose all access to your drive. You’ve been warned 😉
Next you’ll need to find out the name of your drive. Since easy names (e.g. sda, sdb) can change, we want to set it up by something that will not change. I’ll be using the device’s physical location.
Let’s make sure we know which drive has Linux installed on it, and which is going to be used for our home drive, by runing:
lsblk
This will list all of your drives (also called block devices), any partitions on them, and where those partitions are mounted. My output (on a virtual machine) looks like the following. On real hardware, your devices will probably be called sda and sdb (if they’re SATA), or nvme0n1 and nvme1n1 (if they’re nvme):
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS sr0 11:0 1 2G 0 rom zram0 251:0 0 5.8G 0 disk [SWAP] vda 252:0 0 64G 0 disk ├─vda1 252:1 0 1G 0 part /boot └─vda2 252:2 0 63G 0 part └─luks-a954d91b-fda3-4c22-90a6-2b35554129b1 253:0 0 63G 0 crypt /home / vdb 252:16 0 128G 0 disk
I can see here that my disk with Linux installed on it is called vda, since it has multiple partitions (vda1 and vda2) that are all mounted (as /boot and /). The disk with nothing installed on it is vdb. Therefore, I’ll need to check the physical location of vdb. Please comment below if you’re having trouble figuring out which drive is which and I’ll try to give you a hand!
To list all disks by their location, run:
ls -lh /dev/disk/by-path/
The result will look something like this:
total 0
lrwxrwxrwx. 1 root root 9 Jan 28 09:42 pci-0000:00:1f.2-ata-1 -> ../../sr0
lrwxrwxrwx. 1 root root 9 Jan 28 09:42 pci-0000:00:1f.2-ata-1.0 -> ../../sr0
lrwxrwxrwx. 1 root root 9 Jan 28 09:42 pci-0000:07:00.0 -> ../../vda
lrwxrwxrwx. 1 root root 10 Jan 28 09:42 pci-0000:07:00.0-part1 -> ../../vda1
lrwxrwxrwx. 1 root root 10 Jan 28 09:42 pci-0000:07:00.0-part2 -> ../../vda2
lrwxrwxrwx. 1 root root 9 Jan 28 09:42 pci-0000:08:00.0 -> ../../vdb
This tells me that the path I’ll be using is /dev/disk/by-path/pci-0000:08:00.0, since that’s the one that’s being called vdb (see the end of the last line).
We’re finally ready to create our ZFS filesystem! First we create a zpool that encompasses all of the drives we’ll be using (we’ll just be using one, but ZFS can be mirrored or RAIDed in more advanced setups).
Here’s what some of those options mean: ashift=12 : This specifies the drive’s block size. From what I’ve cobbled together, use the number 12 for most use cases unless it’s a Samsung NVME or you know your drive uses 8K clusters. In that case, use 13. homepool: this is the name we’ve given to the zpool. You can use something else if you’d prefer. compression=lz4: This compresses all data, increases the performance of ZFS, and essentially costs no additional CPU resources. More information here: https://www.servethehome.com/the-case-for-using-zfs-compression/ encyption=aes-256-gcm: Use AES 256 GCM encryption which is both highly secure and hardware accelerated
Now, let’s check out that brand new zpool!
zpool status
You should see something like this:
pool: homepool
state: ONLINE
config:
NAME STATE READ WRITE CKSUM
homepool ONLINE 0 0 0
pci-0000:08:00.0 ONLINE 0 0 0
errors: No known data errors
A zpool is a container for filesystems. Now that we’ve got one, we can create a filesystem where our home drive will live. In all of the steps below, replace [user] with your username.
zfs create homepool/[user]
To see information on this new filesystem, you can run:
zfs list
Now, let’s replace our old home drive (that was created when Linux was installed) with the filesystem on our second drive:
cd /home
mv /home/[user] /home/[user].bak
mkdir /home/[user]/
zfs set mountpoint=/home/[user] homepool/[user]
zfs set mountpoint=none homepool
chmod --reference=/home/[user].bak /home/[user]
mv /home/[user].bak/* /home/[user]/
mv /home/[user].bak/.* /home/[user]/
rmdir /home/[user].bak
chown -R [user]:[user] /home/[user]
#For Fedora and other distros with selinux, run the next line too:
restorecon -vR /home
Linux doesn’t yet load keys for encrypted zfs mounts automatically. You’ll need to create a simple service to automatically load zfs encryption keys on boot. Like most good things, this is from the Arch Linux wiki: https://wiki.archlinux.org/title/ZFS#Unlock_at_boot_time:_systemd You MUST do this before you reboot or you will not be able to log in graphically. If you forget, press Control-Alt-F3 and log into the console.
nano /etc/systemd/system/zfs-load-key.service
Type in the following (if you’re uncomfortable typing by hand, you should be able to switch to the graphical login (Fedora: Control-Alt-F2, *buntu Control-Alt-F1) and copy paste).
Next, tell Linux to start the new service every time it boots:
systemctl enable zfs-load-key
Finally, reboot and log in normally to make sure everything works as anticipated:
reboot
Now you should have a fully functioning install with encrypted ZFS home directory! Remember to backup /etc/home.key somewhere secure that *isn’t* in your home directory, since you’ll need to copy this key back any time you re-install Linux. I’d recommend an encrypted USB key.
If you have multiple users, you can follow those same steps to create a zfs filesystem for each of them in zpool you created.
Steam
If you use Steam and want to keep your game installations separate so they don’t get backed up with zfs snapshots, you can create a separate filesystem for it.
Only follow these steps if you’ve re-installed Linux. They aren’t necessary if you just created a new zpool above.
After you’ve re-installed Linux, make sure you complete ZFS Installation above. Once those are done, you can proceed from here.
If you are not the root user yet, run:
sudo -s
Next, you’ll need to copy your backed up key to /etc/home.key
If it’s stored on an encrypted flash drive, it may be easiest to log in graphically, restore the file, then log out and return the console with Control-Alt-F3.
Once it’s restored, make sure it still has the correct permissions
pool: homepool
id: 16378698673868876678
state: ONLINE
action: The pool can be imported using its name or numeric identifier.
config:
homepool ONLINE
pci-0000:08:00.0 ONLINE
You can now import it by name and mount the zfs filesystems:
zpool import homepool
Before the filesystems can be mounted, we’ll need to create and enable the ZFS key loading service.
Next, tell Linux to start the new service every time it boots, and start it now:
systemctl enable --now zfs-load-key
Finally, we can mount all of the zfs filesystems:
zfs mount -a
You can confirm they are mounted by typing:
mount
The last line of the output should be something similar to:
homepool/adam on /home/adam type zfs (rw,noatime,seclabel,xattr,posixacl)
If you’re on Fedora, be sure to run the following to make selinux happy:
restorecon -vR /home
Reboot and log in. Since all of your personal settings are saved to your home drive, everything should be exactly how you left it!
Memory Usage
If you find ZFS is using too much memory (apps keep crashing), you can adjust how much RAM ZFS uses for its cache (how much of your drive it keeps in memory for quick access).
To test different settings, set the maximum arch size in bytes and then clear the cache. This setting is temporary, so if you run intro trouble, just reboot.
I recently switched from Ubuntu to Fedora and realized that Omnisharp in VS Code for Unity3D projects was not working correctly, even with Use Global Mono set to Always.
The fix ended up being simple: even though they are the same version, install Mono from the mono project’s repository, not Fedora’s.
Then, open VS Code and go to settings. To make this change for all projects, click User. To change for just this project (which I’d recommend) click Workspace. This will allow you to do your regular .Net development using the built-in mono (and eventually .Net Core).
AutoDesk’s AutoCAD is the next piece of software I’m deploying via Intune that was clearly never designed to be. It took a few tries, but I believe I’ve got the process down. I hope this makes your life much easier!
The directions here are for AutoCAD, but they should apply to any of the AutoDesk products (Architect, etc.).
There’s 4 levels of installer we’ll be dealing with. 1) The installer you download AutoDesk’s website. This is just a self-extracting, compressed version of the actual installer. I’ll call this “the downloaded installer.” 2) The actual installation files that get extracted. I’ll call this “the extracted installer.” 3) The installation package you’ll create from the extracted installer. I’ll call this the “installation package.” 4) The intunewin file you’ll generate that actually gets uploaded to Intune.
Run the downloaded installer to extract the installation files.
Go to the extracted installer folder and run setup.exe .
Choose “Create Deployment.”
The AutoCAD 2019 Installer
Give your deployment a name without any spaces. This name will automatically be used to create the installation .ini file that will contain the setup information such as your serial key. You’ll need to know this name later.
You can only create a deployment to a network share. Since we’re using Intune, this isn’t relevant, so we’ll pick the hidden C: drive share to specify your local computer. Choose \\localhost\c$\users\[your username]\Desktop\autocad .
Disable the “Create a network log file” since this won’t be running off your LAN.
The AutoCAD 2019 Installation Packager Creator
Choose which components you’d like to install. If your users are not administrators on their machines, I’d recommend disabling AutoDesk Desktop since they won’t be able to use any of its functionality.
If you’re using a license key and serial, enter it.
Open Windows Terminal or PowerShell. Change directory into the directory just above the autocad folder you create for the network installation.
For me that’s:
cd ~/Desktop
Tell the Intune prep tool to create a package from the autocad directory, use the Setup.exe located in the img folder, and save the package to your current directory:
(you can double check the name of your ini file by looking in the autocad\img folder)
For the uninstaller, this is a bit of a kludge since it only uninstalls the main component, not the rest. For me, this is sufficient. You can customize yours by checking out all of the options in the autocad\sms_sccm scripts\[deployment name]_Uninstall.txt file.
Under Detection Rules choose “Manually configure detection rules”
Click + Add
Choose MSI for rule type and enter the product code for AutoCAD 2019: {28B89EEF-2001-0409-2102-CF3F3A09B77D}
No Dependencies are needed.
Finally, assign it to whatever device groups you need. Devices in those groups will automatically download and install AutoCAD 2019. Alternatively, you can assign it to user groups and those users can install AutoCAD from the Company Portal app.
