No it has not. Validated on Ubuntu 16.04, 18.04, 20.04, 22.04 running CrowdStrike Sensor

Windows Server OSes running CrowdStrike affected too

So I’m a VMware Horizon Customer / Engineer - I have a specific set of VMware Instant Clone VDIs that I created for a bunch of sales managers for the company I work for. They all use the iPad Pro 12.9s and they love them. They still need access to their green screen and spread sheets from a Windows VDI, so that’s what they have.

From what they report the experience is great. Make sure to use a keyboard with it and a Bluetooth mouse with it. Trust me, it’s worth it.

We do: Firefox, Chrome, or Edge. That’s not the problem.

The problem is with Microsofts new driver we can’t allow users to set the default browser in their VMware Instant Clone using SetUserFTA via Dynamic Environment Manager.

We have 80,000 people that work for my company. That’s not going to happen. Now we have 10,000 VMs running a combination of Ubuntu, Red Hat, Debian, and Centos. But our employees choose the OS they want to run on their own work devices whether it be Linux, MacOS, or Windows and no way is everyone is going to Linux, even if that is my own OS of choice. Especially the C-Level and board member types.

We are using Instant Clones. It’s a non-persistent Virtual Desktop.

We want to give our users the choice and then be able to persist those choices. Not force them to use just one option with a GPO that defines what they have to use.

SetUserFTA and Dynamic Environment Manager allowed it until the last Windows CU came along…

This is horrible. I run several different environments of VMware Instant Clone VDIs and use the SetUserFTA to help a users default browser and other file extension defaults to persist for a user from session to session on a non-persistent VDI. Now it’s broken.

Thanks a lot Microsoft. 😤

Talk less and listen more.

Realize that there is always someone that knows more than you do about any subject. Be humble knowing that you can always learn more.

Tempting to short the stock and say $&@# you Spez!

Glad I could help! 😃

Ok, I grabbed a few screen shots for you as well. Here is a site that will link you to MEBx setup that enables AMT: http://h10032.www1.hp.com/ctg/Manual/c03883429

When power on your ProDesk G3, you can access the MEBx setup by pressing Ctrl+P or they also say F6 or Escape will get you there. Intel AMT runs on a different IP address than what your OS gets. You can assign DHCP or a static IP address and setup your admin password. You can then access the portal from http://ipaddress:16992 There should be a method of access what would show on the screen through a KVM like access but I use MeshCentral for that so I couldn’t tell you how to do it without.

Hopefully, that gives you a start. Feel free to reach back out if you have any questions. Thank you!

I’m not in front of my computer atm, but I think I have something that can help you out. I have a 3-node Lenovo Thin client cluster that I manage their KVMs using the Intel vPro. I even went a step further using MeshCentral running on a VM to centralize my KVM access since I have 3 of them, but that’s another story.

Anyway, I’ll see if I can grab you some URLs in the morning if someone else doesn’t beat me to it or you find it on your own running google queries.

2024 - Mexicans at the border (you know it’s already happening)

3-Node ESXi cluster with 10 Debian VMs, 3 Windows VMs, and one FreeBSD VM

I couldn’t see it the wrong way at all until I really stared at it. Then once I saw it, I couldn’t unsee it. lol

deleted by creator

deleted by creator

They call it a tcpdump but Wireshark analyzes all network traffic. You can use the udp.port == 51820

Do you have a laptop? Probably more tools and easier to test from there.

Meant to say if you still get stuck, run Wireshark on your FW and your VPS and run a tcp dump and filter the traffic to see where the data stops.

You can also use traceroute to your public IP on the port 51820 and check your connectivity or even curl: -v http:////publicip:51820

Did you setup a NAT on the firewall? You have to setup a static NAT on the interface that your Public IP sits on and to the private IP address of your VPS (you are using a private network space from one of the other interfaces on your FW right?).

Make sure that the policy that you create with the NAT includes UDP 51820 (unless you changed the default port) People often mistake using TCP which is a different protocol. If that doesn’t work, then look at the traffic on your FW