Posts made by crustachio

• SHI (consistently good pricing and very responsive rep, easiest MS licensing procurement experience I've encountered)
• SCW (Southern Computer Warehouse -- a small company but they offer excellent service and pricing, I like giving business to them whenever I can)
• CDW (past reps were outstanding and provided years of good service; current rep single-handedly lost all our business)

Sad to say parts and accessories often come from Amazon. We are also getting a fair amount of stuff from B&H Photo Video nowadays. Finally we have MicroCenter locally and often use them for emergency parts or the occasional smokin' deals on desktops/laptops, displays, TVs, and the like.

@scottalanmiller said in Weird Network Errors on SIP Trunks, FreePBX:

@crustachio said in Weird Network Errors on SIP Trunks, FreePBX:

Sounds like you don't have enough outbound bandwidth

We've got a Gig.

I was being Curtis.

Sounds like you don't have enough outbound bandwidth

Clonezilla (free & open source) has always worked well for me and sounds perfect for what you're trying to do. Going from smaller to larger disks is not a problem. If you can mount the target disk directly in the host or even via USB you can directly clone it from the source on the fly, or else you can clone the source HDD to a network share and then back to the SSD when ready.

For more managed deployments, SmartDeploy is an amazing tool, but kind of overkill for what you need (driver injection, etc).

@scottalanmiller

So the other two-thirds did?

Since pfSense has been covered well enough already:

Looking at the bullet points in your decision criteria, I can say that FortiGate checks all of those boxes. It is very simple to set up, and more than capable of all your needs. I find that it just makes sense more than say a SonicWall, which I would stay far away from personally. The FortiGate web UI is mostly logical, and there'e a robust CLI behind it when necessary. It's pretty affordable, support is decent, and the performance and features are pretty good IMO.

You don't want them sharing a single login account -- think about auditing, credential management, etc. IMO a domain level group with local admin permissions is the way to go:

• Create a Workstation Admins group in AD and apply it to all domain PCs (not servers) using Group Policy
  • Edit the policy's Computer Configuration to add the Administrators (Built In) permission to this group
• Add your privileged users who need local admin rights to that group, as well as any other group(s) necessary for secured remote access.
  • If their access privileges change in the future you can easily remove them from the Workstation Admins group without needing to touch each PC's Local Users & Groups configuration.
  • You could optionally create multiple Workstation Admin groups for different departments (WksAdmin_Sales, WksAdmin_HR) and apply them to the appropriate sub-OUs, so you don't give carte blanche access to all domain PCs for all privileged users.

Details on this setup: Manage Workstations Without Domain Admin Rights

As for the bigger picture question about least privileged account best practices, consider reviewing Microsoft's current best practices, called tiered administration.

In depth MS blog on the topic: Securing Privileged Access for the AD Admin – Part 1

Zoho Calendar is free and quite robust. Maybe overkill though.

Not self-hosted, but look at (1) Teamwork and (2) MeisterTask.

Thanks for the tip. I'm a WinDirStat junkie but I'll give this a spin. Although I would really miss just being able to type <Win+R> iexplore ninite.com/windirstat and 20 seconds later having it installed and ready to go

Enable the Hyper-V role, install another instance of Windows Server and setup WSUS there :smiling_face_with_halo:

@dustinb3403 Try stopping it

What is the status of the actual Windows Firewall service?

@dashrender said in Moving Away From LAN-Centric Security:

/sigh, this says it's to expensive for me!

We were quoted $30/seat for 300 seats, plus $6/seat for 1-year maintenance. We ended up buying it for less than that after "negotiations".

@wrx7m said in Moving Away From LAN-Centric Security:

What else should I be considering to secure and manage an ever-increasing distributed workforce?

Look into products like BeyondTrust PowerBroker, which is basically an endpoint privilege manager. It allows you to exercise really fine-grained policy based controls over endpoints. Think Group Policy on steroids (in fact, its UI is a GP snap-in clone). You can allow users to self-escalate for specific admin tasks like installing or updating whitelisted software, as an example, while preventing any other task from running. And all kinds of other stuff like controlling peripherals, executing tasks based on policy conditions (AV & Windows Updates, etc), performing file integrity monitoring, etc... It lets you do some pretty slick stuff at a very low permissions-based level to shut down malware before it can even start, and severely restrict what any executing malware can actually achieve. Plus there's all kinds of session monitoring, auto screencapping, behavior analysis, auditing, and so on. You can do a LOT with this tool, if you are comfortable with policy based control.

They have a companion product called Retina which is basically a vulnerability manager & network scanner that integrates tightly with it, but PowerBroker is what has the real teeth for endpoint security.

@gjacobse said in Android Apps:

If you have an Android device, what other suggestions of apps / tools / etc can you suggest.

Do you have any kind of system monitoring tool in place? PRTG has a spiffy Android app. I created a custom dashboard optimized for the display resolution of an old Android tablet and it makes a dandy little portable dashboard. Lives under my main monitor usually.

@gjacobse said in Android Apps:

One thing I am missing I know of is a Document app. I was using SmartOffice, but this requires you to have access to the internet. I would rather not have to be on the internet all the time. And on occasion, it's not possible (middle part of West Virginia.

Google Docs for Android allows offline document creation and editing. You can sync your existing cloud files offline if/as needed.

Even though you can't initiate a remote renewal of the device's IP, it should phone home to the DHCP server if and when its network connection is disconnected for awhile and then reconnected, at which time it would pick up the new lease.

Normally when you disconnect/reconnect a network cable the client will phone back to DHCP since it no longer knows which LAN it is attached to. On WiFi devices, brief disconnection is by design not sufficient to trigger a refresh, but a longer outage should still prompt the client to request DHCP. I would guess that the if the client device is taken home for the evening and then returns in the morning (or even a lunch break, etc) it should pick up the new lease settings.

You could also attempt to force this by briefly disabling the SSID to which the client is currently connected (a couple minutes may do it).

I enjoyed this section of the article:

The second big skill needed in IT departments today is an understanding of business – both business in general and the business referring to the specific business of their own organization. As I said at the beginning of this article, IT is a business enabler. If IT professionals do not understand how IT relates to their business they will be poorly positioned to valuate IT needs and make recommendations in the context of the business. Everything that IT does it does for the business, not for technology and not for its own purposes.

With that in mind, what are some recommendations to improve one's business acumen from an IT perspective?

Hypothetical scenario: Someone has worked at a small IT shop for years and is a comfortable sysadmin, but is considering an IT administrative position at a much more "corporate" environment. Their role will involve a lot more interfacing with other departments or agencies, as well as driving "big picture" projects and purchasing decisions.

What resources could they use to improve their understanding of how to fit in in the business realm, and to develop the proper understanding of IT in such an environment? Are there any particularly good books on this subject?

iOS, womp womp