@scottalanmiller said in What Are You Watching Now: The girl getting a concussion from running on ice is pretty funny. Youtube Video – [09:35..] So no one has to go and find it

https://www.theverge.com/2020/2/19/21143789/google-android-11-developer-preview-release-5g-security-early

Impossible Whopper

@G-I-Jones said in Exchange - Different Domain, Same Forest Users: @Dashrender said in Exchange - Different Domain, Same Forest Users: is your new AD pointing to a Global catalog for the .net domain? That definitely sounds like what's going on here. I'm looking into that now, thank you. In seeing that now - it's not AD that needs to point to it, but Exchange needs to point to it, might even require syncing to be fully working, not sure, never setup a multidomain, single forest multi Exchange system before.

Coronavirus: Passengers leave Diamond Princess amid criticism of Japan Hundreds of passengers who tested negative for the new coronavirus have begun leaving a quarantined cruise ship in Japan amid heavy criticism over the country's handling of the outbreak. One Japanese health expert who visited the Diamond Princess at the port in Yokohama said the situation on board was "completely chaotic". US officials said moves to contain the virus "may not have been sufficient". Passengers have described the difficult quarantine situation on the vessel. At least 542 passengers and crew on the Diamond Princess have so far been infected by the Covid-19 virus - the biggest cluster outside mainland China. The ship was carrying 3,700 people in total.

@JasGot said in Reconsidering ProxMox: @Dashrender said in Reconsidering ProxMox: @JasGot said in Reconsidering ProxMox: @scottalanmiller said in Reconsidering ProxMox: What do you mean? choco install virtio-drivers -y That's it. I don't use Chocolaty. I tried it when I first started coming around here, at the accolades of others; but I just found it didn't easily install or automate about half of the things we need. So I passed without judgment. so instead of using it for the half it does, you simply dumped it? Why not make life easy for as much of it as you can? Because we have our own scripts and installers that automate all of the tasks we need. No need to move 1/2 of our work to another tool. If it handled everything I think I would have jumped at the prospect. But there were still hurdles we didn't get a chance to explore, so I can;t say for certain we would have made the move, but I sure gave it the 'ol college try! You can also, really easily, setup a Nuget repository, since you already have those custom scripts it would be fairly easy to migrate them to Chocolately and have a single installation source.

@Dashrender firewall { all-ping enable broadcast-ping disable group { address-group trusted_IPs { address 1.2.3.4 address 5.6.7.8 address 9.10.11.12 description "for remote GUI access" } } ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "remote GUI" destination { port 443 } log disable protocol tcp source { group { address-group trusted_IPs } } } rule 20 { action accept description "Allow established/related" state { established enable related enable } } rule 30 { action accept description ike destination { port 500 } log disable protocol udp state { invalid enable } } rule 40 { action accept description esp log disable protocol esp } rule 50 { action accept description nat-t destination { port 4500 } log disable protocol udp } rule 60 { action accept description l2tp destination { port 1701 } ipsec { match-ipsec } log disable protocol udp } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address 10.10.10.10/30 description Internet duplex auto firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } } speed auto } ethernet eth1 { address 10.15.20.254/24 description "LAN 1" duplex auto speed auto } ethernet eth2 { address 192.168.2.254/24 description "LAN 2" duplex auto speed auto } ethernet eth3 { duplex auto speed auto } loopback lo { } } port-forward { auto-firewall enable hairpin-nat disable wan-interface eth0 } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN2 { authoritative enable subnet 192.168.2.0/24 { default-router 192.168.2.254 dns-server 192.168.2.254 lease 86400 start 192.168.2.38 { stop 192.168.2.43 } } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 10000 listen-on eth1 listen-on eth2 name-server 1.1.1.1 name-server 9.9.9.9 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5010 { description "masquerade for WAN" outbound-interface eth0 type masquerade } } ssh { port 22 protocol-version v2 } unms { connection wss:// } } system { domain-name ubnt gateway-address 10.10.10.1 host-name ER4 login { user ubnt { authentication { encrypted-password ubnt } level admin } } name-server 1.1.1.1 name-server 9.9.9.9 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { hwnat disable ipsec disable } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC } vpn { ipsec { allow-access-to-local-interface disable auto-firewall-nat-exclude disable ipsec-interfaces { interface eth0 } } l2tp { remote-access { authentication { local-users { username hello { password 1234 } } mode local } client-ip-pool { start 192.168.100.100 stop 192.168.100.110 } dns-servers { server-1 1.1.1.1 server-2 9.9.9.9 } idle 1800 ipsec-settings { authentication { mode pre-shared-secret pre-shared-secret 1234 } ike-lifetime 3600 lifetime 3600 } mtu 1492 outside-address 10.10.10.10 } } }

@JasGot In my company, we use XCP-ng on 4 small hosts with maybe 10 VMs on them (2 Win RDP servers, few Linux fileservers...). We manage them with XCP-ng center (Windows app) in LAN and with Xen Orchestra remotely. We are very satisfied with XCP and management is pretty simple. We are no experts but beginners. We cloned some VMs, copied them from host to host, added additoinal storage after installation... I tried to install KVM few times and I find it confusing to setup and manage.

@Obsolesce said in VMware Community Homelabs: @Pete-S said in VMware Community Homelabs: 5 billion hits per day is Google type traffic You are confusing 5 billion hits/searches per day with requests. Not the same thing. Yes, you're right, I was confused. I read "requests" but thought "page views".

@JaredBusch said in MangoCon 2020 Hotel Details: @EddieJennings said in MangoCon 2020 Hotel Details: Don't be tempted to stay at Holiday Inn Las Colinas. It's a bit of a walk That is not walkable unless you like to take significant risks I did it last year, but won't again now that I know the length of the walk.

@JaredBusch said in Using Vultr for FreePBX 13: Then, what providers support OPUS? Most only support 711 and sometimes 722. Hence why we transcode to g722 for Skyetel. But the g722 path is from a datacenter to datacenter, so not really worried about questionable call path qualities. Opus seems to help on everything from wifi to mobile to offices with low quality WANs. We have people on fractional T1 still, so fight some tight bandwidth battles.

Good video, i enjoyed that. Our web developer calls me "json" all the time and asks how my searches are going...

Welcome @jasonraymundo31

@Obsolesce said in Finding specific file type that has no extension: Is there anything inside the file that can tell you? For example, if you write a script that cats each file or whayever and looks for specific string, then moves it if it matches. I don't know what those files are, so ya. Just thinking out loud without any info. No, because they are just ancient like ~20 + years old, no extension or really anything to hit on. Apple still supports Postscript Type 1 fonts, but nothing else does. I managed to get it to work with what I needed with the above. Additionally I created two reports 1) listing all of he postscript type 1 fonts and 2) listing truetype and opentype fonts. So now we can build a list of things that needs to get upgraded. To find the non-extension'd postscript type 1 fonts I used find . -type f -d -empty >> old-crap.txt To find the modern fonts I used find . -name '*.ttf' -d >> modern-font.txt and just replaced .ttf with .otf, .otc, .ttc, .tte and .dfont and appended the same modern-font.txt file for each of those.

To come back around to the initial question, I'll throw GLPI + FusionInventory into the mix as a decent replacement for SpiceWorks. You keep the ability to have your whole IT environment managed and documented in a single system (Equipment, users, ticketing, contracts, contacts etc etc....)

@wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @Obsolesce said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: t only applies the setting when linked to the OU of the user We'll according to that screenshot, it IS a user setting. Yeah. I want all users or a group of users who login to the RD00 server (and only this server) to have this GPP modifying HKCU to apply. Is it even possible? Yes, it's possible. Ensure the GPO is applying to the user. For example, if User1 is in the Company > Users OU, then make sure that GPO is either in Company or Users OU and the Users OU is inheriting the GPO. Verify with RSOP and gpresult that user is getting the policy. I think, but it's been awhile since I did much with AD GP... (like you are in the screenshot) use item-level targeting to the server name. Test it by having one of the in-scope users log on to a difference server, run gpresult and see if it's applying, then try it on the targeted server and see if it applies then.

@Dashrender said in "Access Denied" RENAME.bat: Manually running the script won't give you the same results you would get running it via GPO - FYI.. there are subtle differences. In this case it's the same.

jamba juice pb smoothie for lunch. @Supreme_Overlord

I expect you are correct, it’s toast. I didn’t think it would matter, but tried diskpart also. Ah well- worth a shot- Meh- don’t think recovery is needed.

@JaredBusch @JaredBusch said in Nginx setup: @smartkid808 said in Nginx setup: @thwr said in Nginx setup: I prefer nginx over everything else when it comes to reverse proxies. There are special purpose proxies like Traefik, but nginx is the ultimate general purpose swiss army knife. Nice. That's what I gathered from what I read. Now to work on getting it setup. Tried once a while ago and gave up. Now to try again ^_^ https://www.mangolassi.it/topic/16651/install-nginx-as-a-reverse-proxy-on-fedora-27 @JaredBusch said in Nginx setup: @smartkid808 said in Nginx setup: @thwr said in Nginx setup: I prefer nginx over everything else when it comes to reverse proxies. There are special purpose proxies like Traefik, but nginx is the ultimate general purpose swiss army knife. Nice. That's what I gathered from what I read. Now to work on getting it setup. Tried once a while ago and gave up. Now to try again ^_^ https://www.mangolassi.it/topic/16651/install-nginx-as-a-reverse-proxy-on-fedora-27 Thanks Jared, I'll take a look at that.. I'll follow your CentOS7 steps in the link. Hopefully I can figure out the conf file. Looks confusing. My brain hasn't been really working lately. lol

A King's Tale: Final Fantasy XV on PS4

@scottalanmiller said in Calling MeshCentral Users / Experts: @JaredBusch said in Calling MeshCentral Users / Experts: Can a moderator edit post 3 to wrap all of that is code block tags ``` Done Thanks.

So without a time clock, you can't be sure employees are at work or working? I haven't used a timeclock since my teens. I know this doesn't address your issue, but didn't realize time locks were still a thing. I only note time deviations at my current job, such as PTO or sick pay. However, I agree with the others. Fire people who are stealing from the company. Time = money, no difference here. As IRJ pointed out, limiting this from only Onprem may cause unintended limitations and force the bad actors to do it in other ways anyways. I'd only do that if they forced me to after explaining it may not be a real solution.

@wrx7m said in VMware Host Cannot Connect from vSphere Client: Could also be an issue if a vendor-specific ISO was used to initially install ESXi. I ran into a similar problem with Dell; I had to get the Dell ISO from their downloads for the specific server model/service tag. For 6.0 this is fine (you'll use this to get ASNC drivers). You can also add the dell VIB depot to get them this way also. For 6.7 Dell has (thankfully) stopped shipping ASYNC drivers and moved 100% to inbox. It's all for 3rd party management VIBs. Honestly I've seen 3rd party VIBs be a culprit for updates before. I'd make sure you are updating the BIOS/FIrmware also when updating ESXi (People forget this sometimes).