@dashrender said in Looking for a remote access solution:

@scottalanmiller said in Looking for a remote access solution:

@jaredbusch said in Looking for a remote access solution:

@dashrender said in Looking for a remote access solution:

@jaredbusch said in Looking for a remote access solution:

Put zerotier on the box in the DC and the user's box. restrict it to only RDP.

Done.

I really like this - sadly - our insurance policy requires MFA for remote access. I'll have to see if ZT has anything for that.

Then put the 2fa on the Windows RDP login with a service like Duo.
https://duo.com/docs/rdp
https://duo.com/editions-and-pricing/duo-free

Just use ZT to lower (all but remove) the attack surface.

That would get them up to 3FA (which isn't a bad thing) assuming ZT isn't somehow tied to some other authentication mechanism.

As it's been AGES since I've used ZT - can you make the user have to log into it each time they launch it? If yes - and it's logon isn't associated with AD (as you mentioned) then OK - I see how you consider ZT and RDP MFA.

The user can be forced to start or stop the process. The fact that it uses a key (something you have) owned by the user makes it MFA regardless of if they automate the login or force it to be manual.

Don't try to compare it to Duo or something like that which uses "something you have" to generate "something you know." Compare it to a security USB stick like YubiKey. It's a direct "something you have" 2FA in that sense.

@dashrender said in VDI Options - Modernization:

@scottalanmiller said in VDI Options - Modernization:

@pete-s said in VDI Options - Modernization:

@scottalanmiller said in VDI Options - Modernization:

@pete-s said in VDI Options - Modernization:

I'm not talking cached files here but client side databases and local storage as defined in html5. Another reason you might insert VDI into the chain.

Worth pointing out that this "should be" a configuration thing and not something you need heavy VDI to work around. But here in the real world, it isn't always configurable and VDI can be used to deal with that.

Yeah, it depends entirely on what the html/javascript code looks like. Which in most cases depends on what framework was used.

It was easier to keep track of the data when a html browser was as dumb as a vt100 terminal.

Wanna take bets that a new "HTML-lite" protocol surfaces that has modern GUI and graphical components, but none of the heavy data-handling components so that people can be confident that no data leaks beyond what is seen on the screen?

why did some move away from that model in the first place? to put the processing power onus on the end user?

Oh it makes TONS of sense. If you saw every day apps built both ways side by side you'd chose this "every" time. First, it saves the hosts and the ISPs tons of money because it shifts lots of processing power out to the end units where typically there is loads of excess power. Why do something in an expensive way when there is a free way waiting to be utilized?

Second, it makes websites a lot faster. I mean a LOT faster. It means you can do lightning fast calculations without waiting for long internet round trips, you can cache data, etc.

Third, you can work offline. People always complained that apps were unable to work offline. This is what allows things like email or document editing when you still lose your Internet connection, and what allows many things to keep working when your Internet might be flaky.

Thanks for the suggestions, help and talking it through...it is always something simple and overlooked.

@gus said in MS Teams file attachments and changing primary email address:

It’s good that MS is upgrading Outlook to make it work better with Teams work. let's see what happens

Or people could catch up to 2003 and have everything fully integrated already like all of MS' competitors have had for nearly two decades now, lol. The use of Outlook remains pretty silly and it would be better if no one cared rather than MS trying to shoehorn Teams into a product that people shouldn't be deploying.

@dlandersson said in Remembering the MCSE+I, Microsoft's Terminal Certification:

@scottalanmiller I agree. I great book on networking basics. Still use that information today. 😉

Yeah, it is amazing how many times I have to be like "if only people knew the networking basics from that book, they'd know how to do this thing" even today. Back then, it was "no one knows networking, here is how it works." Everything in that book should be common knowledge today, almost. At least for every IT position, including intern. And yet, I feel fewer people know it than before!

Turns out I would also need proper MICR font, like this https://www.1001fonts.com/micr-encoding-font.html

@pete-s said in printing notes section of Calendar Outlook on the web:

@dashrender said in printing notes section of Calendar Outlook on the web:

I have a user who wants to print what's written into the notes section of a calendar entry. Unfortunately, it's more than one page, and when you ctrl ^ P you only get the first page worth.

Outlook-on-the-web is pretty thin on printing features. I logged in and tried a couple of different ideas but couldn't find a way to print a long event description either. It is what it is I guess.

We use Zoho primarily and as a comparison Zoho's calendar lacks rich text formatting in the description but render links and will print multiple pages of description - if you pick print while viewing an event, not ctrl+p.

Gmail on the other hand will also print several pages of the description - if you pick print on an appointment, not ctrl+p. It supports rich text formatting but will drop the formatting when printing.

Thanks for looking - I'm definitely not changing systems just for that function - but perhaps that will be helpful for someone else.

https://mangolassi.it/topic/21317/remembering-the-mcse-i-microsoft-s-terminal-certification

original

@justal said in Create a New User on macOS from the Terminal Command Line:

@scottalanmiller Hi Scott, thanks for the post, unfortunately this works not on Mac OS X Mojave. I'm able to create a user but not able to login with this user account. It stucks after the login prozess. Is there any workaround?
Thanks!

I switched offices for a couple days to one where I'm on Ubuntu rather than my Mac. I'll look into it once I'm back to my Mac.

@gjacobse It is not compatible. There was another project out there that was ARM compatible. I think it fizzled or was bought by Google several years ago now. Sigh

@gjacobse said in Free Hosted Help Desk?:

"Free Hosted" doesn't mean it's the right thing. But in many cases - you can beat it to work for you. Just depends on the work and stress you want to deal with, what you want to give up and what you will never have..

I'd go as far to say that the "free" version is seldom the right thing. Often the reason to look for a solution in the first place is to become more effective and spend less time on something. Just stepping up to the first paying tier usually gets you a lot of features that will save you time for a very modest monthly cost.

@adamf said in Ubiquiti Edgemax Router:

@jaredbusch said in Ubiquiti Edgemax Router:

@adamf said in Ubiquiti Edgemax Router:

Makes no sense. I have a feeling that something is buggy in the firmware.

What makes no sense is that you think it is firmware.

Just throwing out ideas because it doesn't make logical sense to me. Any thoughts as to what else it could be? Why would the device reply to pings for an hour after reboot, then suddenly stop?

Any chance your ISP is what is blocking you?

@dashrender said in Computer Name Issue: Domain Joined:

@scottalanmiller said in Computer Name Issue: Domain Joined:

@dashrender said in Computer Name Issue: Domain Joined:

@gjacobse Weird is right.

the closest I've seen is when 'nix boxes get a DHCP - they send this number that is some form of extended MAC as the hardware ID.

Interested to hear what you find out.

DHCP seems reasonable. Or there was a conflict.

in my case it's something in the way many Linux's now work. This thread talks about it.
https://community.spiceworks.com/topic/2288212-strange-extra-long-linux-mac-address-in-dhcp-active-leases

Not clicking the link, but it is the last 4 sets of the MAC address and the machine id as noted in /etc/machine-id. It is part of the DHCP RFC.

It's expensive. If you print a lot, it's crazy. If you hardly print anything, maybe the convenience is worth it. But if you print a lot, maybe it's rethinking printing itself that would make sense.

@dustinb3403 said in Need Regex Help:

@travisdh1 No, backend database access isn't available to me.

Well, that's a little ****y. No db gui has given me everything I wanted to do with a database.

@jaredbusch Thanks Jared, just a brain fart on my end. Works as desired.

@dashrender said in O365 - send as Alias:

MS has finally brought Send as Alias to O365.

https://lazyadmin.nl/office-365/send-from-alias/

It's mind blowing that O365 didn't have that option since day one.

Yeah I found the issue, the environment has MFA enforced, but does not have Modern Authentication enabled.

Just getting approval from the customer before making the change as I'm sure Outlook will prompt for the MFA codes for existing users.

@dashrender said in SQRL:

yeah - in retrospect that was dumb. Someone has to be the champion of a project otherwise it will get no legs.
And with no champion, well, clearly it's just withered...

Right, it feels like even the creator didn't believe in it.