IT Discussion

• 

  Exchange - Different Domain, Same Forest Users
  • G I Jones  

  40
  1
  Votes
  40
  Posts
  221
  Views

  

  @dbeato said in Exchange - Different Domain, Same Forest Users: @Dashrender said in Exchange - Different Domain, Same Forest Users: @G-I-Jones said in Exchange - Different Domain, Same Forest Users: I went to lunch and came back and boy did this thread get juicy. @scottalanmiller , as always your input is both appreciated and needed. I'm really trying to learn all I can about everything, and you all (to include @Dashrender , @DustinB3403 regularly) come through time and time again to school me. For that I'm eternally grateful. The grand silver lining to any of this is that I've not only got more experience now with things I've previously never touched (i.e. multi-domain Exchange deployments and AD trusts), but I'm learning too that some things I'm questioning like "why do we need another domain for this?" are apparently more rooted in my own understanding of things than inexperience on my part, which means despite all the failures on his or my own part, I am learning. I've talked to the boss and he agreed that we adjust the trust and make them the same forest. I'm not going to push the issue any further but am going to try to get as much out of the situation as possible for me. Once you do that - you'll only have one exchange system. that system will have both .net and .org in it and life will be generally much easier for you. Or move to Office 365, G Suite, Zoho or some other external email system. LOL
• 

  FreePBX update negated/erased an Asterisk Dial Code we had set?
  freepbx asterisk • • bnrstnr  

  7
  1
  Votes
  7
  Posts
  85
  Views

  

  @JaredBusch said in FreePBX update negated/erased an Asterisk Dial Code we had set?: @Dashrender said in FreePBX update negated/erased an Asterisk Dial Code we had set?: yes, this would drive my users insane. It is a setting. Turn it off. I wouldn't want it off whole sale. I could definitely do that for most users, but my phone does have a display large enough to tell me I have missed calls - and I call those people back, even if they didn't leave a message. More often than not it's beneficial to call them back and solve whatever problem they were having.
• 

  EdgeRouter 4: setting up L2TP server
  vpn l2tp edgerouter 4 • • FATeknollogee  

  13
  1
  Votes
  13
  Posts
  181
  Views

  

  @Dashrender firewall { all-ping enable broadcast-ping disable group { address-group trusted_IPs { address 1.2.3.4 address 5.6.7.8 address 9.10.11.12 description "for remote GUI access" } } ipv6-name WANv6_IN { default-action drop description "WAN inbound traffic forwarded to LAN" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } ipv6-name WANv6_LOCAL { default-action drop description "WAN inbound traffic to the router" enable-default-log rule 10 { action accept description "Allow established/related sessions" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } rule 30 { action accept description "Allow IPv6 icmp" protocol ipv6-icmp } rule 40 { action accept description "allow dhcpv6" destination { port 546 } protocol udp source { port 547 } } } ipv6-receive-redirects disable ipv6-src-route disable ip-src-route disable log-martians enable name WAN_IN { default-action drop description "WAN to internal" rule 10 { action accept description "Allow established/related" state { established enable related enable } } rule 20 { action drop description "Drop invalid state" state { invalid enable } } } name WAN_LOCAL { default-action drop description "WAN to router" rule 10 { action accept description "remote GUI" destination { port 443 } log disable protocol tcp source { group { address-group trusted_IPs } } } rule 20 { action accept description "Allow established/related" state { established enable related enable } } rule 30 { action accept description ike destination { port 500 } log disable protocol udp state { invalid enable } } rule 40 { action accept description esp log disable protocol esp } rule 50 { action accept description nat-t destination { port 4500 } log disable protocol udp } rule 60 { action accept description l2tp destination { port 1701 } ipsec { match-ipsec } log disable protocol udp } } receive-redirects disable send-redirects enable source-validation disable syn-cookies enable } interfaces { ethernet eth0 { address 10.10.10.10/30 description Internet duplex auto firewall { in { ipv6-name WANv6_IN name WAN_IN } local { ipv6-name WANv6_LOCAL name WAN_LOCAL } } speed auto } ethernet eth1 { address 10.15.20.254/24 description "LAN 1" duplex auto speed auto } ethernet eth2 { address 192.168.2.254/24 description "LAN 2" duplex auto speed auto } ethernet eth3 { duplex auto speed auto } loopback lo { } } port-forward { auto-firewall enable hairpin-nat disable wan-interface eth0 } service { dhcp-server { disabled false hostfile-update disable shared-network-name LAN2 { authoritative enable subnet 192.168.2.0/24 { default-router 192.168.2.254 dns-server 192.168.2.254 lease 86400 start 192.168.2.38 { stop 192.168.2.43 } } } static-arp disable use-dnsmasq disable } dns { forwarding { cache-size 10000 listen-on eth1 listen-on eth2 name-server 1.1.1.1 name-server 9.9.9.9 } } gui { http-port 80 https-port 443 older-ciphers enable } nat { rule 5010 { description "masquerade for WAN" outbound-interface eth0 type masquerade } } ssh { port 22 protocol-version v2 } unms { connection wss:// } } system { domain-name ubnt gateway-address 10.10.10.1 host-name ER4 login { user ubnt { authentication { encrypted-password ubnt } level admin } } name-server 1.1.1.1 name-server 9.9.9.9 ntp { server 0.ubnt.pool.ntp.org { } server 1.ubnt.pool.ntp.org { } server 2.ubnt.pool.ntp.org { } server 3.ubnt.pool.ntp.org { } } offload { hwnat disable ipsec disable } syslog { global { facility all { level notice } facility protocols { level debug } } } time-zone UTC } vpn { ipsec { allow-access-to-local-interface disable auto-firewall-nat-exclude disable ipsec-interfaces { interface eth0 } } l2tp { remote-access { authentication { local-users { username hello { password 1234 } } mode local } client-ip-pool { start 192.168.100.100 stop 192.168.100.110 } dns-servers { server-1 1.1.1.1 server-2 9.9.9.9 } idle 1800 ipsec-settings { authentication { mode pre-shared-secret pre-shared-secret 1234 } ike-lifetime 3600 lifetime 3600 } mtu 1492 outside-address 10.10.10.10 } } }
• J

  Managing Type 1 Hyper Visors
  • JasGot  

  49
  0
  Votes
  49
  Posts
  415
  Views

  M

  @JasGot In my company, we use XCP-ng on 4 small hosts with maybe 10 VMs on them (2 Win RDP servers, few Linux fileservers...). We manage them with XCP-ng center (Windows app) in LAN and with Xen Orchestra remotely. We are very satisfied with XCP and management is pretty simple. We are no experts but beginners. We cloned some VMs, copied them from host to host, added additoinal storage after installation... I tried to install KVM few times and I find it confusing to setup and manage.
• 

  VMware Community Homelabs
  vmware community homelabs • • FATeknollogee  

  74
  0
  Votes
  74
  Posts
  319
  Views

  

  @Obsolesce said in VMware Community Homelabs: @Pete-S said in VMware Community Homelabs: 5 billion hits per day is Google type traffic You are confusing 5 billion hits/searches per day with requests. Not the same thing. Yes, you're right, I was confused. I read "requests" but thought "page views".
• 

  SOLVED Finding specific file type that has no extension
  osx management files fonts postscript move • • DustinB3403  

  7
  0
  Votes
  7
  Posts
  70
  Views

  

  @Obsolesce said in Finding specific file type that has no extension: Is there anything inside the file that can tell you? For example, if you write a script that cats each file or whayever and looks for specific string, then moves it if it matches. I don't know what those files are, so ya. Just thinking out loud without any info. No, because they are just ancient like ~20 + years old, no extension or really anything to hit on. Apple still supports Postscript Type 1 fonts, but nothing else does. I managed to get it to work with what I needed with the above. Additionally I created two reports 1) listing all of he postscript type 1 fonts and 2) listing truetype and opentype fonts. So now we can build a list of things that needs to get upgraded. To find the non-extension'd postscript type 1 fonts I used find . -type f -d -empty >> old-crap.txt To find the modern fonts I used find . -name '*.ttf' -d >> modern-font.txt and just replaced .ttf with .otf, .otc, .ttc, .tte and .dfont and appended the same modern-font.txt file for each of those.
• 

  HelpDesk Options
  • G I Jones  

  38
  1
  Votes
  38
  Posts
  329
  Views

  

  To come back around to the initial question, I'll throw GLPI + FusionInventory into the mix as a decent replacement for SpiceWorks. You keep the ability to have your whole IT environment managed and documented in a single system (Equipment, users, ticketing, contracts, contacts etc etc....)
• 

  Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server
  windows gpo group policy gpp ou security filtering • • wrx7m  

  19
  0
  Votes
  19
  Posts
  203
  Views

  

  @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @Obsolesce said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: t only applies the setting when linked to the OU of the user We'll according to that screenshot, it IS a user setting. Yeah. I want all users or a group of users who login to the RD00 server (and only this server) to have this GPP modifying HKCU to apply. Is it even possible? Yes, it's possible. Ensure the GPO is applying to the user. For example, if User1 is in the Company > Users OU, then make sure that GPO is either in Company or Users OU and the Users OU is inheriting the GPO. Verify with RSOP and gpresult that user is getting the policy. I think, but it's been awhile since I did much with AD GP... (like you are in the screenshot) use item-level targeting to the server name. Test it by having one of the in-scope users log on to a difference server, run gpresult and see if it's applying, then try it on the targeted server and see if it applies then.
• 

  "Access Denied" RENAME.bat
  • G I Jones  

  9
  0
  Votes
  9
  Posts
  143
  Views

  

  @Dashrender said in "Access Denied" RENAME.bat: Manually running the script won't give you the same results you would get running it via GPO - FYI.. there are subtle differences. In this case it's the same.
• 

  PNY USB, 64 GB Drive inaccessible
  • gjacobse  

  4
  0
  Votes
  4
  Posts
  51
  Views

  

  I expect you are correct, it’s toast. I didn’t think it would matter, but tried diskpart also. Ah well- worth a shot- Meh- don’t think recovery is needed.
• S

  Nginx setup
  • smartkid808  

  16
  0
  Votes
  16
  Posts
  182
  Views

  S

  @JaredBusch @JaredBusch said in Nginx setup: @smartkid808 said in Nginx setup: @thwr said in Nginx setup: I prefer nginx over everything else when it comes to reverse proxies. There are special purpose proxies like Traefik, but nginx is the ultimate general purpose swiss army knife. Nice. That's what I gathered from what I read. Now to work on getting it setup. Tried once a while ago and gave up. Now to try again ^_^ https://www.mangolassi.it/topic/16651/install-nginx-as-a-reverse-proxy-on-fedora-27 @JaredBusch said in Nginx setup: @smartkid808 said in Nginx setup: @thwr said in Nginx setup: I prefer nginx over everything else when it comes to reverse proxies. There are special purpose proxies like Traefik, but nginx is the ultimate general purpose swiss army knife. Nice. That's what I gathered from what I read. Now to work on getting it setup. Tried once a while ago and gave up. Now to try again ^_^ https://www.mangolassi.it/topic/16651/install-nginx-as-a-reverse-proxy-on-fedora-27 Thanks Jared, I'll take a look at that.. I'll follow your CentOS7 steps in the link. Hopefully I can figure out the conf file. Looks confusing. My brain hasn't been really working lately. lol
• C

  Calling MeshCentral Users / Experts
  • chris_jacksys  

  10
  0
  Votes
  10
  Posts
  163
  Views

  

  @scottalanmiller said in Calling MeshCentral Users / Experts: @JaredBusch said in Calling MeshCentral Users / Experts: Can a moderator edit post 3 to wrap all of that is code block tags ``` Done Thanks.
• 

  Securing Web Based Time Clock.
  • popester  

  10
  0
  Votes
  10
  Posts
  120
  Views

  

  So without a time clock, you can't be sure employees are at work or working? I haven't used a timeclock since my teens. I know this doesn't address your issue, but didn't realize time locks were still a thing. I only note time deviations at my current job, such as PTO or sick pay. However, I agree with the others. Fire people who are stealing from the company. Time = money, no difference here. As IRJ pointed out, limiting this from only Onprem may cause unintended limitations and force the bad actors to do it in other ways anyways. I'd only do that if they forced me to after explaining it may not be a real solution.
• 

  VMware Host Cannot Connect from vSphere Client
  virtualization vmware esxi hypervisor vsphere esxi 6.0 vsphere 6.0 • • scottalanmiller  

  11
  0
  Votes
  11
  Posts
  128
  Views

  S

  @wrx7m said in VMware Host Cannot Connect from vSphere Client: Could also be an issue if a vendor-specific ISO was used to initially install ESXi. I ran into a similar problem with Dell; I had to get the Dell ISO from their downloads for the specific server model/service tag. For 6.0 this is fine (you'll use this to get ASNC drivers). You can also add the dell VIB depot to get them this way also. For 6.7 Dell has (thankfully) stopped shipping ASYNC drivers and moved 100% to inbox. It's all for 3rd party management VIBs. Honestly I've seen 3rd party VIBs be a culprit for updates before. I'd make sure you are updating the BIOS/FIrmware also when updating ESXi (People forget this sometimes).
• 

  Documenting Firewall Exceptions and Rules
  linux windows firewall documentation firewall-cmd tracking change management • • DustinB3403  

  10
  2
  Votes
  10
  Posts
  148
  Views

  

  @IRJ said in Documenting Firewall Exceptions and Rules: @DustinB3403 said in Documenting Firewall Exceptions and Rules: I had to add some rules to a CentOS 8 server because some things stopped working that were previously working. (Not sure why this worked before, but it did) Adding a few rich rules resolved the issue immediately. None of this makes any sense. It's deny all and permit by exception. Why would you do anything else? That's the default, and that's what was working just fine for a long time. Suddenly it began "not working" and needed the exceptions made.
• 

  Installing XCP-ng using a Windows PC
  xenserver xcp-ng xencenter • • Pete.S  

  7
  3
  Votes
  7
  Posts
  193
  Views

  

  Also another thing is that XCP-ng it is finally able to support UEFI boot which was nice.
• J

  Microsoft Cloud Solution Provider
  • JasGot  

  10
  0
  Votes
  10
  Posts
  117
  Views

  J

  @dave_c said in Microsoft Cloud Solution Provider: @JasGot I am an indirect CSP but I do not handle any non-profit organization. My customers can see the subscription but they cannot change the licenses assigned to it from the Office 365 Admin portal; they need to request the addition/subtraction to my company or use the portal of my direct CSP. They can request the cancellation of a subscription but we need to authorize it. The client is able to have subscriptions with more than one reseller and directly with Microsoft. Thanks. That clarifies some worries we had about being trapped with a bad CSP.
• V

  VoIP Drama Sangoma vs. Clearly IP
  • VoIP_n00b  

  5
  0
  Votes
  5
  Posts
  134
  Views

  

  @JaredBusch said in VoIP Drama Sangoma vs. Clearly IP: Please also recall that the Rob being discussed as the co-owner of the key, is the person that prompted me to start the thread Revisiting ZFS and FreeNAS in 2019 after seeing him post about it on Facebook. I had no idea what kind of a shit show that thread was going to turn in to. Yeah, holy hell, I'd not trust anything that ClearlyIP produces. I'd be pretty worried to depend on them as a service provider!
• 

  Remote PowerShell from Fedora to Windows
  windows fedora remote powershell • • black3dynamite  

  12
  3
  Votes
  12
  Posts
  203
  Views

  

  @black3dynamite said in Remote PowerShell from Fedora to Windows: @stacksofplates said in Remote PowerShell from Fedora to Windows: Sssd works with multiple domains. If sssd is installed will I be able to use -Authentication Kerberos without needing to join to a domain or when accessing Windows machines that isn’t joined to a domain? No it only works for domains.
• F

  Windows NLA service on 2016/2019 DCs
  • frodooftheshire  

  7
  2
  Votes
  7
  Posts
  121
  Views

  

  @frodooftheshire said in Windows NLA service on 2016/2019 DCs: @CCWTech Exactly - it's mainly about firewall rules. Like you said I guess I could go into all the firewall rules and make sure its ticked for private as well as domain. It's just annoying because this shouldn't be an issue. I can see a member server getting confused if the DC isn't booted up and it boots up, but for a DC not to know it's in a domain is just a bit crazy.
• J

  Virtualization when there is only one VM?
  • JasGot  

  72
  2
  Votes
  72
  Posts
  265
  Views

  

  @wrx7m said in Virtualization when there is only one VM?: @scottalanmiller said in Virtualization when there is only one VM?: @DustinB3403 said in Virtualization when there is only one VM?: @Pete-S said in Virtualization when there is only one VM?: @DustinB3403 said in Virtualization when there is only one VM?: @scottalanmiller said in Virtualization when there is only one VM?: @DustinB3403 said in Virtualization when there is only one VM?: It's super simple to take a closet for example and put a vent near the top of the wall to let heat escape. Not if you don't have that closet, the vent would let in hotter air, or you don't have outside access from a closet. Of course, if you physically don't have any space, then using this example doesn't make sense. The question really is "at what point should a business start looking at different form factors (from the desktop style)?" It ridiculous to even think there is no space for a rack. Unless someone runs a company out of their bedroom. A rack takes what, 5 square feet? Ha. yeah I get it I totally do. And you can get a rack for pennies on the dollar if you are really looking. Cost of the rack isn't the issue. Space to put it that is safe, clean, has power, central to the cabling, can be cooled, etc. So, not here- I see that as a productive use of extra space! You could even hang a 1/4 rack above the toilet to help get things cleaned up and organized.
• 

  Greenfield HA environment choices
  cluster hyper-v 2019 greenfield • • fuznutz04  

  31
  2
  Votes
  31
  Posts
  187
  Views

  

  Generally, for most use cases, just having two servers and good backups is the best option. If you have a greenzone, turn your VMs off, do your updates, turn them back on. Updates essentially never cause issues. Not on hypervisors (at least not on KVM/Xen.) Putting in a lot of complexity, cost, or risk to mitigate a shark attack isn't worth it. You will focus on a false risk.
• 

  Upgrading Debian 9 to 10
  debian upgrade debian 9 debian 10 • • JaredBusch  

  12
  7
  Votes
  12
  Posts
  226
  Views

  

  2nd attempt worked!
• 

  weird spam
  • Dashrender  

  5
  0
  Votes
  5
  Posts
  80
  Views

  

  @Dashrender Yes, well of our domains ,we have several variants. It was more of a phishing attempt/scare tactic from a Russian script kiddie from what we were able to gather.
• 

  HP EliteDesk 800 G5/G6 mini - error on windows update
  windows 10 hp windows update • • Dashrender  

  3
  1
  Votes
  3
  Posts
  53
  Views

  

  @brandon220 said in HP EliteDesk 800 G5/G6 mini - error on windows update: @Dashrender I had it on a new 800 mini a few weeks ago. I clicked through it and it has been running fine since. Several reboots and it never happened again. I just updated the OP. sadly, after rebooting, the system locked up, requiring another hard reboot, another flashing of this HP screen, hit esc to bypass and the user is back up and running.
• 

  Polycom VVX450 Parking BLF key
  polycom polycom vvx 450 parking • • Romo  

  2
  1
  Votes
  2
  Posts
  66
  Views

  

  @Romo said in Polycom VVX450 Parking BLF key: Any of you guys with more polycom experience have been able to configure the parking lots from a (freepbx/vitalpbx) asterisk server In a single key BLF key? Testing this I have the key setup like this But it doesn't appear to do anything when pressing it. I did find this document https://community.polycom.com/t5/VoIP-SIP-Phones/FAQ-Setting-up-a-Call-Park-Feature-using-an-Asterisk-Server/td-p/73565 which it appears to show that it can only be done by transfering to the call parking extension and not directly to the slots but not sure if this still applies as the document is from 2015. anyone have an idea? From the phone point of view, parking a call is nothing more than a blind transfer to an extension. So, you need to look if you can have a BLF do a blind transfer on press during a connected call.
• 

  AppGini - building a webpage/db
  dashrender web db • • Dashrender  

  51
  0
  Votes
  51
  Posts
  268
  Views

  

  This HIPAA compliance service directly recommends never storing your PHI/PCI data in Excel specifically because it is so easy to have it accidentally be the cause of a breach. https://pcihipaa.com/how-to-protect-your-practice-from-common-hipaa-violations-and-fines/ "A Credit Card Data Breach: Every practice handles patient credit card information. A Payment Card Industry (PCI) violation can also end up being a reportable breach under HIPAA. Securing and properly handling credit card data is imperative. Don’t store any credit card information in QuickBooks, Excel or any other software. Also make sure you are PCI certified and using EMV devices to limit chargeback liabilities." They only mention the PCI piece, because it is so much less of a concern, storing health data in there would be so much worse.
• P

  SEO primer
  • pattonb  

  8
  1
  Votes
  8
  Posts
  65
  Views

  

  @pattonb said in SEO primer: @scottalanmiller Is Matomo,Open Web Analytics,AWStats of any value. I suspect am I asking as to whether tying into the Google World provide any advantage. or will the other software provide me with the data I need. as for as data , I only really need traffic, visits, pages, how long they stay, or pages they view. Basic ( in my mind) , to see whether traffic is increasing/decreasing , and which pages draw the most interest. The audience is local, services provided don't extend beyond the local area , pop, ~1.4 million Matamo provides all this. It is what I use.
• 

  Adding LDAP role to domain controller
  • dave247  

  50
  0
  Votes
  50
  Posts
  990
  Views

  

  @benhooperastrix said in Adding LDAP role to domain controller: @dbeato Thanks for the referral. Didn't know I referred you and now I notice you wrote it. It was well done.
• 

  Looking for content filter recommendations for a church
  • dave247  

  9
  0
  Votes
  9
  Posts
  124
  Views

  

  @scottalanmiller said in Looking for content filter recommendations for a church: @JaredBusch said in Looking for content filter recommendations for a church: @dave247 said in Looking for content filter recommendations for a church: @scottalanmiller looks like I need to install it on something though. I was hoping to not have to purchase any additional hardware. Still an option though. A full kit Raspberry Pi on amazon is $60-$80 The 1GB board is plenty. I was thinking about the 3 where htere was not really choice like the 4. Not used to having to specify on a RPi.