@Dashrender said in Remove-Item cannot remove crap in Documents folder:

@Obsolesce said in Remove-Item cannot remove crap in Documents folder:

@Dashrender said in Remove-Item cannot remove crap in Documents folder:

@Obsolesce said in Remove-Item cannot remove crap in Documents folder:

@JaredBusch
I had a little bit of fun... whether useful to you or not.

You can run this script as a regular user that has permissions to create and run scheduled tasks and create a file in specified directory.

This will create a powershell script, and a scheduled tasks to run the script as the SYSTEM account. Then it will delete the script and the scheduled task.

I could test most of it, but not some of it for obvious reasons.

<#---- CHANGE THESE VARS: ----#> # Users to exclude from profile manipulation script, separated by pipe: $excludedKnownUsers = "Administrator|SpecialUser1" # New Script: $newLocalScriptPath = "$ENV:SystemDrive\scripts" $newLocalScriptFile = "testScript.ps1" # SID ending: (likely 21 if domain users) $sidEnd = 21 # Scheduled Task Name: $TaskName = "_Test Task 1" # Scheduled Task Description: $Description = "This is a test scheduled task that runs as the SYSTEM account and will be ran and then deleted at the end of this script." <#-------- END CHANGE --------#> # New Script: $newLocalScript = "$newLocalScriptPath\$newLocalScriptFile" # Gethers list of user profile paths: $userPaths = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*" -ErrorAction SilentlyContinue | Where-Object {($_.PSChildName -split '-')[3] -eq $sidEnd -and ($_.ProfileImagePath -split "\\")[2] -notmatch $excludedKnownUsers} # Creates a 'script in memory': $testScript = $null foreach ($userPath in $userPaths.ProfileImagePath) { $testScript += "Remove-Item -Path "$userPath\Documents" -Force -Recurse`n" $testScript += "New-Item -ItemType Junction -Path $userPath -Name 'Documents' -Target '$userPath\Nextcloud\Documents' -Force`n" } # Create a PowerShell script and save it as specified in vars: if (-not(Test-Path $newLocalScript)) {New-Item -Force $newLocalScript} $testScript | Out-File $newLocalScript -NoNewline -Force # Task Action: $Action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-ExecutionPolicy Bypass -File $newLocalScript" # Task Trigger: (task will be manually run immediately and then deleted, so keep 1 year out) $Trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddYears(1) # Task Compatibility: $Compatibility = "Win8" # 'Win8' is 'Windows 10' in the GUI # Task Settings: $Settings = New-ScheduledTaskSettingsSet -Compatibility $Compatibility -StartWhenAvailable -AllowStartIfOnBatteries # Run task as local SYSTEM account with highest privileges: $Principal = New-ScheduledTaskPrincipal -UserId 'S-1-5-18' -RunLevel Highest # Create the scheduled task: Register-ScheduledTask -TaskName $TaskName -Description $Description -Action $Action -Trigger $Trigger -Settings $Settings -Principal $Principal -Force <#--------------------------#> # Run the scheduled task: Get-ScheduledTask -TaskName $TaskName | Start-ScheduledTask # Remove the created script: Remove-Item $newLocalScript -Force # Delete the scheduled task: Get-ScheduledTask -TaskName $TaskName | Unregister-ScheduledTask -Confirm:$false

This seems like a HUGE security problem - normal users can schedule a task to run as SYSTEM? Then any virus could do the same thing. So what am I missing?

I assume regular user would need elevated privileges at least... But I didn't test as a non-local admin, which is different than elevated privileges. But either way, that script can be automated and run as a user in the local admin group too with successful results.

I think your script affects every user on the machine - assuming that's Ok for the envivronment - yep, have the local admin run it - and done.

Yeah I designed it like that on purpose, because if users are using the device, whether it's one or 10 (unlikely), IMO they should all be redirected. But that can be changed no problem. But at least if it's one main person using it, it'll hit that one. If others do, they can be excluded. But you can always get the current signed on user and use that as in JB's original script, or in an automated way using other means I could add in if needed.

@Pete-S said in PoE issues with Unifi switch:

@marcinozga
Have you measured if there is any power on those ports?

From what I could find from UBNT materials:

24VDC Passive PoE (Pins 4, 5+; 7, 8-)

I didn't, but I don't have to, all devices are powering on just fine with unshielded cables. The most bizarre thing is that cables from switch to patch panel are unshielded already, it's cable between panel and couplers. And I don't think I mentioned it before, but initially there was a shelf on the wall and all cables were plugged in directly into switch, with same end result. I'm strongly leaning to the fact that shield on all cables are connected with unifi switch or patch panel, and that's the root cause of the problem. Otherwise why would everything have worked on 5xp switch (isolated ports) or when cables going to patch panel are unshielded.

@wrx7m said in Fedora - Automating Config File Modifications:

Without using a CM tool, what is the easiest way to automate modifications to several config files across 7-8 servers? I was looking at sed, but am not sure if there is a better tool that isn't a CM.

More specifically, I have several Fedora servers running squid proxy. From time to time, I need to modify the config file to whitelist a particular domain. Because I will soon have a few more servers, I would like to automate these type of file updates so I don't have to manually go into each server's config and copy and paste stuff in to certain sections; some information is specific to a particular server, where as this section would be universally necessary on all servers. So, I would be inserting lines in specific sections.

I intend to move to some sort of CM for this stuff in the future, but I need to get these going sooner than I could learn the CM tool.

Sync with a s3 bucket hourly. Then you only need to update on s3

East DC was less affected by this. The West DC had way more issues.

@marcinozga said in Massive Searchable Document/File Repository:

Actually, MayanEDMS might be what you're looking for. It does OCR and indexing. I have a running instance, but I haven't used it at all yet.

This looks interesting. I wonder how well it can catalog other digital assets (images, video, etc)

@JaredBusch said in Veeam Active Full or Synthetic Full?:

Because I sync Veeam’s backup target (a Synology NAS) to B2, I do not use the synthetic full that daily recreates the full backup. That would cause the entire vdk to need to be uploaded to B2 every day.

In my case I set up active full to run on Fridays. A different server each Friday. Stacking various serves on the same Friday to balance the load over the month.

Then daily incrementals.

This is also exactly why I don't do this.

@Jimmy9008 said in VMQ issues/Veeam/Windows Server 2019...:

@dafyre said in VMQ issues/Veeam/Windows Server 2019...:

@Jimmy9008 said in VMQ issues/Veeam/Windows Server 2019...:

@dafyre said in VMQ issues/Veeam/Windows Server 2019...:

@Jimmy9008 said in VMQ issues/Veeam/Windows Server 2019...:

@dafyre said in VMQ issues/Veeam/Windows Server 2019...:

@Jimmy9008 said in VMQ issues/Veeam/Windows Server 2019...:

Hi folks,

I am having VMQ issues on my 3 x Windows Server 2019 host. I am using a team of Intel X550 NIC (3 x 10 GbE interfaces to 3 x Stacked switch). The Team has been configured using Switch Independent mode.

Now, VMs are on the LAN perfectly and communicate. Rock solid.

Now to the issue. When I use Veeam with Application Aware turned on, the hosts get stuck creating checkpoints for VMs at 9%. The only option is to kill the host, restart and turn the VMs back on. It happens every time. (Strangely, checkpoints run fine native).

Veeam have looked at the logs and have said its an issue they have seen before, and to turn off VMQ initially on NICs and VMs as that often solves the issue. No worries. I do that, and the backups then run fine - perfect!

However, VMs over time then drop off of the network. I can connect to them in Hyper-V, but nothing I do will bring them back on the network. Initially they are on the network, just at some point in time many drop off, whilst others stay on.

The only resolution is to turn VMQ back on and reboot. I cant really keep testing this either as it causes much downtime! Not good. Of course, when VMQ is back on... Application Aware backups then fail and kill the host like I said at the start 😕

Any idea why some VMs drop off of the network with VMQ disabled on the VM and NIC? Host, fully patched. NIC, latest firmware. I thought you didnt have to use VMQ...

Best,
Jim

Is the the same VMs that drop off the network every time?

What OS are the VMs that get dropped off the network?

What kind of switches are you running?

Uncertain. I've noticed a few are the same, but I've had no time to really look in to it. Too many users. I'm trying to get ideas that could be the issue to do proper testing with downtime around Dec 20th when a lot are on holiday.

I think 2012 R2. Possibly 2016 too. Can't recall any 2019.

Dell N4064 Stack.

Try the ArpRetryCount trick. You'll have to reboot each VM or host after you make the change.

Ok, I can try that. So:

disable VMQ physical disable VMQ on all VM NIC change registry reboot

Sound about right?

change the registry on any machine that is down.

But yeah, that sounds about right.

Do I need to change the reg on the host too?

I would go ahead and do it, yeah.

My reasons for a low-end switch with SFP ports was also due to warranty. Most of the stand-alone media converters have a 1 year warranty. I can get Netgear, D-Link, etc with a Lifetime Warranty. Made sense in my application.

@Dashrender said in 2-in-1 laptop for a C-Level:

Around these parts you'll get no love for anything Lenovo - After SuperFish, that company is blacklisted - if not for life, for a long while yet.

I have used a few Surface Pros - they seem fine for the most part. My wife has an SP5 - she seems to like it. I just rolled out an SP6 to my boss 6 months ago - no issues so far.

I agree with sticking with the Latitude series on Dell - this is a company laptop, so go with business gear.

I know JB has an XPS, and as far as I know, he likes it.

No, mine is an Inspiron, bought at MicroCenter when my previous machine died a day before an international trip to a client.

I try to stick to the latitudes for clients.

It looks like it may be possible if I connect to the DB servers, which isnt what I wanted. The binary audit file is being written to s3. I want someone just to be able to review it like that.

@FATeknollogee hi, what model of sfp are u using. I'm getting the same error. Thanks!

It looks like you'd probably want ZRS

https://docs.microsoft.com/en-us/azure/storage/common/storage-redundancy

@scottalanmiller said in Windows Offline files:

@black3dynamite said in Windows Offline files:

@wrx7m said in Windows Offline files:

@dbeato said in Windows Offline files:

I disable Windows Offline Files for that reason, it is a pain to deal with and causes more problems than anything else. But yeah, even if it was locked out and the computer went to sleep it will mark it as offline since the computer detected a change on the network connectivity.

^^This. I have been disabling offline files for 15+ years. It never works the way people expect. #chasingghosts

It’s been about two years for me too since moving away from Windows Offline Files to Nextcloud/OneDrive.

And no regrets, I bet.

I would expect a similar situation to still exist for the situation I put forth above.

same system before and after the fedora 31 upgrade.

9cae9dc1-45c5-4d1a-bdb9-3373dfe3d5de-image.png

@Romo said in Forced Double Sided Printing:

@travisdh1 Thank you, the change there solved the issue.

You'll never guess who ran into that same issue just a few days before you posted. 😆

This is awesome. Thank you. I am energized now.

@Dashrender Yes. Yes it is.

@IRJ said in Microsoft Fail - SQL Server on Linux does not log successful logins:

@dafyre said in Microsoft Fail - SQL Server on Linux does not log successful logins:

@DustinB3403 said in Microsoft Fail - SQL Server on Linux does not log successful logins:

You'd SSH into your SQL server as a server user, and if you had to from there login to the SQL database as the admin (or another SQL user).

I don't argue that you could do this. However, tools like SSMS are great for syntax checking and providing other utility that, while could be done from a CLI session are more difficult.

This is especially true when altering stored procedures or running complex queries.

The cross platform CLI is still in beta. The Linux tool does alot, but not all the stuff you can do with SSMS or Azure Data Studio

Windows: SSMS does everything in GUI.
Windows/Linux/Mac: Azure Data Studio does everything via SQL, some limited bits via gui, but mostly just to create the SQL for you.

CLI is just raw SQL.

@DustinB3403 has no idea WTF he is talking about.