@marcinozga said in Firefox security issues:

@Emad-R and @Dashrender lol rookies, I've been using FF since it was called Phoenix. And Mozilla Suite before that.

We're showing our age 😞

@JaredBusch how did you setup your NIC for the workstation that had to remote into the AD via ZeroTier? I'm still trying to figure out exactly what was statically assigned as your post wasn't too clear for me (this is new to me).

@pmoncho said in How do you get your departments to quantify what they actually need for their jobs:

Your more than welcome to dive into https://issurvivor.com/ and search his archives

His only mention of MSP is from Nov, 2000 when he discovered the term. And he talks about ASPs as well. I had started my first of both, over a hear before he heard the terms 🙂

https://issurvivor.com/2000/11/20/trend-overload-first-appeared-in-infoworld/

It really was a new term at the time. But he acts like the concept was new. It was very tried and true in the 1990s. It's an ancient article, just funny that in late 2000 he was thinking that MSPs were some hot, new thing, lol.

@scottalanmiller ehhh, this isn’t a university It’s a trade school (oddly one that certified people in CCNA, helicopter repair etc). It’s a decent trade school but I suspect like a lot of universities an schools in rural areas they count of low job competition for non-remote entry level work. For what it’s worth a large 4 year university on the Brazos was paying only 40K for The head of ResNet department.

Universities priorities are strange. From a compensation plan free student tuition, and free masters often mean they can treat a lot of salary positions line work study jobs from a comp basis.

For what it’s worth I’ll likely be (jetlagged) but back in Waco for the OU game (or any games after it). I’ve made it to only one game this season sadly.

I have friends who still live in Waco but they all work remote. There’s a decent work from home Wordpress community there. The job market isn’t great for IT infrastructure unless you have clearance but even then [Redacted] IT is so frustrating wild horses couldn’t drag me back into one of their offices.

Just move to Houston or Dallas or another market until you can skill up enough to work remote.

Normally, I start with 2 vCPU and 4 GB RAM for GUI-enabled Windows guests and 2 vCPUs with 2 GB RAM if they're GUI-less. Lots of trivial AD workloads like DC, DHCP, DNS, NPS etc. run fine with 1 vCPU but I found assigning one extra virtual CPU does make updates running somewhat faster. In most cases in my experience where VM CPU usage jumped above 75%, the spinning rust was the culprit, especially if a SAN was in use, it had nothing to do with the actual host's CPU power.

@scottalanmiller there is nothign wrong with the 5.2 kernel.
So put this last line, without the semicolon, in your /etc/dnf/dnf.conf

[main] gpgcheck=1 installonly_limit=3 clean_requirements_on_remove=True ; exclude=kernel*

Then remove the kernel so you can't boot to it (assuming 5.3.7):

sudo dnf remove kernel*5.3.7-200.fc30.x86_64

reboot to be sure it all comes up normal.

sudo reboot

Then do the normal upgrade to 31.

sudo su - dnf upgrade --refresh -y && dnf install dnf-plugin-system-upgrade -y && dnf system-upgrade download --releasever=31 -y && dnf system-upgrade reboot

Then you can comment that exclude out and do a normal update.

sudo dnf upgrade -y --refresh

And if it fails to log in still, so what. just select the 5.2 kernel again like you do now.

@IRJ said in Email investigation - have we been hacked?:

@Dashrender said in Email investigation - have we been hacked?:

one of the addresses is for an @ameritrade.com address, but only for one person. I have yet to find any connection via google searches between this person and ameritrade.... so I'm not sure why this was tried?

Thoughts?

You dont have that data either, right?

What do you mean?

@WrCombs Also remember once you have vm's setup and running they are just files. So that also makes it real easy to backup with robocopy, veeam, rsync or borg. Its one of the many great advantages of virtualizing, your expanding your options alot.

This is interesting - definitely learned something today!...

Thanks

@Pete-S said in Does VMware have developer/trial licensing?:

I was wondering if VMware has some kind of developer licensing for ESXi, vSAN and vCenter or if they can be installed on some kind of time limited trial license for testing?

Thanks!

You can download almost anything for a free trial and get a time limited key. For a lab/testing enviroment VMUG advantage is cheap as chips. If you just want to kick the tires on something Hands on Labs are not terrible.

@Francesco-Provino said in Nu Shell, a New PowerShell-inspired Shell for Linux:

Nice, but why use this when we have the real PowerShell for Linux?

Performance probably. And ease of use. And while PS is on Linux, does it process any Linux data in this way?

@Obsolesce said in Free alternative for OpenDNS, with minimal info on what's going on?:

@openit said in Free alternative for OpenDNS, with minimal info on what's going on?:

No plans of Pi-Hole.

Considering to go with Quad9, since:

It is free for business (unlike OpenDNS free version) No limit (unlike comodo free version) Have at least default blocking (unlike some other DNS service without blocking)

Only downside is, no visibility of what's on and cannot add our rules/policies, fine for free. Adding one layer for free, if budget allows in future, can go with OpenDNS with good control.

Only thing I wonder is, everywhere I just see configuring Windows/Linux to use Quad9 as DNS, but, how about using office network wide? Do I just need to tell my DNS Server (Windows server) to forward DNS Queries to Quad9 DNS IP (9.9.9.9) ? instead of forwarding the DNS Queries to current ISP?
@scottalanmiller @JaredBusch @Dashrender @black3dynamite @syko24 @marcinozga @dafyre

How many dns servers do you have? As in, how many Dns exit points?

I'm curious to know how this is helpful to know?

@syko24 said in Can remote desktop Win10 be remotely activated somehow?:

@Pete-S said in Can remote desktop Win10 be remotely activated somehow?:

Thanks guys. I tried accessing remote registry, remote powershell and ssh but without success. I have to find out how they do their remote administration and get them to enable rdp for me. It was worth a shot though.

Try MMC and see if you can add Services for their computer. If you can add that successfully then you can enable Remote Registry and then from there enable rdp. Make sure you restart the rdp service after making the registry change.

Another method would be if you have PDQ deploy installed on another system at the location, you can try to push a ScreenConnect or similar install to the system.

There are steps one needs to take to ensure remoteability in any kind of way you are hoping for. Either through specific group policies, in the base image, during deployment, via device management software, etc. It's something they would know they did. Any MMC snap in such as remote registry will have required specific steps be taken first to ensure access that way.

The best thing to do is ask, because it takes 2 minutes to write the question, then do other things while you wait for the answer, rather than wasting time and money throwing darts in the dark.

@wrx7m said in RDS Users Dont Receive Pwd Notice:

@siringo said in RDS Users Dont Receive Pwd Notice:

@wrx7m said in RDS Users Dont Receive Pwd Notice:

@siringo said in RDS Users Dont Receive Pwd Notice:

Hoping someone can help?

Have a problem with password expiration and Remote Desktop Services/Terminal Server users and their passwords.

RDS/TS users don't receive password expiring notifications when they log in. This is a hassle as obviously, they won't change their password before it expires and also, it's impossible for them to change is once it expires unless they have access to a domain joined PC, which several of them don't as they are 3rd party contractors.

There are a powershell scripts and free tools around to service this need, but powershell scripts can become railroaded and free tools don't always offer enough functions.

Wondering what others have done to solve this problem?

Thanks.

If you have to expire passwords, I have good success with Netwrix's password expiration notifier. They have a free and paid version. Obviously, the paid version offers more features, but I used the free one for a few years until I ditched password expiration policies.
https://www.netwrix.com/netwrix_password_expiration_notifier.html
The paid version is actually part of another product:
https://www.netwrix.com/active_directory_auditing.html

Thanks @wrx7m for the reply.

Due to a number of reasons i've decided to a PS1 script to assign new passwords.

You should post your script on ML

It's not mine, it's one I found in the Technet Gallery. I tested it and it works pretty well. You can assign a specific password to a specific user.

It lives here:
https://gallery.technet.microsoft.com/scriptcenter/Reset-password-for-all-412fbc72#content

@magicmarker said in Turn off old ERP system running on Win2008R2 and view the exported data:

A nice simple solid option rather than going through all the steps to setup a Fedora DB server though.

Fedora DB is like a single line of commands, nothing could be simpler to set up for just MariaDB or similar.

A proper DMZ is still a valid concept, but was never that big of a deal. There are almost no resources that make sense to put there. If you have those resources, then sure. But who does? The advent of cloud computing, cheaper colocation, better IT knowledge, etc. has led most shops to not try to make "internal/external" shared resources where one side is public and the other uses LAN security; and what little of that remains in need is generally addressed with VLANs in a slightly different way.

Thanks @scottalanmiller there was even an example in that document that fit our situation perfectly.

@manxam said in netstat on local systems shows high number of ipv4/6 Received Packets Discarded, Redirects, Failed Connection Attempts, Reset Connections and Segments Retransmitted:

@dave247 : Have you performed a netstat -ps on another device in another network?
I'm here with a computer hardwired directly to a router in a new installation I'm working on today and am getting similar results to yours (except 0 redirects).

I'm guessing this is completely normal...

yeah I did it on my pc at home and saw similar results and came to about the same conclusion that it's probably completely normal 😕