@Obsolesce said in Free alternative for OpenDNS, with minimal info on what's going on?:

@openit said in Free alternative for OpenDNS, with minimal info on what's going on?:

No plans of Pi-Hole.

Considering to go with Quad9, since:

It is free for business (unlike OpenDNS free version) No limit (unlike comodo free version) Have at least default blocking (unlike some other DNS service without blocking)

Only downside is, no visibility of what's on and cannot add our rules/policies, fine for free. Adding one layer for free, if budget allows in future, can go with OpenDNS with good control.

Only thing I wonder is, everywhere I just see configuring Windows/Linux to use Quad9 as DNS, but, how about using office network wide? Do I just need to tell my DNS Server (Windows server) to forward DNS Queries to Quad9 DNS IP (9.9.9.9) ? instead of forwarding the DNS Queries to current ISP?
@scottalanmiller @JaredBusch @Dashrender @black3dynamite @syko24 @marcinozga @dafyre

How many dns servers do you have? As in, how many Dns exit points?

I'm curious to know how this is helpful to know?

@syko24 said in Can remote desktop Win10 be remotely activated somehow?:

@Pete-S said in Can remote desktop Win10 be remotely activated somehow?:

Thanks guys. I tried accessing remote registry, remote powershell and ssh but without success. I have to find out how they do their remote administration and get them to enable rdp for me. It was worth a shot though.

Try MMC and see if you can add Services for their computer. If you can add that successfully then you can enable Remote Registry and then from there enable rdp. Make sure you restart the rdp service after making the registry change.

Another method would be if you have PDQ deploy installed on another system at the location, you can try to push a ScreenConnect or similar install to the system.

There are steps one needs to take to ensure remoteability in any kind of way you are hoping for. Either through specific group policies, in the base image, during deployment, via device management software, etc. It's something they would know they did. Any MMC snap in such as remote registry will have required specific steps be taken first to ensure access that way.

The best thing to do is ask, because it takes 2 minutes to write the question, then do other things while you wait for the answer, rather than wasting time and money throwing darts in the dark.

@wrx7m said in RDS Users Dont Receive Pwd Notice:

@siringo said in RDS Users Dont Receive Pwd Notice:

@wrx7m said in RDS Users Dont Receive Pwd Notice:

@siringo said in RDS Users Dont Receive Pwd Notice:

Hoping someone can help?

Have a problem with password expiration and Remote Desktop Services/Terminal Server users and their passwords.

RDS/TS users don't receive password expiring notifications when they log in. This is a hassle as obviously, they won't change their password before it expires and also, it's impossible for them to change is once it expires unless they have access to a domain joined PC, which several of them don't as they are 3rd party contractors.

There are a powershell scripts and free tools around to service this need, but powershell scripts can become railroaded and free tools don't always offer enough functions.

Wondering what others have done to solve this problem?

Thanks.

If you have to expire passwords, I have good success with Netwrix's password expiration notifier. They have a free and paid version. Obviously, the paid version offers more features, but I used the free one for a few years until I ditched password expiration policies.
https://www.netwrix.com/netwrix_password_expiration_notifier.html
The paid version is actually part of another product:
https://www.netwrix.com/active_directory_auditing.html

Thanks @wrx7m for the reply.

Due to a number of reasons i've decided to a PS1 script to assign new passwords.

You should post your script on ML

It's not mine, it's one I found in the Technet Gallery. I tested it and it works pretty well. You can assign a specific password to a specific user.

It lives here:
https://gallery.technet.microsoft.com/scriptcenter/Reset-password-for-all-412fbc72#content

@magicmarker said in Turn off old ERP system running on Win2008R2 and view the exported data:

A nice simple solid option rather than going through all the steps to setup a Fedora DB server though.

Fedora DB is like a single line of commands, nothing could be simpler to set up for just MariaDB or similar.

A proper DMZ is still a valid concept, but was never that big of a deal. There are almost no resources that make sense to put there. If you have those resources, then sure. But who does? The advent of cloud computing, cheaper colocation, better IT knowledge, etc. has led most shops to not try to make "internal/external" shared resources where one side is public and the other uses LAN security; and what little of that remains in need is generally addressed with VLANs in a slightly different way.

Thanks @scottalanmiller there was even an example in that document that fit our situation perfectly.

@manxam said in netstat on local systems shows high number of ipv4/6 Received Packets Discarded, Redirects, Failed Connection Attempts, Reset Connections and Segments Retransmitted:

@dave247 : Have you performed a netstat -ps on another device in another network?
I'm here with a computer hardwired directly to a router in a new installation I'm working on today and am getting similar results to yours (except 0 redirects).

I'm guessing this is completely normal...

yeah I did it on my pc at home and saw similar results and came to about the same conclusion that it's probably completely normal 😕

It s good advices to Sysprep for windows 7

https://mangolassi.it/topic/20702/building-a-hugo-site-from-a-theme

Thanks for the reply, the issue is that sanoid.conf does not send the snapshot to the usb but syncoid does, or does having that template automatic prune the snapshots?

Idk I didn't mind the windows 8 interface because it felt like GNOME 3 to me.

I have to wonder if Microsoft would have got the same push back if the internet was as prevelant back when they first introduced the start menu.

@JaredBusch said in Datto AP60:

@WrCombs said in Datto AP60:

@JaredBusch said in Datto AP60:

@Dashrender said in Datto AP60:

Of course, they are basically useless in this setup, because the APs are on a non internet connected network.

No, they are not. @dbeato has clearly stated it works offline once programmed. Yes @NDC mentioned a rare condition where it failed.

None of that matters. This unit is not going out to the restaraunt. He only needs the fucking thing to configure the tablets in the office. The restaurant will be providing s the wifi for the production closed network.

this

People are fucking too stupid to remember from the top of a thread to the bottom I swear.

Anyway, you can use the Datto just like I outlined for the UniFi. Assuming you can get it programmed by someone.

@dbeato Private messaged me and if that's the route we take he said he'd help .

@scotth said in Any way to pass through pci fax modem in hyper-v:

@jt1001001 We're close to 50/50 government/customer across all of our bulk plants. Interoffice we attempt to scan to a folder. I can't tell you how many times I saw someone print our a message and then FAX it. It sets my blood to boiling. If I mention that there's another, better, easier, more efficient, pleasing, justified way to do it, I get the 'that's nice, I'll do that next time' look. The owner has been pushing for better behavior. He seems to be getting good results. Hehe

yeah - only way to push this through is to make faxing super painful - remove all fax lines - place last remaining fax machine with an active line in your office behind a locked door (or where ever they can't access with you or your designee)... they will change quickly at that point.

The last upgrade I did (8.1 -> 10) worked great except that Webroot got uninstalled. Which takes 90 seconds to fix, so no biggie.

@dbeato Yeah, great option, that really helps a lot with previous installation when you don´t have enogh space at hour HDD... thanks!

@notverypunny said in Meraki Bells and Whistles:

Changing to Ubiquiti is something that we've discussed here. We're currently on Meraki for our APs only (checked the firewalls / security appliances but dodged that bullet)
Does Ubiquiti do the following? (We're currently using these features and having to retrain the users would be a real PITA)

WPA2 Enterprise tied to Radius based on AD Group membership for company issued / owned laptops AD integrated splash sign-on for mobile / byod ability to create guest users Fully isolated access for the BYOD and Guest SSIDs

Yes, it does supports WPA Enterprise. The RADIUS Server needs to be on a Linux or Windows Server. If not AD you can use it from one of the XG firewalls. Not for AD but you can do it for the Guest network Yes, you can create guest users or give them vouchers Guest devices are Isolated to the AP you are on (they can still ping devices on the same AP they are on in their same network).

@MC_Bol said in Windows 10 Upgrade stops at 31% (or any %):

@bnrstnr could you please let us know the AMD graphic card model?

AMD FirePro W4170M

@Dashrender said in Cisco ASA:

@Jimmy9008 said in Cisco ASA:

A and B can also RDP/ping devices sitting on C.

If this is true, it's just a matter of rules/route allowing C back to A/B or a route specifically for C -> A/B.

172.16.0.0 vlan… switch IP = 172.16.0.1, ASA = N/A, gateway on the vlan is 172.16.0.1 (the switch)

this is legacy. What appears to happen is that the switch has 0.0.0.0 set to 192.168.50.10 (the ASA) on a vlan2. So, traffic from 172.16.0.0 hits the switch IP at 172.16.0.1, then hope out 0.0.0.0
^ I think its this that's causing the issue.

This should be fine, this is what allows the C network to get to the internet

so, when on the 172.16.0.0 network, the request goes to the switch's IP (172.16.0.1) which forwards it to 192.168.50.10 (the ASA), The ASA then doesn't have a rule allowing traffic from 172.16.0.0 to talk to 10.x, so it just dumps the traffic.

At least that's what it looks like to me at this time.

“C” network really?

@Pete-S said in HFSPlus Read Write access on Fedora:

Why not Paragon drivers on Windows instead?

Virtualize and pass through to the VM.

Because I am operating this from fedora to sync the data to cloud.

Plus I need my work laptop portable.