Worth noting on this that while sync works, copy is the much safer option.

So

rclone copy source:/path dest:/path is what I'll likely end up using. In any case, the resulting solution still works.

Still need to tweak OSX a bit as it seems to kill the SSH session after some time for sporadic reasons - still testing but I may end up having to add ServerAliveInterval 120 to /etc/ssh/ssh_config to resolve that issue.

@marcinozga said in Evaluating Defender ATP:

@Dashrender said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Dashrender said in Evaluating Defender ATP:

@Obsolesce said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Dashrender said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

@Ambarishrh said in Evaluating Defender ATP:

@marcinozga said in Evaluating Defender ATP:

I was about to evaluate it to, I had a webex session with Microsoft sales, and while it looks nice, it doesn't really offer anything special over other solutions. And it's expensive, really expensive. Perthaps sales mislead me but we either had to subscribe to O365 E5 or M365, or get Windows 10 Enterprise licenses. It worked out to being 15-18 times more expensive than 3rd party antivirus solution.

Not sure how did they gave you that info! An average pricing structure as below

7455634e-b366-4cb5-af6e-859115ac1fcd-image.png

And security products straight from O365 admin portal subscriptions page:
560b3413-64e4-4a77-9b6c-27030798a842-image.png

These are prices IF you already have one of their subscriptions. If you don't need them or have something else, you're paying $15-$20 per month per endpoint. That's how much it costs per year if you go with other av vendor.

But as mentioned - $15-20 per year is only for typical AV, not an ATP product.

And the difference between the two is.....? ATP is really just a marketing phrase at this point. Here are some features from "traditional" av:

malware protection, both behavioral and definition based ransomware protection phishing protection ids/ips device control exploit blocker botnet protection web filtering memory analysis central management, either cloud or local

And a full forensics audit trail?

I'm really curious which ones have this stuff for 15-18 times less the cost of Defender ATP?

I'm having a hard time finding what the real price here is?

I know that Intune is like $4/user/month. aka $48/user/year. this makes it 2-3 times more expensive than typical AV packages - of course, it gives you a lot more features at that price point.

The above posts have a dozen different security things listed.

As @marcinozga says, typical AV with many of the above mentioned features (but not all - and full forensics trails - forget about it) for like $15-20/user/year

ATP is not available if you have just Intune, you need O365 or M365 Enterprise subscriptions, or Windows 10 Enterprise.
O365 E3 is $20/mo plus ATP add-on, I think it's $2/mo. I don't know how much is Win 10 Ent, so I'm guessing O365 E3 is the cheapest route, at $22/mo, that's $264 a year. Depending on number of endpoints you can get AV for $15/year, perhaps even less.

That's an unfair assessment. If you already have O365 E3, then it's only $24/year/user

Also - is O365 E3 the requirement, or can you add ATP onto E1?

Is windows 10 Enterprise a requirement of ATP? Things I was reading last night never mentioned that.

It is fair. What if you don't have O365 because you don't need it or use something else? Other AV don't force you to buy any extra services, you can get AV on a plain vanilla Windows machine.

From the document I got from Microsoft, E3 is minimum. It's O365 E3 or Windows 10 Ent.

If you're not in the O/M365 ecosystem already - then you likely wouldn't even consider this plan, you would likely look at another option... so yeah, it's not a fair comparison.

Now, you could decide, since you are looking at this solution, that you might want to change your other solutions at the same time since MS has these bundled together... but you don't just line item this entire cost all on the ATP project, you split it out.

@dafyre said in Network routing question:

@dafyre said in Network routing question:

DNS server is at 10.50.235.235

Configure your computer to look to 235.235 for DNS... and configure the DNS server at 235.235 to forward anything it doesn't recognize along to your Meraki?

I added 235.235 as an additional DNS in the 250.254 network.

I tried this yesterday but silly me forgot to "refresh" the NIC so it could grab the new settings.

All is good & working.

I realize that this is tangential, but....
The area around Portland is awesome. I used to spend a lot of time there in the 80's.
I've had lunch at the Timberline Lodge on Mount Hood, cruised the Columbia River Gorge, stopped at Multnomah Falls, the fish ladder at the dam, Pittock Mansion, the Grotto, the navy shipyards, .... there's a lot to do. The scenery is great.

Never mind, twas a permissions issue.

@JaredBusch said in LVM Partition resize:

@fuznutz04 yes, I did exactly that.

Then whenever things got full again, I was able to simply drop/create the one table without stopping anything.

Well, looks like I know what i'll be doing tonight.

@pmoncho said in You cannot fix stupid vendors:

@Dashrender said in You cannot fix stupid vendors:

@IRJ said in You cannot fix stupid vendors:

@scottalanmiller said in You cannot fix stupid vendors:

@IRJ said in You cannot fix stupid vendors:

@JaredBusch said in You cannot fix stupid vendors:

Instead you simply refuse to purchase form them when possible. When not possible, you do the absolute minimum required to implement and keep any change documented in order to prevent stupid shit they do from coming back on IT.

This is where it is nice to have policies in place that only allow secure apps to be deployed that meet a a defined criteria. This policy is then signed by CEO and CTO. So when they want the software, you show them it doesnt meet the policy they signed and is it creates unnecessary risk

Great idea.

Another thing to write on the policy is that if there are any exceptions to this they must be signed off and documented. You will find out how quickly the c levels or even directors will not want to sign anything off and accept responsibility for the risk.

My office wouldn't care..

My guess is they don't care because there are no ramifications. Most of what I have seen is all talk and no action. Add to that, even if you show the signed sheet, blame will be shuffled on down the line.

yeah, when the owners are the shareholders, they don't have to give a shit.

@scottalanmiller said in Researching OpenDental Software:

So in the above directions, where the heck are we supposed to get the "blank" database from? WTF

From what that page I looked sounded like when you install the trial it stuff up the schema.

@siringo said in Upgrade from W7 to W10. Still free?:

Well I dug out an old Centrino Duo 2 with 3GB or RAM and it upgraded fine from W7 Pro to W10 Pro and the upgrade was slow but pain free.

Thanks everyone for the help.

There was never a question about it working technically. We know that has always worked.

The point of the discussion is the legality.

@JasGot said in Cannot get past a comcast router in Ashburn, VA:

@scottalanmiller said in Cannot get past a comcast router in Ashburn, VA:

@JasGot said in Cannot get past a comcast router in Ashburn, VA:

Maybe I'm old and don't get worked up as easily anymore; but I can tell you that if they can get this resolved tomorrow, I'll be quite satisfied. My frustration was with the agent that was on the phone, it was beyond her ability to comprehend that there could be a problem with something other than the equipment at the customer location.

See, and I would see that as her manager deciding to use someone like that to shield the company from doing their job. Anyone can be stumped, but why didn't she escalate and do proper support rather than coming up with excuses to shut you down?

I agree. And this doesn't lead me to dumping them yet.

There is a big difference between and idiot gatekeeper and a company's willingness to fix it. I believe the girl and her manager should be fired.

If every person dumped every vendor for a single bump in the road. There would be no vendors in the world.

By the way. The issue is resolved. The local engineer reach someone in the Ashburn DC and they addressed the issue during the night.

The thing you have to remember is - Scott has experience with practically every vendor that's ever vended in the US (and likely more around the world as well). As such, he has seen how horrible or honorable they are in a massive amounts of situations... so when he's saying to dump someone, it's not based solely upon your single posted issue.. it's because of his know experience with said vendor in the past.

Note - I sorta say this tongue in cheek, sorta not 😉

@JaredBusch said in SSH Access to Windows 10 Pro Workstations:

@DustinB3403 said in SSH Access to Windows 10 Pro Workstations:

@scottalanmiller said in SSH Access to Windows 10 Pro Workstations:

On Server, no issue. SSH the same as with Linux. SSH on Windows 10 is "single user" just like anything else on Windows 10.

So then why would they have the statement about "usually to correct problems" as to me this would be a two person use. One who is using the desktop and the other administrator who is working on fixing an issue via ssh (presumably while the other user is using said system).

I'm not bothering to reread anything, but MS has long allowed admin connections.

Yes this has been a known fact for as long as i can remember... Admins are exempt for administrative purposes.

@IRJ said in Duplicati Retention Policy, which do YOU choose?:

@JasGot said in Duplicati Retention Policy, which do YOU choose?:

The options are:
Keep all backups
Delete Backups older than
Keep a Specific number of backups
Smart backup retention
Custom

Which do you use and why? I am interested in your choice and why you choose it.

Generally NO longer than legally required. Unless the legal requirement is something really lax. You generally dont want to keep data for longer than 7 years in any circumstance where there is no legal requirement, because you can become legally obligated to share data in a court case or something of that sort.

Exactly. Desired retention is more like 6 months. Only legal requirements make us go longer.

@Pete-S said in What is the fascination of Solaris OS ?:

Sun did a few other notable things besides Solaris, such as Java.

Yeah, Oracle wasn't the reason Solaris was well known and good. More likely the reason it is dead.
https://meshedinsights.com/2017/09/03/oracle-finally-killed-sun/

Yeah, Solaris was good in spite of Oracle. And Oracle was only around for one release. The first several decades of Solaris and SunOS were all under Sun. Oracle only killed it off, without Oracle, it would still be an amazing OS today.

@jt1001001 said in going with 3rd party Dell support vs Dell ProSupport?:

We used Park Place for years without issue and only switched because Reliant gave us better pricing that Park Place could not match. We were happy with Park Place and so far have been happy with Reliant. Our extended coverages come up again in March so we will do the head-to-head battle again and see who comes out better.

This is good to know as we'll have some back end equip that will go EOL so I'll at least feel more comfortable about reaching out to both orgs.

@JaredBusch said in DNS Help ...:

@EddieJennings said in DNS Help ...:

@JaredBusch said in DNS Help ...:

@Dashrender said in DNS Help ...:

@JaredBusch said in DNS Help ...:

PTR records are handled by the ISP.

They are not something that should ever result in a domain name like this. but at some point in history, people always tried to contact their ISP to have PTR updated to thier mail server DNS name.

it's part of anti-spamming.

No, it is not.

This kind of thing might be what Dash is thinking of.
https://www.altn.com/Support/KnowledgeBase/KnowledgeBaseResults/?Number=KBA-01904

While not explicitly a tool for anti-spam, I remember an MDaemon installation I inherited have reverse lookups enabled.

NO, old guides used to claim that you needed to setup PTR for on site Exchange to make sure you had not SPAM issues. I know what he is talking about. Jus tthat it has never been fact, no matter what people used to say.

I'm with Jared on this. Yes, historically it was common to do this thing but it was a myth. It's just one of those things that people repeated a lot but had no technical reasoning behind it. People generally don't understand DNS and so DNS becomes one of those magic black boxes and once someone made up that PTR could have something to do with SPAM people ran with it. But it was never part of a spam blocking or reduction mechanism, it was just a random, foolish technical mistake that people made thinking that it might have something to do with something else that they didn't understand.

I think I may have found a quicker/more clean means of doing this with just

Get-ChildItem -Path "Drive-Letter" -Recurse -Force

It prints everything out to the console or to a file for review, than you just have to read it.

@Dashrender said in Backup strategy for customer data?:

@scottalanmiller said in Backup strategy for customer data?:

@Pete-S said in Backup strategy for customer data?:

Bit error is 1 in 10^19 bits (enterprise HDDs are 1 in 10^15). That's actually 10,000 times better than HDDs. And 30 years of archival properties.

yeah, the tech behind LTO8 is freaking fantastic. And unlike HDD where research is stagnating, tape keeps advancing.

Would you really call it stagnating? They are basically at the atomic level already...

That's the primary cause of the stagnation. They are really struggling to keep moving forward with advances. That's exactly what stagnation means.

@JaredBusch said in Skyetel tenant functionality:

Well, the month rolled, and so I now have a report.

The tenant report is awesomely detailed for those that actually care about sending something on to a client.

In my use case, the client just needed location specific break out, so I only care about the totals. But OMFG the awesomeness of the numbers....

Great work on this part @Skyetel

Thanks @JaredBusch We're really proud of this!