I ran into a language issue the other day when writing a PowerShell script that uses net localgroup and thought it could be useful to others:

Depending on the language your Windows device is set to, the local Administrators group will be different, so the typical net localgroup administrators domain\user /add command will fail.

Implementing the following will grab the actual name of the group by it's SID first, then use that result.
Note that this is written to work in PowerShell, not CMD.exe.

# Gets the name of the local Administrators group in appropriate language $localAdminGroupName = (Get-WmiObject win32_group -filter "LocalAccount = $TRUE And SID = 'S-1-5-32-544'" | Select-Object -Expand name) Write-Output "Local Administrators group detected as: [$localAdminGroupName]" # Sets the users as a local admin using appropriate local Administrators group name net localgroup $localAdminGroupName domain\user /add # Gets local Administrators group members net localgroup $localAdminGroupName

@NashBrydges said in Leveraging Veeam Cloud Tier - Backups To Wasabi:

@wrx7m said in Leveraging Veeam Cloud Tier - Backups To Wasabi:

I upload Veeam backups to Wasabi (and before that, S3) outside of Veeam. I pull down the backups and import them back into Veeam, via the import feature.

I would like to see how well it works when everything is natively done in Veeam. If that is even possible.

How do you upload your backups to Wasabi? Are you using a 3rd party tool?

Yeah. I use a file compare tool called, BeyondCompare that runs on a windows task schedule.

@scottalanmiller these discussions echo my thoughts exactly. I'm only (hesitantly) learning Docker now, but it feels like it's not a long term answer(I'm possibly too late to the party?), as other approaches are increasing in mind-share.

@IRJ said in Massive speed increase when switching WordPress from apache to nginx:

I really wanted to do everything server side and be as lean as possible. I wanted zero plugins related to performance on my WP site.

Lean WP, that's an oxymoron if anything 🙂

I've heard before that some sites are slower with cloudflare CDN compared to going straight to the site. Are you using http/2 as well?

Most likely in this case, the switch to nginx from apache itself didn't make anything noticeably faster but the caching and compression did.

@RojoLoco said in Windows 10 Startup:

@WrCombs I don't know if I want to laugh or cry.

I've done both alternatively all day.

https://www.bbc.com/news/technology-48255541

Supreme Court upheld it.

@NDC said in Domain Controller DNS settings order - best practice?:

IIRC the difference is just a boot time thing. It can be slightly slower to bring the DC back online if it looks at itself for info and the DNS service isn't up yet. So if you point the first DNS entry to another machine you theoretically save a few seconds on reboot.

In theory, not something that you need if the other DNS is there 🙂

@scottalanmiller How are you liking Salt Stack?

Upgraded from F29 to 30, also switched to Deepin.
So far, I'm liking the Deepin desktop.

IMG_0747.jpg

dhcp

@flaxking said in Domain Trust Group Permissions:

@Obsolesce said in Domain Trust Group Permissions:

I use Domain Local groups for access control to local resources. You can have other group types as members, as well as groups from other trusted domains.

Right, but you can't then add that Domain Local group that has members from the trusted domain to a local group on the server.

Right, you wouldn't want to.

@manxam said in USG to EdgeRouter VPN:

Interesting. The last time that I looked at the GUI (as we typically use CLI for VPN), it didn't give the option of DH group like so :

alt text

Wonder in what version this changed?

It has had it for as long as I recall. At least 1.5.

The CLI has had it 100% of the time since release at version 1.2.0

Circling back to GPP. Thanks to @FiyaFly , who was able to help me out with the syntax for the fields. Do not use quotes in the target or start in paths.
Target Path:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Arguments:

--incognito --proxy-server=squid1.domain.com:3128 --user-data-dir="%LOCALAPPDATA%\Google\Squid1\User Data"

Start in:

C:\Program Files (x86)\Google\Chrome\Application\

I also used the create option and desktop (standard, not all users desktop).

@Pete-S said in ZeroTier vs VPN:

@Kelly said in ZeroTier vs VPN:

In the strictest sense ZT is a VPN. It is just a one to one IaaS that is routed through the cloud on ZT's systems instead of your edge. You can achieve the same effective security through rules on most VPN servers. ZT just makes it simpler, and reduces your ongoing effort assuming that 1 to 1 or 1 to few is your primary access model.

I haven't used it but why does ZT makes it easier? You have to install it on every machine you want access to, right? And I assume you have to setup some kind of routing on a computer if you want access to something on the network where you can't install ZT, like an appliance or something like an ilo interface.

With an OpenVPN (SSL VPN) connection through the firewall you have a routable VPN and no NAT problems. You can put whatever access to whatever resources you want without installing anything anywhere. And you have everything in one place.

I though ZT was a peer to peer network. So it would make most sense when there are no LAN or central resources and everything is spread out. But that not the network layout in this case.

You do have to install it on every machine. It is easier in the sense that to achieve the same level of lockdown paired with user specific access you would need to do a fair bit of work on your edge and keep it maintained. Deploying software to clients should be pretty straightforward if you're using quality tools: https://chocolatey.org/packages/zerotier-one.

@dave247 said in Foreign B1 Visa employee scam?:

@scottalanmiller said in Foreign B1 Visa employee scam?:

Yup. Its decently well known. Happens in the US too.

What's the scam called so I can learn more?

That I do not know. I'm sure someone has come up with a name, but it's a simple impersonation scheme. It's not so much a specific scam as just generally one person impersonating another.

A ghost ship is when a ship (at sea) has lost its crew but doesn't sink and keeps on drifting. Software shops will often make software and keep selling it for years or decades after the "crew" who made it have left the company and the company can no longer maintain or update it (which often remains can't fully support). This is why client server software often exists... it was actually made by someone in the 1990s who has left and the company keeps selling it, but they can't modernize it because they don't have the skills remaining in house to work on the software.

@brandon220 said in Choosing KVM over Hyper-V....:

I have not tried to run a Windows vm on KVM yet....

KVM is specifically good for that.

@dafyre said in SSH-Copy-ID Being prompted for password:

@DustinB3403 said in SSH-Copy-ID Being prompted for password:

@dafyre said in SSH-Copy-ID Being prompted for password:

What I've seen is that ssh-copy-id will request your password since the remote machine doesn' thave you ID. After entering your password, it transfers the id, and you should be good to go.

Which password, the password for the local server that I'm running the copy from, the user password for that server?

The user password for the remote server.

That makes literally no sense, as it asks for the remote computer credentials after the 3rd Password prompt. . .

Personally my thing when advising people on this is £££££ you need to decide on what your budget is before looking at parts.

Some of my friends say they want high end 4K gaming but only want to spend £400 😄

So start with the budget then work around that 🙂