The first time it is used, we have to manually type the domain\localadmin password.
995d4dcc-8f3f-428f-a56e-aafa241ca644-image.png
After that it is stored in credential manager.
e44ddd17-77ee-4318-a779-8edbc1471c2a-image.png

you can set static entries in EdgeOS.

Always set DHCP to give out the ERL for DNS. set service dhcp-server shared-network-name LAN subnet 10.254.103.0/24 dns-server 10.254.103.1 Always set the ERL to look at itself for a DNS (127.0.0.1 set system name-server 127.0.0.1 Make sure that DNS is listening on your LAN ports. set service dns forwarding listen-on eth1 set service dns forwarding listen-on eth1.2 Set DNS forward lookup to whatever. set service dns forwarding name-server 10.254.103.4 # my Pi-Hole set service dns forwarding name-server 1.1.1.1 If oyu are on a domain, tell EdgeOS to forward those to the DC. set service dns forwarding options server=/ad.domain.com/10.254.0.21 set service dns forwarding options server=/domain.local/10.254.0.21 set service dns forwarding options server=/domain/10.254.0.21 Set up your static DNS entries. set system static-host-mapping host-name nas inet 10.254.103.7

That was basically where I was 2 years ago - but clearly I didn't find the correct docs for my original thinking.

Not yet.

@scottalanmiller said in Payroll Provider gets Encrypted & Pays Ransom:

@JaredBusch said in Payroll Provider gets Encrypted & Pays Ransom:

@scottalanmiller's recent example clearly shows that. I would be interested to know how many man hours @NTG sunk into restoring that. And it was a small typical SMB office. Not a huge SaaS provider.

Not done yet. But ~28 to mostly recovered.

I"ve seen everything from 1 billable hour of labor (kicking off Veeam restore of 4 VM's and coming back when it was done) to 200 hours (rebuild from scratch, and recovered core ERP database from a developer clone on someone's laptop).

@scottalanmiller said in EFI Pace Won't Start After Vault Configuration Change:

Had to deal with Fiery too.

I think they misspelled that name slightly. Fire that company (I know, you wish they would.)

@Dashrender said in Need to Join Windows XP Clients to a 2016 Domain:

@scottalanmiller said in Need to Join Windows XP Clients to a 2016 Domain:

@Dashrender said in Need to Join Windows XP Clients to a 2016 Domain:

@scottalanmiller said in Need to Join Windows XP Clients to a 2016 Domain:

@Dashrender said in Need to Join Windows XP Clients to a 2016 Domain:

Does the XP machine need to be part of the domain? What about working around that issue?

We removed the domain completely.

So now you're what - trying to use a 2019 SMB file share or something?

What does file share have to do with AD? Completely disconnected concepts.

True - I was making my own leap -

So - where does this stand now then??

We removed AD. It turned out that it had been installed without evaluation and was serving no real purpose, but was posing a significant risk.

I suggest looking into the salt Logstash engine

@dbeato said in GPO for compatibility mode:

@Grey said in GPO for compatibility mode:

A previous admin created a gpo to alter and add an entry under the hive HKEY_CURRENT_USER in Key path Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range66 which forces a single entry for compatibility mode. I've spent a lot of time testing and, while the setting is to apply once and not again, it doesn't seem to allow a user to add more sites to compatibility mode and keep that addition after a reboot.

Has anyone successfully created a GPO for IE11 to enable CM for users to add items, while also pushing a list of our own? Is there a best method around for achieving this goal?

I have not, I only keep adding it through GPO (In the medical field which they have many sites as this).

Ditto - Just have to keep adding them via GPO. So glad we barely use IE 11 anymore.

Yeah me for posting shit always.. Just needed this again.

Saw the error and I was like.. hmm I posted about this.

e73ed3df-73d6-4e5b-a0b5-9f55aabbde79-image.png

@IRJ said in Web Site Pen Testing:

Here's a good free tool that I've used in the past.

https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

Thanks @IRJ I'll check it out.

@stacksofplates said in Kvm network troubleshooting:

@scottalanmiller said in Kvm network troubleshooting:

Your server has an IP address of 192.168.122.1? Is that correct? Nothing wrong with that technically, but it would be exceptionally unusual. That's almost always the gateway address. What is the address of your gateway?

That's libvirts virtual bridge address for the NAT network.

Oh, duh, I missed the bridge. Carry on. 🙂

I should give Ansible a go one of these days, because whenever I research it, it seems to fall short of Salt, but it would be nice to really have concrete experience of how it falls short.

My current thinking is that if there's a windows feature that Ansible that Salt doesn't, I could probably just grab the powershell script + any dependent scripts and create Salt state/module wrappers around it.

Alternatively, Salt can run Ansible playbooks on minions, but the wrapper approach is more minimalist (don't have to install Ansible on each minion) and keeps secret security simpler.

It is because of this licensing discrepency that we know that CloudAtCost was running a scam. They advertised Windows servers that were unlicensed, and unlicensable.

@wrx7m said in OSX 10.14.X Bug - Roaming AD Accounts unable to login when Off Network:

@DustinB3403 said in OSX 10.14.X Bug - Roaming AD Accounts unable to login when Off Network:

My co-worker thinks he may have a workaround, which involves backing up the user profile, deleting the existing one and restoring the files for the user.

We're testing this currently to see if this actually "sticks".

Did it work?

Waiting to hear back

@DustinB3403 said in How to adminstrate a handful of Windows workstations?:

@JaredBusch said in How to adminstrate a handful of Windows workstations?:

@Pete-S said in How to adminstrate a handful of Windows workstations?:

@JaredBusch said in How to adminstrate a handful of Windows workstations?:

Everytime I want to do something, I would make it a powershell script and save it.

With remote powershell enabled on all workstations, it should be fairly effortless to maintain.

Some individual tasks might take more time than it seems worth at first to figure out how to script it, but int he long run it will be the best solution.

So you're saying I should keep the workstations as they are, but administer them as a group by using remote powershell?

Yes. For example, somewhere on here, I have a Poweshell script posted that let's you install printers.

Edit: Here is that post

Post not found.

fixed

@smartkid808 said in Gaming Rig Issues:

@travisdh1 haha, true on the waiting part. something always better is going to come out.

I will go ahead and pick up the 2700x.. Wish they had CPU only, as I don't need the cooler as I just got a new one last month, but I don't see one anywhere like how the 1700x was.

You should test the CPU/memory/MB system before doing anything. Search for memtest86.

@jmoore said in NodeBB 1.11.2 Error Connect EMFILE:

@scottalanmiller Is that why the site fails to load at times then?

Not every time, but a few times.

So we did an older restore and the issue was resolved. This error was caused by ransomware.