Meh, what difference does it really make? If anything, I'm glad. Having high quality hardware allowed a lot of shops to try to justify buying something that was fundamentally wrong for an unrelated reason.

@lj said in user CALS:

Thanks. That's what I thought but you never are sure when reading Microsoft terms. As Eric Siron who writes @ Altaro Hyper- V blog says "Concise and Microsoft Licensing will never intersect".

Of course not, that is one way they sell way more licenses than are actually needed.

Post can be closed. I found our GPO's are not tied to the OU's so was fine to simply re-create new OUs. Cheers.

@phlipelder said in SSH SCP - Need Pointers for "server" on Windows:

@scottalanmiller said in SSH SCP - Need Pointers for "server" on Windows:

@jaredbusch said in SSH SCP - Need Pointers for "server" on Windows:

@scottalanmiller said in SSH SCP - Need Pointers for "server" on Windows:

@phlipelder said in SSH SCP - Need Pointers for "server" on Windows:

I'm looking for something to serve that file that I can run on a Win10 machine. My search foo is failing probably due to not having the right search terms.

Nothing needed, Windows 10 does that natively.

Really? WTF are you on today?

Mine does. We use it constantly. It's how we use SSH to automate Windows 10 PowerShell.

Suweet! Thanks for that! 🙂

You bet. We've been SO happy with it. It's allowed us to make Windows so much more efficient by using Linux front ends that contact Windows via SSH. So our users are on Windows only for seconds, and get to do all of their real work on Linux.

@irj said in Encrypt Disk After Installation on Fedora:

@scottalanmiller said in Encrypt Disk After Installation on Fedora:

@irj said in Encrypt Disk After Installation on Fedora:

@travisdh1 said in Encrypt Disk After Installation on Fedora:

@irj said in Encrypt Disk After Installation on Fedora:

How can I do full disk encryption post installation on Fedora?

Do you need encryption on the OS for some reason? General you'd just encrypt /home. That assumes the system is secured properly in the first place.

I don't know how to enable full day of encryption after installation of the top of my head. Reinstalling is really easy tho, just backup and restore /home. All you're settings should persist with just that, and reinstalling you're programs is easy and quick as well.

hmmm... So no real reason to encrypt the OS? If my laptop is lost, and a someone resets password, will they be able to access my home directory?

No, that's the point of encryption.

So just encrypting the home directory will accomplish what I need?

Yes.

@phlipelder said in Default printer Webex on Remote Desktop Session:

I gather that the terminal client MSTSC has local resources unchecked?

Are the printers set up on the Session Host(s) that the users would be using? Are they allowed to choose the default printer via Devices & Printers (Control Panel) or are they not able to get into any Control Panel applets?

Yes local resources unchecked.

Yes, each session has printers setup on them. They are allowed to choose the printer they want.

Everything works except the default printer keeps changing to WebEx.

@storageninja said in Cisco SmartNet:

@dave247 it’s basically a people management platform. Can have a system do a sales manager can tap calls and recordings and do all kinds of metrics they integrate to the CRM. I’d argue avaya is more powerful, but call manager isn’t something you Casual replace with an open source PBX.

Now call manager express (its little cousin) is a basic PBX with unity for voicemail. If you went call manager instead of express I assume someone had some fancy needs.

We actually had an old Avaya PBX for the last 7 years or longer. It was quite simple and did the job.. CCM is a fucking nightmare with how many menus, sub-menus, sub-sub-sub-sub-sub-sub menus and such.. not to mention all the servers and sub-server-applications involved. You'd think it was designed for companies with thousands of employess, not under 100. OH WAIT.

@joel said in OBR10 - Server Setup:

@scottalanmiller said in OBR10 - Server Setup:

@joel said in OBR10 - Server Setup:

Then, I can provision DomainController
Add Virtual Hard Drive - C:\OS (130GB) - (Location: D:\VM\DomainController)
Add Virtual Hard Drive - D:\Logs (20GB) - (Location: D:\VM\DomainController)

Why would you make a domain controller like this? Of all workloads, should not be this way.

I recall reading a MS article stating 😄 should have the OS installed but then a second drive should be used as SysVOL/Logs

No, that's not a normal or recommended setup. Maybe for some very specific scenario, but absolutely is not a good default. Default is one 😄 for everything. For DCs, always a single drive, never do this extra stuff. This is what we call "getting weird."

@dafyre said in Microsoft VPN client: Error 809:

@gjacobse said in Microsoft VPN client: Error 809:

Ran the Diagnostics logging and came back with this:

https://msdn.microsoft.com/en-us/library/ms821096.aspx

Explanation:
RASGTWY.DLL is missing or corrupted.
User Action:
Either copy RASGTWY.DLL from your installation disks to the C:\WINNT\system32 directory or reinstall the Remote Access Service. Use the Network option in the Control Panel to remove and then reinstall the Remote Access Service.

Okay.. What/where i that. since RAS is not checked in Windows Features

Check the destination folder... C:\WINNT hasn't been used in... along time.

Folder does not exist.

@guyinpv said in Lots of Nextcloud issues:

I'm feeling like Dr. House right now, I think everybody is lying.

That's what most people do.

@momurda if you doubt what type (object/string/anything) is returned, try using $a.GetType() and it will return you the variable type.

Since I was working with only ONE user this is what I needed to change it to, else was getting Parameter set cannot be resolved

Import-module ActiveDirectory Get-ADUser -Filter {Name -eq "SomeUser"} -SearchBase "OU=Users,OU=OUGroup,DC=DOMAINname,DC=com" | Set-ADUser –scriptPath “\\SERVERNAME\netlogon\2018ADUC-script.txt”

But it worked!

@jaredbusch Thanks
Must of been a setting i was missing in my NGINX conf file. Made it too look more like yours and i'm working 🙂

@jaredbusch said in Ubuntu Questions:

@dafyre said in Ubuntu Questions:

If your Subnet is 255.255.255.224, then that's not going to work... The math works out to where you have two usable IP addresses with that subnet.

Check and make sure you have the subnet mask right.

.224 is not 2 IP addresses. That is a /27 with 32 IP addresses in the block with 30 usable (one of which is the gateway) in the traditional method of ISP handoff. But that is also not what he has. see the other post.

You are indeed correct. Some dummy didn't use his cheating tools correctly yesterday.

@pete-s They can.

Here is an ER4 I have with this scenario.

AT&T WAN: 12.X.X.70/30
AT&T Gateway: 12.X.X.69/30
AT&T Routed Block: 12.X.X.240/29 (My IP addresses)
My LAN: 10.1.1.0/24

Interface setup:

interfaces { ethernet eth0 { address 12.X.X.70/30 description "AT&T FIber" duplex full firewall { in { name WAN_IN } local { name WAN_LOCAL } } speed 100 } ethernet eth1 { address 10.1.1.1/24 address 10.204.1.1/24 description "St Charles LAN" duplex auto firewall { in { name LAN_IN } local { name LAN_LOCAL } } speed auto vif 5 { address 10.204.5.1/24 description "Guest WiFi" mtu 1500 } } ethernet eth2 { duplex auto speed auto } ethernet eth3 { duplex auto speed auto } }

System:

system { gateway-address 12.X.X.69 }

Service-> Nat:

nat { rule 1 { description "Forward Telnet from Epicor" destination { group { address-group ATT242 } port 23 } inbound-interface eth0 inside-address { address 10.1.1.250 port 23 } log enable protocol tcp source { group { address-group EpicorIPAddr } } type destination } rule 2 { description "Forward RDP from Epicor" destination { group { address-group ATT242 } port 3389 } inbound-interface eth0 inside-address { address 10.1.1.12 port 3389 } log enable protocol tcp source { group { address-group EpicorIPAddr } } type destination } rule 3 { description "Allow SMTP from Google" destination { group { address-group ATT242 } port 25 } inbound-interface eth0 inside-address { address 10.1.1.5 port 25 } log disable protocol tcp source { group { network-group Google_SMTP_Networks } } type destination } rule 4 { description "Allow SMTP from Google" destination { group { address-group ATT242 } port 587 } inbound-interface eth0 inside-address { address 10.1.1.5 port 587 } log disable protocol tcp source { group { network-group Google_SMTP_Networks } } type destination } rule 5 { description "Inboud PBX traffic" destination { group { address-group PBX_Outside } } inbound-interface eth0 inside-address { address 10.1.1.30 } log disable protocol all source { group { } } type destination } rule 6 { description "Inbound Web Traffic" destination { group { address-group ATT242 port-group Web_Ports } } inbound-interface eth0 inside-address { address 10.1.1.22 } log disable protocol tcp source { group { } } type destination } rule 5900 { description "PBX Traffic" log disable outbound-interface eth0 outside-address { address 12.X.X.244 } protocol all source { group { address-group PBX_Inside } } type source } rule 5997 { description LAN log disable outbound-interface eth0 outside-address { address 12.X.X.242 } protocol all source { address 10.1.1.0/24 group { } } type source } rule 5998 { description "Public WiFI" log disable outbound-interface eth0 outside-address { address 12.X.X.243 } protocol all source { address 10.204.5.0/24 group { } } type source } rule 5999 { description "Default NAT Masquerade" log disable outbound-interface eth0 protocol all type masquerade } }

Firewall Groups:

firewall { group { address-group ATT242 { address 12.X.X.242 description "AT&T IP 242" } address-group ATT243 { address 12.X.X.243 description "AT&T IP 243" } address-group EpicorIPAddr { address 159.66.236.224 address 159.66.234.224 description "Epicor IP Addresses" } address-group Exchange_Servers { address 10.1.1.5 description "Internal Exchange Servers" } address-group Internal_Web { address 10.1.1.22 description "Internal Webservers" } address-group PBX_Inside { address 10.1.1.30 description "Phone System Internal IP" } address-group PBX_Outside { address 12.X.X.244 description "Phone System External IP" } network-group Google_SMTP_Networks { description "Networks used by Google to send SMTP" network 216.239.32.0/19 network 209.85.128.0/17 network 173.194.0.0/16 network 74.125.0.0/16 network 72.14.192.0/18 network 66.249.80.0/20 network 66.102.0.0/20 network 64.233.160.0/19 network 64.18.0.0/20 network 207.126.144.0/20 } network-group Private_LAN { description "Private LAN Networks" network 10.204.0.0/16 } port-group SMTP_Ports { description "Ports used for SMTP" port 25 port 587 } port-group Web_Ports { description "Inbound Web Ports" port 80 port 443 } }

@stacksofplates said in Best way to backup big data...:

We use Exagrids and tape. Though for only 45TB you could just build a box and Colo it. RHEL/CentOS now have VDO support so you get dedupe and compression on those volumes.

A supermicro box with 24 8TB drives is around $13K. That's around 90TB in RAID 10. I don't know pricing for smaller because we build with those. But it shouldn't be too expensive to build your own and ship to it off-site.

If it's large files likes raw video then compression and deduplication is unfortunately of very limited use.

We just use a standard supermicro 4U server with 24x3.5" drive bays. Running software RAID-6 with very modest hardware specs we have 250MB/s sustained write and 700MB/s read. More than enough to saturate a dual gigabit network link.

Two RAID-6 arrays with twelve 3.5" 10TB enterprise drives in each will give you around 200TB of storage. Or perhaps three RAID-6 arrays with 8 drives in each giving you about 180TB.

The most money in this type of config will be in the drives themselves. 10TB Seagate Exos X10 are about $330 each so 24 drives is $8K.

I have 17 Ruckus R610 APs and they only get rebooted when new firmware is applied.

@fateknollogee
I don't have experience with that particular brand but have used Intels NUCs in a number of different applications.

I think the CPU is too weak on that one. Intel have a couple of NUC models that are priced similarly and some with bundled Win10 and memory / HDD so I would have a look at those. Look for instance at the older model with the J3455 cpu.

We have both the Dell USB-C docks and a couple of the Thunderbolt models. So far we have had no problem with the USB-C. I even use one for my machine. The Thunderbolts were a bit problematic around the first part of 2017, but after several firmware updates they seem to have stabilized.