@JaredBusch said in SSH Keys and migrating to a new device:

@wirestyle22 said in SSH Keys and migrating to a new device:

@JaredBusch Thanks. This is great

Again, you want a unique private key on every device, in order to lock things out discretely. Otherwise if you simply had the same private key everywhere, you would lose all access form every device just because your laptop was compromised and you had to lock out the public key.

So this process is really only something that should ever happen on a profile migration.

Ya it's a big advantage to having automounted home directories or having LDAP store the keys. You can easily revoke and add another key and have it work everywhere.

Or using Kerberos instead of pub/priv keys.

I realize @JaredBusch knows this, but for others who may not.

So here is a list of updates from June 2017, but I need their Bulletin numbers...

https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/40969d56-1b2a-e711-80db-000d3a32fc99

@Tim_G said in XP: Options in virtualization setup:

Oh should have I posted my reply on SW instead?

He sees it here, too.

New build? Create the "admin" account that will "own" the share.
Then use rsync to upload everything.
Then use the occ command to rescan the directory.

@openit said in MS 2012 or 2016 to learn and certify ?:

@mlnews said in MS 2012 or 2016 to learn and certify ?:

@openit did you see that MSPress has a sale on today?

Nope, I was not aware. Also there is no 70-740 in your listed offered books.
Anyhow, still I am seeing 35% discount if I wish to buy immediately.

Sales are often just one day.

@Jimmy9008 said in Dell N2048 Switch and IP ACL - I just killed part of my network...:

Yes, I see what you mean. I was being crass about the windows server. Perhaps for specific servers the ACL on the switch would be useful for an added layer, but will have a think.

It's certainly an extra layer. But a complicated one (not just today, this will be complicated to support for forever) but it is one that is fully redundant with a more power and flexible one that you should be trusting pretty strongly (or removing that vendor.) I'm pretty confident that the Windows firewall has never been breached, ever. Having the switch ACLs would add a risk that someone might not enable the Windows firewall, as well. But at a minimum, it will take you to triple firewalls and all kinds of network overhead for simple stuff.

To put it another way, hospitals, government or Wall St. banks would never consider this degree of network lockdown. Unless you have a need for security greatly exceeding things like the CIA or sovereign funds, don't do this 😉

Also, anywhere that needs security even a fraction of this level can never run their own network but would have to move to Amazon (where they actually do this) and would not run Windows.

Otherwise, the level of effort here is disproportionate to the rest of the environment.

Netwrix has a good solution, and is relatively inexpensive.

They also have a number of free tools.

I believe that they also now offer the full version 9 for free with a node or user limit or something. Not 100% on this bit.

@BRRABill said in Comparing Fax and Email Security:

@scottalanmiller said in Comparing Fax and Email Security:

@BRRABill said in Comparing Fax and Email Security:

P.S. Are you getting paid by some strange company to use the word "corruption" this week?

Calling it as it is. The world is a very corrupt place and most of it happens because society conditions us to feel like it is acceptable.

And there it is ... AGAIN! 🙂

Society hasn't changed, it's just how it is.

I've used mnx.io before. They're not bad.

0_1498760223289_Selection_009.png

@dafyre said in Transfer Large File To Host = GOOD Transfer Large File To VM File Server On Same Host = BAD:

@Tim_G said in Transfer Large File To Host = GOOD Transfer Large File To VM File Server On Same Host = BAD:

@dafyre said in Transfer Large File To Host = GOOD Transfer Large File To VM File Server On Same Host = BAD:

@Tim_G said in Transfer Large File To Host = GOOD Transfer Large File To VM File Server On Same Host = BAD:

@dafyre said in Transfer Large File To Host = GOOD Transfer Large File To VM File Server On Same Host = BAD:

@Tim_G said in Transfer Large File To Host = GOOD Transfer Large File To VM File Server On Same Host = BAD:

@NashBrydges said in Transfer Large File To Host = GOOD Transfer Large File To VM File Server On Same Host = BAD:

@JaredBusch said in Transfer Large File To Host = GOOD Transfer Large File To VM File Server On Same Host = BAD:

Disable-NetAdapterVMQ

Yeah I was aware of the VMQ issues so that was disabled.

Once the office had closed for the day and after an hour of toying with everything I could find, I decided to completely uninstall the network drivers and reinstall from scratch. Deleted the vswitch and recreated it. Also uninstalled network drivers from workstation and reinstalled. Rebooted everything including the switch and it looks like everything is back to normal...for now. Not sure why this changed anything since none of the settings have changed. Just bizarre.

Thanks for your help everyone.

You do not want to disable VMQ on 10Gb NICs. That's what it is meant for. The issue was that VMQ was being enabled by default for 1Gb adapters, and that was causing the problems.

You disable VMQ on anything that is Intel or Broadcomm period. Their drivers are seriously bugged for that. I've got 4 Server 2012 R2 bare metal machines with Intel and Broadcomm 10 gig NICs in them. Network performance absolutely sucks until I disable VMQ.

Up to date firmware on the NICs?

My experience has been the opposite, as well as my research on the subject.

VMQ on 10Gb NICs is fine, that's what it was designed for. VMQ on 1Gb NICs is not fine.

When I disable VMQ on a busy 10Gb NIC on a Hyper-V host, performance goes down.

Yepp. Firmware is up to date (did an update about 2 months ago, I think). The systems have been operational for a year or better.

It's all Cisco gear on the networking side. I've read the same thing that you have that says 10gig is fine to enable VMQ, but on Intel & Broadcomm NICs, it is not.

Those are the NICs I'm talking about, Intel & Broadcom. Maybe I just have un-effected models in all of the servers I've dealt with.

I hope so, lol. But if you start having problems with Intel or Broadcomm NICs, that' the first place I'd start.

I have. And it was always with old-firmware'd 1Gb broadcoms. Never 10Gb.

Here is a batch file for anyone who wants to do this "lazily"

@echo off REM Vaccince for NotPetya/Petya/Petna/SortaPetya. echo Administrative permissions required. Detecting permissions... echo. net session >nul 2>&1 if %errorLevel% == 0 ( if exist C:\Windows\perfc ( echo Computer already vaccinated for NotPetya/Petya/Petna/SortaPetya. echo. ) else ( echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dll echo This is a NotPetya/Petya/Petna/SortaPetya Vaccination file. Do not remove as it protects you from being encrypted by Petya. > C:\Windows\perfc.dat attrib +R C:\Windows\perfc attrib +R C:\Windows\perfc.dll attrib +R C:\Windows\perfc.dat echo Computer vaccinated for current version of NotPetya/Petya/Petna/SortaPetya. echo. ) ) else ( echo Failure: You must run this batch file as Administrator. ) pause

@Kelly said in How would you run Windows applications in your preferred Linux Distro?:

So we have a business need that requires we run Microsoft Office. This is not on the table for discussion of whether or not that can be changed.

With that out of the way, how would you all handle that in your preferred distro? We're looking at running Fedora/Ubuntu/Korora on Dell laptops, but we have to have MS Office because we have to be able guarantee the output we produce is viewed by our government customers exactly as we create it.

Running a full Windows VM is an option. I've wondered if there is something the equivalent of Parallels, where it exposes guest applications to the host OS, for Linux.

Any thoughts, questions, etc.?

there are 2 options: wine or full vm with windows licence. according to the hypervisor your use there is a mock up to add win apps to the linux menu when the VM is running in background.

in my experience wine is basically broken. anyway you can have a look at the compatibility list

here where the installer of MS works or not
if apps work has to be searched through the DB

Since i've previously attempted on testing the VTL to Cloud Replicator, I would like to mention that there can be a possible error in the process. Just so noone rings the alarm beforehand, it's quite simple to overcome the "Setup failed to install Microsoft .NET Core. Error 3010" by either rebooting the node, or installing the .NET core before installing StarWind.

After getting in touch with them, I was actually surprised that they were kind enough to take that into account in one of their future releases and mention to have that fixed.

@scottalanmiller said in RamBox:

@Romo said in RamBox:

@scottalanmiller said in RamBox:

So if it used to not be a wrapper, maybe Slack is cloning Rocket.Chat now rather than the other way around.

They both use Electron to provide their "desktop clients".

I knew that Rocket did. So Slack copied that from them?

Don't really know, I know they were using Electron for the windows app almost since the beginning and just last year change the mac version from MacGap to Electron as well.

@dgingerich @scottalanmiller sorry for the delay in a response from me. Working on a sev-1 at work at the moment so I'm only sporadically available. I'll be sure to take a look at this later when either the sev-1 clears up or my day is over.

@Jimmy9008 said in Tracking user steps on files:

@scottalanmiller said in Tracking user steps on files:

@Joel said in Tracking user steps on files:

@gjacobse said in Tracking user steps on files:

Server details?

OS version?

Windows Server 2012 R2

Audit records will tell you everything that can be told. Copy, however, doesn't have an "action" with it so there is no means of tracking that. The server isn't told when a copy is made, so there is no way to log that.

Will that record access if say, viewed in preview pane, rather than opened fully? Would be good to setup prtg to look in event log for that on specific files, if possible.

It should has it has to open it for that.

Microsoft released a new cumulative update last night that appears to address this for Windows 10

I haven't tested it yet.

This specific link is for version 1703

https://support.microsoft.com/en-us/help/4022716/windows-10-update-kb4022716

1607

https://support.microsoft.com/en-us/help/4022723/windows-10-update-kb4022723

1511

https://support.microsoft.com/en-us/help/4032693/windows-10-update-kb4032693

Done

@JaredBusch said in Zevenet load balancer:

I have HAProxy setup on Fedora 25 for use with Exchange 2010.

I really need to turn that into a write up as I need to replicate it at another client anyway. Last two current clients with on prem Exchange.

oh cool - you got it to work.