@EddieJennings said in Managing Hyper-V VMs:

Ah, I didn't think of the barrier restricting me to 2012 R2.

Yeah, the misinstallation is anything but trivial. It sounds trivial, and in some ways it is for the first two years, but it gets worse and worse as time goes on. If it was only the bloat, then whatever, not great but you wouldn't be anxious to work around it. But it is licensing and risk.

Now that said, any effort that you can use to move to 2016 today, you can still do tomorrow. So you just need to think about the right time to make the change.

@Mike-Davis Possibly this https://community.spiceworks.com/how_to/133316-how-to-control-windows-10-and-server-2016-updates-with-wsus

I switched to Korora because I wanted Fedora and the Cinnamon desktop.

I like the Fedora/RHEL ecosystem over Debian. I looked at Mint because it uses Cinnamon, but it is so old.

Unlike @scottalanmiller, I will not migrate all the existing CentOS workloads I have out there because the management is manual. If I had a state system setup for all the various client systems it would be different, but I do not.

@NerdyDad said in Fedora time limits for kids:

@scottalanmiller said in Fedora time limits for kids:

Fedora or Korora? Korora is probably a little nicer for a non-power user.

Either or. I've not set on a certain distro yet, as long as it's a fedora derived.

Korora has a lot of spit and shine.

This won't be an overnight fix. My first step though is complete. The Synology is now in RAID 10 with 1 hot spare disk. One thing to note; the disks in this Synology are WD reds :(. So even though the storage connects to the Hyper-V host via iSCSI, the VHDX stored on it, which contains the data for our file server is at least not living on a RAID 5 anymore.

Next will be dealing with the local storage situation on the Hyper-V host (the two-drive RAID 1 and the three-drive RAID 5). The only "production" VM storage left on the RAID 5 is our Spiceworks VM, which I'll move to the RAID 1 storage. The other VMs that have their VHDs on the RAID 5 are non-production / testing VMs, so if they're lost, it's not a big deal to just rebuild them.

Stuff on Wine rarely runs as well, it's the native stuff that really works.

@Tim_G said in Microsoft is expected to release another 2003/XP patch:

@IRJ said in Microsoft is expected to release another 2003/XP patch:

A nasty vulnerability has been recently identified in 2003/XP. The exploit does not require any credentials and should be considered highly critical. Credible security sources are indicating that Microsoft is expected to release the patch sometime today.

https://blog.fortinet.com/2017/05/11/deep-analysis-of-esteemaudit

I wonder if any other software vendors are releasing updates for versions that are a decade and a half old?

IBM does.

@gjacobse said in ReadyNAS ReadyCLOUD usage:

@JaredBusch said in ReadyNAS ReadyCLOUD usage:

Why would you expect a cloud service to work without authentication? Internal only or not.

Why would I expect it to work with out 'auth'

It worked out of the box, I enabled it on the ReadyNAS, installed the iOS app, and connected.

After the update(s) - now it forces you to sign into NETGEAR - ....

Why would you expect a cloud service to work without auth.

I am not arguing that it did work.

@mobeen I like to separate my server roles whenever possible. WSUS doesn't require a ton of power to operate, a file server on the other hand may (depending on the usage) but generally doesn't either.

If I had the choice with it, I would've just stood up a separate server just for WSUS.

Been working with Yealink support on this and after confirming this happening with the T46G and the T42G phones, their support upped the severity and I got an answer back to add the below setting to the configuration files.

transfer.hang_up_after_success_trans = 3

I did so on the T46G, disabled the custom firewall rules, and had the operator repeat the transfer.

No ghost ringback.

I'll leave the custom firewall disabled and see if it stays good all day.

I'll test in more detail over the weekend or on Tuesday, whichever time I have a tech on site.

@JaredBusch said in Bare Metal Backup (and restore):

@EddieJennings Basically, this backup method it a solid 100% guaranteed method because you are capturing backups of all data in a stopped state. No worries about SQL server database states, etc. You are only backing up the backup files made by the SQL application itself.

This is a perfectly valid scenario.

Using a full image backup is dangerous if it does not talk to the database process and tell it that it is going to run a backup. Because then the Database files are not in a state to be read. This is probably what happened to your mentor/boss/whatever.

True I second this, cause he is focusing on backing up files, but the downside is restoring from DR will take some time for the stuff to be ready.

Having VM export feature + his current file backup will speed the DR restore process greatly.

@JaredBusch Yes ive had to do the same with Home and Business. Totally ludicrous all around.

@aaronstuder said in Nextcloud 12:

Should be released very soon. Looks like it has some sweet new features 🙂

https://nextcloud.com/blog/nextcloud-12-beta-introduces-the-next-generation-of-secure-collaboration/

Yes, they (Nexcloud) have posted about the beta stages.. The thread was active today even.

@scottalanmiller said in Firewalls & Restricting Outbound Traffic:

@anthonyh said in Firewalls & Restricting Outbound Traffic:

@JaredBusch said in Firewalls & Restricting Outbound Traffic:

@scottalanmiller said in Firewalls & Restricting Outbound Traffic:

Maybe do some role play... what is the use case where you end up with misconfigured DNS and then want to the person or system with that issue to really go offline completely? Like not just losing some things, but losing patching and monitoring too.

I have been down this road before, and yes. If someone was over at Art's Motel and had to set specific DNS setting in order to work right, and then comes back on my network and gets DHCP, but not a DHCP assigned DNS, then I want then to get no where.. Broken.

Yes!

insert appropriate meme here

So you are letting the users manage their own DNS settings? Lots of times you need to, so that's a valid case, I just want to be clear that that is what we are talking about.

Well, not the users directly. But there may be a case where DNS settings are altered undesirably (by IT, by malicious software, or simply an issue with the OS not flushing stale DNS settings from going off network).

Link to the MS Update Catalog for this issue(KB4012598).

@scottalanmiller said in dual factor auth for screen connector or other remote access?:

https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Administration_page/Security_page/Enable_two-factor_authentication_for_host_accounts

Thanks. Don't know why I didn't look there first.

@scottalanmiller Especially the streaming thing 😄

Believe me, it wasn't a piece of cake, due to the extreme old age tooling in dom0 (curl from 2006 in XS 6.5! Doesn't support SNI etc.)

edit: we even had to write our own HTTP server…

@msff-amman-Itofficer said in Beginner SaltStack Question: Can minions be placed in folders or groups ? (Coming from AD perspective):

@scottalanmiller

ohh shit, how did that get passed me...

Great, thanks again.

🙂