Yessir, I can help. Hit me up and we can talk options!

@stacksofplates said in RDP to RDP to RDP?:

@Pete-S said in RDP to RDP to RDP?:

@Obsolesce said in RDP to RDP to RDP?:

@Pete-S said in RDP to RDP to RDP?:

Purdue Model

Except that model is basically dead...

https://dale-peterson.com/2019/02/11/is-the-purdue-model-dead/

No, not at all. You have to listen to the whole thing if you are going to draw any conclusions. Can't just google and use the headline 🙂

It really is. It’s overly complex and has much less return on investment and security than something like the zero trust model.

I'm not an ICS infosec expert. I just know what enterprises that have big plants in the oil & gas, pulp & paper, chemical industry have and what they have is what I said they have. And if I look at Homeland Security, NIST etc what they have as best practice is what the customers are doing. Will it change in the future? Sure, everything does.

@DustinB3403 said in Virtual team ideas?:

Time sensitivity is important, people have a hard time showing up on time for a meeting physically. Making people wait with a headset on is just additional irritation that they won't take well.

I personally always show up early 1-5 minutes for a meeting. If I had to wait an additional 15 I'd be using collage rules and counting my attendance as there even if the host isn't.

I think putting a headset on is easier than going to room a people honestly.

@JaredBusch said in ? Need help getting Postcards from Skyetel working........:

when not fully setup to be agnostic and fully contained correctly, docker sucks as a deployment solution.

Exactly. It CAN be an amazing tool, when used correct. When not, it is a train wreck.

TL;DR: Docker is a tool, not the solution.

@travisdh1 said in Apple 2FA:

@Dashrender said in Apple 2FA:

@JaredBusch said in Apple 2FA:

@black3dynamite said in Apple 2FA:

Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

@Dashrender read the entire fucking line....

The app supports it unless you proctect it in the first place. which you should..

It has nothing to do with the service.

I don't recall such a conversation - I'm specifically talking about push notifications - I was unaware that third parties were able to register for and receive push notifications like Google and MS (and frankly Apple) provide their MFA apps.

This is a whole other topic again.

When do you think apps stopped being able to do push notifications? That's all it is.

huh? The MS authenticator registers itself for push notifications from MS, GA does from Google - are you saying you can do that with Authy for google and microsoft services?

I completely understand that I can add TOTP to Authy for MS and Google, but I quoted and am specifically asking about push notifications from those via Authy.

My google foo is finding nothing but people bitching about how authy does NOT support push, but does support TOTP.

Now all that said - I see that Authy has created One Touch - and that One Touch as an API that allows push notifications, but I can't find anywhere that says that Google/MS have enabled that feature.

I use this 61 watt apple charger for all my USB-C charging needs.

It even works for my P1, but only slow charges that, but as you can see, USC-C dishes out high voltage and at 3 amps, as well as lower voltage for phones.

20200317_073732.jpg

If you can limit a client to just one IP and just tcp 3389 in your firewall that should be enough.

Disable shared drives or the user is able to infect the work pc with files from his home pc.

Typically when we connect with VPN to enterprise networks to do work on certain servers or what not, we get a static ip and then they have firewall rules to determine what IPs / ports we can reach. So yes, the computer we use is on their LAN but only through a very small and restricted opening that just allows RDP to just the one server we need to access. Everything else is blocked.

Oh I see. Will have to check that out too then. Thanks!

Going to work on this, finally, after dinner tonight.

Thanks for those that posted.

@Natchos said in 3rd party spam filter solution pricing:

We have been using MS Exchange Online Protection for the last 8 years. It's been working good with our on-premise Exchange server.
Price we pay is 18.99$ per user per year. We are almost at 50 users.

I signed up for this. It was only $1/user/month

Switched things today. So far, all is working normally.

@krzykat said in Postcards for SMS by Skyetel.:

@JasGot

Have you checked your LE credentials to see that its working properly?

Not sure how. The only sign of LE I can find in the OS or the Docker is a file called letsencrypt_services_data
I can't find a conf file or a binary to do a manual run of LE.

@IRJ said in New to Windows Active Directory and Group Security Management:

Make an AD group called workstation_admins and add that group to local administrators account on each desktop. This group does not need any AD rights and nobody's account should be in there except for IT admin accounts. Even those IT admin accounts should not be used on local desktops to login on a regular basis. Only when elevation is actually needed, and even then you should use run as.

I do this - Those who need it have a workstation admin account and a local non admin normal account.

@pmoncho said in Outbound Email group terminology:

@Dashrender said in Outbound Email group terminology:

@pmoncho said in Outbound Email group terminology:

@Dashrender said in Outbound Email group terminology:

@pmoncho said in Outbound Email group terminology:

Thanks group.

At this time, we currently we use Kerio Connect for email (users use webmail function not Outlook connector). That will hopefully change in the future based on changes that are currently happening at work.

I will check into the shared mailbox scenario also. Nice to know that there are possible options out there. Armed with the search terms, it definitely helps when researching my current and future email apps.

What's wrong with kerio?

It was bought by GFI. That is the biggest issue. Large price increase and development prior to their purchase was much better. Support is not what it use to be either.

I'm being a little @scottalanmiller'ish as it has become more of a moral issue. 🙂

Plus, I would like to eventually SasS.

EDIT: Prior to GFI, I really liked Kerio. Stable release updates and support was awesome. Felt they had a huge chip on their shoulder and wanted to kick MS Exchange A$$. That trait is now gone and it reflects in their product.

If you're being Scottish.. then you don't want to look at Hosted Exchange. 😉 If you're like him, you'll look at Zoho.

They will be on the list if they can help me with this situation.

That's who we use and we are very happy.

@JaredBusch said in Notification by MeshCentral after a computer comes back online:

This is not a MC request or support forum.

I'll make a note.