@stacksofplates said in VNC Replacement solution:

@Pete-S said in VNC Replacement solution:

@scottalanmiller said in VNC Replacement solution:

@stacksofplates said in VNC Replacement solution:

Nomachine works well. It's easy to set up and I've found it to be more performance and easier to set up than VNC. If it's just between windows and Linux, then rdp works also as Pete mentioned (if you don't want straight console access).

And easier than RDP on some platforms.

Nomachine is free only for personal use. You have to pay if you're using it for commercial use. It's not exactly straight forward to know what is what but there are some guidance here:
https://knowledgebase.nomachine.com/AR03P00972

My interpretation is that you can get away with the free version only for sporadic admin tasks. Anything else in a company requires the enterprise license.

That sucks. It didn't used to be like that. I really feel like they are just strangling their product over time. The pricing for everything they have is ridiculous.

Yeah, they've made changes over the years. There is the NX protocol and it's wasn't open source but then it was and then it wasn't. I think open source project such as freenx / x2go uses NX but it's not compatible with the NX version that NoMachine uses. I've run into that problem a couple of years ago. I don't know if freenx exists anymore or what the deal is.

@scottalanmiller said in VNC Replacement solution:

@stacksofplates said in VNC Replacement solution:

Nomachine works well. It's easy to set up and I've found it to be more performance and easier to set up than VNC. If it's just between windows and Linux, then rdp works also as Pete mentioned (if you don't want straight console access).

And easier than RDP on some platforms.

Nomachine is free only for personal use. You have to pay if you're using it for commercial use. It's not exactly straight forward to know what is what but there are some guidance here:
https://knowledgebase.nomachine.com/AR03P00972

My interpretation is that you can get away with the free version only for sporadic admin tasks. Anything else in a company requires the enterprise license.

@Dashrender said in Restrict access to parent folder but allow child folder access:

@Pete-S said in Restrict access to parent folder but allow child folder access:

This would work well in a project organization where you'd only be given access to the projects you're working on. Those folders will appear under the "Shared with Me".

yeah, all that's definitely true - but the rub there is people access the files differently - so when people are talking to each other, they will often become confused because the locations are different.

You're right, but you could do the same sharing for everybody so it's consistent.

But the underlying problem is that normal users can't handle hierarchical file system and having files in different locations.

The file system is the electronic equivalent of an old school filing system.

Imagine a single company wide filing system where everybody themselves was responsible for filing things in the right place. It would result in utter chaos and there would be no order and nobody would find anything. Much like it is today on network shares, sharepoint, onedrive, email attachments, teams, etc.

The only real solution is to remove the file and folder abstraction as much as possible and not let the users be responsible for handling files, saving them, finding them etc.

Basically what @scottalanmiller said above. Avoid "files". Let application handle the information in an organized way where the user are not going to be working with files. Only systems and sysadmins would have to think about "files".

@scottalanmiller said in Restrict access to parent folder but allow child folder access:

What we do is we don't use mapped drives / SMB shares but instead use a modern cloud based solution (Zoho WorkDrive in our case, but they are mostly the same) and there aren't child folders only top level folders (that have perms.) It forces you to keep all perms at the top folder level (like at the share level.) Far less granular, but it is a lot cleaner. I feel we are far less likely to overlook something or give permission that we don't know about. Since only folders that someone has access to become visible, it actually works decently well.

In Zoho you can actually set "permissions" on a lower level folder as well. Well, you can't do it by setting actual permissions. But you do it by sharing that lower level folder with whatever group or individual in your company that need access to it.

This would work well in a project organization where you'd only be given access to the projects you're working on. Those folders will appear under the "Shared with Me".

@fs483

The only problem you really have is inherited permissions. As you found out you can't effectively use inherit permissions when you don't want everything to inherit the permission. So you need to use explicit permissions in those cases at the top levels.

In a larger company you have many groups and employees belongs to the groups they need and then they might have individual permissions added as needed as well.

I think you just need to give the groups and permissions needed some more thought.

@WrCombs said in SQL Server 2019:

Thanks - I'm looking to move a private client to this. anything I need to keep in mind?

SQL server can run a database in compatibility mode and does so by default when you migrate from something older. 2012 however supports older version than 2019 does so it's possible to run into problems.

There is also some breaking changes between versions as well as functionality that has been discontinued. Only advanced SQL applications are likely to run into any of these though. But it's really the job of the application developers to make sure the app is compatible with newer SQL versions.

I suggest a test run before upgrading production workloads. Or just have the ability to roll back until full functionality has been verified. In most cases there will not be any problems whatsoever.

@gjacobse What's wrong with vnc? It's cross platform. That goes for rdp as well.

@scottalanmiller said in SIP Extension for Maintenance Staff in Noisy Environment:

@pmoncho said in SIP Extension for Maintenance Staff in Noisy Environment:

@scottalanmiller said in SIP Extension for Maintenance Staff in Noisy Environment:

@pmoncho said in SIP Extension for Maintenance Staff in Noisy Environment:

@JaredBusch said in SIP Extension for Maintenance Staff in Noisy Environment:

I have one of these.
https://www.amazon.com/Sennheiser-SDW-5066-507024-Double-Sided/dp/B07P68C84D

The noise cancellation works really good. I don't know about factory floor good, but real good.

Do you find the (roughly) 500' range to be accurate? I only need 100' but with a few walls in between.

Walls hit Bluetooth pretty hard.

Yeah. The Jabra and Plantronics headsets I have states 200' but the two walls kill it in about 30'. UGH. I have to transfer call to cell when I need to go to the another part of the office.

BT is mostly designed around walking around a room, not between rooms. In an open air house I can normally walk around a living room, kitchen, dining room kind of area, but that's about the extent of it in most cases.

Exactly, bluetooth was designed to replace a short wired serial connection like a headset to a cellphone, keyboard or mouse to a computer etc.

If you intend have a bluetooth headset in a mobile environment you need to have your phone in your pocket. For a SIP connection the phone could then use DECT to a base station or Wifi to an AP or 3G/4G to the cell tower.

@BraswellJay said in SIP Extension for Maintenance Staff in Noisy Environment:

I'm wanting to improve the ability for our mtc staff to talk on phone with vendor(s) support while they are on a noisy plant floor. Our facility is in a cell deadspot. Coverage outside is spotty at best and once inside is essentially impossible to use.

Ideally what I would want is some effective noise cancelling headphones, probably with a boom mic that can either be a fully functioning SIP extension off of FreePBX or at least be connected to a device that is itself the extension.

Right now I'm thinking my best bet is to find something that can connect with WiFi and have Linphone installed on it for the extension. Then use something like this for the headphones

I have a yealink W56 for them now and that does have a standard audio jack so I could get a set of corded headphones, but I'm not excited about a corded solution since they could be using it near machinery with moving parts.

I just wanted to see if anyone else had a similar situation and what you may have done to address.

3M Peltor is common choice for these kind of applications. I've used a set of their top models with bluetooth and the mic's noise cancellation is absolutely unbelievable. But that is if it's so noisy that you need hearing protection and even possibly a hardhat.

With just a little noise (that doesn't require hearing protection) I find blutooth headsets that have multiple mics works well, like plantronic. That will be a much cheaper option.

Proxmox works but we prefer xcp-ng.

Virtualization itself is a commodity so it's the tools around it that matters most. We have many hosts and xcp-ng is the best fit for our needs.

@scottalanmiller said in So You Lost Your ERP MSP?:

Not sure if this is funny, or a rant, or what. So we are the MSP for a firm and we do everything except their ERP support. I actually like this as ERP sucks and they use some ERP we don't know so cool, that's a perfect situation. It's web based so other than making sure Chrome is installed, up to date, and clean, we don't have to worry about the ERP.

Except one little problem. Upon implementation of the new ERP, the total disregard for the selection and implementation process is apparent and now it turns out, there is no one in the company who knows who the ERP vendor is or how to reach them. Or the MSP that supports them. So, we get ticket after ticket asking for help with the ERP and we are like "um, we don't know anything at all, call the support desk for the ERP" and they are like "sure, but... who is that?" And, of course, we were never told who it was. It's a browser based app, we don't need to interact with that support firm so we weren't introduced or given contacts.

So now the key application upon which the entire company operates is an unsupported black hole of disaster waiting to happen. This is the problem with going with little, unknown companies and keeping everything at arm's length.

There's no one specific failing. Just a general disregard for running the business, I guess. A bit of an "I can't even" here.

In nature the normal state of things are decay. In business it's the same and it requires lots of effort and constant work to keep things from decaying.

@Dashrender said in Is Real Estate Actually a Good Investment on Average?:

@scottalanmiller said in Is Real Estate Actually a Good Investment on Average?:

@Dashrender said in Is Real Estate Actually a Good Investment on Average?:

is that where most rentals have come from?

Most rentals existed long before 2008. The rental market has always been very large.

Oh, I'm sure it's been longer than 2008 - but when? When did mass rentals enter the scene?
I guess they really started in the beginning when companies built factory based towns. The company built the houses for their employees so they would have some place to live. etc.

A really long time ago (in the US). Most people used to be renters but after WW2 the majority have been homeowners.

Right now (2022) it's sits at around 65%.

Data is from U.S. Department of Housing and Urban Development.
https://www.huduser.gov/portal/Publications/pdf/HUD-7775.pdf

@scottalanmiller said in How Do You Replace Active Directory?:

@Dashrender said in How Do You Replace Active Directory?:

I don't care about AD - I care about centralized authentication of all devices.

But... why? Why is this something that you care about? It's not an end goal. It's a means. But what is the ends?

Since he has users that use several workstations, I would venture that the end goal is having the same login credentials on every workstation the user uses.

Grant Cardone says invest in income producing multi-unit properties but rent your home, because it's not an investment.

Sharepoint is such a mess and it's user hostile. If your users had problems before with a single mapped drive, it's going to be chaos when they're having files in onedrive, teams and sharepoint at the same time. The confusion is going to be never-ending.

So yeah, good luck with your project, you're going to need it!

@jt1001001 said in Password Managers:

New gig is using Bitwarden, converting from Zoho Vault

Interesting. Is it self-hosted? Do you know the reason for the move?

FYI, PCI DSS V4.0 has just been released. So whatever one chooses to do it would be a good idea to check that it is compliant against the new standard.

@WrCombs said in vLANs random question.:

I got asked randomly and vaguely "has anyone set up separate vLANs for registers and payment devices"
I asked for the reasoning behind it - because Registers have to communicate to the payment devices to get transaction details - send to processors-send authorization detail to the POS registers - I was curious why would you wan to separate them.
The answer I got was about what you'd expect.

Normally you do network segmentation with different VLAN/subnets to be able to secure them with a different set of firewall rules.

I don't know enough about POS systems to discuss specifics. However if devices of type A needs to communicate with devices of type B then you set up a rule to allow that. If devices B needs to communicate with the internet you set up a rule for that. And so on.

What you end up with is a set of rules that only allow the type of traffic that is needed between devices, VLANs and WAN for things to work. Everything else is blocked.

This is the principle of least privilege. You allow only what's needed.
It's more secure because if one device is compromised with malicious code it can't spread easily to everything else. It also forces you to find out the traffic flow of your devices. The more specific the rules are the better it is, but it's also more work. So somewhere there is a balance of cost versus risk.

A DMZ is basically a simple form of network segmentation.

@dafyre said in vLANs random question.:

The short answer is you would get the Router to route between the two VLANS, and fix it so that only the Payment devices have access to the internet.

That's a good answer.

When devices are in the same subnet, traffic doesn't pass any external router/firewall. So any device can access any port on any other device in the subnet.

When two devices are in different subnets the traffic must pass the router/firewall and you can set up rules there to allow or block certain traffic.

---

Being picky here but VLAN are just a way to split switches into virtual switches. It's having different subnets that makes the traffic pass the router.