@scottalanmiller said in UPS Replacement:
UPS normally I'd think solidly 10-20 years. Batteries have to be maintained, but the UPS itself is pretty rugged and good for a really long time.
My server ones are 10 yrs old. On their third set of batteries.
There is no point in a second D.C. If you don't have two servers, not really.
As @dbeato said why keep Windows servers at all? Move to Linux based AD and save licensing altogether.
In either case you need a DNS server that supports all of the AD record types.
Also license wise its good to have those phones not pulling pulling from windows DNS because you then have to license them with windows Cals also.
Here's the link to get RSAT.
https://www.microsoft.com/en-gb/download/details.aspx?id=45520
And here's a caveat for RSAT
Start with @JaredBusch guide to install Fedora 25 minimal.
The following are based upon @JaredBusch CentOS install.
Assuming you're using a VM somewhere other than local on your machine, you'll want to use putty or Bitvise or some other SSH client so you can copy paste into the session.
note: those used to using php-mysql there is a change. php-mysql was deprecated, now you use php-pdo_mysql
dnf -y install httpd mariadb mariadb-server php php-pdo_mysql php-xml php-gd wget nano
policycoreutils-python;
systemctl enable httpd.service;
systemctl enable mariadb.service;
setenforce permissive;
systemctl start mariadb;
firewall-cmd --zone=public --add-port=http/tcp --permanent;
systemctl reload firewalld;
systemctl start httpd;
Download and unpack WordPress
cd /var/www/html;
wget https://wordpress.org/latest.tar.gz;
tar -xzvf latest.tar.gz;
Change the settings below to things specific to your install.
NOTE: because of exit characters in certain shells, and the fact that these passwords can only be used on the local machine, it's advisable to only use alphanumeric characters for the passwords below - it will make your life easier
#Create a database for wordpress and a user to access it.
mysql -e "CREATE DATABASE wp_yourdomain_db;"
mysql -e "CREATE USER 'wp_user_yourdomain'@'localhost' IDENTIFIED BY 'somerandompassword';"
mysql -e "GRANT ALL PRIVILEGES ON wp_yourdomain.* TO 'wp_yourdomain'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"
#Secure mariadb. These commands do what mysql_secure_installation does interactively
mysql -e "UPDATE mysql.user SET Password=PASSWORD('somesecurepassword') WHERE User='root';"
mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
mysql -e "DELETE FROM mysql.user WHERE User='';"
mysql -e "DROP DATABASE test;"
mysql -e "FLUSH PRIVILEGES;"
Make a copy of the wordpress directory into the folder for this instance of WordPress
note - yourdomain is replaced by whatever you want to reference this instance as
cp -R /var/www/html/wordpress/ /var/www/html/yourdomain/
chown -R apache:apache /var/www/html/yourdomain/;
Create a wp-config.php from the sample file, then update it with your specific settings. You are changing wp_yourdomain_db, wp_user_yourdomain, and somerandompassword to match the ones you create above.
cp /var/www/html/yourdomain/wp-config-sample.php /var/www/html/yourdomain/wp-config.php;
sed -i -e 's/database_name_here/wp_yourdomain_db/' /var/www/html/yourdomain/wp-config.php;
sed -i -e 's/username_here/wp_user_yourdomain/' /var/www/html/yourdomain/wp-config.php;
sed -i -e 's/password_here/somerandompassword/' /var/www/html/yourdomain/wp-config.php;
Go to https://api.wordpress.org/secret-key/1.1/salt/ and copy paste a unique salt into your wp-config.php file
No idea how to use sed to find/replace this. This data goes at the end of the wp-config.php file.
This is what is in the default file.
define('AUTH_KEY', 'put your unique phrase here');
define('SECURE_AUTH_KEY', 'put your unique phrase here');
define('LOGGED_IN_KEY', 'put your unique phrase here');
define('NONCE_KEY', 'put your unique phrase here');
define('AUTH_SALT', 'put your unique phrase here');
define('SECURE_AUTH_SALT', 'put your unique phrase here');
define('LOGGED_IN_SALT', 'put your unique phrase here');
define('NONCE_SALT', 'put your unique phrase here');
DocumentRoot "/var/www/html/yourdomain" # was "/var/www/html"
<Directory "/var/www/html/yourdomain"> # was "/var/www/html"
restart the webserver then browse to your site.
systemctl reload httpd;
In my misadventures with Hyper-V I found myself with one of my NICs attached to a vSwitch that I couldn't get it unattached from for some reason.
Google lead me to
https://gallery.technet.microsoft.com/Hyper-V-Network-VSP-Bind-cf937850
The nvspbind tool allows you to enumerate which NICs are connected to a vSwitch and unbind them, then allowing you to add them to a team for example.
https://mangolassi.it/topic/15712/hyper-v-nic-tool
This thread has a solution in case you find one or more of you NICs bound to a team or vSwitch because you did your own thing.
@jaredbusch said in What exactly imaging software, any open source or free options ?:
@dbeato said in What exactly imaging software, any open source or free options ?:
@openit said in What exactly imaging software, any open source or free options ?:
@jaredbusch said in What exactly imaging software, any open source or free options ?:
Corning and imaging are two totally different things as the others have said. You need to define what you actually want to do here more clearly.
Okay. I believe I want to know more about Imaging. Actually the curiosity to know about Imaging arise from my previous post, where @scottalanmiller mentioned "Imaging should take around thirty minutes and, in reality, we are often getting that number lower and lower." It was regarding restoring the system when it is not working properly.
Yes which is fine, imaging is about restoring or setting up a system to an initial state where all the applications are installed and activated and ready to be used. It doesn't restore however the user's information.
And that is the big difference in a nutshell. User and fix their computer, you apply fresh image and connect user documents
Right, the thing to remember here - the desktop PC should have zero data on it. All data should be saved/synced to some place else so it can be accessed from a newly deployed image.
@mike-davis said in cost of the whitebox:
That said I still have some businesses that try to run computers until they won't power on anymore. I've been telling those clients I'm too busy to work on their stuff. It's just painful to work on a computer that slow.
These are the best to work on - you get paid for just sitting there waiting. Yeah it really does suck to see your time wasted this way - but you are in the business of making money - you informed them of the best IT solution, if they still want to pay you to maintain the machine - take the money to the bank!.
Seriously toss it, buy them a Chromebook and move on. You've already wasted to much time on this 8+ year old computer.
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@dashrender said in Limiting Bandwidth (Help me name this thread):
@wirestyle22 said in Limiting Bandwidth (Help me name this thread):
@rojoloco said in Limiting Bandwidth (Help me name this thread):
I don't understand why "HEY USERS, STOP WATCHING YOUTUBE ALL DAY!!!!" isn't the obvious solution here. Your coworker wants to use tech to solve a people issue. No video streaming = no more bandwidth issues.
I'm using youtube as an example, I have no idea what they are watching or on what platform. I just know it's not hosted by them and they access it over the WAN
His point was - when people complain (or logging servers send alerts about issues) you look at who and what is happening and tell those people to knock it off.
I have been told it's for business purposes. It's a foster care non-profit so i have no idea how or why, but let's assume they are right for now
Then you simply need more bandwidth. That's it. That's the only correct answer.
Today options like Salt, Ansible and others can be used to make the PCs as near stateless as possible. You can get reports and push commands to the PCs with these.
Screenconnect and other technologies can be used for remote access to assist at the GUI level if that is needed.
@scottalanmiller said in Anyone Attempting Deploying Printers through SaltStack?:
@krisleslie said in Anyone Attempting Deploying Printers through SaltStack?:
On and Offboarding is very labor intensive and if it's not that's possibly because your team may have streamlined the experience. However, every business by far isn't streamlined. That is a fact.
Sometimes this is an advantage of an outside firm, they have more clout, or just a fresh set of eyes, to evaluate the process.
This is so frustrating... and sadly so damned true.
Internal resources are frequently ignored because the people in charge forget that they are paying the internal resources... but with an outside firm - that's always first and foremost in their mind, and if they are paying, well by god we should be doing what they say because otherwise why in the world are we paying them?
Now if only they applied that same logic to the employees they employ.
I've had a user who's computer has been going to sleep after approx 2 mins, instead of 15 as the power and sleep applet says.
I've made registry changes, wiped the profile, hell - even rebuilt the machine. Nothing worked. The problem has continued to return.
Well, back to google this morning, with what must have been a new search and found this.
https://superuser.com/questions/1019043/windows-10-sleeps-before-set-time
Which pointed to this > https://www.sevenforums.com/tutorials/246364-power-options-add-system-unattended-sleep-timeout.html
This gist of which is that there is a hidden option that can be made viewable by a registry change.
Windows Registry Editor Version 5.00
; Created by: Shawn Brink
; http://www.sevenforums.com
; Tutorial: http://www.sevenforums.com/tutorials/246364-power-options-add-system- unattended-sleep-timeout.html
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Power\PowerSettings\238C9FA8-0AAD-41ED-83F4-97BE242C8F20\7bc4a2f9-d8fc-4469-b07b-33eb785aaca0]
"Attributes"=dword:00000002
While this setting should only affect windows if the computer isn't used after it's woken from sleep mode, it seems to activate regardless of use or not in some cases.
I'm testing it with my two users now.
@JaredBusch said in Security while Traveling -:
I don't give a shit.
My email is all TLS based. I don't open banking apps on random wifi. Granted I trust them to be using TLS because, hello lawsuit, if not. But I still don't use them.
Anything else I do is chat, all using TLS, but it is public anyway, so the history is obtainable. And then web browsing. Well, jsut don't sign up or enter creds to stuff.
This is how I feel. No reason not to use public WiFi today. Just make sure your pages are HTTPS when using creds and you should be fine.
If the WiFi antenna is disabled, then you aren't subject to any attacks.
@JaredBusch said in daisy chain Ubiquiti AC Pros?:
@Mike-Davis said in daisy chain Ubiquiti AC Pros?:
@JaredBusch said in daisy chain Ubiquiti AC Pros?:
Now, the objection to the WISP model.
Why do you think you need an 80' tower?
This hardware is designed to go miles. You are going like 600 feet max. It is highly likely that a solid omni-directional antenna on the roof of the main building will provide signal to most of the facilities.
But even should you have a section of bad service, you can put another one on another building. Likely Lakeview based on the picture.
The trees are about that tall. The cottages have metal roofs on them.
So you're thinking a NanoBeam 5AC-G2 on each cottage connected to a UAP AC lite/pro? What would be needed at the main house? Rocket AC and then (3) airMAX AC Sector Antennas? Does a single Rocket AC support 3 antennas?
Something like this, yes. I wold have to look up exact model specs, etc.
I am most definitely not saying it is the answer. But it should be relatively low cost to test. You only need the antenna for the main office and a single one to roam around with to test by each cabin.
And testing should only be done in the summer when the trees are fully leafed up. Unless all the trees are pines, then - I guess it doesn't matter.
OK after an offline conversation with JB - Scott's saying we were already talking about my storage name issue makes sense.
It's likely that setup grabbed IP Address A from DHCP, which happened to coincide with an old record from my boss's laptop in Reverse DNS. Fedora installer looked that name up, used it to make the storage name.
Then after install, Fedora used the newer ID to get a DHCP address, my DHCP server saw it as a new device and gave it a different IP. and the rest is history.
Thanks everyone for helping me understand what happened.
@WrCombs said in Windows 10 Reboots:
googled it and looks like this happens a lot with virus' on the PC so I checked and a trojan was quarantined yesterday ...
Wipe and reload time - though I think we mentioned that several days ago. 
That's all fine and dandy.. but I can't sign my company up (I'm the IT Admin here) because I'm not giving you my personal cellphone for a company sign up.
Other systems have done setups that get through IVRs to internal extensions - that's what would be needed in my office.
Requiring SMS for business is seemingly absurd.
Client called looking for assistance setting up Signatures with pictures, etc in OWA on O365.
I found this site that does all the formatting for you, so you just fill it out, then copy and paste.
this article should help you configure the ER-X to enable hairpining.
https://help.ubnt.com/hc/en-us/articles/204952134-EdgeRouter-Hairpin-NAT