@dustinb3403 said in I can't even:
FFS at a family wedding and I get a call for help because a user needs SMB1 enabled, because a user still has a Windows XP VM on their desktop....
Okay people, my phone is going off for the weekend. If you can't figure out how to either disable the GPO or make exclusions you're on you're own...
Just donβt answer.
@dustinb3403 This only work for new user profiles and works okay .
@scottalanmiller A lot of Endpoint Protection have the Bitlocker Management for Encryption and other modules that go hand in hand with the Agent so there are many settings that can be used. Also most Endpoint protection systems offer the central management for Free included on the licensing which Bitdefender does have.
@scottalanmiller many applications have issues but none of them are intentional so I can understand frustration. By that definition Microsoft including Defender shouldn't be used 
but again I have no idea of what NTG is dealing with those specific Bitdefender clients.
@travisdh1 It doesn't that is the issue.
@scottalanmiller Like what? I am confused, I have worked with many AV and Bitdefender has been one of the less problematics AV I have worked with. Most of the time Bitdefender doesn't allow something it is purely a setting that blocks access to File shares or local folders but once allowed it works same with Windows Defender has the same feature and can be annoying. Centralized management is not about knowing the status of the agents, it is also the way to manage all the settings and policies from one place instead of doing manual work on each computer (Windows Defender) to apply the changes.
@voip_n00b We have been using Atera RMM, Itarian and others. It really depends of the customer and their needs. Not all need RMM or some already had their own.
@mrwright4hire I use the same or Angry IP Scanner, that is for windows, mac and Linux but depends on Java.
@jaredbusch You are totally right, I just tested again and it only allowed me to mount the ISO. So @ElecEng ignore that one.
@mrwright4hire said in Network Admins: What are your daily BEST PRACTICE:
What are some
You should always have good old WireSHark, nmap included and a great network scanner.
I have used DAEMON TOols for this
https://daemon-help.com/advanced/writablerom/
Or Virtual clonedrive
https://www.elby.ch/en/products/vcd.html
@dbeato More on the Exchange 2013/2016 and 2019 troubleshooting. Exchange 2013 is what I have narrowed down to the issue with OWA and ECP with error 500 and the fix as above works. However the Exchange 2016 CU21 and Exchange 2019 CU10 have an issue with Security Clients with AMSI as below https://borncity.com/win/2021/07/13/exchange-2016-2019-outlook-probleme-durch-amsi-integration/
https://www.frankysweb.de/exchange-2016-2019-amsi-integration-sorgt-fuer-probleme-mit-outlook/
Disabling AMSI on the server with the WEb.config file hasn't fixed it yet, in our case we had to disable AMSI on the server and clients for now.
@gjacobse said in What Are You Doing Right Now:
Don't know that 'my compiled' scripts warrant that. Most of the code is pulled from here and there from GOOGLE, with reference links (not my code, so I can't claim it)... I just graft it into what I am trying to do. Not the 'best way' some times... but it's gotten me the results I need.
But you have modified the scripts to your environments and mostly you can always mention or give credit to the original person with each script. I usually save the scripts on my Git repository for easier search.
For anyone having issues accessing OWA or ECP on Exchange 2013/2016 or 2019 after the Security Updates of last night (They deployed Exchange patches through Windows Updates)
this is what I have been using to fix the access https://docs.microsoft.com/en-us/exchange/troubleshoot/administration/cannot-access-owa-or-ecp-if-oauth-expired
even if the OAuth Certificate is not expired
@gjacobse Yeah, I usually place them on my Github account.
@mlnews Yeah, not the first from Serv-U won't be the last lol
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/
That was back in February 3rd, 2021.
@scottalanmiller This is for a standard user without any Domain Admin Privileges. I am assuming this is for a Technician joining computers that no one wants to have admin permissions.
@siringo Found this
https://cloudwrk.com/windows-server-rds-user-auditing-login-logout-session-disconnects/
You would want to enable Auditing though and have a SIEM to gather the logs from Event logs.
