Posts made by dbeato

@pattonb said in any zimbra specialists:

@dbeato 8.8.12 and centos 16

CentOS 16 ?

@pattonb said in any zimbra specialists:

All nginx lookup handlers are unavailable while SSL handshaking to lookup handler

What is your Zimbra Version and OS?

@dave247 said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dbeato said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@pete-s said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dave247 Can you use 2FA on the VPN connection when doing it like that? Otherwise that would be a major concern.

Another issue with forced VPN is that if your VPN is down then the users can't login at all and can't work. That's a lot of eggs in the same basket. Does your company have HA firewalls, redundant internet, redundant power etc?

Otherwise using the cached domain password the users could login locally. Then they would be able to use their computers with local files and software and also have access to online resources such as M365 and whatever else you use.

No, you cannot use 2FA from within Windows Login screen with Sonicwall NetExtender.

Actually you can. You just click the icon to pull up NetExtender and punch your creds in, then it asks you for the TOTP.

yea, you are right. I was more thinking the SSO MFA SSL VPN but the TOTP either via email (not as secure) or the Authenticator app works well.

@pete-s said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dave247 Can you use 2FA on the VPN connection when doing it like that? Otherwise that would be a major concern.

Another issue with forced VPN is that if your VPN is down then the users can't login at all and can't work. That's a lot of eggs in the same basket. Does your company have HA firewalls, redundant internet, redundant power etc?

Otherwise using the cached domain password the users could login locally. Then they would be able to use their computers with local files and software and also have access to online resources such as M365 and whatever else you use.

No, you cannot use 2FA from within Windows Login screen with Sonicwall NetExtender.

@dave247 Yeah correct. Removed by a bug.

@obsolesce said in Windows 11 auto upgrade?:

@dashrender said in Windows 11 auto upgrade?:

@voip_n00b said in Windows 11 auto upgrade?:

@dashrender said in Windows 11 auto upgrade?:

Plus I'm really trying to get away from local AD.

What's that have to do with MDT?

Perhaps nothing, though I've never heard of anyone using MDT outside of AD

It's used all the time without AD.

Sure but with offline media. Deployment would happen with some sort of other PXE Boot Server or service outside of the Windows computer.

@dave247 said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dbeato said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dbeato The version I have is 10.2.319 and it doesn't have that option.

There isn't even a 10.2.319 version... you be trollin me! (see https://www.mysonicwall.com/muir/freedownloads)

For the record, the latest version is 10.2.315 and the functionality is there regardless of if you install or upgrade.

If I wanted to troll you, I would have failed very badly. You must know me for a while now that I don't troll. Here it is

This is also provided on the SMA Appliances which also has been posted here
https://www.reddit.com/r/sonicwall/comments/rbrlsv/netextender_102319/

http://www.wehrenberg.ch/remote.html (Downloads are there)

If you try that version it does go away. However in your case using a different version works for you and that's all that matter.

@gjacobse said in Recommendation: Non-Profit Site hosting:

I'm not always going to be here to support it,.. so spinning up my own isn't an option... And I want to get (FAR) away from G-Suite!

It's time - shown by the GoDaddy Expiry Date: 2022-03-21T00:15:26Z

But who would you suggest? The current registrant is GoDaddy - and likely a personal account - I'm wanting to move this to club ownership and quit the ducking around that we have to do to manage it.

While there are a number of things I can do - there is more that I just can't... and it just sits there... like... sits no attention movement... It's begging for WordPress and some plug ins..

So - suggest away.. It's 2022 - we have plenty of suggestions.

I would recommend Siteground.
https://www.siteground.com/wordpress-hosting.htm

Which compared to WP Engine sounds like a great idea
https://wpengine.com/plans/

@dave247 If you uninstall the present one and install the latest one then you will not see the option. If you update the in-place application, there is no issue. So if that is the case then it shouldn't be an issue.

@dbeato The version I have is 10.2.319 and it doesn't have that option.

@dave247 What is the version that you have?

@dave247 That won't work on the latest Sonicwall NetExtender client. It doesn't allow for that.

@gjacobse said in What Are You Doing Right Now:

When you have a user call about an app not working.

That is like when they last reboot?

@jasgot Does this happen on any user profile? if not I would try a new user profile and test. Or does it work on another computer?

@dashrender However centrally managed doesn't mean site to site VPN. I don't get MSP that have site to site VPNs to their customers. It is not feasible to maintain, it is a high risk and very old school.

@dashrender This has been around forever but yeah not related to the issues today.

@dashrender said in What Are You Doing Right Now:

@jt1001001 said in What Are You Doing Right Now:

@dashrender as am I and still reading up on it/figuring it out

Do you know - does one deploy autopilot on personalized images? or only on OEM/Enterprise base installs?

You have to install and register the AutoPilot Profile on the device before installing Windows. You would register the device in Intune. Once registered shutdown the device until the profile is created. Once it is created then you can setup your device with internet connectivity and it will go through the process you have including the image and settings and policies you setup for the device.

@scottalanmiller said in Active Directory Domain name:

@stacksofplates said in Active Directory Domain name:

@dbeato said in Active Directory Domain name:

@scottalanmiller said in Active Directory Domain name:

used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

Yeah from a quick search looks like at least GoDaddy and Digicert offered them.

Nov 2015 is when CA/Browser Forum set the standard to not allow internal domains. So looks like most if not all would have supported it before that.

https://cabforum.org/internal-names/

Damn, that's a major security hole! So I could go get a cert issued for a domain someone else used and there had to be zero verification since.... there was nothing to verify!

Yup.

@scottalanmiller said in Active Directory Domain name:

used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

@obsolesce said in windows based FREE imaging app:

@notverypunny said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

they generally come with AV and other crap you don't want at purchase

Oh I see, that sucks. Are the company devices being bought from Walmart or something?

Seriously?

I order these from DCW. I haven't had a laptop not come with at least some third party AV in ages...

I suppose one of the reasons to not order Dell/HP, or at least not the default stuff.

Can't speak to HP, but with Dell, unless you get setup with their imaging program (you provide them with your desired stock image and it's $$$ from what I recall) they're sending you their stock OEM image with a significant amount of bloat-ware. In a corporate / enterprise setup consistency is king so it's normal that you want to reimage with something that's tested and known to play nice in your environment.

Business class devices shipping with trial anti-virus software that is well known to be much worse than the default Windows Defender? That alone is reason enough not to go with that manufacturer (still not a showstopper, as automation can fix that in later steps). If you need to touch a device before an end user gets it, you're wasting a ton of time and money. That's decades old procedures... having your IT department receive the device, reimage, configure, maintain images, and all the requirements that go along? That is a huge waste of resources.

Wouldn't you rather have a device sent directly from CDW to the end-user, without needing a special image, ready to go for the user and the work environment... managed, configured, secured, and compliant as part of the OOBE?

Dell charges a bit more for imaging with your Intune AutoPilot profile but can be arranged and most Dell with Windows Professional and up licensing barely come with bloatware as far as I have been working with them.