Technically besides what's on end users desktops (Not much) we don't have any local data. Cause none of our datacenters are in our office buildings we connect to them via leased fiber. but we do host everything in house for the most part except Exchange Online.

We noticed with our network monitor today some of our HP LaserJet Pro printers are auto updating firmware, We didn't set it to do this. Nor is there a setting on the printers to enable or disable this..

Odd. Anyone else seen it.

@BRRABill said in Another Personal Storage Discussion:

@Dashrender said in Another Personal Storage Discussion:

@BRRABill said in Another Personal Storage Discussion:

Right, of course, but then my "concern" is the theft of that device. Are we comfortable with Bitlocker keeping it out of non-NSA hands? (AKA your average theif.)

Bitlocker is currently still understood to be completely safe for its intended purpose. It protects a non hibernated/sleep moded powered off computer. Your normal home invasion thief is going to pull the power plug and run away with the device. Once the device is powered down like this, Bitlocker will protect your home made pornos, er I mean data.

Also having a small box like Scott mentions allows you to hide it pretty well too, an Intel NUC and an External HDD, can be hidden pretty easily - though getting power there could present it's own issue.

I'm more interested in hearing how the "no local data" camp deals with this.

IMO, this is a pretty big ML push ... no local data. No servers, and no data on the local machines.

Stop Listening to everything Scott says and think on your own...

and yes as @JaredBusch said Onedrive etc are sync not backup.

@BRRABill said in Another Personal Storage Discussion:

I guess my biggest question is ... to those who say "keep no data local" ... how do you deal with backups?

For personal setups it doesn't matter. Is there really any more security to your server in basement compared to your desktop?

Your average thief will see any kind of encryption and just toss or re-image the device.. It's risk vs reward. They want fast turn over and to get it out of their hands.

@BRRABill said in Another Personal Storage Discussion:

@dafyre said in Another Personal Storage Discussion:

@Jason said in Another Personal Storage Discussion:

OneDrive etc as a back the problem comes with malware, randsomeware and accidental deletion.

For a backup you really want it disconnected from the system and read only.

Crashplan works well for this.

Yes, but you have to get the data onto your local machine, which

a) requires an answer to my original question and
b) goes against the policy of many here (such as @scottalanmiller) of not storing data locally

if it's for home it doesn't really matter if you are storing it locally.. you don't for companies cause you want a central place to backup..

At home my workstation laptop (Lenovo P70) is that central place. Crash Plan lets me backup unlimited data from one computer and I backup a lot.

OneDrive etc as a back the problem comes with malware, randsomeware and accidental deletion.

For a backup you really want it disconnected from the system and read only.

@Mike-Davis said in TS_Block:

I guess it depends what your time is worth if you want to try to script something.

Scripting isn't about trying to save money. Doing the script cost way more in time than what that thing costs. Scripts are way more flexible than a program. You can add more variables and even pass off arguments to other systems.

^ Way to derail a thread....

https://technet.microsoft.com/en-us/library/ff730963.aspx

I wrote this powershell script. It quries LMTools (used by autodesk, Tekla and may others for network seats.) Checks if all the seats (X) are in use, and if so sends an email with a list of all the computers with it open (we send it to supervisors, incase people are complaining about not being able to use it they know who's not really using it and can tell them to close it). It writes a text file when it's true, so on the next run it does not send an email again if the condition is still true. One it has been false it will delete the txt file and can then send an email again. I schedule it as a task every 30min. with the text file check in their it prevents them from getting an email every 30min. They only get an email when the full usage first happens each instance.

#This Script Queries LMTools and Sends and Email with usage when full
#Written by Jason 
#X Should be Equal to Total Number of Seats

$Email = cd "C:\Program Files\Autodesk Network License Manager\"
$Lmtools = .\lmutil.exe lmstat -f [LicesneNumber]
$Body = $Lmtools -replace ",","`n"
If (($Lmtools -like '*Total of X licenses in use*') -and (!(Test-Path -Path C:\Scripts\Autodesk.txt -PathType Leaf))){$MailBody= $Body + $Email.mail
$MailSubject= "Autodesk License Full"
$SmtpClient = New-Object system.net.mail.smtpClient
$SmtpClient.host = "SMTP Relay"
$MailMessage = New-Object system.net.mail.mailmessage
$MailMessage.from = "[email protected]"
$MailMessage.To.add("[email protected]")
$MailMessage.IsBodyHtml = 0
$MailMessage.Subject = $MailSubject
$MailMessage.Body = $MailBody
$SmtpClient.Send($MailMessage)
New-Item 'C:\Scripts\Autodesk.txt' -type file -force -value 1
}
ElseIf  (!($Lmtools -like '*Total of X licenses in use*')) {Remove-Item 'C:\Scripts\Autodesk.txt'
}
Else {Exit
}

This is not a NetBIOS issue then..

It's an MSI which can be natively deployed with a GPO

Why couldn't the update have just been deployed ?

The script uses logon auditing. I'm not sure if owa makes an event log for failed audits but if it does it will work. There is another script that is suppose to work for other stuff. I'll have to find it again.

@dafyre said in Hacking attempt:

What kind of info do you have on the attack? Or do you just know that you were being attacked?

I Can't comment on that.

You are using IP of the SMB share not the hostname? if if using the hostname make sure it's FQDN not the NetBios hostname it tries WINS lookup before doing DNS and appending the search domain like that which will slow down the lookup. I'd just use IP.

Here we scan to email with our Ricoh's though.

We don't usually post about hacking attempts (we get them a lot anyway) this one was bigger than the tiny ones though. We've traced it back to ICI http://www.ici.ro/ are they a bad Romanian government org that is known for hacking people? we've never heard of them.

@JaredBusch said in TS_Block:

There was some other tool mentioned a year or so ago that is basically fail2ban for windows. I meant to set it up and something made me forget.. back to looking at this stuff.

RDPGuard is the one a lot of people use, but a non-admin can even modify that one.. and I like scripts.

@syko24 said in TS_Block:

For a while we were using the free version of Cyberarms. They recently changed their model and now offer their full product for free. It covers more than RDP which is nice. Great for OWA and other exposed Windows services.

www.cyberarms.net

It doesn't seem to do as much as the VB script. with that you can set it so with certian accounts are used they are instantly ban. for us we modified the script to make it so any user not a member of certain groups results in an instant ban.