Server 2019 enables by default some Hyper-v feature called RSC. I wonder if this is your issue. Someone had this same issue as me and turned it off and my Read speed went up to the 900Mbps limited by switch speed now.
https://serverfault.com/questions/976324/very-poor-network-performance-with-server-2019
Are any of you doing anything to protect your network/clients regarding the Zoom security flaw in this article: https://mashable.com/article/zoom-vulnerability-windows-passwords/?
If you apply the workaround GPO policy on a domain joined pc, then there will be problems accessing files on a file server or NAS mapped drive the way I understand it.
I've got a great YouTube link for MS Teams training for employees and/or yourself: https://youtu.be/HmzU21JbkjY. Very clear and straight forward training. YouTube link also provides timestamps links for specific training topics.
@JaredBusch said in Obtaining hardware from terminated remote employee:
Hardware is not worth the fucking time to get back.
If the company thinks wasting man hours on that is a good idea the company is insane
Thank you! I completely agree. Trying to convince my company this idea is difficult for me right now.
@black3dynamite said in Obtaining hardware from terminated remote employee:
There's Absolute Security. But that's more for securing your devices than obtaining your hardware.
You can lockdown and track the device location but that doesn't mean you will get your equipment back.https://www.absolute.com
https://www.absolute.com/platform/editions/From Dell
https://www.dell.com/learn/us/en/04/help-me-choose/hmc-absolute-computrace
Great point. I wanted to look into those programs. The Sophos block policy isn’t going to get me very far in getting the hardware back. At least I feel like I still won since they can’t freely use the laptop without wiping and reloading the OS. My point is that the pc becomes more useless to the employee. They MAY be more inclined to return it.
@travisdh1 said in Obtaining hardware from terminated remote employee:
@magicmarker said in Obtaining hardware from terminated remote employee:
@scottalanmiller said in Obtaining hardware from terminated remote employee:
@magicmarker said in Obtaining hardware from terminated remote employee:
When they can't open IE, Chrome, Firefox, or Office apps the laptop becomes pretty useless.
LOL, what does that take, five minutes to work around? Not much of a deterent.
We are talking about a standard user with no admin rights. The Sophos policies will block all browsers, office applications, USB ports, and PDF readers on a per device policy. Why would a standard user have a work around for this in 5 minutes? At that point the users only option is hire a tech to slave the drive and copy the data. The Sophos policies just make it harder to use the pc after they are terminated.
Reinstall OS, done. Possibly reflash BIOS/UEFI if that is locked down. That's at the longest possible time. I've forcibly removed a locked down Sophos without benefit of the unlock code before. 5 minutes is a little long for that in my personal opinion.
The user still needs to hire a @travisdh1 to do that for them. It's still annoying to them. Users are not going to know how to slave a drive and re-install an OS. So factor in the users time to find a computer tech and then pay for the work to be done. It's not 5 minutes.
@scottalanmiller said in Obtaining hardware from terminated remote employee:
@magicmarker said in Obtaining hardware from terminated remote employee:
When they can't open IE, Chrome, Firefox, or Office apps the laptop becomes pretty useless.
LOL, what does that take, five minutes to work around? Not much of a deterent.
We are talking about a standard user with no admin rights. The Sophos policies will block all browsers, office applications, USB ports, and PDF readers on a per device policy. Why would a standard user have a work around for this in 5 minutes? At that point the users only option is hire a tech to slave the drive and copy the data. The Sophos policies just make it harder to use the pc after they are terminated.
@sully93 said in Obtaining hardware from terminated remote employee:
We have our employees (office-based and home-based) sign a company equipment agreement upon their hire. It states along the lines that they agree to care for all company equipment they are issued and return in proper working condition upon termination of employment. Failure to do so will be considered theft and lead to criminal prosecution. On the employee's last day they are informed that any vacation accrual they have will be held for payout until the equipment is returned. This usually does the trick for us. I've only had to threaten police action with a former employee once before the laptop magically showed up a couple of days later.
@sully93 I like this approach. I'll leave the whole vacation accrual up to HR and accounting, but I like the failure to return equipment can lead to criminal prosecution company equipment agreement.
At this point, calling the police seems to be a good option.
We don't currently deploy any remote wipe software on home users pc's. After thinking about this, we will be blocking apps and disabling the USB ports on the laptop's with Sophos Central in our off-boarding process. When they can't open IE, Chrome, Firefox, or Office apps the laptop becomes pretty useless. Along with disabling USB that can't transfer files to their jump drives. It may motivate them to ship back the laptop since it becomes a big paper weight as long as they are not smart enough to slave the drive.
@Pete-S said in Obtaining hardware from terminated remote employee:
@magicmarker said in Obtaining hardware from terminated remote employee:
When a remote employee is terminated how do you handle the collection of the hardware (laptop, docking station, printer, etc..)? In the new company I work for, almost 60% of the workforce is working from home throughout the US. Our HR department is out-sourced, but we have 1 main in-house employee that does HR tasks to help bridge the gap between the out-sourced HR service and internal employees. Employees are typically terminated over the phone by their managers. The IT department is then tasked with the collection of the hardware. This includes contacting the terminated employee over a personal email, or personal cell phone number. We are also tasked with working with the shipping manager to prepare a pre-paid shipping label and box to ship the equipment to the employee’s residence to send back the hardware.
It’s been a major challenge getting hardware back from the terminated employees. For obvious reasons, the fired employees are hard to get ahold of, and are difficult to work with. We are sending 1,2, 3 emails and/or calling the employee multiple times.
When the IT department proposed the holding the paycheck to VP’s until the hardware is returned, we were told it’s illegal. In all my previous companies I’ve never had to worry about this. This was always handled by HR or the fired managers employee. Is this normal? How can I get this task off our plate and worry about more important IT related tasks?
It's really easy. You should just follow the company's written procedure how to handle the equipment of terminated employees.
If the procedure isn't working, management needs to change it or just accept that they wont get the equipment back.
Because why should the fired employee even bother with packing and shipping back the company's used equipment? They don't work there anymore. You need either a stick or a carrot to convince them and right now it's neither.
The company has no written procedure. Can anyone point me to where I can find a template for this?
@scottalanmiller said in Obtaining hardware from terminated remote employee:
@magicmarker said in Obtaining hardware from terminated remote employee:
This was always handled by HR or the fired managers employee. Is this normal? How can I get this task off our plate and worry about more important IT related tasks?
So this is where semantics are helpful. This is an HR action, whoever does it, is HR. So what is actually happening is that staff hired to be IT are now acting as the HR staff. The issue isn't HR tasks to an IT department, it's an HR department being mislabeled as IT. If you are doing this job, you are HR. If you put HR on your resume, and someone checked your references, it would be a lie for them to claim you weren't at least part time HR.
Other than explaining that having IT trained people doing HR tasks that they have no skills, desire, or knowledge to do and having HR not doing their job is a problem, there is nothing you can do to get it off of your plate.
Love this comment. Yes, I worked part-time in the HR department goes on my resume.
@PhlipElder said in Renaming a Hyper-V Host:
@magicmarker said in Renaming a Hyper-V Host:
I want to rename a Hyper-V host to comply with a new server naming scheme. The Hyper-V host runs 2 production servers that are replicating to another host along with being a host that other Hyper-V hosts replicate to. I’ve been unable to find anything that says this not a good idea or explaining what this can break. If this can break things, or is a hassle, I’ll leave the name alone. I don’t know how the Hyper-V replication handles a host name change. Has anyone renamed a Hyper-V host?
How is Replica set up? HTTPS or are both members of the guest's domain?
Off the top the rename would break things either way. With the need to re-establish replication the existing replicated data should be okay to use as a seed.
Replica is setup on HTTP. I'm leaning towards not renaming the host. Seems like it will not be worth the effort.
When a remote employee is terminated how do you handle the collection of the hardware (laptop, docking station, printer, etc..)? In the new company I work for, almost 60% of the workforce is working from home throughout the US. Our HR department is out-sourced, but we have 1 main in-house employee that does HR tasks to help bridge the gap between the out-sourced HR service and internal employees. Employees are typically terminated over the phone by their managers. The IT department is then tasked with the collection of the hardware. This includes contacting the terminated employee over a personal email, or personal cell phone number. We are also tasked with working with the shipping manager to prepare a pre-paid shipping label and box to ship the equipment to the employee’s residence to send back the hardware.
It’s been a major challenge getting hardware back from the terminated employees. For obvious reasons, the fired employees are hard to get ahold of, and are difficult to work with. We are sending 1,2, 3 emails and/or calling the employee multiple times.
When the IT department proposed the holding the paycheck to VP’s until the hardware is returned, we were told it’s illegal. In all my previous companies I’ve never had to worry about this. This was always handled by HR or the fired managers employee. Is this normal? How can I get this task off our plate and worry about more important IT related tasks?
I want to rename a Hyper-V host to comply with a new server naming scheme. The Hyper-V host runs 2 production servers that are replicating to another host along with being a host that other Hyper-V hosts replicate to. I’ve been unable to find anything that says this not a good idea or explaining what this can break. If this can break things, or is a hassle, I’ll leave the name alone. I don’t know how the Hyper-V replication handles a host name change. Has anyone renamed a Hyper-V host?
@JaredBusch I've also used spamhero.com as already mentioned above for basic SPAM filtering and would recommend the service to any SMB. The Interface and learning curve to setup is very low. They start at $5/mon for unlimited SPAM filtering.
@dave247 said in Adding LDAP role to domain controller:
@dbeato said in Adding LDAP role to domain controller:
What will be the purpose of setting up LDAP here? AD uses the LDAP protocol. Since you have a Microsoft AD then look at this
https://astrix.co.uk/news/2020/1/31/how-to-set-up-secure-ldap-for-active-directoryThat looks like a really good guide! I will read through that asap once my house settles down. Thanks!
Agreed! This is the best guide I've seen. Thank you @dbeato!
I solved this by rekeying the *.domainname.com wildcard SSL to *.local.domainname.com.
I'm trying to setup DC's to accept LDAP over SSL to prepare for the March windows update that will force secure SSL handshakes for active directory authentication. I got this working on other domains I've worked on with a wildcard SSL from GoDaddy. I just imported the wildcard cert in the DC personal store and I was good.
On this particular domain this procedure didn't work. The only difference is the domain is local.domainname.com instead of domainname.com. I'm testing connections using ldp.exe on port 636 with SSL checked and get failed to connect. I have verified port 636 is allowed in/out on the windows firewall. The ldp.exe tool works over port 389.
Does a wildcard cert not work for a domain named local.domainname.com to do SSL LDAP auth?
@Carnival-Boy Finally a different point of view. Thank you.
After going through this experience I think the best advice I can give is to talk with your boss about your pain points. Ask your company to hire help if you are struggling to keep up. Ask for a raise prior to looking for a new job. Maybe your company can accommodate your requests to help you feel more satisfied in your employment. It’s important to try to see if your current working conditions can be improved before making such big life changes.
I have been in my current position as an IT Manager for the past 12 years. In the IT industry, 12 years in the same position can sometimes hurt your career. While this shows loyalty and reliability to your company, it can also indicate that you have not learned anything new and have become stagnant in the status quo. The environment gets stale and you have less challenges. It's easy to get the itch for change.
@JasGot Thank you for your insight.
My current employer left me as the sole IT department for 250 employees for over 10 years. I was doing help desk and project management. This was only ONE of the many factors I was looking for change. I believe the company never put a contingency plan in place if I were to leave, or get hit by a bus for that matter. When I put in my notice, they realized they had no job description for my title. I was asked to write a job description for them to use for recruitment. I was pretty shocked by that.
The company is simply trying to solve a problem now by countering and getting me to stay. They put themselves in a bind. HR mentioned that employees will want to leave if take another job. That is somewhat flattering, but what in the world does that say about the company then?