Intune is $6/user/month, so at 200 users you're looking at $14,400 annually. Windows Server 2019 Standard license is $800 and $8000 for user CALs, or $0 is you go with Samba.

@IT-ADMIN said in how to prevent non domain users from getting ip configuration:

@marcinozga said in how to prevent non domain users from getting ip configuration:

Why do you allow them to wipe the PCs? Disable booting from USB, optical drives and floppy, and everything that's not the drive main OS is installed on, and password protect BIOS.

Next time you catch a user wiping their drive, take it to upper management and recommend termination of said employee. Once the word gets out, nobody will try any more shenanigans.

the user wipe his computer cuz the department in charge of helpdesk is not doint its job, it is a public sector, so as i security guy i want just to minimize the risk, it is complicated when we are talking about public sector, you don't have that control over the employee since you cant fire him lol

Then lock the PC properly. If their helpdesk is unwilling or unable to fix things, it's not your problem anymore. If this place is really such a mess, then why do you get involved? Get your concerns and recommendations in writing, pass it on to upper management, and let them handle it.

Why do you allow them to wipe the PCs? Disable booting from USB, optical drives and floppy, and everything that's not the drive main OS is installed on, and password protect BIOS.

Next time you catch a user wiping their drive, take it to upper management and recommend termination of said employee. Once the word gets out, nobody will try any more shenanigans.

@scottalanmiller said in One Time, Non-Image, Windows Backup Client:

@marcinozga said in One Time, Non-Image, Windows Backup Client:

@JaredBusch said in One Time, Non-Image, Windows Backup Client:

@marcinozga said in One Time, Non-Image, Windows Backup Client:

Veeam agent has an option to do file level backups. But why wouldn't VSS work? I don't think it cares what's running under the OS or whether it's properly configured or not.

I would assume, because the OS is screwed up and VSS is broke. I've seen it before.

In that case I'd just copy the data by hand, then wipe OS and start from scratch.

Not the OS that's screwed up, it's ESXi that's screwed up (over provisioned.) We are trying to take a backup before we remove ESXi.

Can't you shut down VM, copy the VM files from ESXi and be done with it? And after changing hypervisor just convert it to whatever you're migrating to.

@JaredBusch said in One Time, Non-Image, Windows Backup Client:

@marcinozga said in One Time, Non-Image, Windows Backup Client:

Veeam agent has an option to do file level backups. But why wouldn't VSS work? I don't think it cares what's running under the OS or whether it's properly configured or not.

I would assume, because the OS is screwed up and VSS is broke. I've seen it before.

In that case I'd just copy the data by hand, then wipe OS and start from scratch.

Veeam agent has an option to do file level backups. But why wouldn't VSS work? I don't think it cares what's running under the OS or whether it's properly configured or not.

@shutdown_engineer said in How do you manage internal web proxy with roaming laptop users?:

We put a registry key on users laptops to toggle turning the proxy on and off when they are at home.

What do other people use so that if a user is at home and not connected to our VPN and just wants to surf and check email? Outlook seems to take IE settings so if the proxy is enabled and the user is connected to Wifi only then Outlook will not update and IE won't connect.

Firefox with no proxy set in the browser is a rough and ready workaround that we also use but far from ideal.

Users are mostly Win 10. Our DC is Win 2012 R2 and run Sophos Web Appliance Proxy as a VM.

Thanks

Why is Firefox rough workaround? Why are your users still using IE? It's almost 2020, not 2000 anymore.
2nd issue is proxy. Why would you use one? Most web traffic is encrypted, so web proxies became obsolete, as you cannot use one without doing some man in the middle workarounds. If you need web filtering, then use proper solution like Pi-hole or AdGuard Home.

Starwind has a free disk image converter. https://www.starwindsoftware.com/starwind-v2v-converter
I used it to convert between ESXi and Hyper-V in the past.

@black3dynamite said in Favorite (preferably free) terminal.:

Out the ones that was mentioned here. I believe tmux is the only that can be used in a Non-GUI environment.

He's working from Mac, there is no non-gui environment there. He's looking for Terminal (Mac app) replacement, not terminal for Linux.

https://iterm2.com/

@popester said in Favorite (preferably free) terminal.:

My attempts at searching the forum did not bear fruit: I am trying to learn about Linux and don't really care for the standard terminal that comes with Mac. It works fine, I would just hope that someone has come up with a slicker, more powerful substitute. Thank you.

So which is it? Mac or Linux? These are 2 different systems.

Looks like your management are bunch of cheapskates. If I was offered stipend for use of my personal phone, it would have to cover the cost of calls, text and data for business use, and on top hefty monthly fee for wear and tear. If you want me to use my device, you rent it from me, so you need to pay for it.

Now the control of the data. Under no circumstances I would allow the company any access to my phone. They need to trust me with it, or they can pound sand, end of story.

@Pete-S said in PoE issues with Unifi switch:

@marcinozga
Have you measured if there is any power on those ports?

From what I could find from UBNT materials:

24VDC Passive PoE (Pins 4, 5+; 7, 8-)

I didn't, but I don't have to, all devices are powering on just fine with unshielded cables. The most bizarre thing is that cables from switch to patch panel are unshielded already, it's cable between panel and couplers. And I don't think I mentioned it before, but initially there was a shelf on the wall and all cables were plugged in directly into switch, with same end result. I'm strongly leaning to the fact that shield on all cables are connected with unifi switch or patch panel, and that's the root cause of the problem. Otherwise why would everything have worked on 5xp switch (isolated ports) or when cables going to patch panel are unshielded.

PoE+ port:

Passive 24V port:

@Pete-S said in PoE issues with Unifi switch:

@marcinozga said in PoE issues with Unifi switch:

Passive PoE is not a standard. Use switches that follows the standard and you likely wont have any problems. These are the standards: https://en.wikipedia.org/wiki/Power_over_Ethernet

Not an option, Ubnt devices work only with Passive PoE.

Sound like you checked all the obvious things. However the above statement confuses me.

The new switch you have installed, US‑24‑500W, is a real PoE switch. How does it know that it should send out power to the ports where you have installed "passive PoE" devices?

Each port can be set to either PoE+, Passive 24V or no PoE at all.

12 ports to the left are set as PoE+, 12 to the right are Passive 24V.

@hobbit666 said in Miscellaneous Tech News:

This was in my inbox this morning

UniFi Dream Machine (UDM) is the easiest way to introduce UniFi to homes and businesses. The UDM includes everything you need for a small-scale wired or Wi-Fi network. It's easy to use and still offers all the benefits of UniFi for homes and businesses.
https://store.ui.com/collections/routing-switching/products/unifi-dream-machine

What's with the cylinder design? Don't the designers and engineers have cats? I think it started with Amazon Echo, now everybody has to have cylinder. I lost count how many times my cats have knocked down my Echo, I'm surprised it's still working.

@dbeato said in Question about UBNT Bridge Performance vs SFP:

@Dashrender I don't think that it slows it down.

It does. Throughput drops rather drastically, I've seen 50% drop, others reported even more, up to 80%.

@Pete-S said in PoE issues with Unifi switch:

Anyway, find the actual problem by disconnecting everything and connect things one by one.

I've done that, the result is as described in op, only AP powers on, and leaks voltage somewhere.

Real PoE for instance negotiate power the the device on the other end. I think PoE supports a crossover ethernet cable just like any switch or NIC can. But passive PoE? It'll probably short-circuit something.

No crossover cables in use, in fact I haven't seen crossover cable since 1 Gbit became standard, even in direct connections.

If a cable is crossed somewhere like TIA-A or B wiring in the wrong place you might have a situation like that.

No cross anywhere, cables have been tested and mapped, during installation few years ago and again last week.

PS. You might want to get a cat6 cable tester so you can verify the wiring. A simple one would get the job done.

I have one, from Fluke Networks.

@Pete-S said in PoE issues with Unifi switch:

Passive PoE is not a standard. Use switches that follows the standard and you likely wont have any problems. These are the standards: https://en.wikipedia.org/wiki/Power_over_Ethernet

Not an option, Ubnt devices work only with Passive PoE.

BTW, rack should be grounded if it isn't.

It is. Shielding is connected on both ends, but grounded only at patch panel, and that's grounded to rack.

Why would you bridge the ports? If you need switch functionality, there are few Edgerouters that have switch chip so no bridging required. And to answer your question, yes, bridging adds a lot of overhead since it's done in software, and router hardware is rather limited and designed to deal with routing.