@JaredBusch said in Anyone have Fixed Wireless?:

Fiber is susceptible to backhoes, while fixed wireless is not (generally).

The first wireless bridge I built was for a paving company. They wanted to connect their repair shop about 200 yards away to their main office. I said well since you have all the digging equipment, fiber is the obvious answer. They said, well we've hit fiber optic lines before and that's kind of bad word around here. What are our other options? So in went the wireless bridge.

I know a successful wireless ISP and basically in his part of the country it's cost prohibitive to get copper, let alone fiber, to his customers.

I meant downloading the Unifi video software for a VM.

I have a server with RAM and CPU on site. I'll probably want to add some drives and see how it goes.

@Jason said in Ubnt NVR more than 50 cameras:

Just go with an Axis system

Why Axis? This is an honest question. I have set them up before, but a vendor gave us the cameras, so the cost of the cameras wasn't an issue. They also gave us a license of some software that I don't really care for. The camera's were nice, but seems like they cost way more than Ubiquiti.

I also checked most of the VMs (there were a couple linux ones I couldn't) and they all have plenty of free space.

For anyone else that has a bunch of Windows VMs to check for free space, you can use the command:

Get-WmiObject -Class Win32_logicaldisk -ComputerName YourVMname

to check each one without having to log in to each individual VM.

I have a RDS server that seems to have gone bad. The problem started when it stopped accepting RDP logins and stopped allowing Remote Apps to be launched. We would reboot the server and it would allow people to connect again, and then in as little as 5 minutes it stopped accepting connections. Some people that were connected could stay connected, but it dropped others.

After finding nothing in the event logs, we decided to restore the server from a day before the problem started showing up. It seemed ok, and then the same problem started again. The only errors I have in the event log are a couple of TLS errors that show up sometimes at the same time I have been denied, but not always. I was about to change the cert from a 3rd party back to a server generated self signed cert, but now I can't manage the server. It thinks the RDS role is gone.

If I try to add the role, it gives mean the error:
Could not retrieve the deployment information from the RD Connection Broker Server <server name>

Any ideas?

Here's the powershell script that I used on the last one that I built that seemed to work:
[CmdletBinding()]
Param(
[Parameter(Mandatory=$True,HelpMessage="Specifies the FQDN that clients will use when connecting to the deployment.",Position=1)]
[string]$ClientAccessName,
[Parameter(Mandatory=$False,HelpMessage="Specifies the RD Connection Broker server for the deployment.",Position=2)]
[string]$ConnectionBroker="localhost"
)

$Host.UI.RawUI.BackgroundColor = "Black"; Clear-Host

$CurrentUser = New-Object Security.Principal.WindowsPrincipal $([Security.Principal.WindowsIdentity]::GetCurrent())
If (($CurrentUser.IsInRole([Security.Principal.WindowsBuiltinRole]::Administrator)) -eq $false)
{
$ArgumentList = "-noprofile -noexit -file "{0}" -ClientAccessName $ClientAccessName -ConnectionBroker $ConnectionBroker"
Start-Process powershell.exe -Verb RunAs -ArgumentList ($ArgumentList -f ($MyInvocation.MyCommand.Definition))
Exit
}

Function Get-RDMSDeployStringProperty ([string]$PropertyName, [string]$BrokerName)
{
$ret = iwmi -Class "Win32_RDMSDeploymentSettings" -Namespace "root\CIMV2\rdms" -Name "GetStringProperty" -ArgumentList @($PropertyName) -ComputerName $BrokerName
-Authentication PacketPrivacy -ErrorAction Stop
Return $ret.Value
}

Try
{
If ((Get-RDMSDeployStringProperty "DatabaseConnectionString" $ConnectionBroker) -eq $null) {$BrokerInHAMode = $False} Else {$BrokerInHAMode = $True}
}
Catch [System.Management.ManagementException]
{
If ($Error[0].Exception.ErrorCode -eq "InvalidNamespace")
{
If ($ConnectionBroker -eq "localhost")
{
Write-Host "n Set-RDPublishedName Failed.nn The local machine does not appear to be a Connection Broker. Please specify then FQDN of the RD Connection Broker using the -ConnectionBroker parameter.n" -ForegroundColor Red } Else { Write-Host "n Set-RDPublishedName Failed.nn $ConnectionBroker does not appear to be a Connection Broker. Please make sure you have n specified the correct FQDN for your RD Connection Broker server.n" -ForegroundColor Red
}
}
Else
{
$Error[0]
}
Exit
}

$OldClientAccessName = Get-RDMSDeployStringProperty "DeploymentRedirectorServer" $ConnectionBroker

If ($BrokerInHAMode.Value)
{
Import-Module RemoteDesktop
Set-RDClientAccessName -ConnectionBroker $ConnectionBroker -ClientAccessName $ClientAccessName
}
Else
{
$return = iwmi -Class "Win32_RDMSDeploymentSettings" -Namespace "root\CIMV2\rdms" -Name "SetStringProperty" -ArgumentList @("DeploymentRedirectorServer",$ClientAccessName) -ComputerName $ConnectionBroker
-Authentication PacketPrivacy -ErrorAction Stop
}

$CurrentClientAccessName = Get-RDMSDeployStringProperty "DeploymentRedirectorServer" $ConnectionBroker

If ($CurrentClientAccessName -eq $ClientAccessName)
{
Write-Host "n Set-RDPublishedName Succeeded." -ForegroundColor Green Write-Host "n Old name: $OldClientAccessNamenn New name: $CurrentClientAccessName"
Write-Host "n If you are currently logged on to RD Web Access, please refresh the page for the change to take effect.n"
}
Else
{
Write-Host "n Set-RDPublishedName Failed.n" -ForegroundColor Red
}

Are there some reasons or special cases where you would not want to use Hyper-V dynamic memory for a VM? I have a couple RDS servers that could see a huge surge in the RAM they use if users pile on, but if they do, they will use one server or the other, but not both. I think dynamic RAM would work well, but haven't enabled it before.

at "200 character width" I started thinking about the COBOL class I took in college.

@Shuey I don't know your whole environment, but if you are talking about SSL certs in IIS, you get them third party (godaddy, cheapssl.com, etc) so you don't need certificate services for that.

To see what you're currently using, there are a few ways to do that. The easiest is to open the https version of your share point site, and click on the lock in the browser. Then click details and view certificate. If it's third party, it will tell you who issued it. If it was generated by your server, it will say the name of the server there.

@Dashrender said in Migrate and/or replace old cert server?:

When did he say there was no service associated with it?

I think that was from me saying there wasn't a service that you could shutdown. I meant under windows services, there isn't one for certificate services that you can stop.

If your sharepoint server is on its own VM, and the only roles on your DC are the cert services, I would build a new DC migrate your FSMO roles over and back up the old DC. Then shutdown the old DC and listen for the screams. If you hear nothing after a week or so power it back up and demote it.

I'm sure you've filled out the PCI compliance form where they ask if your wifi is using WPA2 and all that. I'd like to be able to just rip down through the form and say N/A for everything. I agree that it's silly to think that it's more vulnerable on your LAN than going across the internet.

@scottalanmiller said in EdgeRouter X for small office with PCI compliance:

@Mike-Davis said in EdgeRouter X for small office with PCI compliance:

I'm sure you've filled out the PCI compliance form where they ask if your wifi is using WPA2 and all that. I'd like to be able to just rip down through the form and say N/A for everything. I agree that it's silly to think that it's more vulnerable on your LAN than going across the internet.

Wouldn't it be N/A in either case? What's the purpose of the PCI form if not for security?

The purpose of the form is to shift liability. If you check that you're using WPA2, and credit card numbers are stolen, and they find out you were using WEP, you are liable.

@coliver I think % is the wildcard from what I read. Not good practice, but I was trying to get it working.

Now that my Zabbix server is up, I'm trying to add hosts. All of my hosts are inside firewalls. If it was just one host inside a firewall, I could probably do a port mapping, but since it's multiple servers inside the firewall, I can't do that. What's the procedure for connecting the agent to the server?

@gjacobse Site A with a firewall and then 20 servers behind that firewall. Then site B with 5 servers, etc. The Zabbix server has a public IP, but all the hosts are NATed.

To have a powerful login script, it becomes pretty complicated though - compared to how easy it is to do in Group Policy.

As far as the original topic, I agree with using email address as login names. I would also make the usernames "guessable". That way if you know one employees email address is firstname.lastname you have a chance at guessing another employee's email address. Let's face it, spammers are going to get it anyways, so you might as well make it easy on your clients.

I was using Process Explorer. I just didn't see the check box for "User Name" under column headings. I turned that on, and it tells me "NT AUTHORITY\SYSTEM" is the owner. I might just be wiping this laptop... I already uninstalled everything that I recently installed.

From what I read it seems like some kind of program that has a little status icon on the task bar might be the source. I'll see how I make out with a selective startup.

The bottom line is that it's the software vendors patches and updates that are my biggest concern. Having a second server that is a version behind and ready to go is cheap protection against that.