I have a network where I only want the computers to be able to get out to Windows updates and their AV software. Both of those things work on URLs and not IPs. Is the correct way to go about this command line on the ER with some commands like:

url-filtering {
     squidguard {
         redirect-url http://google.com
          rule 10 {
             local-allow windowsupdate.microsoft.com
             local-allow *.windowsupdate.microsoft.com             
             local-allow *.update.microsoft.com
             local-allow *.windowsupdate.com
             local-allow download.windowsupdate.com
             local-allow download.microsoft.com
             local-allow *.download.windowsupdate.com
             local-allow test.stats.update.microsoft.com
             local-allow ntservicepack.microsoft.com
             source-group LAN-desktops
         }
 source-group LAN-desktops {
             address 192.168.10.2-192.168.10.254
         }

Is there a better way to go about this?

Here's a list you can format and add/subtract to/from:

QUESTIONS FOR FORMER IT PROVIDER
Domain admin username and password:
Domain registration details and logins:
Domain DNS hosting details:
Domain Web hosting details:
SSL Certificate provider login details:
Local PC usernames & passwords:
(If applicable)
List of Microsoft Servers and roles:
Switch details and logins:
Router details and logins:
NAS details and logins:
Access Point details and logins:
Printer/MFP details and logins:
Web filter proxy (If applicable):
Key IP addresses & usernames / passwords of anything else relevant i.e Office 365, Cloud Services:
Server details (brand, model, serial, warranty):
Virtual Environment details:
UPS details (Logins / warranty):
Antivirus uninstall passwords (all products):
Cable or Fibre details (provider plus account details – login):
Secondary Internet Connection (If applicable):
Offsite backup details eg. Storage, S-Protect licences, cloud services:
Wireless Network SSID / Password:
Service Account Usernames and Passwords eg. Backup printers:
iLO / iDRAC login / password:
Remote access methods:
Phone System:

Licensing
MS Licence Agreements / Login:
Antivirus / malware / Spam – product, login and expiry:
Firewall – Model / Serial / Licence expiry and supplier:
Virtualisation agreements (VMWare / Hyper-V):

Software Management
Provide details on all business applications:
SharePoint (If applicable):

Documents to be provided
Router / firewall details:
Switch / Router Configuration Files:
Any VPN Config – pre shared secrets / config:
System Documentation including diagrams:

Outstanding Problems or Project work to discuss
Current issues, tips on support / maintenance, etc:
Active / unfinished projects:
Support contract expiry date:
Pre-paid support hours in credit:

The other thing I would add if you're trying to figure out how to create your agreements, is if you charge a 15 minute minimum for each task. Lets say you have a "needy" client. They email you every half hour with a quick question. How do you bill? Myself I convert those clients to managed clients.

Maybe a case study on a Ubiquiti wireless AP roll out. I did one with remote sites, VLANs, Windows NPS, certs pushed through group policy, etc that would probably take an hour to go over.

the quote should cite Proverbs 9:8

There is a a reoccurring theme in the book of Proverbs that people that are willing to listen and be corrected gain more wisdom, and fools reject every kind wisdom. (at their own peril)

I haven't used Bitlocker before. Has anyone rolled it out on Windows 10? For those that have deployed it in a domain environment, is it pretty straight forward? Does it work like it should or is there the 1 in 10 laptop that won't run the .vbs script to turn it on?

"How to sell ______ to your boss/customer."

@penguinwrangler said in Discussing Basic Income from Forbes Article:

My Dad, with only a high school education, started cleaning businesses and eventually turned it into a business where he made over $100,000 a year during the 1980s

The book "The Millionaire Next Door" says this is primarily the way 1st generation millionaires are made. Their children often earn six figures, but are effectively broke. The book explains that the blue collar parents want to provide for their kids things that they didn't have, such as an education. The problem is the kids don't learn to live within their means, and because they are making lots of money, spend even more money...

I set up a couple Ubiquiti NanoBeam AC (NBE-5AC-16) access points in a bridge about 400 meters apart. I updated the firmware, disconnected the old site to site VPN, connected the bridge and traffic started flowing. I then went in to the alignment tool and it looked so good I decided I didn't need to go back on the rooftop and align them. I then ran a speed test with a channel width of 80 Mhz and reached the theoretical maximum so I figured I was good.

As I tested the connection by running pings across, I noticed that they were inconsistent. Many were 1ms, but others were 3ms or much higher. I figured it would be better than the old internet based site to site VPN, so I left it in production. Later that morning, users were calling and I had to drop back to the VPN. When they called me on their VoIP phones, I noticed static on the call.

I did some reading and it looks like I might have to drop the channel width down. I tried dropping it remotely and running a speed test, and it took the speed from 451Mbps to 145Mbps, which is still acceptable as long as the connection is more stable. Is that the right thing to do, or should I be looking at other things? I should add the main reason I wanted to put in the wireless bridge is that the site to site VPN connection isn't stable enough for their terminal server sessions.

@scottalanmiller said in NYC Mango Meetup June 2017:

Flights are getting cheap. I found $89 to NOLA.

I heard the airlines are beating each other up for customers. Or maybe it was the airlines are beating their customers. I can't remember.

https://www.theregister.co.uk/2017/04/12/prisoners_built_computer_connected_to_states_network/
I'm kind of impressed. I get that out of parts they could find a working hard drive, but it probably had a civilian copy of Windows on it and not much else. I wonder how they got the software they needed to access the prison applications.

I spend a year in Finland, which means I lived through the depressing winter and the invigorating summer. They are well aware of seasonal depression, so they plan activities in the evenings with lots of lights during the winter. There are lots of great things about Finland, but I don't think these studies are realistic.

Free college sounds great to Americans. How does 100% sales tax on cars? Free health care sound great, but exponential increasing taxes doesn't.

The bottom line is that you can do whatever you want, but it comes at a cost.

Be happy where you are. Be grateful for what you have. I live in a part of NY that has brutal winters, but no mosquitoes in the winter so I can be happy about that.

So I got to the bottom of this one. It turned out to be autodiscover related as @JaredBusch suggested. Even though the autodiscover.domain.name record is correct, it seems on his system outlook was checking a bunch of other things and requesting a password on each one of them. To fix the issue, I had to open regedit and go to:

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\AutoDiscover

Then add the following registry entries:

"ExcludeScpLookup"=dword:00000001
"ExcludeHttpsAutodiscoverDomain"=dword:00000001
"ExcludeHttpsRootDomain"=dword:00000001
"ExcludeSrvLookup"=dword:00000001
"ExcludeHttpRedirect"=dword:00000000
"ExcludeSrvRecord"=dword:00000001

Scroll all they way down to the bottom. Two Ubiquiti wireless bridge devices are now on the list:
NSM2
PBE M5

https://blog.talosintelligence.com/2018/06/vpnfilter-update.html

I think the important thing here is that no one is doing these calculations. Students aren't doing them for themselves, and guidance counselors certainly aren't doing them. It's almost criminal. Guidance counselors simply cite that "you'll earn more over time with a degree" and try to get the student in to the most prestigious college they can. High Schools keep track of how many of their graduates are going on to university and it's a feather in your cap if you're doing better than average.

We need to work with young people and support initiatives like Mike Rowe's :
http://profoundlydisconnected.com/

If two different agencies are using Office 365 can they send client information back an fourth? Office 365 says that it's HIPAA compliant, so if the information stays in their cloud, is it covered?

I would read up and take some time to figure out what my dream job is and what I need to do now to get there. I would suggest reading "Do Over - Rescue Monday, Reinvent Your Work, and Never Get Stuck" by Jon Acuff.

Put some "money" in your career savings account. Who have you invested in lately? Right now you have a job. If you leave, is there someone that would want your job? Is there someone that could slide in to your job and not leave your employer stuck? That would be a win win situation.

You never know who it is that may help you make the connection to your dream job. Get out there and help some people and ask that question "Is there anyone that you know that I should know?"

@JaredBusch Thank you for all the tips. I inherited this config and didn't understand why some things were done the way they were. Between your information and a firmware update we should be able to get this router in to shape.

Between what you said and some information from @coliver I learned that the Meraki is not behind the Edge, but in fact there is a switch between each of the routers and the ISP, so they both have direct access to the internet. Information from a tech on site lead me to believe otherwise, which is why the config didn't make sense.

There are a lot of variables. For example, small company/large company, your immediate supervisor can make your life miserable... Also how do you not know if they are closer to 50 employees or 250? At 50 it's not likely you would have any help, and might even have to do more than just IT. At 250, you could still be on your own, or have a couple people helping. All that stuff makes a difference.

Big thanks to @JaredBusch I was in a hurry to leave for a speaking engagement and had to hand off to @art_of_shred . It turns out part of the problem was that some of the servers on the far side had a persistent route set up so that even when we changed the gateway address from the Meraki to the EdgeRouter, they were still hitting the Meraki. Now that it's off hours I ripping through 19 servers to make sure the gateway is correct and there are no persistent routes configured that will mess things up.