@scottalanmiller said in supporting an office of computers with full drive encryption:

@BRRABill said in supporting an office of computers with full drive encryption:

@scottalanmiller said in supporting an office of computers with full drive encryption:

@Mike-Davis said in supporting an office of computers with full drive encryption:

@scottalanmiller said in supporting an office of computers with full drive encryption:

Sure, that can happen, depending on how it is set up. But you can encrypt all user space without encrypting the OS.

How would I go about encrypting the user space without the OS?

Standard method is to have all user accessible space on a different volume. Like a D drive (partition.) That way the system can fire up, get patched and be used like a normal system but the data you need to protect can only be accessed with a password (or something) to allow it to decrypt.

The issue with that that needs to still be considered can be local data being pulled down to the drive you are unaware of. Outlook, temp files, whatever.

I know in the past when we're argued ... er, discussed ... this, you say you don't use anything that create local temp files, but it's a consideration for many.

You can include the program files on the D drive. It's not too hard to look at the apps that you will be using and see where they store data.

I wonder if there would be issues trying to force Internet Explorer to install to an alternate path. (another drive) If you can't and the user launches it, and logs in to a confidential site, and their alternate temporary internet file location is unavailable, does it just store the temp files where it has access, or crash? I did a quick google search and couldn't find much on getting internet explorer to install to an alternate path, so I think that idea might not get to far.

In my area Verizon is putting their logo on the Yealink T46G.

@DustinB3403 Hyper-V 2016

@JaredBusch "a mistake was made"

I've had two servers now for different clients reboot in the work day when they are scheduled to install updates at 2AM.

In both cases it was the hyper-v host that rebooted and it took down the production server.

Time/date and timezone were set correctly. Anyone else see this happen?

It was funny until I realized you're only halfway through the month. That sucks.

@scottalanmiller said in supporting an office of computers with full drive encryption:

Sure, that can happen, depending on how it is set up. But you can encrypt all user space without encrypting the OS.

How would I go about encrypting the user space without the OS?

@scottalanmiller said in dual factor auth for screen connector or other remote access?:

https://docs.connectwise.com/ConnectWise_Control_Documentation/Get_started/Administration_page/Security_page/Enable_two-factor_authentication_for_host_accounts

Thanks. Don't know why I didn't look there first.

@scottalanmiller said in supporting an office of computers with full drive encryption:

I presume that there is data on there?

The document I was working off of said that even if their data is web based, if they view a .pdf , the .pdf could get stored as a temp file, and that information could be confidential, so they want the drive encrypted.

@PenguinWrangler said in supporting an office of computers with full drive encryption:

@scottalanmiller If the user forgets password and they are out of town. They can feed you a series of numbers and letters (think windows OS Product Key length) that you plug into the server. That then generates a similar code that you feed back to them then that unlocks the encryption.

Does each user have their own password for the drive? Is it AD integrated? Can the admin log in if the user forgets their password?

so a remote reboot is a no go since you would need to be onsite to put the password in?

Is anyone using any kind of remote control software that has dual authentication? Is there a way of getting this to work in Screen Connect?

Does anyone support an office of computers that are using full drive encryption? I'm considering a client that has this requirement (I don't know if they are currently meeting the requirement.) and was wondering how much extra time might be consumed by supporting that.

@Ajin said in Zabbix 3.0.9:

@Mike-Davis : My Idea was to create a monitoring / alerting system and also minimize downtime for critical issue like Apache , Mysql and other critical server services which affects server perfomance, This action section actuality does it all since it can both send alerts via email and sms and also execute remote commands.

But outsource, only if it is configured correctly and works well

It's a good idea. I haven't had a need yet, but I'm sure that day will come.

@scottalanmiller said in Zabbix 3.0.9:

@wirestyle22 said in Zabbix 3.0.9:

paging @dafyre and our resident Zabbix guy

And @Mike-Davis

I've only set up the action to email. Never tried remote commands, but it gives me some ideas.

From this thread: https://mangolassi.it/topic/13737/checking-on-patch-levels-with-multiple-clients-ninite-pro/13
I'd like to build a cloud Windows Server. I know some have had issues with Azure. What about AWS? I know vultr is popular, but I can't seem to find pricing on the Windows Server license part of it.

For those of you running a WSUS server in the cloud, who should I consider? AWS EC2? Azure? How do I estimate the bandwidth etc that's going to be required each month to keep 140 machines up to date?

@black3dynamite said in Checking on patch levels with multiple clients. ninite pro?:

@Mike-Davis
Here are couple choices I found Solarwinds Patch Manager and Cloud Management Suite

They don't just do the patch management, you have to get the bundle, and it's pretty expensive per endpoint. 4x what I was paying for GFI max before Solarwinds bought them.

@black3dynamite said in Checking on patch levels with multiple clients. ninite pro?:

Maybe a combination of WSUS and PDQ Inventory would help.

I'm not really considering WSUS because I would have to log in to every server to check on every client. Some of them don't even have a server. I'm looking for a single pane of glass.

I'm looking for a way to tell if a machine has downloaded and applied all available Microsoft Windows Updates? Other applications would be nice as well. Is anyone using Ninite pro? Is there something else I should look at? This would be for about 140 computers.

Internally, if he goes to http://10.254.0.38
does he get the Fedora site,
and if he goes to https://10.254.0.38
does he get the SuiteCRM site?