Best posts made by Mr. Jones

So about a year and a half ago, right before the pandemic hit hard, I was really looking for a job with health benefits. I interviewed with a company for entry-level helpdesk, only to be told that even though I've been a System Admin for 5 years, I wasn't quite qualified to be hired as an entry-level helpdesk because I didn't have a "traditional education". I was told "traditional education teaches discipline", while they overlooked my military background. I could say lots of things about this situation but I'll tell you what I did about it instead. I used my remaining 10 months of G I Bill to take some instructor-led certificate prep.

Over the last 10 months, I've gotten 8 certificates to include:
A+
Networking+
Server+
Security+
And some basic MTA, and Linux certs
Saturday afternoon wrapped up my last exam (Net+) and I'm due to graduate with a 100% Cumulative GPA, what's considered to be the Dean's List (x2), and every certification knocked out on the 24th.

Probably looking at finding a DoD job if possible now that I've got the Sec+, with an active Security clearance.

Anyway, I just wanted to tell someone, thanks for reading.

@hobbit666 said in Build or Buy?:

What would suggest today for a gaming PC?
Budget is £700 for just the box. Also any recommendations on specs, daughter wants to play Minecraft, Sub Nautica, Fortnite.
(But i want to be able to play Counter Strike, Modern Warefare (not fussed running at Ultra detail settings) )

I had pre-ordered a gaming pc on some boutique builder site, but the wait time is intense. Roughly two months-ish. While waiting on that build, I saw a rig on Newegg for $2,669 about a week ago with RTX 3080 and i7 10700KF, some budget case, and a decent Z490-P mobo with included EVGA keyboard and mouse, so I bought that right away and got it within 24 hours.

Needless to say I can run anything I've tried to play on Ultra. Overall this was the way to go considering the current market.

@scottalanmiller Yea, I see it now. My wife told me I should send the guy an email update on my success, but I'm not that petty. There was a lesson to be had, and I think I nailed it.

@dbeato - thank you!

So class, today we learned that a Move Request and a Migration are two separate functions. ::facepalm::

@scottalanmiller

LOL. Maybe even in something other than Access!

I talked to the boss and he agreed to moving to a SQL Server. Now I'm researching a frontend for it.

On-Prem Exchange
Outlook 2019

Okay so because we need everyone in the organization to see this shared calendar, and we can't add each person because you can't add that many people (I think it's somewhere in the ballpark of 64 max) I've been trying to figure out how to make it work/best practices.

After a bit of reading, I've created mail-enable Dynamic Distribution groups (via EAC) based on the "Department" field in the Organization tab of User>Properties in AD. I know these work, as I've been using them.

But, since you can't add dynamic distribution groups to the permissions list for calendars, I've created a mail-enable security group (via EAC) and put them all in it.

However, I can't get it to work. Users are able to pull the calendar up, but it just says "failed to update" above it, and I'm guessing it's a permissions issue.

Current permissions on each Distibution group:

Membership>Members: All Recipient Types (after "Only the following: Users with Exchange mailboxes" didn't work.)

Rule>Recipient Container: Domain (contoso.com)
Rule>Department: listed department names from the department fields in AD ("Registrar" etc.)

Any ideas?

EDIT: I'm clearly having a moment. So there's this little group called "Default" that's basically everyone, so I was able to set Reviewer to that group and now everyone can see the calendar. ::facepalm::

I'd still like to know how I could make my initial approach work, if possible.

@pete-s said in "Site not secure" | Self-signed Certificate?:

I'm not sure how you set up CA on Windows AD but I believe you can. Don't know if you can use that for non-Windows appliances.

I ended up using this approach. As usual, it took a bit of reading and research along with poking at the server, but I was able to use this approach.

Unboxing and setting up this many Chromebooks.

@scottalanmiller I don't know how new any of this is, but I'm really digging the transitions and logo stuff you got going on. It's got the RGB feel to it, but not over the top.

How do you guys handle the broad spectrum of phishing, whaling, scam, etc. attempts?

Had a user get a scam email recently. Thankfully they forwarded it to my dept, and promptly deleted it. I was reflecting on what we do in our department to educate users and I don't feel like it's enough.

Do you all ever screenshot the email and send out a warning of basically "this is what a phishing attempt looks like", with added notes on how and why?

Do you all ever create mock phishing attempts to send out to your organization that when clicked take them to basically a "oops, you did a bad thing, now take this training"? If so, what's a good site/program for that?

Do you ever report any of the attempts, or is it a simple blacklisting of that domain you deploy? If you do report them, to whom?

Would love some thoughts and input to see what everyone else is doing or some best practices.

Taking a minute to myself after someone high up decided to reorganize who's in what department, their respective department names, and the physical location of each without giving my department a heads up. We've got 30+ people swapping offices, trading department supervisors, and calling me because they don't have file permissions for their new department, they don't know why their keyboard doesn't work (they didn't turn on their computer), and "I moved offices, can you set me up?".

It's been a rough day to be the only person in my department.

So one of our on-prem 2016 Exchange Servers (VM) was hit by NLBrute pre-Network Firewall installation (early 2020), and we only recently were affected by it/noticed it when trying to upgrade to CU20. After cleaning the infection, and scanning the mailbox databases for infection, I migrated all mailbox databases to the other on-prem Exchange Server (VM) and nuked the old server.

My issue now is I can't migrate back. Mailbox Migration is failing saying that there is a UserAlreadyBeingMigratedException.
I've checked and cleared Remove-MigrationBatch "Batch Name" -Force and refreshed ECP to verify as well as Get-MigrationBatch -Endpoint mail.contoso.com. There doesn't appear to be residuals.

Some additional details:

Exchange logs (Program Files>Microsoft>Exchange Server>V15>Mailbox>Mailbox Database XXXXXX>) Appear to be nonsense. Just random webdings looking stuff. I assume aftermath of NLBrute or something is corrupted.

I tried to use eseutil to repair because of this, but it unmounts the database and then throws error 1811 and it's impossible to mount again.

I eventually restored from snapshot, and am looking at trying again with another approach.

Since 99.9% of our staff are using Outlook software, and have cached local .ost's, I'm thinking it would just be best to backup a copy of their .ost's to the NAS, and erase everyone's mailboxes from the server, make new ones, and restore the ost.

Any better ideas?

A recent "project" that was sprung on me but we didn't end up going with involved a cable run of about 200ft from a GPU to a TV.

Now I know there are Fiber optic HDMI cables that appear to be one-way and can reach distances of 200ft, but with that aside, what would be the recommended way to hit 200ft+? I was thinking maybe HDMI from the TV to a HDMI/cat 6 converter, cat 6 to run the distance, and then into another HDMI/cat 6 converter for HDMI into the GPU. Does that sound like it would work?

I know someone has done this, what's the best approach?

@scottalanmiller I'm reading a lot right now. It seems that it's been done, but it gets hairy with drivers.

I'm also reading that Linux works pretty well on older Mac's.

Okay, let me preface this with "I'm not a database guy". Moving on.

We have two users who require 32bit Office suite to open a very old Access database. They are the only two in the entire organization who need 32 bit, and it's getting really old having to do everything for the OTHER database that EVERYONE uses (to include them) in both 64 and 32 so they can still use both.

My first and only idea so far is to swap them over to x64 Office suite, and then using VirtualBox or similar, make them a VM with x86 Office suite so they could run the old database.

This isn't a great solution, imo. These folks are not tech savvy and I feel like throwing a VM at them would make their heads explode.

I'm looking at Microsoft Access alternatives, but my priority would be to ensure the the database would function the same, and have the ability to be replicated or be imported from the old one with minimal issues. I don't know a lot about database stuff, and this just doesn't seem like a thing to me, or at least something where the solution would require me to rebuild everything from the ground up to match the old one, which at this point, I'm unable to do in any timely manner, but I'm open to suggestions and actively trying to learn about it.

@gjacobse said in Windows 10 Network Icon / Networking help:

It just dawned on me, but this may not help you in the least.

The 'Globe' icon only means that it can't see some MS defined Internet based service... IIRC. While working with the 911 system, we had networking. Devices were set to a Static IP address and were pingable, search able, and could be remoted with the software used (sadly I don't recall).

That said - It was an isolated network. You could not ever get to Google, MS or other - as it was a secure / limited network. It was only used for 911 calls!

It's possible that yes, it's a problem in the config,.. but it could also be that you have networking but not internet access.

Yes, one of my earlier lessons dealing with blacklisting web access to student machines was to always whitelist "msftncsi.com" or I get calls from teachers saying there's the "no internet globe", even though I've just blacklisted everything except the requested sites they use.

So I'm learning to code powershell and I'm playing around with writing my own script to target and delete network xerox printers and printer drivers from a machine locally. I'm having issues where when I run the following scripts:

PS C:\Windows\System32> Get-Printer | where{$_.Name -like "*Xerox*"} | Remove-Printer

&

PS C:\Windows\System32> Get-PrinterDriver | where{$_.Name -like "*Xerox*"} | Remove-PrinterDriver

The scripts work, as Get-Printer, Get-PrinterDriver verify that they no longer exist, but they still show up greyed-out in Control Panel>Devices and Printers. (rebooting machine doesn't make them go away either).

A bit of trial and error to be sure I couldn't figure it out before I asked you all was to additionally delete any match to "Xerox" in registry, and a complete removal of all files in the following directories:

C:\Windows\System32\Spool\Servers\*
C:\Windows\System32\Spool\Drivers\x64\*
C:\Windows\System32\Spool\Printers\*
C:\Windows\System32\DriverStore\FileRepository\*Xerox*

I'm obviously looking for a way to streamline this process, so without opening Control Panel via GUI, and manually deleting them, I'd like to do it with script. This isn't a request for a script however, but a request for information regarding the location of these objects, or any experience in regards to deleting them.

Have you added the APPLICATION to the firewall. Rather than a port? Windows Firewall is "meant" to be done that way, so that it monitors the application itself rather than assigning ports statically.

Damnit, Scott. Take my upvote.

I was able to add a custom rule to allow the Windows Management Instrumentation SERVICE, and that solved it. Now, I know you said APPLICATION, and now I'm wondering if that's basically what you meant, and if not, what the security concern is now that I've whitelisted a whole service. Got some reading to do!

@scottalanmiller said in Unable to send emails to Gmail from my domain:

@Pete-S said in Unable to send emails to Gmail from my domain:

Also the fact that you are sending from your own IP is also a sign that it is spam. Mail servers build up IP reputation on servers that send them emails. This is different from the blacklists.
If you haven't checked your IP against blacklists you must do so as well.

That implies that you are running your own email server which isn't exactly forbidden, but it's a "no no". If you are running your own email server, it's expected that you will proxy through a big sender with clean IPs that have been cleared already.

For all intents and purposes, the modern email frameworks are built around limiting email sending from big senders (Amazon, MS, Google, Zoho) only and all others are suspect and/or blocked outright. Even people running their own email servers typically (without knowing) block or restrict receiving emails from anyone but the giant carriers.

Seems like a good time to try convincing the boss we should move our emails to O365. I know he'll say no, but this is ammo for sure.