@DustinB3403 said in Query Regsitry using a Variable:

@Obsolesce Yeah I got that far along, what I need to pull is a specific string from the output.

I have a few other ways that I was manipulating the string, like writing the entire output to a file and then pulling the 23rd line (for example) but that literally gets everything on that line.

When all I want is the InstallDate

Get-ChildItem -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall' | Get-ItemProperty | Where-Object -Property DisplayName -EQ "Microsoft Edge" | Select-Object -Property InstallDate

$InstallDate = Get-ChildItem -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall' | Get-ItemProperty | Where-Object -Property DisplayName -EQ "Microsoft Edge" | Select-Object -Property InstallDate
$InstallDate
$InstallDate.InstallDate

Get-ChildItem -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall' | Get-ItemProperty | Where-Object -Property DisplayName -EQ "Software"

#or

Get-ChildItem -Path 'HKLM:\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall' | Get-ItemProperty | Where-Object -Property DisplayName -Match "Software"

On a nice hike

@Fredtx said in 1 large disk or 2 smaller disks for a file server?:

I'm creating a new file server, which will be a VM. The source (original file server) has 1.7TB of used storage. 641GB of that is Marketing (mainly videos), and the rest is Engineering (cad files), User folders (docs,etc), and miscellaneous folders.

Would it be better for me to create 2 virtual disks on the target (new file server), and give the Marketing team their own disk? Or should I just move everything over to 1 big virtual disk?

2 virtual disks versus 1 virtual disk would only matter if you need to do some kind of QoS at the vdisk level. Also, depending on how you do shares and your backup infra may matter, or maybe not.

@gjacobse said in Anyone have a decent 3D printer?:

@Obsolesce
I am sure there is a ratio and pattern needed for the mask, but how would your pattern compare to already designed models?

Tri-Bahtinov Mask via STL-Finder

There's a lot there, lots of sizes and types, no way I'll find exactly what I'm looking for.

Lots of thickness and pattern variance. The thickness doesn't matter at all (2mm thickness is likely fine), just that you don't want it to break easily or be flimsy. The pattern varies depending on focal length, and varies by many other factors. But it doesn't matter where the design comes from. The one I made worked very well. I printed it out on paper, cut it out with a razor blade, and tested it on my scope and it worked well. The only issue is that it's made of paper, very flimsy, etc.

I used Inkscape to convert it to a 3D model for STL. No issues there at all. It looked good in everything. It appears like every pattern on that site you linked, did it the exact same way as I have.

How much does the material cost and in time/electricity to print it?

I did end up finding them at telescopescanada.ca for less than $40 shipped. So I might just go that route if I can't get it done myself for less or without a ton of effort. I found 2 designs that work really well in my testing, and luckily one of them telescopescanada.ca is basically the same.

@gjacobse said in Anyone have a decent 3D printer?:

Few questions

What type of filament are you needing as there are many.

What is this for?

Was the file on ThingaVerse, or 3dCuts or another site?

I don't really know much about the filaments, but the PLA that was used seems like it'd be good enough once I sand it down to be smooth. Maybe other filaments are smoother out of the printer? I don't know.

This is a Tri-Bahtinov Mask for my telescope. I used a generator that outputs a drawing as a SVG file that I can open up in Inkscape to convert to polygon data, and into an STL file for 3D print.

Example I need, but not sure how well it'll 3D print:

@gjacobse said in Anyone have a decent 3D printer?:

Holy crap - yea,.. that's a burnt print.

I have an Ender 3 Pro and it does a decent job of things... As long as, as with anything, you pay attention to a number of factors. Sadly I don't have photos of some of the prints I've done, and the photos I do have are ones I can't release.

Filament, speed, flow, temp and bed adhesion are may factors to deal with. I haven't been able to print ABS as it just peels right off. I do decent with PLA and TPU...

There is a lot that I don't know how to do and don't know if I want to try,.. but I've learned a bit also.

Here is a file I printed for a friend:

I thought since they had a decent 3D printer (Makerbot Replicator+) it would have turned out to be a least usable. I'm not sure how they let come out like that. It was printed in PLA, but I don't really care what's used, so long as what prints out is usable. I've never 3D printed anything, so I don't really know a whole lot about it, but given they have what seems like a decent printer and they operate a printing service, I thought it'd have at least turned out a bit better than it did.

I'm wondering if anyone have a decent 3D printer that works decent for precise printing and knows how to use it so it doesn't look like it was printing during an earthquake.

I attempted to print something for free using a local library, but when I picked it up, seen that it was just totally butchered.

Here's what it's supposed to look like, the .stl file:

And here's what I got from the library:

As you can see, just totally butchered.

If anyone might be able to help me out, I'd like to see what it'd take to get something like this or similar printed and sent. There's another design I'm testing atm.

@scottalanmiller on the other hand, it's a hell of a lot harder and questionable walking out the door with a full server than it is with a / some hard drives. Same with virtual disks, can't copy them to another system and extract data if they are encrypted. I'd still err towards encrypting data at rest (full disk encryption). Also, why aren't servers physically secured?

@Dashrender said in Hard disk encryption without OS access?:

@Obsolesce said in Hard disk encryption without OS access?:

My main point and concern was in regard to end-user devices where the most relevant cases are lost or stolen devices (laptops/phones/etc.).

Sure, but that was really the point of the OP

@JasGot

@JasGot said in Hard disk encryption without OS access?:

The software product they use for running their business is the only app on the server and the software vendor will not allow access to the server OS.

This is primarily a server encryption discussion.

Yes I get that. But I was really just responding in regard to the "just stealing your computer" bit. That moreso implies personal computer, at least to me. Maybe he meant breaking into a datacenter and just stealing a server, but that didn't seem like that's what he meant.

@scottalanmiller said in Hard disk encryption without OS access?:

@Obsolesce said in Hard disk encryption without OS access?:

You're likely referring to the fact that many do not do it properly, but that isn't a valid argument that full disk encryption doesn't work.

Most systems can't allow downtime if a human cannot be present. The problem with full disk encryption is that...

1. It protects against very little. It's a newly valueless threat in the server space, it's fear mongering that makes people concerned about it, even in highly critical government systems there is rarely a real threat to be protecting against.
2. To be effective at all it requires such an onerous system. You have to have human(s) that hold the keys and are always available to the system to unlock it which means you need multiple people, sharing access, that are always there (or somewhere with access) which is generally costly, often defeats the value of the system, and creates huge risks of its own.
3. In a case where most attackers would overcome issues in #1, kidnapping or threatening someone with the password is generally trivial by comparison.

Yes, in the server space I'm with you 100%. It will require extra work and I also agree with the other points. While not impossible to automate using non-human methods, it's likely not going to happen, so yeah.

My main point and concern was in regard to end-user devices where the most relevant cases are lost or stolen devices (laptops/phones/etc.). You leave it in the taxi or it gets stolen somewhere... a proper setup will prevent data access.

But yes, there is the kidnapping and threatening as you say... so why implement any data security at all then? Why have a password for example on any device if someone could simply kidnap or threaten you and get it anyways? I mean while it could happen, but it's generally not the main threat and MOST CERTAINLY is not a reason to never encrypt your disks or use passwords, or lock your house when you leave...

@scottalanmiller said in Hard disk encryption without OS access?:

@Obsolesce said in Hard disk encryption without OS access?:

It should always be. And if not, like in cases where your hardware doesn't support it (no TPM), then you would be forced to use a password to unlock it.

In essentially all cases, you'd want that anyway. Otherwise the fear of someone just stealing your computer remains. They just take the whole thing, turn it on, and attack it anyway that they want since it is decrypted, violating the intent of the rule.

"Just" stealing someone's computer and turning it on to attack away will not work when protected properly, for example, BitLocker full disk encryption + BitLocker startup PIN + proper DMA attack protection (likely the case by default with modern hardware). The TPM simply won't release the key any other way. So you can't really argue against that. Anyone who cares about the security of data on end-user devices will always enforce proper protection.

With server data, similar rules apply. You also want full disk encryption as well as the other protections, so that "just" taking the whole server and attacking away won't work either.

You're likely referring to the fact that many do not do it properly, but that isn't a valid argument that full disk encryption doesn't work. It does work, when used properly and how it was designed to work. When someone says you should use full disk encryption, it's implied that it's done properly. Any security measure can be done improperly and therefore made useless. That a given, so it must be implied done correctly.

Found some more info: https://ubuntu.com/core/docs/uc20/full-disk-encryption

@scottalanmiller said in Hard disk encryption without OS access?:

@Obsolesce said in Hard disk encryption without OS access?:

Full disk encryption is tied to the TPM for example

Actually it often is not. It CAN be, and that's a nice feature in some cases. BUT, how do you move those drives to another server when you do that (maybe it's easy, but what does the TPM do then?) Assuming drive mobility is a factor, and typically it is, you can't use that kind of full disk encryption, but you are stuck with the normal kind which doesn't use any special hardware. Then you get the assumed portability of the hardware, but just stealing the drives is enough.

It should always be. And if not, like in cases where your hardware doesn't support it (no TPM), then you would be forced to use a password to unlock it. Full disk encryption with the key in the keyhole is pointless. I've not heard of any other way of doing it, that wouldn't make sense.

You can easily move drives to another system, in that case you'd need to enter the recovery key to unlock it.

@scottalanmiller said in Hard disk encryption without OS access?:

If they steal the drives containing the operating system too, no more encryption.

Not with full disk encryption, unless you steal the entire server. Full disk encryption is tied to the TPM for example, so you'd need the entire thing to decrypt a hard drive or virtual disk.

@scottalanmiller said in Hard disk encryption without OS access?:

@Obsolesce said in Hard disk encryption without OS access?:

@scottalanmiller encrypted at rest is just full disk encryption, like all modern Android and Apple phones do, Filevault for Mac, BitLocker with Windows, FDE like when setting up Ubuntu.

With Android or iPhone, they require human intervention to unlock. So that's exactly what I just described. That's why you can reboot a phone to keep the police from just getting into it, because it can't be decrypted without the human.

Which is what I'm talking about when doing it correctly in the case of PCs and servers.

In the case of servers where you may not want to have a human unlock at startup, the main benefit in that case is drive theft protection (or virtual disk theft), the drive would still be encrypted and protected from access in that case, but pretty much ends there.

@scottalanmiller encrypted at rest is just full disk encryption, like all modern Android and Apple phones do, Filevault for Mac, BitLocker with Windows, FDE like when setting up Ubuntu. Set up properly, e.g., encryption startup PIN, among others, definitely provides a lot of benefit and is a defacto standard these days. The issue is that so many do not do it correctly, for the wrong reasons, and with the wrong idea.

An easy way to see it in practice where it works, imagine if everyone's smart phones were not encrypted at rest, they are, which is why authorities have such issue with it (I mean if samsung/apple weren't forced to create back doors for the government).

@gjacobse said in Inconsistent output from PS script:

I mentioned that I was building another convenience script, It needs to only look at a servie running on four remote computers. This service runs to accept CC/Debit cards on a POS station. But sometimes the service borks and has to be restarted.

I have a simple batch file that does it now, but figured at some point I would move it to PS using a menu type system... and thus I have started doing so.

Oddly, I am seeing inconsistent output when it's ran. The syntax of the line didn't / doesn't change - so not sure why this happens.

Get-Service -ComputerName pc1, pc2 SERVICE | Select name, MachineName, Status

Run it once and I get nothing back, run it again and I get listed twice, run it a third time and I get what I want to see the first time.

Additionally, I have a 'title line' that I ass the -Foreground color and it skips the first one or two letters before applying the color. seems odd, and comparing my formatting - it's no different then others I have seen...

Does that above command work properly by itself in the script, without anything else in the script? Can you share the output of just that part by itself (you can blur any sensitive info).

@RojoLoco said in RojoLoco gets a new kitchen....:

Here's a quick pic of the actual countertop:

C'mon man, everyone knows you should always use a banana for scale.

@RojoLoco said in What Are You Doing Right Now:

Has anyone here made cold brew coffee with a vacuum funnel? Seems like it might be an interesting method.

Just looked into vacuum brewing coffee... Definitely looks very interesting.