@ElecEng I used Dell tape drives a lot in the last decade and never had issues.
Posts
-
RE: Tape Drive Brandsposted in IT Discussion
-
RE: Miscellaneous Tech Newsposted in News
Uber Breach 2022
The critical vulnerability that granted the attacker such high levels of access was hardcoded credentials in a PowerShell script
-
RE: What Are You Doing Right Nowposted in Water Closet
@scottalanmiller said in What Are You Doing Right Now:
@Obsolesce said in What Are You Doing Right Now:
I just needed to reinstall the OS on two personal devices, one Windows and one Ubuntu. I did them at the same time and Windows 11 installs SO MUCH FASTER than Ubuntu now. Nearly twice as fast. Since when did that happen? The Ubuntu device hardware is much better too...
Did you do minimal or normal on Ubuntu? Ubuntu is massive compared to Windows in default applications. Basically one is full of apps and one has none. So if you do default installs, to do apples to oranges, you'd need to also install MS Office and loads of other tools onto Windows to be a comparison.
I did each install using default settings.
Doing a minimal install with Ubuntu would suck so much, yeah it'd be faster, but then I'd spend hours installing crap+drivers that "should just be there and work" with a Desktop OS like it is with Windows 11. (with the exception of Office, but that's a fast install, too, if it was needed)
The Ubuntu device was for me, the Windows device was for someone else to run some things that don't work well (without a mega time suck) on a Linux desktop OS.
-
RE: What Are You Doing Right Nowposted in Water Closet
I just needed to reinstall the OS on two personal devices, one Windows and one Ubuntu. I did them at the same time and Windows 11 installs SO MUCH FASTER than Ubuntu now. Nearly twice as fast. Since when did that happen? The Ubuntu device hardware is much better too...
-
RE: bitlocker suddenly enabledposted in IT Discussion
@JasGot ok cool, gotcha, it seemed the other way and just wanted to clarify.
-
RE: bitlocker suddenly enabledposted in IT Discussion
@JasGot said in bitlocker suddenly enabled:
I just ran into this three days ago. User said he approved an update to Windows 11 and after reboot. It was bitlockered.
I wrote it off as the user just clicking through and not knowing what he clicked on.
Now I wonder....... what really happened.
Windows Updates causing the BitLocker recovery screen after an update doesn't mean the update turned on BitLocker. That just means the end user didn't know bitlocker was already enabled prior to the update. It's not a rare thing for some updates to change things, such as a bios update, which might cause it. I know recently some non-driver non-firmware Windows updates caused the BitLocker recovery screen to appear next boot... But the updates themselves did not turn on BitLocker.
-
RE: bitlocker suddenly enabledposted in IT Discussion
@scottalanmiller said in bitlocker suddenly enabled:
@PhlipElder said in bitlocker suddenly enabled:
@pattonb said in bitlocker suddenly enabled:
greetings, I have a user that claims on his recently purchased lenovo laptop, that he started it up and is now asking for the bitlocker key. I have checked his Microsoft account, and there has not been any bitlocker keys used or saved. Is this a matter of a user inadvertently enabling bitlocker or............ ?
Recent Windows Update is the culprit. The catch is, to remove it one needs to get in to the OS partition in order to remove it.
Seriously? What the heck. What triggers it getting deployed?
It looks like there are a few separate issues then?
- Problem1: The BitLocker recovery key was required at boot.
- Cause: Windows update issue.
- Problem2: BitLocker is enabled and shouldn't have been, or was unexpectedly enabled.
- Cause1: May be a managed (or unmanaged ^_^) policy enabling it.
- Cause2: May be have been done by the user and user is lying.
- Cause3: May have been enabled automatically by Windows.
- Problem3: The BitLocker recovery key is unknown.
- Cause: BitLocker recovery key escrow is not set up or managed properly; lack of user training and/or user resources.
- Problem4: Microsoft accounts? AAD? Any policies? Is anything managed? What's going on?
- Cause: Lack of proper device management & identity management. Proper device and identity management could have prevented of all above issues.
- Problem1: The BitLocker recovery key was required at boot.
-
RE: bitlocker suddenly enabledposted in IT Discussion
@scottalanmiller said in bitlocker suddenly enabled:
@pattonb said in bitlocker suddenly enabled:
Is this a matter of a user inadvertently enabling bitlocker or............ ?
Definitely the expectation.
It's highly unlikely. You have to know what you're doing to enable BitLocker manually. At worst, the user could be notified to turn it on, but it's clear you're turning it on.
It's possible we don't know enough of the situation and they have a policy that turns it on. He said Microsoft account which means personal account, but maybe he meant an AAD company account. There's too many unknowns.
It's also possible the user is lieing.
-
RE: bitlocker suddenly enabledposted in IT Discussion
@pattonb said in bitlocker suddenly enabled:
greetings, I have a user that claims on his recently purchased lenovo laptop, that he started it up and is now asking for the bitlocker key. I have checked his Microsoft account, and there has not been any bitlocker keys used or saved. Is this a matter of a user inadvertently enabling bitlocker or............ ?
There are a lot of factors, and require a lot of questions, but here's an article that may help.
The answer is that depending on many things, BitLocker can be enabled on it's own. However, if logging in with a Microsoft account, the recovery key would be backed up before it's enabled.
https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-bitlocker
-
RE: Self-Signed certs for LDAPSposted in IT Discussion
@notverypunny said in Self-Signed certs for LDAPS:
So I'll start off by acknowledging that self-signed certs are less than ideal for most purposes.
Right now my goal is to get rid of plain-text LDAP on the network and want to make sure that I'm not trading one security hole for another.
I've found a couple of sets of instructions online and figured I'd run the idea past the assembled brain-power before going too far down the rabbit hole.
https://anandthearchitect.com/2019/10/10/active-directory-self-signed-certificate-for-ldaps/
https://www.javaxt.com/wiki/Tutorials/Windows/How_to_Enable_LDAPS_in_Active_Directory
Open to other suggestions to move from LDAP to LDAPS, but I'm in an environment that has too much legacy stuff to scrap it and / or AD so that whole possible course of action is the non-starter to end all non-starters.
In an on-prem only AD environment, no problem using self signed.
-
RE: Production KVM server "hardening"?posted in IT Discussion
@Pete-S said in Production KVM server "hardening"?:
I'm thinking about running pure KVM on debian for virtualization hosts. Not Proxmox. There will be no GUI on the servers, no web interface, only ssh for management.
Do I need to do anything special to lock down the security?
I've never used KVM in production, only on my desktop and then I've had virt-manager as well as tools like virtsh. So I don't really know what is required for a pure KVM server to be as "secure" as proxmox, xcp-ng or whatever.
Keep the OS and everything updated. Keep drivers updated. Keep firmware updated. Use only key-based auth for SSH, add only specific devices to authorized_keys file. Ensure firewall configured well. Set up log alerts for access.
-
RE: Experience with NDR Solutionsposted in IT Discussion
@stacksofplates said in Experience with NDR Solutions:
Why is Sally accessing this service from a non work computer at 3 am her time with a chinese IP address? Sure this request has the password but that doesn't sound valid.
Which means you can automatically perform additional validation with MFA, or straight up deny access.
There's a lot of options really. You can only allow access to certain systems and/or services via company devices enrolled in MDM, with up to date OS, encryption, and endpoint protection. You can verify endpoints and users with passwordless auth via Beyond Identity and in certain cases use additional MFA via Duo or whatever you want to set up.
Sally is trying to log in to her company email. She's authenticated via passwordless auth via Beyond Identity on her work computer. Her work computer passes the health check seamlessly through BYID and allows her to access her email. Maybe she's also prompted for MFA always, or maybe only if she's logging in outside her normal geographic area on her work computer. Maybe (e.g. email) access is denied totally if from a non-company device. Options...
-
RE: OneDrive to Google Drive / Wasabi Sync ?posted in IT Discussion
Just to make it clear, I'm using rclone sync to do the job on a headless Ubuntu container.
Revisiting this now two years later, as it's been that long since I last synchronized my personal OneDrive photo and video archives to Wasabi.
Most everything is great, except when doing a few
--dry-runtests on some already-synchronized source/destination remotes, I noticed a few thousand files in total among several OneDrive archives result in a potential re-sync. Not a huge deal, except it's a slow process to sync.The files themself didn't change. I verified from both the source and backup that the CRC is the same on a bunch of to-be re-synced files, but perhaps the modification time changed at the source due to other syncs or who knows.
I would like to force RClone to use checksum only when synchronizing. Is that possible with an rclone sync between OneDrive and Wasabi?
-
RE: Powershell "-eq" operator and "False"posted in Developer Discussion
@pmoncho said in Powershell "-eq" operator and "False":
I am always confused by single vs double quotes and when to use them. I will take your advice and use single first.
Single quotes are literal, double quotes resolve variables, expressions, cmdlets, anything with a $ or $() in double quotes.
-
RE: Powershell "-eq" operator and "False"posted in Developer Discussion
@Pete-S said in Powershell "-eq" operator and "False":
Have a look at the difference between strings in double quotes and single quotes as well.
Yes this is a case where one point can lead to another and before you know it, it's a book.
His original post had nothing to do with single quotes so I wanted to watch how far I took it. That's why I purposefully said typically, because unless you cast a type before the double quotes, it's a string. But in that case is quite clear what the type is because it's literally telling you in the brackets.
-
RE: How should you handle a potential promotion?posted in IT Careers
@RandyBlevins said in How should you handle a potential promotion?:
Should I consider taking the new position of my pay grade stays the same?
I think this is one of the big questions.
Is the new role something you would enjoy more irrespective of a pay bump?
Or would the only enjoyment or benefit of the new role come from the pay bump and not the role?
Would the new role be worth more should you take the role for a year or two with no pay bump, but result in like a 20% base pay increase at a new company later? Maybe that would be worth it. Maybe the new role would give a slight pay bump at your current company, and lead to more bonus/equity/etc, and/or more pay raises there too.
What do other companies pay for that new role now? What might they pay in two years? Maybe in 2 years of having this new role, you could at a different company get hired at a higher level like Principal or similar, resulting in a few hundred $K more total comp per year.
You could answer these best, but may help to point them out.
-
RE: Powershell "-eq" operator and "False"posted in Developer Discussion
@pmoncho said in Powershell "-eq" operator and "False":
Trying to figure out why this will not work? I'm stumped
$UserID = read-host "UserID to disable" $UserE = (Get-ADUser $UserID) write-host "Account Enabled?" $UserE.Enabled if ($UserE.enabled -eq "False") { $a = read-host "Move to Disabled Accounts OU? (Y/N)" $answer }UserID to disable: test1
Account Enabled? FalseC:\windows\system32
If I use the following all is works whether "Enabled" is True or False
if ($UserE.enabled -ne "True") {...In PowerShell, typically if it's in double quotes, it's a string. That's what you were were checking for, is if a given string equals the word "False".... instead of the boolean true/false, as $true/$false.
To find out what type of output you're dealing with, you can always use the built-in
getType()method. You'll notice the Name property of String or Boolean.
-
RE: User Profile migration Problem AAD -> ADposted in IT Discussion
@d-cunnings said in User Profile migration Problem AAD -> AD:
Customer pulling in smaller firm running Windows clean Azure.
I am to get those users off their Azure and onto the On-prem domain and have been given the task to move not only their data but also their current user account experience.
Going through everything I could find over the weekend I get to the point where I conclude that there is no way to do this.
-There doesn't even seem to be a way to link a local or domain profile to an Azure account?
Has anyone of you done this?
Maybe just get rid of computers and go back to pencil and paper?
-
RE: User Profile handling anno 2022posted in IT Discussion
@xavierdelaraunt said in User Profile handling anno 2022:
I have quite a lot of settings I cannot get into the default settings in any way like that.
I have not ran into any policies, settings, etc that could not be don't through Intune. It would be very hard for me to think of something that I can't do to a device related to those through Intune.
If you are referring to user profile migrations across different devices (old device > new device), most of that can be resolved by better systemic practices prior. That can be a shitty experience regardless of MDM or device management system.
