@dustinb3403 said in O365: KUDOS:

What I am against is this desire to praise people for just doing their jobs with anything better than the bear minimum of effort.

Now there's a grizzly mistake...

@scottalanmiller said in One more Endpoint Manager - open source - what does it sounds?:

@imager said in One more Endpoint Manager - open source - what does it sounds?:

Windows servers are still relevant. Not everything can be accomplished on Linux.

So no rebuttal? No one suggested that Windows Servers aren't relevant, that was a very emotional response to saying that "requiring a specific OS" was a ridiculous problem to have in this day and age. Your response gives the impression that you are internally struggling with ascribing value to Windows and sense any suggestion that they are not absolutely necessary as an attack on your own value. Let it go dude, our professional value is not tied to vendor products. As IT folks, we can't care about one product over another, our whole value comes from being above that stuff. That's for best buy workers and Internet trolls, not business infrastructure decision makers who need to stay focused on how our decisions drive profits.

You make the wild claim that not everything can be accomplished on Linux. This flies in the face of all known programming knowledge since the beginning of computers. Care to elaborate what you know that no one else in the industry knows?

To add, the need for IT to run any server OS, on hardware or virtualize, is really starting to dwindle. With the direction modern management and practices are going, I can see both SMB and enterprise use of servers going the way of the Dodo.

@callimarie said in Run virt-manager on Windows 10:

uhh i keep getting this error "The libvirtd service does not appear to be installed. Install and run the libvirtd service to manage virtualization on this host."

So did you do what it said?

@gjacobse said in What Are You Doing Right Now:

"Security"

I'm guessing they can't or don't know how to enforce the execution policy to remote signed for example, and are instead using actually unsecure methods to manage.

@gjacobse said in What Are You Doing Right Now:

Disabled Powershell

Lol why?

@dustinb3403 said in Checking multiple Directories to confirm all files are identical:

I know I could use a tool like Create-Synchronicity to force 1 other directory to match the source, but I would prefer to find and list the differences in the directories.
Maybe powershell can help?

Yeah, PowerShell can help with this in the same way closing the front door of a house will fix a fire inside of it.

@dustinb3403 said in Checking multiple Directories to confirm all files are identical:

Ideally I'd like to compare them all at once, but setting the "golden standard" here may be difficult.

Wait, what? Why do you have multiple directories that should have identical data? That makes absolutely no sense. There are methods to use in file server administration to avoid this...

@dustinb3403 said in Checking multiple Directories to confirm all files are identical:

In a windows environment if you wanted to check multiple network directories, with millions of files ranging in sizes from tiny (a few KB) to large 4GB+ how would you do it.

If you need to search files on a server over network share, on the server you should install the windows search feature, and ensure the shared files and locations are indexed. That will greatly speed up the searching via Win10 computers.

@ccwtech said in Windows Defender Application Control:

@obsolesce said in Windows Defender Application Control:

@ccwtech said in Windows Defender Application Control:

Has anyone played with Windows Defender Application Control, specifically Group Policy to turn it on for each workstation?

I have a request from a client to do this, but I am very leery of using group policy for something like this.

Are they all running Win 10 Enterprise?

For sure no... Win 10 Pro.

Then it won't work as it's a requirement.

@ccwtech said in Windows Defender Application Control:

Has anyone played with Windows Defender Application Control, specifically Group Policy to turn it on for each workstation?

I have a request from a client to do this, but I am very leery of using group policy for something like this.

Are they all running Win 10 Enterprise?

@hobbit666 said in Spreadsheet background image:

Need some help.
I've got an image that I need to write several values on, enough for me not wanting to do it in paint or other image tool and create box boxes etc.

So I thought if I can add the image onto a spread sheet I can just write my values in the cells easy.

Well I can't get the image to add "under" the cells.

Any advice? I'm using Excel but happy to use anything, like OpenOffice etc

If I add the image as a background image it repeats itself.

If I add as a image it goes on top of the cells
This is an example of the image

Page Layout -> Background

@hobbit666 have you tried printing out the image and using as bright sharpie?

@scottalanmiller said in Need MS Access app re-written to something else.:

@dragon3303 said in Need MS Access app re-written to something else.:

you would tell them that they need to find a software engineer to get them their answer?

Obviously. Other than the fact that I'm a software engineer by training and IT later. But as an IT firm, it would be totally wrong for us to pretend to be software engineers. Are you saying that you'd want the IT people, who have no knowledge or training around the needs here, to be making software engineering decisions? Why?

Other than the fact that the customer is asking the wrong people, why would IT volunteer to give information in an area that they know nothing about? Even if IT has guidance to offer, until you have the engineers to work with you don't have enough of the picture to offer useful guidance.

I agree, and think the fact an IT person made this thread speaks for itself its not an IT specific project.

If they can't keep their systems patched, then sure. But if that's the case it doesn't matter anyways. If it's not an issue to keep their devices patched properly, then it can be on. Additionally, you could configure the firewalls for devices to only allow connections from a bastion host.

@siringo said in What Are You Doing Right Now:

because I couldn't be stuffed, i've not been following it, but can you only run Windows 11 on PCs with TPM / TPM2???

If you don't have a PC with a TPM chip by 2025 then wtf u doin?

@scottalanmiller said in sudo problems:

@obsolesce said in sudo problems:

@pete-s said in sudo problems:

And it feels insecure to simply remove the password requirement.

The beauty of cert based auth.

But really, any account that isn't allowed to sudo couldn't do it anyways. That sudo doesn't require a pw doesn't matter. Just like in Windows, if you don't have local admin privileges, UAC doesn't matter... unless you have the credentials of or access to an account that does.

There IS an argument for sudo with password stopping a physical attack where someone watches you look away from the keyboard, then type while you are not looking. It's valid, but minor in most cases.

That's not sudo's responsibility or concern IMO. That's like the lock manufacturer for your front door wanting to keep people out after you already unlock the door and open it.

@pete-s said in sudo problems:

And it feels insecure to simply remove the password requirement.

The beauty of cert based auth.

But really, any account that isn't allowed to sudo couldn't do it anyways. That sudo doesn't require a pw doesn't matter. Just like in Windows, if you don't have local admin privileges, UAC doesn't matter... unless you have the credentials of or access to an account that does.

@stuartjordan said in Miscellaneous Tech News:

@obsolesce said in Miscellaneous Tech News:

@stuartjordan said in Miscellaneous Tech News:

@obsolesce said in Miscellaneous Tech News:

@stuartjordan said in Miscellaneous Tech News:

@obsolesce said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@stuartjordan said in Miscellaneous Tech News:

@mlnews said in Miscellaneous Tech News:

Disable the Windows print spooler to prevent hacks, Microsoft tells customers

The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.

What an earth is going on at Microsoft. Too busy with UI changes to get the basics sorted/working

What is going on with companies that would intentionally continue to deploy this crap in a "business"?

Yeah really. Especially crap with 7 year old privilege escalation vulnerabilities that was totally open for anyone to find at any time...

https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

Yeah fair enough, not great for privilege escalation. Someone will need access to the system shell already. No different then renaming the accessibility app in windows then launching a system shell user to be able to create a administrator account.

At least ssh with keys provides is a lot more secure management then leaving port 3389 open for example with the amount of exploits for RDP. Or linux hasn't had all these printer issues with these current windows updates being pushed out. Linux is far from perfect but I would trust it tenfold then windows.

We'll then it's a good thing Win10 has SSH by default now, and you have a choice whether or not you want 8839 open. Not sure why you need either of them when managing Windows desktops, but whatever floats your boat.

Yep they love Linux that much now, that that want to use linux in a windows subsystem. If Linux was that insecure as you was making out why the hell is most of azure based on it now. Even Microsoft love it because it's durable and reliable, plus they got the help of the whole linux comminity helping them with the kernel.

I never said I wasn't a Linux fan myself. My point was that neither OS is perfect and you'll easily find anecdotal evidence for absolutely any point anyone wishes to make.

Fair Enough, It just come across you was anti linux with your post. I could of read it wrong. Both have exploits but I'm saying id rather put my trust in linux because windows has a larger user base and is targeted more with exploits and malware. Windows is becoming a big pile of bloat for no reason as well. They got things right with windows 7 finally but this windows as a service has been one big fuck up and that's because Microsoft wasn't used to that update model.

Man Windows 7 was horrible. It's never been easier to do deploy Windows and manage updates than it is currently. Your service desk doesn't even need to touch new devices anymore before giving them to an end user. It's ridiculously easy now, straight from the distributer to the end user, up and running within 10-15 minutes of unboxing. And that's with it being fully on boarded with the company, required apps, compliance, etc. I absolutely could not imagine going back to Win7 times. No more imaging or maintaining images or that Wsus bullshit. What a crazy time sink.

@stuartjordan said in Miscellaneous Tech News:

@obsolesce said in Miscellaneous Tech News:

@stuartjordan said in Miscellaneous Tech News:

@obsolesce said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@stuartjordan said in Miscellaneous Tech News:

@mlnews said in Miscellaneous Tech News:

Disable the Windows print spooler to prevent hacks, Microsoft tells customers

The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.

What an earth is going on at Microsoft. Too busy with UI changes to get the basics sorted/working

What is going on with companies that would intentionally continue to deploy this crap in a "business"?

Yeah really. Especially crap with 7 year old privilege escalation vulnerabilities that was totally open for anyone to find at any time...

https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

Yeah fair enough, not great for privilege escalation. Someone will need access to the system shell already. No different then renaming the accessibility app in windows then launching a system shell user to be able to create a administrator account.

At least ssh with keys provides is a lot more secure management then leaving port 3389 open for example with the amount of exploits for RDP. Or linux hasn't had all these printer issues with these current windows updates being pushed out. Linux is far from perfect but I would trust it tenfold then windows.

We'll then it's a good thing Win10 has SSH by default now, and you have a choice whether or not you want 8839 open. Not sure why you need either of them when managing Windows desktops, but whatever floats your boat.

Yep they love Linux that much now, that that want to use linux in a windows subsystem. If Linux was that insecure as you was making out why the hell is most of azure based on it now. Even Microsoft love it because it's durable and reliable, plus they got the help of the whole linux comminity helping them with the kernel.

I never said I wasn't a Linux fan myself. My point was that neither OS is perfect and you'll easily find anecdotal evidence for absolutely any point anyone wishes to make.

@stuartjordan said in Miscellaneous Tech News:

@obsolesce said in Miscellaneous Tech News:

@scottalanmiller said in Miscellaneous Tech News:

@stuartjordan said in Miscellaneous Tech News:

@mlnews said in Miscellaneous Tech News:

Disable the Windows print spooler to prevent hacks, Microsoft tells customers

The third serious Windows print flaw in 5 weeks prompts new Microsoft warning.
Microsoft hit yet another snag in its efforts to lock down the Windows print spooler, as the software maker warned customers on Thursday to disable the service to contain a new vulnerability that helps attackers execute malicious code on fully patched machines.The vulnerability is the third printer-related flaw in Windows to come to light in the past five weeks. A patch Microsoft released in June for a remote code-execution flaw failed to fix a similar but distinct flaw dubbed PrintNightmare, which also made it possible for attackers to run malicious code on fully patched machines. Microsoft released an unscheduled patch for PrintNightmare, but the fix failed to prevent exploits on machines using certain configurations.

What an earth is going on at Microsoft. Too busy with UI changes to get the basics sorted/working

What is going on with companies that would intentionally continue to deploy this crap in a "business"?

Yeah really. Especially crap with 7 year old privilege escalation vulnerabilities that was totally open for anyone to find at any time...

https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/

Yeah fair enough, not great for privilege escalation. Someone will need access to the system shell already. No different then renaming the accessibility app in windows then launching a system shell user to be able to create a administrator account.

At least ssh with keys provides is a lot more secure management then leaving port 3389 open for example with the amount of exploits for RDP. Or linux hasn't had all these printer issues with these current windows updates being pushed out. Linux is far from perfect but I would trust it tenfold then windows.

We'll then it's a good thing Win10 has SSH by default now, and you have a choice whether or not you want 8839 open. Not sure why you need either of them when managing Windows desktops, but whatever floats your boat.