IT Team gets together and creates the hold from hell.

https://www.theregister.co.uk/2016/04/29/it_helpdesk_creates_oh_hold_hell/

https://www.reddit.com/r/VOIP/comments/dypp36/20191119_critical_freepbx_security_vulnerability/

"There has been a criticial security vulnerability discovered in FreePBX which allows remote code execution without authentication."

v14/v15 should automatically update themselves. Earlier versions will not.

@wirestyle22 said in Random Thread - Anything Goes:

thanks

This is what's keeping me busy lately. Building a Chicken Coop, though we're calling it the Palace, for our girls.



We have Leghorns (apparently pronounced LegUrns, Rhode Island Red, and Plymouth Rock (black) to start.

Construction is 2x4 insulated 8' x 8' with the run being 20' x 8'. All those years in construction back in the day always seem to pay off in some way.

Apparently, I've been elected to be the one to get them from the coop to the table when the time comes.

@JaredBusch said in Manage domains and DNS for customers?:

@Pete-S said in Manage domains and DNS for customers?:

Is there a good way to manage domain renewals and DNS settings on behalf of a customer?

Basically handle everything and then invoice the customer. But the customer should still legally own the domain(s).

Anyone granted access to log in to the registrar can become the sole owner by transferring the registration to someplace that no one else has access to.

Without any legal contracts stating clearly how it all works, the legal owner is whoever is paying for it. That would be you, not them, in the scenario listed.

IANAL, but barring things like previously trademarked names, a company would likely not win (assuming cost of litigation is not an issue) in court if you said they did not own the right to their domain registration.

We actually put it in writing that we are managing their Internet properties and services and that ownership of said properties are theirs. If they decide to move on, it's in the contract that they would pay the fee(s) for the transfer out with the unlock codes presented once that process was initiated.

@dashrender said in Random Thread - Anything Goes:

@nadnerb said in Random Thread - Anything Goes:

So sad but true!

Why do so many companies have to hear it from an outsider before they believe it?

Prophet is never known as such in their own home land.

@scottalanmiller said in Typical services and software in SMBs?:

@pmoncho said in Typical services and software in SMBs?:

On a side note (very anecdotal), being nice has its benefits. I have seen on numerous occasions and even 3 times in the last month, an ITSP/MSP are nice till they get the account then turn into being total dicks! I don't understand it but it is so close to turning into axiom.

As an MSP, while I believe we are always nice, I can tell you that the customers practically demand this scenario. Time and time again, if you are nice to the client, they dump you for the next abuse dick that comes along, makes obviously false promises, pressures you into tripling your budget and signing long contracts with no protection for you. The average client only wants a vendor that treats them bad. I can't explain it, but the better job you do, the less likely a customer is to keep you. Obviously the great customers aren't like this, but good customers are few and far between. Most want to micromanage and IT is just scapegoat for their own mistakes.

Our longest standing client was is a company I started supporting at the end of 1998. All of our clients would sign a cheque today for anything that would be needed for the IT to function as it has been since we took it over.

We divorced our last abusive client over 10 years ago. IT was a bleed for them so we did a lot of break/fix to the tune of $xKs per month but they would take 90+ days to pay and we'd have to chase them for the cheques.

After getting fed up with them not updating/upgrading their garbage and the payment situation a simple e-mail went out with the following:

• As of January 1, 2012 our rates and expectations will be:
  ** 24 Hour Response Time (Defined as our reaching back out to you)
  ** 24 Hour Response Time Rate: $225/Hour
  ** 8 Hour Response Time Rate: $275/Hour
  ** 4 Hour Response Time Rate: $295/Hour
  ** Immediate Response Time Rate: $350/Hour

Heh, within seconds of hitting SEND they called back. :0)

Boundaries are boundaries. If we get an impression with red flags, my wife and business partner is really good at picking up on them versus myself, then we'll discuss whether it's advisable to pick up the business.

That being said, when we were starting out we took the business that we could and learned through the School of Hard Knocks, sometimes to the tune of substantial loss, all the while figuring out the best way to assess incoming for those flags.

@dustinb3403 It's been a while, but there's a set of files the Mac writes to all folders it touches. .DS_Store or something like that.

We've seen busy graphics houses have their file servers brought to their knees by this "feature".

These guys: https://dea.nbird.com.au/2014/11/19/windows-server-prevent-mac-files-on-shares-ds_store-_-trashes/

@Danp Whoever made the T-Shirt was probably too intimidated to mention the grammatical error or maybe let it go because the guy was a d*ck.

@WrCombs said in DHCP Question...:

This is for a friend of mine who asked me ; And Wanted to be able to send him a link to read up on DHCP Best practices and ideas on his situation.

He came to me and said "if you set up a dhcp why do you set up .2-.254 with a gate way of .1
don't you want to keep some open for Static IPs... for example: printers?"

what can I say to him other than .1 is reserved for gateway? .1 is the gateway so it can't be used in the scenario.

He is explaining to me that this company Cybera is setting up a firewall for him at his location and is curious why they would leave it that wide and open without any reserved Static IPS.

I'm sending him the link to this thread to have him read through the answers I get.

Our rule of thumb, and it's a "we've been doing it this way since ... so we keep doing it this way" situation, is to set up the full subnet in DHCP and then set exclusions for what we want to set aside for servers, printers, and the like. We generally set printers via reservation.

Here's a simple scope setup in PowerShell:

Add-DHCPServerInDC
Add-DHCPServerv4Scope -Name "OUR Local Scope" -StartRange 10.100.10.1 -EndRange 10.100.10.254 -SubnetMask 255.255.255.0
Add-DhcpServerv4ExclusionRange -ScopeID 10.100.10.0 -StartRange 10.100.10.1 -EndRange 10.100.10.49
Add-DhcpServerv4ExclusionRange -ScopeID 10.100.10.0 -StartRange 10.100.10.200 -EndRange 10.100.10.254
Set-DhcpServerv4OptionValue -ComputerName DC.Domain.com -DnsServer 10.100.10.254 -DnsDomain Domain.com -Router 10.100.10.1

The announcement page: Starwood Guest Reservation Database Security Incident Marriott International

My thoughts on the matter though rather curtailed from what I really want to say due to polite company: Some Thoughts on the Starwood/Marriott Reservations Database Breach

@Obsolesce said in Mango hot sauce:

Does anyone know of a real good widely available mango flavored hot sauce? Nothing super hot, but some spice to it.

https://hotsauce.com has some amazing stuff.

@Pete-S said in Dell Server: The server power action is initiated because the host device initiated a warm-reset operation.:

@scottalanmiller said in Dell Server: The server power action is initiated because the host device initiated a warm-reset operation.:

Just verifying that this log entry tells us that a human hit the power button on the server? This is a log entry in the iDrac.

I don't think so. Warm reset is a reset, like the reset button or alt+ctrl+del.

If you press the power button you get a shutdown / power down but not reset, because after power off it will not start again.

If you have another Dell server available maybe you can verify.

Power button press = Graceful Shutdown
Power button press and hold = Power Off

@scottalanmiller said in Easy Computer to Computer File Transfer Over Internet:

This is probably not hard, I just don't know what product to use. I don't want to use IBM Aspera (no native MacOS client for current Macs) and FireFox Send is gone. But those types of products are what I want.

Goal: Move large video files from my desktop or laptop (MacOS ARM64) to a distant computer (Fedora, Ubuntu or Windows - any is fine) directly. Don't want to go through an intermediary server. Remote machine can have a fixed IP. Can open ports, but trying to avoid that type of thing. Can do ZT or similar VPN, but trying to avoid that type of thing. Only need to send one direction.

Reason: I generate large media files (typically 3GB+) locally and often need to upload them 3-5 different places once generated and this puts an unnecessary load on my WAN here. I want to move them to a location with a lot more WAN bandwidth once, and do all the uploads from there (and RE-uploads get way easier.)

We just got forced into Microsoft's O365 Basic because they terminated OneDrive Consumer.

Set up an encryption container that the files go into. Seal it, move it to OD and it will upload. Files are already encrypted so whatever on Microsoft's side.

We have a lot of machines set up this way and it just works. Having the extra 875GB of space makes it easier for me to distribute the .ISO files we use regularly with Standalone, Storage Spaces Direct (S2D) cluster hosts, and Hyper-V cluster hosts. Drop a new one into the repository and it shows up across the board.

It's great for the home lab system as the .ISO files will be in the lab by the time I get back so no mucking about getting the file(s) off a flash drive and subsequently the hops into the lab setting.

@gjacobse Sorry I wasn't clear. At some point the user was looking for something and clicked on a link in the results that then inserted something into Edge that causes the pop-ups.

We've seen it often enough that we've added search training to our Train the Human regimen.

@gjacobse said in MS Edge and pop-ups:

I don't use Edge... and for many good reasons. Even with it being build off of Chromium / Chrome.

I've used it mainly as a MS / Azure / O365 Admin since I had to have user and Admin level sessions going over using incognito mode in Chrome.

User is having a site issue that it doesn't work in Chrome but works in Edge - but they are getting Pop-ups in Edge even with the Pop-Up blocker enabled under settings.

I've cycled through a few things but haven't gotten to the cache / reset as they are sloow to respond.

What else could I have them try - because else it's Edge and I haven't much of a care....

Time for a full reset of the browser. They clicked on a search result or something else that pulled in an extension that is probably hidden.

Elevated PowerShell:

CD C:\Users\%username\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe

Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml” -Verbose}

@JasGot Interesting.

Other than the custom systems we build on ASRock Rack and TYAN boards that have HDMI and/or DisplayPort all of the server platforms we deploy have one graphics output and that's VGA.

SIP = Server endpoint?

@JasGot said in Rack LCD Console with Digital KVM:

@PhlipElder That dell unit is analog only.

Am I missing something? Is the title misleading?

@ElecEng said in Rack LCD Console with Digital KVM:

Does anyone know who makes a rack LCD console with an integrated digital KVM? with 8 or 16 ports?

Finding many with integrated analog KVM but not digital. APC used to have one, but it was discontinued and not replaced.

Rack space is extremely limited, thus why I am looking for an integrated unit versus two pieces of gear.

Something like this? Dell Digital KVM Switch DMPU108e - TAA Compliant
https://www.dell.com/en-us/shop/dell-digital-kvm-switch-dmpu108e-taa-compliant/apd/a7546773

Made by Avocent.

@Pete-S said in Force password change on first login over RDP:

Great, so it works if you use RDWeb.

But if you RDP directly to any Windows server or workstation it won't.

Nope. It won't. There's no way around that.

We also have Exchange on-premises so OWA works for that password change.

@PhlipElder

Logged in.