A quick and easy way to share a password:
PhlipElder
@PhlipElder
Microsoft MVP 2009 to Present.
Technical Architect specializing in High Availability Compute, Storage, and Network.
276
Reputation
588
Posts
846
Profile views
0
Followers
0
Following
Posts made by PhlipElder
-
RE: Password manager for ordinary users?posted in IT Discussion
-
RE: Password manager for ordinary users?posted in IT Discussion
@FATeknollogee said in Password manager for ordinary users?:
@PhlipElder said in Password manager for ordinary users?:
KeePass. Been using it for years.
It's simple, great for organizing, and the auto-type just works.
Sorry, that UI looks like something from the '60's!
Ever hear of a "Rat Rod"?
If it ain't broke, don't fix it. It just works as intended. Doesn't have to look pretty, but as soon as the poser hears, "Race you for Pinks" it's a done deal.
-
RE: Password manager for ordinary users?posted in IT Discussion
KeePass. Been using it for years.
It's simple, great for organizing, and the auto-type just works.
-
RE: Random Thread - Anything Goesposted in Water Closet
@nadnerB said in Random Thread - Anything Goes:
Some of the most fascinating fire brigade ice sculptures happen at -30C and colder.
The snow reminded me of the many I've seen over the years growing up in Winterpeg, ManItsColdOut (Winnipeg, Manitoba) where we'd get -35C to -45C every winter sometimes for weeks on end.
-
RE: Random Thread - Anything Goesposted in Water Closet
@nadnerB said in Random Thread - Anything Goes:
Mine would be steep levels for my Earl Grey Tea. 15 minutes would be "dripping sarcasm" mode.
Today was a 30 minute, though incidental, steep.
Got the glow on baby!
-
RE: Random Thread - Anything Goesposted in Water Closet
@wirestyle22 said in Random Thread - Anything Goes:
thanks
This is what's keeping me busy lately. Building a Chicken Coop, though we're calling it the Palace, for our girls.
We have Leghorns (apparently pronounced LegUrns, Rhode Island Red, and Plymouth Rock (black) to start.
Construction is 2x4 insulated 8' x 8' with the run being 20' x 8'. All those years in construction back in the day always seem to pay off in some way.
Apparently, I've been elected to be the one to get them from the coop to the table when the time comes.
-
RE: Random Thread - Anything Goesposted in Water Closet
@wirestyle22 said in Random Thread - Anything Goes:
Super close now. Only a few more inspections and we're done
Wow, it looks really good!
-
RE: VM Windows 10 Pro Licensing On Hyper-Vposted in IT Discussion
@NashBrydges said in VM Windows 10 Pro Licensing On Hyper-V:
I met with a prospective client today over video chat (wanted to reduce physical exposure for everyone until we're in a place where onsite visit is necessary) and she walked me through her current setup and what she'd like to do. One thing stood out for me as potentially problematic so wanted to check here to see if someone could point me in the right direction.
Her current IT admin (still employed there...for now) has setup a Windows 2016 server with Hyper-V role. He's the used Disk2VHD to create a disk image of each of their business' 8 PCs and loaded them up on the Windows server to run as virtual desktop. He then uninstalled all of the business software from each of their desktops so they are now essentially running their entire business via those virtual Win10 machines. Each physical desktop is now essentially a client for accessing the users' virtual PCs. Nothing is running on their physical PCs except Windows 10 Pro. All their software is running on their virtual desktops.
I'm pretty sure that's problematic in that they are in breach of MS licensing terms (I think). There are no CALs. They simply use the Remote Desktop client on their physical desktops to access their virtual PCs and it is a 1:1 setup with everyone having their own virtual Win10 PC. There is no AD of any kind.
If I understand the licensing correctly, in this setup, they would require Windows Software Assurance, Windows VDA subscription, or Windows E3/E5 licenses, do I have that right? They would also require CALs for the appropriate # of users, correct?
Yes, Desktop Software Assurance gives virtualization rights for the Windows Desktop OS. Windows Desktop E3.
RDS CALs are also required since they are accessing endpoints via RDP.
The E3 license is not that expensive. It is a subscription licenses so annual.
You could also reach out to a Cloud Service Provider and look into E5 that yields Advanced Threat Protection among other great add-ons.
*All of our clients are on E3 and running Windows 10 Enterprise 64-bit.
-
RE: System Admin - checklist for Don'ts and Important points please!posted in IT Discussion
@Dashrender said in System Admin - checklist for Don'ts and Important points please!:
@PhlipElder said in System Admin - checklist for Don'ts and Important points please!:
7: No Remote Desktop Protocol (RDP) port forwards (NAT) from the Internet (alternate port) to 3389 on the intended destination. Ever. Use Remote Desktop Gateway and add DUO or other 2FA to the mix.
Is this because only RDG supports MFA? not the end clients themselves?
Because RDG provides a layer of protection against TSGrinder and its cohort.
It's bad news to publish an RDP listener direct to the Web. Has been for a very long time now.
-
RE: System Admin - checklist for Don'ts and Important points please!posted in IT Discussion
@openit said in System Admin - checklist for Don'ts and Important points please!:
- Not recommended to convert Physical Server which has Domain Controller to Virtual Machine.
- Need to choose right Generation (1 or 2) type VM on Hyper-V, because later we can't change the generation.
- Don't set Static IP of some server/machine without consulting Network Team, to avoid conflicts with existing DHCP scope.
Your inputs matters a lot to me, and might help others in community as well.
Thanks!
1: That depends. A DC could be virtualized until such time as one is ready to run a full migration. Server 2019 ADDS requires DFSR. So, existing FRS DCs would need to be migrated to DFSR first. This is an invasive process that requires System State backups of FSMO/PDCe and at least one secondary DC.
2: Always Gen2 unless the OS to be dropped into the VM does not support it. P2V of older workloads for example. Use what is required.
3: The subnet should be documented somewhere. MAC addresses, IP addresses, DHCP scope(s), DHCP settings, and so on. Advanced IP Scanner is free and is a good place to start if none exist. There are other tools out there.
4: Group Policy: Follow best practices. Don't touch the Default Domain and Default Domain Controllers policies. Always set up the OU/GPO structure and settings according to the org's needs.
5: Hyper-V standalone: We don't join the host to the guest's domain. It presents a barrier to a ransomware compromise.
6: Backup: A backup is not considered "Good" until it is fully bare metal/hypervisor restored. Spot file/folder restores are not a verification method.
7: No Remote Desktop Protocol (RDP) port forwards (NAT) from the Internet (alternate port) to 3389 on the intended destination. Ever. Use Remote Desktop Gateway and add DUO or other 2FA to the mix.