@nadnerB said in Random Thread - Anything Goes:
Heh, my daughter has inherited my dyslexia. We have a number of running jokes between us as a result.
An oldie a counsellor told me when I was young:
What does a dyslexic do when they can't sleep?
They lie there thinking about dog.
When RD Gateway is set up and 2FA (2 Factor Authentication) is in place access to a Remote Desktop endpoint, whether RemoteApp, Session Host desktop, or VDI desktop OS, is as secure as the human using it.
We have plenty of RD Farms out there both in client internal and multi-tenant setups.
There's no exposing an RDP Listener to the Internet on any port. That's just bad.
There are some internal LAN side advantages:
Internally or externally, Group Policy locks things down for security and access purposes as well as for mitigating a Ransomware errant user click.
@nadnerB said in Random Thread - Anything Goes:
@PhlipElder an RGE (ResumΓ© Generating Event) waiting to happen
Dude ... I can't count the number of times folks told me RAID was a backup system for their data.
Now, folks are saying the same for cloud's distributed systems. #SMH
@srdennis said in Need help trouble shooting GPO.:
OMG!!!!! It worked!!! Thank you so much Obsolesce. I cannot believe that I didn't understand that aspect of how this all works. So If I were to put a user into this test OU and apply the test GPO that has a user GPO in it then it will get applied?
AD/GP best practice is to separate out the OU paths. One for Computer objects and another for User objects.
Group Policy operates similar to Cascading Style Sheets that tailors the way a web site can look with the GPO closest to the object winning with few exceptions.
Never edit the Default Domain Policy or Default Domain Controllers Policy. Always create a new GPO and link it to the required OU.
GPOs for Computer objects should have the User section disabled and same for User objects having the Computer section disabled.
GPResult /H C:\Temp\GPResults.html
That's how to find out the what/where/when for GPOs applying. Computer GPOs will only show up if the command is run via an elevated shell (CMD). The Temp directory needs to exist.
A quick and easy way to share a password:
@FATeknollogee said in Password manager for ordinary users?:
@PhlipElder said in Password manager for ordinary users?:
KeePass. Been using it for years.
It's simple, great for organizing, and the auto-type just works.
Sorry, that UI looks like something from the '60's!
Ever hear of a "Rat Rod"?
If it ain't broke, don't fix it. It just works as intended. Doesn't have to look pretty, but as soon as the poser hears, "Race you for Pinks" it's a done deal.
KeePass. Been using it for years.
It's simple, great for organizing, and the auto-type just works.
@nadnerB said in Random Thread - Anything Goes:
Some of the most fascinating fire brigade ice sculptures happen at -30C and colder.
The snow reminded me of the many I've seen over the years growing up in Winterpeg, ManItsColdOut (Winnipeg, Manitoba) where we'd get -35C to -45C every winter sometimes for weeks on end.
@nadnerB said in Random Thread - Anything Goes:
Mine would be steep levels for my Earl Grey Tea. 15 minutes would be "dripping sarcasm" mode. 
Today was a 30 minute, though incidental, steep.
Got the glow on baby! 
@wirestyle22 said in Random Thread - Anything Goes:
thanks
This is what's keeping me busy lately. Building a Chicken Coop, though we're calling it the Palace, for our girls.
We have Leghorns (apparently pronounced LegUrns, Rhode Island Red, and Plymouth Rock (black) to start.
Construction is 2x4 insulated 8' x 8' with the run being 20' x 8'. All those years in construction back in the day always seem to pay off in some way.
Apparently, I've been elected to be the one to get them from the coop to the table when the time comes.
@wirestyle22 said in Random Thread - Anything Goes:
Super close now. Only a few more inspections and we're done
Wow, it looks really good!
@NashBrydges said in VM Windows 10 Pro Licensing On Hyper-V:
I met with a prospective client today over video chat (wanted to reduce physical exposure for everyone until we're in a place where onsite visit is necessary) and she walked me through her current setup and what she'd like to do. One thing stood out for me as potentially problematic so wanted to check here to see if someone could point me in the right direction.
Her current IT admin (still employed there...for now) has setup a Windows 2016 server with Hyper-V role. He's the used Disk2VHD to create a disk image of each of their business' 8 PCs and loaded them up on the Windows server to run as virtual desktop. He then uninstalled all of the business software from each of their desktops so they are now essentially running their entire business via those virtual Win10 machines. Each physical desktop is now essentially a client for accessing the users' virtual PCs. Nothing is running on their physical PCs except Windows 10 Pro. All their software is running on their virtual desktops.
I'm pretty sure that's problematic in that they are in breach of MS licensing terms (I think). There are no CALs. They simply use the Remote Desktop client on their physical desktops to access their virtual PCs and it is a 1:1 setup with everyone having their own virtual Win10 PC. There is no AD of any kind.
If I understand the licensing correctly, in this setup, they would require Windows Software Assurance, Windows VDA subscription, or Windows E3/E5 licenses, do I have that right? They would also require CALs for the appropriate # of users, correct?
Yes, Desktop Software Assurance gives virtualization rights for the Windows Desktop OS. Windows Desktop E3.
RDS CALs are also required since they are accessing endpoints via RDP.
The E3 license is not that expensive. It is a subscription licenses so annual.
You could also reach out to a Cloud Service Provider and look into E5 that yields Advanced Threat Protection among other great add-ons.
*All of our clients are on E3 and running Windows 10 Enterprise 64-bit.
@Dashrender said in System Admin - checklist for Don'ts and Important points please!:
@PhlipElder said in System Admin - checklist for Don'ts and Important points please!:
7: No Remote Desktop Protocol (RDP) port forwards (NAT) from the Internet (alternate port) to 3389 on the intended destination. Ever. Use Remote Desktop Gateway and add DUO or other 2FA to the mix.
Is this because only RDG supports MFA? not the end clients themselves?
Because RDG provides a layer of protection against TSGrinder and its cohort.
It's bad news to publish an RDP listener direct to the Web. Has been for a very long time now.
@openit said in System Admin - checklist for Don'ts and Important points please!:
- Not recommended to convert Physical Server which has Domain Controller to Virtual Machine.
- Need to choose right Generation (1 or 2) type VM on Hyper-V, because later we can't change the generation.
- Don't set Static IP of some server/machine without consulting Network Team, to avoid conflicts with existing DHCP scope.
Your inputs matters a lot to me, and might help others in community as well.
Thanks!
1: That depends. A DC could be virtualized until such time as one is ready to run a full migration. Server 2019 ADDS requires DFSR. So, existing FRS DCs would need to be migrated to DFSR first. This is an invasive process that requires System State backups of FSMO/PDCe and at least one secondary DC.
2: Always Gen2 unless the OS to be dropped into the VM does not support it. P2V of older workloads for example. Use what is required.
3: The subnet should be documented somewhere. MAC addresses, IP addresses, DHCP scope(s), DHCP settings, and so on. Advanced IP Scanner is free and is a good place to start if none exist. There are other tools out there.
4: Group Policy: Follow best practices. Don't touch the Default Domain and Default Domain Controllers policies. Always set up the OU/GPO structure and settings according to the org's needs.
5: Hyper-V standalone: We don't join the host to the guest's domain. It presents a barrier to a ransomware compromise.
6: Backup: A backup is not considered "Good" until it is fully bare metal/hypervisor restored. Spot file/folder restores are not a verification method.
7: No Remote Desktop Protocol (RDP) port forwards (NAT) from the Internet (alternate port) to 3389 on the intended destination. Ever. Use Remote Desktop Gateway and add DUO or other 2FA to the mix.
@Danp Whoever made the T-Shirt was probably too intimidated to mention the grammatical error or maybe let it go because the guy was a d*ck.
@wirestyle22 said in Random Thread - Anything Goes:
@PhlipElder said in Random Thread - Anything Goes:
@wirestyle22 said in Random Thread - Anything Goes:
@PhlipElder said in Random Thread - Anything Goes:
@wirestyle22 said in Random Thread - Anything Goes:
@travisdh1 This should be done in a few weeks. I think we will wait a month to actually move in.
We need to install curtains, a security system, switch rack, refrigerator etc."switch rack" ?
Yeah, whats the question?
I don't know what a "switch rack" is in this context.
It's a rack with network switches in it
Ah, there are plenty of wall mount 3U and up units out there that are relatively inexpensive. One or more modular jack swing panels and a decent cable management unit and you're good to go.
In some cases a 2 post rack may be a better fit or a small 21U rack enclosure if needed.
That's a matter of need based on whether there's a home cluster to be had.
@wirestyle22 said in Random Thread - Anything Goes:
@PhlipElder said in Random Thread - Anything Goes:
@wirestyle22 said in Random Thread - Anything Goes:
@travisdh1 This should be done in a few weeks. I think we will wait a month to actually move in.
We need to install curtains, a security system, switch rack, refrigerator etc."switch rack" ?
Yeah, whats the question?
I don't know what a "switch rack" is in this context.
@wirestyle22 said in Random Thread - Anything Goes:
@travisdh1 This should be done in a few weeks. I think we will wait a month to actually move in.
We need to install curtains, a security system, switch rack, refrigerator etc.
"switch rack" ?
@scottalanmiller said in Random Thread - Anything Goes:
@nadnerB said in Random Thread - Anything Goes:
No idea who this guy is but he's got a point this time:
Senator and the #3 most popular presidential candidate right now. Was most popular in the last election but bailed before the election.
2016:
Bernie: I'm going through right to the end!
Hillary: Hay Bernie, check out these skeletons!
Bernie: CU
2018:
Bernie: I'm going through right to the end!
DNC: Oh EFF no you're not!
Hillary: Hay Bernie ...
Bernie: So what!
