@d-cunnings said in User Profile migration Problem AAD -> AD:

The amount of time I spend on stuff like this is just... I cannot fathom that MS has not bothered to build in some general function to lift over profiles either way.

This would honestly make absolutely no business sense for them. They have a massive financial incentive to force companies anyway that they can over to Azure AD from AD. They are very, very actively phasing out AD and want it to go away. Investing money into building (and that means supporting, too) tools to shoot themselves in the foot would make no sense. If you want to go against MS' financial interests, you are going to have to either build your own tools or buy them from a third party. MS is not going to pay to encourage you to act against their business interests. If I was an MS shareholder, I'd be pretty upset if MS did that.

Their goal is to make this as painful as possible for you, without actually blocking you from doing it. They want you to rethink this decision, but if management asks if MS blocked you, you can't claim that they did because you are free to migrate by hand, build your own tools, etc.

@d-cunnings said in User Profile migration Problem AAD -> AD:

I always advise customers to go easy on cloud and see where it goes.

Cloud is an architecture. There should be no "going easy" or "going hard" or "seeing where it goes." Cloud has been one of the standard approaches for nearly two entire decades now, it's way, way past the point of "mature". We don't just know where it was going to go, but it went there long ago. It's like saying "let's see if this Windows thing takes off."

Cloud should be used logically just like on-prem is. Any amount of emotional involvement in deciding one way or the other is bad. It's really just a logic / math equation. Compare features, cost, capabilities, nothing more. Cloud is mature and extremely well known, there's zero unknown at this point, not since 2004 or so. So there shouldn't be any guessing and you should never need to advise about it - only point out standard decision factors and ensure businesses aren't going insane and being emotional.

I realize many businesses are emotional and illogical about core business decisions, even one that the business has no business even being aware of, but I'd recommend heavily advising them to think logically, rather than attempting to steer a bad emotional response. It might get the right result this time, but it just trains them that acting crazy is acceptable and misses a chance to educate them on how to interact with IT and how to make sound business decisions.

@d-cunnings said in User Profile migration Problem AAD -> AD:

I find the negligence from MS regarding our work astonishing.

I don't, I've been watching them since the early 1980s and the market has responded to them over and over again that their audience does not care about stability and reliability and these assumed enterprise functionalities. So why would MS care if their customers do not? The customers are free (and encouraged) to use other products. No one has to use Windows or AD or Azure. And yet customers flock to it and often get burned really badly. Do they stop using it? No.

Case in point, I bet your customer in this example didn't move to Windows in the early 1990s when people were still learning how bad the product line from MS was. They probably implemented Windows long after it was commonly accepted to be pretty bad, that MS had no business care or regard, and long after Microsoft slapped "for entertainment purposes only" stickers on their OS boxes. And yet, they went to it anyway. And I bet, after problems that they have here today, they won't even entertain the idea of using something else.

That's not right or wrong, my point is only that by choosing Windows and staying with Windows and AD and Azure... they are telling Microsoft in clear, certain terms that they are happy to keep paying and that they are a-ok with how MS handles this. So... don't be surprised that MS listens to their customers and gives them the minimum necessary to keep them sticking around.

Businesses voting with their wallets is a very real thing.

If you update to a recent version of Ubuntu, especially Ubuntu 22.04 you will likely have remote access tools like MeshCentral, RDP, Remote Desktop, ScreenConnect, ConnectWise, LogMeIn, and others stop working.

This is generally because Ubuntu has switched from using Xorg by default to using Wayland and changes which is used during the upgrade process. Normally all we have to do is change it back.

vi /etc/gdm3/custom.conf

Edit this file and Ubuntu has handily included a commented out line for us:

[daemon]
# Uncomment the line below to force the login screen to use Xorg
#WaylandEnable=false

Just remove the comment mark, the pound sign (hashtag for the youngsters), save and reboot. Voila.

[daemon]
# Uncomment the line below to force the login screen to use Xorg
WaylandEnable=false

So we have a number of Windows Server 2022 machines in the fleet. And all seem to be unstable, they power down regularly with nothing in the logs, no expired Activations, nothing in the hypervisor logs... nada. It's like the power is just lost.

These are super vanilla machines. Extra software is pretty much limited to 7zip, MeshCentral, etc. Things we have deployed on thousands of machines. The machines with issues don't run the same workloads, some are ASP.NET apps on IIS, others are purely SQL Server Reporting Services. So very different applications.

We are getting suspicious that Edge is causing the issue. These are the first servers where we didn't immediately replace the MS browser as the default browser and most crashes are only while the browser is in use.

We've switched some machines to Chrome for testing and it is early, but so far, the crashes have stopped. Has anyone been running Windows 2022? If so, what the heck are we seeing?

@scottalanmiller said in Windows Server 2022 and Suspect Edge Instability:

Tested the fix of changing nesting to disable. So far, so good. But it'll take time to know.

Another day, no crashes. So far this fix is working and is really easy.

@JaredBusch said in What Does the V- Stand for in Microsoft Email Addresses:

I thought we had a thread about this in the past as well. But absolutely a good reminder.

Probably did, but my guess is that it was a discussion in a thread, rather than an easy to find topic of its own.

Had several people have to deal with this today and, of course, no one believes me until they Google it and are like "oh, Scott didn't make this up!" lol.

But honestly, it seems like just a scam. Like how SD-WAN is just code for "same VPN as always." NDR seems like code for IPS as always.

@Florida_man said in Experience with NDR Solutions:

@scottalanmiller said in Experience with NDR Solutions:

@Florida_man said in Experience with NDR Solutions:

@scottalanmiller the truth is that this is something that AI is not really capable of doing right now. Sure solutions can automatically block things, but many times they block legitimate traffic, too. The amount of machine learning that must be in place far exceeds the benefit this automation can provide.

Build your solutions with zero trust and this really isn't much of an issue anymore. The main reason people do this shit is for compliance purposes to check boxes. If they really cared about security, they'd design the infrastructure in a way where this type of shit isn't even necessary.

Zero Trust is hard to do when you don't make bespoke software. Most firms run uncontrolled third party stuff.

That isn't the an issue anymore. Alot of COTS and open-source software runs in containers. Each container has its own microservice.

https://blog.aquasec.com/zero-trust-kubernetes

It's time to embrace containers @scottalanmiller

"A lot" is subjective. Try finding any that customers actually use. MY embracing containers is irrelevant. And not the source of zero trust. Containers are a red herring in that case.

First you need software that has zero trust. Then containers can or cannot be used, not super relevant. Just more buzz, like cloud, but not actually important. But until the products you are deploying support zero trust, it's all moot.

@mroth911 said in How to make 3 node cluster like Scale:

How can I build a 3 node cluster like scale on my own?

So what you have here is a lot of things (The Scale HC3) so we have to ask which parts you mean...

Scale HC3 has...

1. Hyperconvergence
2. A proprietary RAIN storage system.
3. A custom orchestration management interface.
4. Integrated support.
5. Integrated hardware testing.

And more, but those are the highlights. Which of those things do you want? Without all of them, you don't really have a "Scale-like" device, but something else.

We understand you probably don't mean 4 & 5, but you likely mean 1, 2, & 3. And that's really hard, depending on how much flexibility you want to have.

What is a commando controller? I looked it up but it seems like a oil drilling system.

@Pete-S said in Linux alternative to FreeDOS?:

Basically throw FreeDOS on a stick and copy some utilities and make a AUTOEXEC.BAT file. Insert it into a server and reboot.
Is there a super-simple fast booting linux distro that would be suitable for this kind of job?

Not really. I use a bootable Ubuntu USB for lots of things, but anything that requires DOS is going to continue to require DOS and won't work from Linux. So maintaining DOS for those purposes will still be required.

@Dashrender said in Grandstream GWN7660/GWN7664:

@scottalanmiller said in Grandstream GWN7660/GWN7664:

I've used Grandsteam in non-AP contexts a bit. And they aren't "bad", but I wouldn't intentionally buy or deploy them.

I have 6+ WP820 WiFi phones and they are great.

Why wouldn't you do GS APs?

We have had loads of Grandstream phones over the years and while cheap, they rarely hold up. Their networking gear is similar. It's very "phoned in" dirt cheap aimed at non-IT staff to deploy.

@JaredBusch said in AP's geared toward home use?:

Home users should never have business gear setup unless they are a hobbyist or something.

I say the opposite. Most consumer gear (not IT, in all categories) is designed to take advantage of people not doing their research and not understanding how to evaluate products. "Consumer gear" generally costs more and delivers less.

@Dashrender said in AP's geared toward home use?:

The controller based solution is what makes that awesome... but having to run something on your computer or in a cloud service like Vultr, etc - no consumer is going to do that.

No consumer should. Have a service do that for you. You want a cloud controller, but on a tiny scale. NTG has consumer customers that get that service for free. Actually ALL our customers get that for free. It costs us nothing to provide, and our benefit is that the customer is more likely to call us for service when we have fast, easy access to their monitoring and changes. So it's totally a value to us to provide it, and totally a value to them to get a cloud controller hosted, for free. Everyone wins, it's a great model.

You are correct, no end user should run a controller ANYWHERE, but especially not in house. But they should probably all have controllers.

@JaredBusch said in TP-link business switches?:

@scottalanmiller said in TP-link business switches?:

@JaredBusch said in TP-link business switches?:

@Dashrender said in TP-link business switches?:

@Pete-S huh - I'm sure prices are some higher now.. but $200 for a 24 port switch seems high, not low - but JB will just tell me to shutup and go away now...

The Ubiquiti EdgeSwitch 24 LITE (non-PoE) is $240 MSRP.

I'd definitely prefer this. And it has a remote controller that is hosted for free (see other thread, jaja.)

No, the would be the UniFi Switch line. EdgeSwitch has none of that. Well, maybe it does now that it is called UISP? They could have that hosted for people also. I never looked.

Yes, that's what I'm talking about. It's free and they host it for you. We've been using it for a few years. It's really quite nice. It's different than Unifi, which I can't explain. But it does a good job.

@travisdh1 said in TP-link business switches?:

@scottalanmiller said in TP-link business switches?:

@Dashrender said in TP-link business switches?:

@JaredBusch said in TP-link business switches?:

@scottalanmiller said in TP-link business switches?:

Yes, that's what I'm talking about. It's free and they host it for you. We've been using it for a few years. It's really quite nice. It's different than Unifi, which I can't explain. But it does a good job.

I've been using UNMS since it came out. They rebranded it to UISP a couple years ago. I had no idea, or forgot, that they had a free hosted version of it.

Yeah free hosted version as long as you have 5+ devices attached to it.

And they aren't very serious about the limits. If you are a vendor, you'll have enough to do it for free easily.

I almost have enough devices with just my personal stuff!

Exactly, it's not hard. Especially when the simplest devices count. Buy a couple for your lab and voila.

@Fredtx said in 2 disks or 1 disk with 2 partitions for new VM?:

I'm building a new VM on a VmWare host to replace a 2008 server. The 08 VM has 2 virtual disks each mounted with a drive letter (C and D). Would it be better when creating the new VM to instead create 1 virtual disk, and divide it into 2 partitions (C and D)? Thoughts?

Partitions are a legacy concept and for all intents and purposes should not exist. They are never the right answer. Only systems too old to have an LVM would do that. Linux introduced it's LVM around 2000. Windows introduced its in 2003. So anything made since then, no partitions.

Much of the point of the physical card is to make a mental pathway in the human, not the phone, which builds a memory and enforces the connection. That's why we use paper, the way it interacts with the person.

Paper cards can always have all the info you want AND a QR code to allow for the digital transfer in a more universal way. That digital card isn't going to work with a laptop very likely. I have no idea how they work, as I've never had someone attempt to use one. If my phone is dead or not on me, it's useless. If my phone doesn't have your app, it's useless (I presume.) If I don't have the right kind of phone, I'm annoyed that you made me keep trying something you've not tested. Paper is universal and works.

Also, not me, but I know a lot of people who use paper cards as little note cards to write additional info on. Can't do that with the digital.

@notverypunny said in Tactical RMM:

Is there a general consensus with regards to the "appropriateness" of using Tactical in a production setting?

I don't know of any reason to question it. Most RMM I know you should be really scared of. Ninja, Kaseya, Barracuda, Connectwise... all I'd rule as totally out of the question to deploy on security grounds. Tactical is one of the few that can be short listed.