Topics created by zachary715

This is how drive testing is such a deep topic. You need to try and match the load, and consider all the things. CrystalDisk does not do that.

You can set up some really good tests with iometer. (I think that's waht it's called, i can't remember now it's been a long time and can't look it up atm)

@black3dynamite He shouldn't need to. I'm running it on 16.04 and what he is trying to do works for me.

@DustinB3403 said in Office365 on Android - Certificate Error:

While an MDM can limit what apps are allowed (or not allowed) the most simple usage is to tag company owned data.

This way if someone leaves the company with their personal cellphone, the MDM policy can wipe out anything tagged as company property.

@JaredBusch thanks for clarifying the point, that this policy is under the security settings. The app is moot to the policy being there or not if one exists at all.

To clarify further, there were no MDM policies set under Device Admin outside of what O365 already applies. I did remove that but that caused it to log out of the account/remove it and when I reconnected things, the problem went away as I anticipated. Still was curious as to why it was happening though. My best guess is what I previously mentioned about him connecting to an open hotspot and it causing the issue.

I'm hoping to [finally] score a new laptop. I got my eyes on one. Just waiting for a big check in the mail... or win the lottery, lol.

@ambarishrh said in Office 365 Reports:

Not sure if you've checked the compliance center in O365. There are lot of audit tools available like Manage Engine o365 audit. I just found this as well (haven't tested but looks interesting)
https://gallery.technet.microsoft.com/office/Office-365-Auditing-Tool-01747cd4

Hey, yes I have checked the Compliance Center. I've setup some alerts from here but it's hit and miss really. Then you have the Azure portal which gives you other reports. They're scattered everywhere. I'll check out the link you referenced. Thanks

@zachary715 said in How to receive e-mail alerts from internal devices:

Do you guys go beyond the SPF records and also implement DKIM or DMARC? I've looked into these briefly but not much. DKIM looks fairly straightforward with Office 365.

I've checked them both. I will not implement DKIM anytime soon. It adds little on top of SPF.

DMARC is a layer on top of SPF and/or DKIM you cannot use DMARC without one of the other in place.

All DMARC does is tell the recipient system what to do with a message that fails the SPF/DKIM check. Instead of letting the recipient system decide what to do about it.

@scottalanmiller that's exactly I was trying to point out. Storage for the camera footage is important not just in terms of available space. There may be a case where the OP would need to directly access his recordings in case of emergency to provide them to the authorities when the host is no longer available (stolen) or damaged. Having them stored on a separate NAS inside a shared folder would certainly make the above job easier. Having said that, this can also be done by simply backing up the video files elsewhere or syncing them offsite.

@black3dynamite said in Least Privilege Accounts Setup:

@zachary715 said in Least Privilege Accounts Setup:

@jaredbusch said in Least Privilege Accounts Setup:

@jaredbusch said in Least Privilege Accounts Setup:

@zachary715 said in Least Privilege Accounts Setup:

@jaredbusch said in Least Privilege Accounts Setup:

I create an AD account specifically for local admin rights.

This account information is ususally given to department managers.
So if software or something needs installed, and they choose not to contact me, they can.

They are also warned that fixing something will be billed...

So you have one AD account setup that multiple department managers use when they need something that requires admin privileges? And then what you give that account local admin rights on each machine, or give it some sort of admin authority within the domain itself?

That account gets local admin rights only. No other access.

If I was an on site IT department, I woudl probably do it a bit different. I would have time to experiment and setup better methods.

Yeah this is what I'm going through now and why I'm coming to the community to get input. Trying to think through this carefully and make sure I do it right and the way I want it done the first time.

With the help of GPO Preferences, you could take advantage of using Item-level targeting for Local Users and Groups to fine tune who should have local admin privileges depending on the user, groups and/or computers.

This is what I do. Works like a champ.

@scottalanmiller said in Botnet Security Alert on Sonicwall:

@tim_g said in Botnet Security Alert on Sonicwall:

@scottalanmiller said in Botnet Security Alert on Sonicwall:

@tim_g said in Botnet Security Alert on Sonicwall:

@scottalanmiller said in Botnet Security Alert on Sonicwall:

@jaredbusch said in Botnet Security Alert on Sonicwall:

@scottalanmiller said in Botnet Security Alert on Sonicwall:

@jaredbusch said in Botnet Security Alert on Sonicwall:

@scottalanmiller said in Botnet Security Alert on Sonicwall:

@tim_g said in Botnet Security Alert on Sonicwall:

Latest news is saying a half million sized botnet is mining line to, and one of the targets are Linux SQL servers.

What's a Linux SQL server? Anything running a relational database? How do they target them?

I assumed that one meant Linux servers running MS SQL.

I had thought of that, but that seemed so unlikely.

Not really. I mean you know how good Windows people patch right?

That's true. But it seems like a worthless target. How many of these can there be yet?

Probably nothing outside of labs / testing.

Why would you run MS SQL on Linux when an MS SQL license includes an OS license?
Why would you run MS SQL on Linux when there are better options to run on Linux?

MS SQL licenses include an OS license?

Maybe not. I thought about it again and I think I got that mixed with System Center including an MS SQL license.

Ah, okay. I was really confused there. I've always priced it out with Server + SQL Server licenses and CALs. Was hoping I hadn't been adding all that in extra all this time 🙂

You were not doing it wrong.

@travisdh1 said in Securing NextCloud:

@zachary715 said in Securing NextCloud:

@travisdh1 said in Securing NextCloud:

I forgot before: You can also login to the admin interface and looking at the settings page. It'll give you a list of performance and security optimizations with links to instructions on how to make the changes.

Yeah that's where this all started. It only states that I need to...

Modify/enable the HSTS header to at least 15552000 seconds PHP OPcache not properly configured and to make changes to the php.ini.

From that though, I got to the hardening and security guide and started to go even deeper down the rabbit hole.

I know you're doing this to learn, so this probably isn't needed at the moment. @scottalanmiller's guide to installing NextCloud with Salt has all the settings correct already according to that settings page.

Nice. Good going @scottalanmiller.

@Donahue said in How to Migrate NextCloud Data Location:

@scottalanmiller said in How to Migrate NextCloud Data Location:

@Donahue said in How to Migrate NextCloud Data Location:

why would you want to have /data/data? And if you were going to do this on purpose, why not make the link to /data/data instead of just /data? Unless I made a fundamental mistake or misunderstanding (possible), when I tried to follow your directions without the ".", I wound up with an extra /data in the middle of the path when then should not have been one.

I treat the top level /data as a universal. Every system that I use with broken out storage uses /data. Then whatever folders are needed are under that. That both the top level from me "/data" and the folder from the vendor "data" are similar is a happenstance overlap. I used both to keep a standarad.

I see. It just seemed redundant.

Beyond standardization, it also has the benefit of allowing the mount point to go elsewhere and still appear as expected.

Keep in mind that there is no need for it to be /data/data, either one can be renamed anything that you want. You could make the mount be /phymount2 or you could make the second one into /data/ncstuff or whatever you want.

Because you are linking to the second level, the name to which you link need not be the same as what you call the link itself.

I had a big intention to use Android Pay regularly but have found myself using mostly just to touch in/out for travel lately. It just hasn't progressed much in terms of features other than contactless which every single other card I have has.

I'm now looking more at the cards that banks/sudo-banks are releasing, those that

Allow me to combine multiple cards into one, giving me a physical card, letting me to change the card used to another after the purchase (Curve) Support crypto currencies (Wirex - 25% discount link) (TenX) (Monaco) Support for multiple currencies and low xfer rates (Revolut) Let me create a business account in minutes (Tide) Intelligent banking apps (Tandem) Bankless Banks (BABB) Banks for Banks (ClearBank) Or just new banks in general (Monzo) (Starling) (Atom) (Monese) (Pockit)

@jaredbusch said in Notorious Short-seller labels Ubiquiti Networks $UBNT as FRAUD:

@zachary715 said in Notorious Short-seller labels Ubiquiti Networks $UBNT as FRAUD:

Additionally, the Cavs aren't publicly traded, therefore there aren't necessarily shareholders who are pushing him to make the Cavs as profitable as possible.

Not public, does not mean there are not shareholders. Just that they are not traded on a public exchange.

Haha I knew when I typed that someone would say that. I almost spent extra time clarifying, but didn't. Yes there are possibly other shareholders/part-owners involved. Those few individuals can scrutinize the ownership/financials all they want for their company. (If they want to sell, it's probably a bit more convoluted than just hitting up ETrade.) The general public has no view into that info though and it's mostly irrelevant to them. In the case of UBNT, it just applies to a wider audience since there are many more investors that they're relying on to keep happy and keep the company's value as high as they can.