@scottalanmiller said in MS SQL Server 2016 on Windows Server 2019?:

Trust me, we tried to go Linux. But it just didn't work out.

OH NOES!

@Dashrender said in Is RDP viable practice for LAN remote session?:

@AshKetchum said in Is RDP viable practice for LAN remote session?:

Is RDP viable practice for LAN remote session? I know RDP is a big NO over internet, but is it a good security practice to use RDP in LAN? Jumping from one server to another using RDP is quick and easy.

Curious - What OS are you going to use this for?

This is for use on the LAN. Really any reasonable use case is just fine.

@IRJ said in encrypted email options?:

Another advantage is that you control the data until they download. Which means you can set links that expire or remove content at anytime. Could the user have downloaded it, sure. However, you control the full delivery process and can actually remove access at anytime. An email will sit in their inbox forever.

Well, think of the email as having been downloaded and now they are the same. In either case, if the patient automatically downloads everything and just leaves it somewhere, it's just there forever. In both cases, you don't care.

@Dashrender said in MSTP with multiple instances - Yea or Nay:

@notverypunny said in MSTP with multiple instances - Yea or Nay:

@scottalanmiller said in MSTP with multiple instances - Yea or Nay:

Are the VLANs needed? What are they for?

Traffic isolation / functional separation / security. Servers / Management / endpoints / VDI / Wifi / telephony etc etc etc

One would ask if any of those are needed today?
Functional separation I could see if you have two desperate networks but need to use a single ethernet fabric. I have that, my Guest WiFi has it's own firewall and own internet connection, yet we share the APs. it's on it's on VLAN with no routes between prod and guest.

But on the prod side, in a LANLess world, is that really needed? Of course, few of us likely actually have LANLess set ups.

Skimming through the LANLess explanation @travisdh1 posted a while back, I think we're somewhat a mashup of it and segmentation. Some of the VLANs in question are end-point only and as such the security isn't as tight as the ones that are used in the server-room / data center functions. If I were designing something from scratch, LANLess would certainly be something to consider, but since this is far from a new build, I doubt I could start to justify the headaches that changing VLANs and IP addressing would entail.

To come back around to my initial question, can anyone point me to any pros / cons with regards to having multiple instances of spanning tree given that we no longer have 2 devices acting as root bridges?

That's awesome.

http://kapothi.com/switch-windows-10-license-kms-mak/

I'm not even sure this will work but try the following commands and skip step 4.
After uninstalling the KMS license, maybe running cscript slmgr.vbs /ato all you need to activate your Windows 10 upgrade license.

@WrCombs said in Unrouted Wireless Network setup:

I'm sure there's some degree that it's different, because Tablets memory and Storage is no where close to a Desktop PC. but it the OS runs the exact same.

The fastest computer in my house is a tablet. Intel i7 9th gen, 16GB RAM, NVMe storage. Way faster than any of our laptops or desktops.

Tablet is just a shape and while they can't contain the power of a giant gaming rig, they can do anything a laptop or normal business desktop can do. It's literally just the shape.

@Dashrender Here you go:
https://mangolassi.it/topic/19453/skyetel-relationship-pricing

🙂

We are using Teams and Slack so it has been working fine. Too many chat applications that are free and available...

Maybe this?

https://superuser.com/questions/819329/terminal-server-rdp-with-local-admin

@matypro Hi.. to help you on this, I need to clarify two points (maybe you know that, but just in case). To enable Active Agents on Zabbix, there are some things:

Set agents as active - this is the most important one due to this configuration enables the active communication, so to do that: Set ACTIVE agents and server, set the port 10051 TCP (localhost on server, and Listenport on agent) On Zabbix Server you will find the "Template Os Windows", (also available for Linux and Mac), so full clone it and change the name (ie. "Template OS Windows Active") and add/LInk on it the "Template AppZabbix Agent Active" which is available on your list of preconfigured templates on Zabbix server... once you do that, you´re ready to setup, actually you don´t need to setup the IP of the agent on the Zabbix server (that´s required only for Passive profile), just ensure that it containt the Agent name.

Now your Server and Agent are on active mode, you may find a world of options about the data you need to get on active mode, but some such as network, processor or memory are ready out of the box from these templates.

If you need more help just let me know

We run MC as root. It's the only function on the VM so the idea that running as root as so terrible is really moot. Is it ideal? No. But is it a big deal, absolutely not. That's FUD. If the app is compromised the host is already 100% in danger. Running as root or something else doesn't change anything that matters when it is run correctly overall in a single isolated environment. But it makes updates and stuff SO much easier.

@IRJ said in Verify authenticity of a text thread from a screenshot ...:

@JaredBusch said in Verify authenticity of a text thread from a screenshot ...:

@IRJ said in Verify authenticity of a text thread from a screenshot ...:

@JaredBusch said in Verify authenticity of a text thread from a screenshot ...:

@IRJ said in Verify authenticity of a text thread from a screenshot ...:

Yeah this is honestly either block the number or contact law enforcement. It's not an HR thing, tbh. You cannot get any valid proof.

Company policy could easily make it an HR thing that could cost the other person their job.

Without valid proof?

Proof has nothing to do with if it is an HR thing or not. It is an HR thing if company policy has something about employee behavior between each other that is potentially being violated.

If so, then it is HR's job to deal with things like proof and facts. While doing so, HR can also determine to send it to the authorities even if the recipient does not. Or just keep it as an internal action such as discipline up to termination.

So I create a fake text and get someone else terminated?

Cell companies arent going to turn over texts to HR departments. They would have to get law enforcement involved. So there is basically no way to verify if it is real without getting law enforcement involved.

That's correct. HR departments just don't have the rights to force companies to turn over that kind of data.

Try this instead:

$FolderPath = Get-ChildItem -Recurse -Depth 2 -Path "P:\Public" -Force

Where -Depth is the how many levels deep you want to go.

If you want to see what a cmdlet can do, you can use:

Get-Help Get-ChildItem -Full

@crustachio said in L2 network head scratcher, losing pings to Management VLAN:

Post Script:

Immediately following my last "solution" update, I drove over to the remote site to button things up. En route I noticed a work crew standing around a concrete bridge over a small canal, which our fiber conduit happens to runs alongside. The bridge had just collapsed (nobody injured thankfully). Conduit is torn apart pretty good but the fiber is still in tact. Not sure it will stay that way, I can't see how they'll get the bridge removed without disturbing or removing that conduit entirely. There's also a gas line that runs alongside which complicates things further.

There's never a good time for something like that, but this was just plain uncanny.

oh man - at least you still have the wifi beam connection option.

@Obsolesce

Thanks. That looks to be a good reference and read 🙂

@scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky:

@stacksofplates said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky:

@scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky:

@stacksofplates said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky:

@scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky:

@IRJ said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky:

@scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky:

@IRJ said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky:

Admin roles are also dying with immutable infrastructure and HA. Designing a system that is immutable and highly available isn't expensive or time consuming on the cloud anymore.

But someone is still designing the initial system and someone (maybe the same person) is managing it.

Yeah so you don't have an admin here as you admit. You have an engineer designing the system and replacing the system if there is issues. It's all design and no maintenance. Maintenance is automated during build.

Not in the real world. That's a nice theory, but applies to effectively no one anywhere. In the real world, engineering almost always is a trivial effort that involves almost no time, skill or planning, and all the effort goes into years of administration that deals with that haphazard system.

That's completely false. Engineering is almost always a trivial effort......

It's completely true and I've given example after example. In the real world, engineering is generally done without planning or resources and it works enough for people to accept it. Then all the effort is hoisted onto administration. You can argue, but you can't deny that this is what 95%+ of the market does.

No you gave an example of FreeNAS and have completely ignored things like SRE where design upfront including architecture, engineering, coffee design, IaC, etc are all roles for the engineer. Immutability is vital and SREs are embedded in specific teams and only supporting that application.

Yes, but the difference is my example represents nearly the entire market. I didn't say that there weren't exceptions. But that's what they are.

Outside of F500 maybe but outside of F500 you don't normally have systems engineers and systems admins.

@dbeato said in Exchange Database and User Login Report Marriage:

@Texkonc So you don't need the Mailbox status and all that? I just don't understand that requirement?

Yes I do, but I also need these other attributes.

@taurex said in Share From Synology Stopped Working:

On a side note, why on Earth are you using SMB1 protocol? Turn it off everywhere, It's insanely insecure. Ransomware loves SMB1. Also, turn on SMB support on the Synology all the way up to SMB3.

Probably because it was on by default when things were set up. You do not normally even see that screen when setting things up.

@VoIP_n00b said in IPsec Site-to-Site:

Is using a IPsec Site-to-Site VPN safe?

Using a site-to-site VPN is not safe in the first place. It completely bridges two disparate networks. Allowing an attacker on one network to attack the other network, without anything blocking it.

If you are fully prepared to trust everything on both networks, then sure, use it.

Yes, you need to use only known good ciphers. That is no different than any encrypted communications.