@stacksofplates said in KVM or VMWare:

@pete-s said in KVM or VMWare:

It isn't the ability to automate that is the problem. It's the availablility of easy to use tools that is the problem.

Thats the whole point I'm making.

KVM is hard to automate. Not that it's impossible, but the tooling doesn't exist to where you can easily automate like with VMware.

Agreed, and I don't think that that's the point of concern here. The issue at hand should be "does that automation that VMware offers get used by or should be used by the OP?" I believe that the answer is no to being used today and likely no to should it be used. It's a very small deployment. The overhead to the automation, even when you have VMware, is too high. And regardless, even if we agree that it should be used, probably because an MSP/ITSP is brought in to effectively make the environment larger and changing some of the scale discussions, the bigger question would be "will the OP's environment opt to do that anyway?" If that answer is "no", in the practical sense, then the automation point becomes moot.

I "think" we can all agree that VMware has better standard built in automation. And that KVM is completely automatable if you put in the extra, non-standard effort. So if we were considering standard automation then VMware would have an important edge in that area. That point shouldn't be in dispute. We can argue how close KVM gets, while still being behind, sure.

But the key point here, for me, is that I believe based on knowing the environment a bit that that automation is not, and won't be, used if VMware remains.

I do the same thing for QuickBooks Database Manager that runs on a domain controller. Intuit made the decision to use ports that overlap the DNS Server ports and cause QBDBMgr to stop running. My powershell script checks the status of the QuickBooks services and if they are stopped restarts DNS Server and the QB services. Ugly but it works.

@dashrender said in Understanding STUN???:

@scottalanmiller said in Understanding STUN???:

@jasgot apparently Unifi uses STUN for some UDP traffic stuff in some cases. None of the normal stuff, must be log shipping which is a communications channel. They recommend having the port opened and forwarded. But it shouldn't cause problems. They noted that they only added the warning recently so it might have always had the issue without reporting it previously.

If by recently they mean 3 years ago, then I guess that was recent.. I've been having those errors for what seems like ages.

Correct, this has been there for ages now. STUN errors are common on Cloud Controllers which is all we have.

How long before everyone bitches about the decline in customer service and quality like they did for LogMeIn?

@gjacobse said in SAS 10k 600GB Drive RAID Adapter:

I haven't done any research as of yet, but a friend has more than 30 SAS 10k 600GB drives that he'd like to see about testing for use. Only thing is that he's having some trouble finding an appropriate controller.

Hitachi and HGST are the main ones, with some Seagates in the mix.

Is there a suggested card that would drive, that doesn't require server class hardware?

Cards rarely, if ever, have hardware requirements. But also, a card doesn't likely make any sense for this use case. Plus the key factors in the use case, like cache and RAID level, are not mentioned.

But 99% chance, software RAID is appropriate here.

Updated Script - Which does work.

@Echo Off Echo. Echo. POWERSHELL Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -force Echo Setting ExecutionPolicy timeout 2 >nul POWERSHELL Install-Script -Name Get-WindowsAutoPilotInfo -force Echo Getting AutoPilotInfo timeout 20 >nul POWERSHELL New-Item -Type Directory -Path "C:\HWID" POWERSHELL Set-Location -Path "C:\HWID" POWERSHELL Get-WindowsAutoPilotInfo -OutputFile "C:\HWID\AutoPilot_HWID-%computername%.csv" Echo Saving AutoPilot Info timeout 5 >nul Echo Copy to NAS xcopy "C:\HWID\AutoPilot_HWID-%computername%.csv" "\\10.7.20.27\IT Resources\!!!_HWID_!!!" rmdir /Q /S "C:\HWID" pause

Added rmdir for clean up.

@gjacobse said in Windows Terminal: Runas:

@Obsolesce
That didn't help either....
465abf1b-b0c7-4e97-8d88-29df801bb63e-image.png

Are you sure there isn't a policy from something blocking the execution of it?

@voip_n00b very good point, thanks!

@jasgot said in Good deal on 14TB drives - BestBuy:

Anyone know what drive is inside?

Model #: WD140EDGZ-11B1PA0 I read on Reddit that they're Helium Filled 7200 relabeled Reds.

@pete-s said in Microsoft VDA?:

@scottalanmiller said in Microsoft VDA?:

Otherwise, if it were free, you would just pop Hyper-V onto any PC and avoid buying the OS license (when used remotely.)

Possibly but I wouldn't call it free if you need the VDA license.

Kinda, but that's only an access license and only remote. You need some other license for it to be local separately.

@scottalanmiller said in Container core technology?:

@pete-s said in Container core technology?:

So whatever container solution you run, the core technology is the same.

It varies a lot. Docker is a super lean container tech, meant to run a process and its tightly coupled processes. But LXC includes the entire operating system sans kernel. So if you are using LXC containers, you can run Ubuntu on Fedora, Fedora on CentOS, CentOS on Ubuntu, Alpine on Ubuntu, CentOS on CentOS... the sky is the limit as long as they are okay sharing the same kernel compilation settings and version.

You can run an init process in an OCI container. It's assumed you pretty much won't but it is possible. It's helpful for testing some things and makes it work similarly to something like LXC/LXD.

@dbeato said in I've been asked to set up MFA on internal computers and servers:

@scottalanmiller said in I've been asked to set up MFA on internal computers and servers:

@notverypunny said in I've been asked to set up MFA on internal computers and servers:

@dave247 said in I've been asked to set up MFA on internal computers and servers:

@notverypunny said in I've been asked to set up MFA on internal computers and servers:

@dbeato said in I've been asked to set up MFA on internal computers and servers:

@dave247 said in I've been asked to set up MFA on internal computers and servers:

@notverypunny said in I've been asked to set up MFA on internal computers and servers:

As far as the internet connectivity issues are concerned, AuthLite has 0 dependencies apart from AD. It can also integrate with NPS / RADIUS + AD to provide MFA to just about anything that can use RADIUS.

It's also per-user perpetual licensing 🙂

oh nice, I will check that out immediately. I was looking at Duo too (of course) so I wonder how that compares. I like the idea that it has no other dependencies than AD - that's perfect for our current environment.

Yeah, DUO has dependencies with their service and if the computer doesn't have internet it has the option to let you login without a prompt so that happens. Not sure if AuthLite does the same.

Authlite has support for offline logins (meaning if the machine can't talk to a DC), it just requires the installation of their client on the workstation / server / endpoint in question. You can also require / enforce 2FA on your endpoints.

Here's a thread where one of the authlite guys gives a quick comparison of AuthLite vs Duo.
https://www.reddit.com/r/sysadmin/comments/ct9m31/duo_vs_authlite_for_ad_mfa/

Duo seems to be the easiest and I've been playing with it with the tiral. Its super easy to configure it so without Internet or Duo service connectivity, MFA is bypassed. So in the event we have an Internet outage (happens 2-3 times a year here), users will still be able to get into their computers.

OK.... but then the only thing that you have to do to bypass the security is pull the network cable, right? Unless there's some other requirement it seems like a massive security hole.

I guess "knowing to unplug the cable" is the second factor? 😉

Also you can disable that setting and it won't let you login at all in Duo.

My main problem with this is that we lose internet connectivity a few times per year and people won't be happy if they can't get into their computers. We have limited providers in our small and rural area. I would do offline codes but apparently that is per/pc and we have quite a bit of computer sharing, which would essentially mean people would have to deal with the offline registration pop-up on every pc and/or have an offline MFA added to the app for multiple computers. If I find a good way around this in time, I will disable MFA bypass when offline.

@irj said in Does Mesh Central support blanking remote screen:

@krzykat said in Does Mesh Central support blanking remote screen:

@dustinb3403 said in Does Mesh Central support blanking remote screen:

With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.

Of course we are the domain administrator as well so...

Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.

Insider threat is the number one threat.

Yup, although even MSP support is still "insider" when used in that context. But it is true, employees of the primary company are a bigger threat than insiders of a secondary.

@dashrender said in Slow "internet" customer says...:

have you actually loaded a single AP with 2-300 devices?

Yes. It works just fine because that is the spec it was built to handle.

@rjt said in Who do you call for IT assistance:

@scottalanmiller As someone who has had to deal with vendor supplied hardware and software for a medical practice, I have come to firmly believe vendors are the enemy, a $very $very $expensive enemy.

Yup. In some cases, a true enemy. In others, just on the other side of the chess board. It's not always malicious, normally it is not. But their interest are very, very different than ours and their financial responsibilities oppose ours. So they are stuck either being ethical to their employers, or ethical to the people they are paid to convince to do things not in their interest.

If they are true to their employer, they can be ethical across the board. If they try to be good for the customer, they have to be unethical to their employer. A nonsensical situation.

@danp said in Why We Recommend Against OpenFiler:

@scottalanmiller said in Why We Recommend Against OpenFiler:

I saw it mentioned in another ancient threat.

freudian slip? 😉

LOL, indeed.

Why WSUS and not Windows Update for Business? It's so much better.

@srsmith said in Dynamics 365 issue - no idea how to fix:

Finally have a temporary solution for this issue. The MSP has put a temporary workflow in place that can be manually run on one or more work orders to generate the documents and attach them as notes to the record. Not ideal, but it works for now and surely beats having to manually create the documents by copying / pasting the data.

@travisdh1 said in Dynamics 365 issue - no idea how to fix:

have them open a ticket with Microsoft

Thanks again for the suggestion - since the MSP has determined that this issue isn't caused by our environment, user permissions, or templates, they did precisely that. Now we wait to see if this is a issue with an update or from something else going on...

Good luck! Microsoft "support" is always a pain with a go-between stuck in the process.

@scottalanmiller said in Laptops versus desktops and roaming users:

@irj said in Laptops versus desktops and roaming users:

@obsolesce said in Laptops versus desktops and roaming users:

I've not worked in hospitals but can image them with different needs and device purposes.

I worked for an 18k employee hospital system. All the support staff (IT, administration, etc) had laptops. The hospitals themselves used desktops as shared stations, but even administrators (or anyone with an office who didn't use shared computer) at hospital locations used laptops.

I work with doctors and we see desktops over laptops. Lots of laptops, to be sure. But desktops remain common that we see. Even in current green field deployments.

Oh - for the doctors themselves - absolutely, in general it seems they don't want to carry anything around with them, so that leaves desktops as the primary interface for them.

In hospitals in-patient care I generally still desktops also generally with swipe care access, at least on in room computers.