@eddiejennings said in Icacls: Granting WO access to folder:

I would make a group for the users that need to access this folder (even if it's a group with only one user).

User also needs to map two drives (unc\path1 and unc\path2) that are on a server. The folder %programdata%\liberty software is not and does not need to be shared or mapped.

User logs into the server (via RDP?), needs two drives mapped to some other locations that's not %PROGRAMDATA%\liberty software, and needs write access to %PROGRAMDATA%\liberty software on the server, correct?

No RDP in this case. Locally installed application.
Yes - agree that a GPO using a security group would be better -

@scottalanmiller said in Need backup solution to replace Veeam:

I like ProxMox, the backup mechanism is built in and free.

Built in and free only for full backups to local storage (of course you can mount something to appear local).

ProxMox Backup Server is a separate product the you install separately, and has its own subscription apart from the ProxMox Virtual Environment subscription.

But that is what you need to get incremental backups.

I just set one up tonight actually. I setup PVE on Sunday night. Migrated VM's on Monday. Yesterday I setup replication to the second host. Today I just setup the Backup Server.
a970c438-6c8f-4d3f-a2be-a279249642f5-image.png

@marcinozga said in Proxmox initial setup annoyances:

You may have to clear browser cache to fully get rid of the nag. Mine kept coming back, clearing caches got rid of it.

I run this prior to ever opening the web interface, so never an issue.

@roopankumar said in WiFi router connectivity:

will the laptop can use the router for internet...

You mentioned a wifi modem. Technically a modem and router are different things. We are guessing you mean that you have a consumer router / firewall / switch / access point / modem all in one. But that's a bit of a guess. There's no info in your question. So based on nothing other than "what people tend to buy and call these things", yeah, likely your setup will work.

But do we have anything to go on to determine this? No, not a single detail that we'd need to know to actually determine it.

A client of mine is getting out of a situation like that with Cox.

Cox charged like $80/m originally per phone for 4 phones - they installed the cable, the switch, the UPS, then 5 years ago lowed the price to $50/m/each.

Now they are moving to FreePBX, paying their own hosting fees, and bought the phones outright. Monthly bill fell by approx 75%

@jaredbusch said in Nginx Proxy Manager:

@stacksofplates said in Nginx Proxy Manager:

To be fair, I prefer to use nginx with k8s,

I don't see the benefit to Kubernetes in the small shops.

It genuinely makes things a lot easier. It's really easy to get up and running. Rancher makes federation really easy. Monitoring and central logging can be handled through a single helm chart. mTLS can also be handled through a single helm chart. Service discovery means your networking just works. Developing containerized apps is multiple times easier than developing legacy apps. 12 factor apps make setup easy.

It's much easier than using config management/infrastructure automation to manage multiple vms.

@stuartjordan said in O365: KUDOS:

A money gesture can be nice and encouraging, but so can someone from high management to sit you aside and give you kudos personally. Sometimes personal thank you can mean so much more.

No disagreement there -

Use SSH keys and whitelist your IP using Vultr firewall. When your IP changes, login to vultr console and add it.

Much safer and way easier.

@dustinb3403

Oh, yeah that changes things... advanced ip scanner as others have suggested might be the safest thing.

We've pushed the config to "Disable the “Allow Print Spooler to accept client connections:” policy to block remote attacks."

Option 2 at the link below:

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527

@obsolesce said in One more Endpoint Manager - open source - what does it sounds?:

@scottalanmiller said in One more Endpoint Manager - open source - what does it sounds?:

@imager said in One more Endpoint Manager - open source - what does it sounds?:

Windows servers are still relevant. Not everything can be accomplished on Linux.

So no rebuttal? No one suggested that Windows Servers aren't relevant, that was a very emotional response to saying that "requiring a specific OS" was a ridiculous problem to have in this day and age. Your response gives the impression that you are internally struggling with ascribing value to Windows and sense any suggestion that they are not absolutely necessary as an attack on your own value. Let it go dude, our professional value is not tied to vendor products. As IT folks, we can't care about one product over another, our whole value comes from being above that stuff. That's for best buy workers and Internet trolls, not business infrastructure decision makers who need to stay focused on how our decisions drive profits.

You make the wild claim that not everything can be accomplished on Linux. This flies in the face of all known programming knowledge since the beginning of computers. Care to elaborate what you know that no one else in the industry knows?

To add, the need for IT to run any server OS, on hardware or virtualize, is really starting to dwindle. With the direction modern management and practices are going, I can see both SMB and enterprise use of servers going the way of the Dodo.

While I generally agree - there will always be cases where situations warrant the performance of proximity to their data. Though I suppose this could be offset by putting both the data AND the desktop in the DC - then it's about the performance of the interface to that desktop. And as Scott loves to continue to mention, the US is a practical 3rd world country for internet access 😛

@scottalanmiller said in Multiple Virtual Disks and Application Performance:

Remember.... just because you are virtual does not imply that your storage is virtual, nor does virtual storage imply that the storage will be shared between workloads or VMs. None of that is implied or suggested in going virtual. You still maintain all proper storage management decision making when virtual as you did physical. You don't get to give any of that up.

In restrospect, I probably ought not have included the System Center Dude stuff in the discussion, since it seemed to just cause confusion about what I was curious.

You still maintain all proper storage management decision making when virtual as you did physical.

I believe this is the greatest takeaway from the discussion. Regardless if the environment is like the one I'm in where ultimately one physical storage device is hosting all of the virtual storage within the VMs.

This is how he should be deploying.

https://registry.terraform.io/providers/taliesins/hyperv/latest/docs/resources/hyperv_machine_instance

net start servicename

Or restart etc.

Yeah i'm just copying the image to a new file and using gimp to add the values where i need them 🙂
Guess i'll get quicker at it the more i do it.

@callimarie said in Run virt-manager on Windows 10:

uhh i keep getting this error "The libvirtd service does not appear to be installed. Install and run the libvirtd service to manage virtualization on this host."

So did you do what it said?

@dustinb3403 said in Checking multiple Directories to confirm all files are identical:

I know I could use a tool like Create-Synchronicity to force 1 other directory to match the source, but I would prefer to find and list the differences in the directories.
Maybe powershell can help?

Yeah, PowerShell can help with this in the same way closing the front door of a house will fix a fire inside of it.

@flaxking said in Windows Defender Application Control:

@obsolesce said in Windows Defender Application Control:

@ccwtech said in Windows Defender Application Control:

@obsolesce said in Windows Defender Application Control:

@ccwtech said in Windows Defender Application Control:

Has anyone played with Windows Defender Application Control, specifically Group Policy to turn it on for each workstation?

I have a request from a client to do this, but I am very leery of using group policy for something like this.

Are they all running Win 10 Enterprise?

For sure no... Win 10 Pro.

Then it won't work as it's a requirement.

I think specifically it's using Group Policy for WDAC that's enterprise edition only, right?

Yes, you can use it in Pro, just not enforced by a GPO

You still should be able to run powershell via manage engine Desktop Central. https://www.manageengine.com/products/desktop-central/powershell-script-as-a-package.html

It looks like you can run locally leveraging Desktop Central. You aren't doing powershell remoting.

@frodooftheshire said in Safely transferring sensitive information:

Hi everyone,

I have a non profit client that asked me yesterday about sending/receiving sensitive information (SS numbers for example).

Currently when they're looking for volunteers data is sent from the volunteer's email address to an employees account (in charge of finding volunteers & using Google Workplace account) and then to the director's email address (Again Google Workplace account).

They were looking to implement DocuSign to more securely handle this process but I wanted to see if anyone else had any other recommendations.

DocuSign is for e-signatures which doesn't sound like what is needed.

How about a secure form app? Sound like it would get the job done much better than email. Formstack for example seems like a good example, I'm sure there are plenty to pick from.

Non-profits often have different pricing as well.

@dashrender said in WinRM: Security Question:

@gjacobse said in WinRM: Security Question:

@stacksofplates said in WinRM: Security Question:

https://www.manageengine.com/products/desktop-central/help/computer_configuration/executing_custom_scripts.html

Thanks -
Guess it will have to do... sigh.

I wonder if you can run powershell scripts by typing powershell first?

Is there a way to copy files to the computers with ME?

Seems like it is possible.

3c712099-6a8d-4e24-8fde-67a9e53cdbf3-image.png