|
MF_James posted:PDQ just bought smartdeploy, which is an imaging and agent based software control tool, so PDQ might finally be getting an agent and able to manage remote devices. I assume at minimum a year out since they have to integrate. This is cool because when they built an agent in house they kept having problems with it.
|
# ? Feb 2, 2022 21:26 |
|
|
# ? May 30, 2024 07:16 |
|
AreWeDrunkYet posted:Since when can't you deploy scheduled tasks with GPO? They never show up on the machines (the GPO applies to the machine, though) A lot of these are factory floor machines so we can reboot them at 2am or whatever. The rest are office worker laptops that people never turn off.
|
# ? Feb 2, 2022 21:45 |
|
What's gpresult say?
|
# ? Feb 2, 2022 22:13 |
|
Thanks Ants posted:What's gpresult say? It shows the GPO like you would expect. But the task is never created.
|
# ? Feb 2, 2022 23:33 |
|
Not sure how they are doing it with Intune and frankly I don’t care, but our desktop team has a large reboot nagger that pops up frequently if your laptop hasn’t been rebooted for more than a couple of weeks.
|
# ? Feb 3, 2022 00:04 |
|
Bob Morales posted:It shows the GPO like you would expect. But the task is never created. I wonder if the tasks are being created as the system user
|
# ? Feb 3, 2022 00:05 |
|
devmd01 posted:Not sure how they are doing it with Intune and frankly I don’t care, but our desktop team has a large reboot nagger that pops up frequently if your laptop hasn’t been rebooted for more than a couple of weeks. Ours aren't in intune yet...
|
# ? Feb 3, 2022 00:25 |
|
If you don't have access to your RMM/MDM tools, fix that first.
|
# ? Feb 3, 2022 00:26 |
|
Internet Explorer posted:If you don't have access to your RMM/MDM tools, fix that first. We can't buy anything until we get rid of the MSP (a few months?) I was hired and so was a helpdesk person. They are just an annoyance at this point. And now my boss keeps buying a mishmash of vulnerability scanning products and antivirus and dlp and patch management instead of trying to buy stuff that makes sense. We might hire a security person next!
|
# ? Feb 3, 2022 02:10 |
|
I understand there's a certain CISO in the market right now...
|
# ? Feb 3, 2022 02:24 |
|
Bob Morales posted:Vulnerability scanning products! Nothing better that your director demanding fun stuff like this, demanding reports, then having zero idea what any of it means.
|
# ? Feb 5, 2022 06:49 |
|
The Fool posted:This is cool because when they built an agent in house they kept having problems with it. They just didn't have the in-house skills to make a scalable non-connection-stable agent. They tried as all hell, which was interesting to see. These acquisitions are really in the right directions for em: the "windows+domain+LAN" paradigm worked well for a long time but it's definitely a post-ADDC domain world. If they're owned by a equity partner going out and doing M&A for the tools they need to make really good value sense.
|
# ? Feb 5, 2022 23:26 |
|
Our backup software doesn't appear to be able to restore hyper v machines to azure Can I just restore the files to some storage and convert them to an azure vm or import them or soemthing? Just thinking about it waiting at a light in the car, I guess I'll play with it tomorrow MSP wants to do Azure disaster recovery but we don't really need or want to pay for a replicated environment with near instant cutover
|
# ? Feb 11, 2022 00:24 |
|
Just use Azure Site Recovery if that's the objective. Azure isn't just another Hyper-V host and the work required to migrate a Hyper-V machine to Azure is not insignificant. Trying to restore Hyper-V backups into Azure while the poo poo is in the fan and people are breathing down your neck to get things up is going to be a waste of the money you spend getting it ready, and it will disappoint. Have a minimal amount of VMs running in Azure all the time for things like AD and DNS, buy them on reserved instances so they're cheap. Presumably these are a bunch of really niche applications that need babysitting all the time as opposed to things that cluster nicely like Exchange, AD etc.
|
# ? Feb 11, 2022 00:40 |
|
yeah replication to azure is cheap as hell actually test your cloud networking at design load sometime, save yourself surprises
|
# ? Feb 11, 2022 00:42 |
Thanks Ants posted:Just use Azure Site Recovery if that's the objective. Azure isn't just another Hyper-V host and the work required to migrate a Hyper-V machine to Azure is not insignificant. Yea but in fairness you don’t even need an appliance to migrate Hyper-V on prem to Azure, so i would rate it as ‘could do this poo poo in my sleep’ on a scale of that to I want shove all these app owners into a rocket and pilot it to the sun myself. Edit: also I have literally never seen azure site recovery used for DR because it’s a huge pain in the rear end. It’s mostly a vehicle to convince you to migrate. Would be way shittier than just migrating i am a moron fucked around with this message at 02:26 on Feb 11, 2022 |
|
# ? Feb 11, 2022 02:22 |
|
We have 4 servers in Azure now Our 2 factor server (digital persona) web application proxy in a DMZ for said 2 factor software a domain controller ADFS We have roughly 25 servers on-prem pair of domain controllers pair of file servers (5TB?) pair of print servers (none of these are redundant pairs, one of each is the 'old' one) pair of Zscaler connectors Azure connector Trend Micro AV server SmartDeploy server data collector for SIEM Cisco wifi controller appliance Fortianalyzer appliance LibreNMS zabbix proxy for MSP licensing server some CAD thing lansweeper MSP 'tools' server heat treat server cnc machine server Another 2-3 that I can't remember. Our other location is about half the size but similar. They make propellers or springs or some poo poo I don't know. Half of that poo poo is going to be useless if we go tits up. We're a giant CNC shop, basically. If something like a fire hit the building, we aren't going to get those giant machines replaced or fixed any time soon. This isn't us but basically we have a bunch of machines that make stuff like this All of our 'business' stuff is in Microsoft Dynamics 365. Our mail is Exchange 365 as well. In theory we could just spin everything up wherever, and then connect with a VPN and everything would be back to normal. We're moving more and more files into Sharepoint. That 5TB is going to take for-loving-ever to restore. We're doing a DR plan right now so that's why it came up. In all honesty we'd just find whatever servers we could and take them over to our MSP since they have a 10gb circuit and just start restoring whatever we need. The MSP is trying to get us to go with some disaster recovery as a service DRaaS outfit. "These guys will bring a trailer over with a generator and a bunch of servers and a satellite dish internet connection so you can be back online!" I almost want to just buy two Dell R740's and just get a 1/2 rack at a data center in the other side of the state. Be easy as pie to restore all of our poo poo to that.
|
# ? Feb 11, 2022 03:27 |
|
Is it possible to get machine-based wifi auth working while using a cert self signed by the NPS server? Just trying to gauge whether I should bite bullet and buy a cert from a CA since I don't really want to stand up a whole new PKI just to auth 50ish computers.
|
# ? Feb 11, 2022 20:23 |
|
sporkstand posted:I don't really want to stand up a whole new PKI just to auth 50ish computers. Why not it’s fun
|
# ? Feb 11, 2022 20:32 |
|
To answer your question, I think it will work for computers where you can pre-install the cert in a trusted store
|
# ? Feb 11, 2022 20:34 |
|
You can use any cert for that, doesn't need to be trusted by the client at all. Only the auth server should, but not even that is a hard requirement technically.
|
# ? Feb 11, 2022 20:42 |
|
Thanks. I'm trying to lock down this wifi so that only members of an AD security group can auth to it. In my testing, it works with no issues if the security group contains users, the user just gets prompted for the AD creds and access is granted. However, if I switch to a group that contains computer objects, it no longer works. Same self-signed cert used for both network policies. I've tried manually importing the cert into the computer's Trusted Root CA store and into the Personal store for the computer. I've also tried distributing the same cert via a GPO and run into the same issue.
|
# ? Feb 11, 2022 21:05 |
|
This might not overlap completely with what you're trying to do, but it describes certificate auth without a load of PKI infrastructure https://www.youtube.com/watch?v=3Mg8p6rOLhA
|
# ? Feb 11, 2022 21:37 |
|
sporkstand posted:Thanks. I'm trying to lock down this wifi so that only members of an AD security group can auth to it. In my testing, it works with no issues if the security group contains users, the user just gets prompted for the AD creds and access is granted. However, if I switch to a group that contains computer objects, it no longer works. Same self-signed cert used for both network policies. I've tried manually importing the cert into the computer's Trusted Root CA store and into the Personal store for the computer. I've also tried distributing the same cert via a GPO and run into the same issue. You need to set the client to use computer authentication manually or through policy. You can debug by using the computer account instead of certificates.
|
# ? Feb 11, 2022 22:36 |
|
SEKCobra posted:You need to set the client to use computer authentication manually or through policy. You can debug by using the computer account instead of certificates. That was it! Had the authentication set to 'User'. Rookie mistake on my part, thanks for helping me get it sorted!
|
# ? Feb 12, 2022 22:18 |
|
I'm looking for a file copy tool that will sync files in a particular folder with another folder on a network share and it has to keep running when the user logs out. I was looking into Bittorrent clients because I want to saturate the connection (and because I don't think SMB transfers can continue upon logout) but as far as I can tell there's no way to automatically create torrent files to enable point to point transfers such that if a user puts a file into a particular folder it is automatically synched to a remote folder. So I've been searching for other options and I came across ones like Seafile, but it seems like overkill for this particular use case. Here's the actual scenario: 1. A microsope generates 8TB of data (in roughly 500GB sized files) during an acquisition session. It's saved to a local NVMe drive. 2. The data needs to be transferred to a network share. The computer has a 10GB NIC but the application won't acquire directly to the network share - we think it's the transfer rate but whatever the reason, it becomes unstable and the run dies. 3. The data needs to be transferred in the background so that the next user can login and begin their session on the scope without having to wait hours for the previous user's data to finish copying. What sort of tools should I be looking at?
|
# ? Feb 17, 2022 02:00 |
|
Maybe the destination could pull via Rsync out something similar? Alternately a third host that managed the transfer via some tool (again Rsync comes to mind.).
|
# ? Feb 17, 2022 05:25 |
|
Thanks, I hadn't considered simply sharing the files on the scope computer. Our instrument network is pretty heavily locked down and I know there's a standard policy to not enable endpoint file sharing, but it could still be an option here so I'll look into it.
|
# ? Feb 17, 2022 06:02 |
|
Personally, I'd want to keep poking at that issue with the intermittent network share connection until I was certain there's no way to fix it. It definitely sounds like it would be the most straightforward solution, if it can be made to work.
|
# ? Feb 17, 2022 07:15 |
|
Powershell can implement a file system watcher using C# libraries to look at a folder and when a file is written there, trigger some automation like creating a torrent or whatever. Can provide sample script if necessary.
|
# ? Feb 17, 2022 15:17 |
|
Yeah, that sounds pretty interesting. Please share!
|
# ? Feb 18, 2022 07:59 |
|
Not sure which thread it was, but someone within the last month or so threw out a link to an article about setting up patching GPOs, which I thought I had saved, but apparently did not. Might have been Thanks Ants that posted it? I can't for the life of me find it though, if anyone can link again I'd be super greatful. I have literally never had to deal with patch management as we've always had an RMM system that handled it all and someone else dealt with it, but now I'm getting tossed a client that has no WSUS server and like 100+ PCs that aren't patching correctly via windows update (they also want to try to block the win11 update) so I need to get up to speed quickly I suppose.
|
# ? Feb 18, 2022 16:51 |
|
Use Windows Update for Business. https://docs.microsoft.com/en-us/windows/deployment/update/waas-manage-updates-wufb
|
# ? Feb 18, 2022 17:06 |
|
This was the link I think you're referring to https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
|
# ? Feb 18, 2022 17:09 |
|
Internet Explorer posted:Use Windows Update for Business. Yeah, everything seems to be in order based on cursory looking but they're still not updating and I'm looking for more real world examples to see if something is wrong somewhere or at least a better explanation of all the possible policies involved. Thanks Ants posted:This was the link I think you're referring to Sweet thanks.
|
# ? Feb 18, 2022 17:23 |
|
Internet Explorer posted:Use Windows Update for Business. This. I turned off WSUS a year ago and it's the best decision I've made in awhile.
|
# ? Feb 18, 2022 17:55 |
|
Internet Explorer posted:Use Windows Update for Business.
|
# ? Feb 18, 2022 18:49 |
|
Cloud Trust seems to have launched to preview with very little noise: https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust
|
# ? Feb 19, 2022 16:46 |
|
Have tested Cloud Trust with a small group and it's all good so far. Just bear in mind that the prerequisites for the client OS include patches that are very new (they are February Cumulative Update previews) and unlikely to already be installed.
|
# ? Feb 21, 2022 12:50 |
|
|
# ? May 30, 2024 07:16 |
|
Are we ever going to get Azure user writeback? It's been 6 years since they shitcanned it.
|
# ? Feb 24, 2022 22:48 |