|
We've been implementing 2FA at a lot of our customers due to insurance requirements, so that's a good thing. What I've found amusing about the whole thing is that our HD folks are extremely resistant/butthurt about having to deal with 2FA when logging into an admin account on a server. Like, yeah it's a couple extra seconds, but no, it's not going away no matter how much you whine. I really wish there would good 2FA solutions for MSPs though, we've setup a VM in azure with VOIP apps/auth apps installed, but it's clunky.
|
# ¿ Jun 23, 2021 22:47 |
|
|
# ¿ May 14, 2024 06:03 |
|
I mean having a second NIC for redundancy isn't the worst but, yeah, just for management purposes is stupid.
|
# ¿ Oct 23, 2021 21:03 |
|
GreenNight posted:Yeah but a second virtual nic doesn’t make any sense. ohhh I didn't see that, I thought i meant adding a second physical NIC and then using that for management purposes for the hosts/vms. Both things are dumb though.
|
# ¿ Oct 24, 2021 21:04 |
|
PDQ just bought smartdeploy, which is an imaging and agent based software control tool, so PDQ might finally be getting an agent and able to manage remote devices. I assume at minimum a year out since they have to integrate.
|
# ¿ Feb 2, 2022 21:24 |
|
Not sure which thread it was, but someone within the last month or so threw out a link to an article about setting up patching GPOs, which I thought I had saved, but apparently did not. Might have been Thanks Ants that posted it? I can't for the life of me find it though, if anyone can link again I'd be super greatful. I have literally never had to deal with patch management as we've always had an RMM system that handled it all and someone else dealt with it, but now I'm getting tossed a client that has no WSUS server and like 100+ PCs that aren't patching correctly via windows update (they also want to try to block the win11 update) so I need to get up to speed quickly I suppose.
|
# ¿ Feb 18, 2022 16:51 |
|
Internet Explorer posted:Use Windows Update for Business. Yeah, everything seems to be in order based on cursory looking but they're still not updating and I'm looking for more real world examples to see if something is wrong somewhere or at least a better explanation of all the possible policies involved. Thanks Ants posted:This was the link I think you're referring to Sweet thanks.
|
# ¿ Feb 18, 2022 17:23 |
|
i am a moron posted:Splunk (and I’m assuming other SIEMs) can pull that data down directly without a workspace. That is the only other non-headache inducing way of getting that data I’m aware of Did you just say splunk is not a headache?
|
# ¿ Aug 10, 2022 00:14 |
|
i am a moron posted:If you’re small enough you can also just ignore the CAL thing indefinitely, Microsoft doesn’t give a poo poo about it anymore and the last audit I sat through (six years ago?) they tried to get my client to true up and upsell them on some things and client just ignored them and MS never pursued any part of it ehh sounds like a good way to get wrekt
|
# ¿ Apr 19, 2023 21:03 |
|
dexter6 posted:I have (what I hope is) a quick question about deleting a user account and litigation hold. I have never messed with accounts/mailboxes that are in litigation hold but according to a random reddit post I found, you can convert after doing the litigation hold as long as the account is licensed with EOP1 and online archiving or an EOP2 license.
|
# ¿ Jul 16, 2023 02:09 |
|
snackcakes posted:A follow up question... Anyone know if hosting a QuickBooks database in Azure files with multiuser mode is possible? Based on what I am reading I think no, but my boss feels certain the answer is yes. It probably will not work. Move to the hosted version of quickbooks instead.
|
# ¿ Aug 25, 2023 23:39 |
|
kiwid posted:Question, is PKI required for an RDP cluster/farm using a domain with a .local TLD? It is not required, no.
|
# ¿ Sep 5, 2023 21:54 |
|
kiwid posted:How do you get around the certificate issues? You could deploy the cert to all machines so they trust it, not saying that's a great idea, but it's possible. For driver installation, there's another GPO that you can specify allowed print servers, so clients can install the driver from your print server. Other option is to push the drivers via your RM software which looks to be the route you went.
|
# ¿ Sep 13, 2023 21:55 |
|
Serfer posted:lucky you, I wish there was a tool to move the machines without disjoining rejoining every single one Yeah, this
|
# ¿ Dec 16, 2023 01:15 |
|
Hughmoris posted:I'm a data guy trying to learn AD DS from zero, for a new gig. For practice, I've used virtualbox to spin up a DC and a Win10 workstation. I then set up DNS and NAT and have the basics working together. Use powershell for #1/2 - have it iterate through a CSV via for loop and create user accounts, I would add a bunch of info like email address, phone number etc so you have multiple fields to fill out. #3/4/6 can be done through GPO, do NOT use homefolders in AD, some places still use it but it's dumb, if you want to learn it... you input the info into a single field in AD and it creates the folder with correct permissions, just google it. It wouldn't hurt to know this stuff because your place might (I can almost guarantee you it does) still have plenty of legacy on-prem data living in fileshares. Many/a lot of places have moved to folder redirection to OneDrive, so they'll redirect your desktop/documents and maybe a few other profile folders to OneDrive so they sync. - Old way was to do it via GPO as well and have docs/desktop/etc redirected to file server, I'm sure plenty of places still have this in place as well and you can look into it None of this stuff is hard and will be a pretty quick thing to learn, it's useful to know imo despite plenty of people being on the "durrr use the cloud hurf durf" train, yes, you should try to get away from as much legacy stuff as you can but there's plenty of places out there still using it and your goal would be to migrate away from it. MF_James fucked around with this message at 19:03 on Dec 23, 2023 |
# ¿ Dec 23, 2023 18:44 |
|
Thanks Ants posted:On the subject of groups, I'm convinced I've seen documentation somewhere that says you can use security groups to grant access to Exchange features like mailbox permissions, but I've never gotten this to work, and the group has always needed to be mail-enabled to work. This would be fine but then you lose the ability to do this with dynamic security groups. It has to be mail-enabled as far as I've seen, I have NOT gotten a regular security group to work and I was just trying again a few days ago.
|
# ¿ Jan 10, 2024 07:13 |
|
The Fool posted:Related, make sure you have a "break glass" account that is excluded from MFA. Also setup alerts for when this account is logged into.
|
# ¿ Mar 22, 2024 23:21 |
|
|
# ¿ May 14, 2024 06:03 |
|
kiwid posted:Another question I suppose. We have two locations that are in the middle of nowhere and the only ISP available other than Starlink is a PTP wireless provider that does double-nat and doesn't provide static IPs. It's been a nightmare for site-to-site VPN but FortiGate's dial-up VPN has gotten us by. However, this means I can't setup these locations as trusted locations for MFA. What are my options here? Now that you mentioned Yubikey, I'm considering just using these for the general use PCs and leave the Yubikey plugged in 24/7. Is there an alternative? You could route traffic over the tunnel so they present the static IP from whatever office the tunnel terminates at, obviously puts more strain on that connection and adds some latency. that's just the first thing that popped into my head, wouldn't be the best solution but could be a temporary measure.
|
# ¿ Mar 27, 2024 16:52 |