Calidus posted:

I am really leaning towards the idea that users are just idiots but here it goes. We use Office 365 for email. I have a system that log into office 365 and emails out invoices as pdfs to customers. All our customers with @att.net email address can't seem to open the pdfs.

quote:

If using Mcafee Security Suite (or the ATT Internet Security Suite powered by Mcafee), you need to do the following:

1. Bring up the McAfee Security Center (double-click icon in lower right of screen)
2. Click on Email & IM protected icon and then click on Configure to change option on the right.
3. Under E-Mail protection is enabled .... click the dot to Off (from On). This allows the e-mail protect automatically scans ...etc. This is because the Yahoo/ATT email software is incorporated with Norton's on the website. With the McAfee software engaged on the local PC, they are "combating" each other resulting in the downloading problem.

4. You will then receive a message from the Mcafee software stating they your computer IS NOT fully protected, when in fact it is. You've just allowed the Yahoo/ATT Norton software to scan the attachment during the download instead of the McAfee.

5. You will then find that going back to your email downloads that everything will function as designed. I am sure this is the same thing that is happening with the other antivirus software (Trend Micro, etc ) installed on any local PC.

Calidus posted:

4 customers between att.net and sbcgobal.net

I will investigate the Mcafee crapware but I think it might actually be something with at&t. I sent some pdfs to a personal yahoo email and they opened fine on one of the customers computers.

NevergirlsOFFICIAL posted:

Today my client said he wants me to make the whole LAN be PCI compliant even though they don't do CC processing anywhere on the LAN.

GigaFuzz posted:

I feel like I could use a sanity check, and this seems an appropriate place to ask.

We're a small office of ~10 people. We have one physical server: a pretty basic Dell T320 (Xeon E5 2407, 8GB RAM, PERC S110 software RAID controller with 2x 1TB 7.2k SATA drives in RAID1) running Server 2012 R2 Essentials (on bare metal, not a VM). It's serving as a DC, DHCP, file server, print server (2 printers), WSUS and occasionally MDT. It's mostly ticking along just fine, apart from 2 problems: we're running out of space, and the performance of the OS is slow as hell (using Remote Desktop and the various admin tools feels worse than an old slow laptop drive), though accessing shared files from client computers seems fine. I know that the software RAID is no good, but I didn't expect it to bog down so much with a simple RAID1.

At the very least we need new some hard drives, but we have some downtime coming up during an office move and I figured it would be worth upgrading to a proper RAID controller and reconfigure the server, possibly virtualising it. Does the following seem sensible?

• Backup (and test!) current server
  
• Buy and install a PERC H710 RAID controller
  
• Create RAID1 of current 2x 1TB drives [OS]
  
• Create a second RAID1 of 2x 4TB WD Red drives [Storage]
  
• Install Hyper-V Server on the OS array
  
• Create a VM on the OS array, and restore backup to it
  
• Create virtual disk on the Storage array and then move the file server data to that
  

This would then allow the option of running additional VMs as necessary down the line, migrating to Server Standard rather than Essentials for example (we're a charity and have access to cheap copies of Windows Server and related CALs).

I'm new to virtualising servers, and am trying not to do anything dumb and stick to best practices (without spending too much on hardware). Am I on the right track?

pixaal posted:

It gives you 16 cores 32 threads as the minimum licenses. For anything small that is already overkill just like the 2 socket minimum was. It does make the new AMD stuff less attractive if that ends up being good.

pixaal posted:

We're in the small shop thread, it does make it more expensive for larger builds but I think that's outside the scope of this thread.

incoherent posted:

CALs are a soft licensing thing for 90% of microsoft licensing (RDP is the exception). Don't let them be a hurdle to doing some 11hr-hour-pull-five-aces-out-your-rear end savior bullshit, but make sure to get them purchased.

Remember: you need one for every device that hits your Windows server DHCP service.

incoherent posted:

You'll need a mixture of user and device cals, which crowley referenced.

Otherwise vlan your printers, VoIP phones, and access points and use a different DHCP solution.

quote:

Yes, if the multifunction printer is connected to a Windows Server network. A multifunction printer accesses server software to; receive an IP address, to receive a job, to communicate that the job is finished, etc. In short, it communicates with the server software. If the multifunction printer is accessing any server software licensed via the Server / CAL licensing model it requires a CAL for that software. The one caveat is, if your users who use the printer have CALs then the printer is covered by their use via their CALs. If not then the printer itself requires a device CAL. The same CAL requirement applies to any other type of networked device – such as networked scanners, networked fax machines, etc. Devices that do not connect to the network or the server software (generally referred to as peripherals) do not require CALs.

Takkaryx posted:

The very small (about 15 people) tutoring company I work for has been having issues with our macs randomly dropping off the wireless and needing to be re-connected. No IT person has ever touched this place, AFAIK. We have about 20 mac desktops on the wireless, no hardlines, all in line of sight within 30ft of the single BelAir20e router the owner set up, presumably on the ISPs guidance. Assuming I have access to the router log files, how would I go about diagnosing if it's the router horking on 20 mac desktops plus twice as many mobile devices? Also, is there a cheap/free way I can test if it's just hordes of devices yelling over each other at 2.4GHz? I worked at a university's help desk for 5 years learning new things every day due to a flexible definition of role responsibilities, but this is networking wizardry beyond what I'm used to.

Takkaryx posted:

Thanks for the advice, everyone.


It isn't, no. Clients come to our site with a tablet or laptop and their backpack with papers, and we have a terminal. Homework then gets done. The issue hasn't been fixed before as its been mostly a nuisance more than anything, but recently its been getting worse and I've had a few kids lose quiz grades or work because of it now. Which is kinda good, because now I can justify a budget expenditure on replacing the network



I really like the idea of setting up a Ubiquiti solution, and I've heard nothing but good things about it, but I doubt I will be able to requisition a computer that can run the software needed. Is there a router/multiple AP combo that doesn't require a server managing it that's under a few hundred bucks? Otherwise it sounds like my best choice is to see what lives in our ceiling and run cables and switches everywhere.

The Slack Lagoon posted:

Yea that's the impression I got from reading the website. Cowerker is pretty in general and doesn't know much about computers. Thanks!

NevergirlsOFFICIAL posted:

who here knows about intune

NevergirlsOFFICIAL posted:

I don't know all I know is I need to have 125 people on it by next friday

Beefstorm posted:

Engage the Microsoft Fast Track Center. They have a team that will walk you through the integration.

There's a minimum license commitment. But I believe you hit it.

Potato Salad posted:

pixaal posted:

Nope, hey it's telling me I'm not authorized to use the printer or get to folders!
You're password expired an hour ago.
Oh it told me that was going to happen for 4 weeks! I don't have time to change it just fix this!
Well I can't it's invalid now press control alt delete and change your password
This is highly inconvenient!!

God that was such a fun conversation. We only make you change your password every 4 months and give a 30 day warning. If you don't change it before hand I have zero fucks to give.

pixaal posted:

Small shop, what ticket system

Honestly we're small enough that I'm rarely doing helpdesk stuff and most of my week is filled with projects meetings and keeping the servers running.

pixaal posted:

If anything is moving between days it gets a ticket made by me, too much push back from management and almost everything is projects in the ticketing system that is more just time management / tracking for personal use. I'm not leaving a mess for the next person so they have no incident history like I inherited.

OSU_Matthew posted:

It's not a ticketing service, but regarding phishing training for employees, KnowBe4 is a pretty great service that'll basically send out any variety of phishing emails to your employees and tell you who clicked what, what information they gave up, and just generally put a proper fear and paranoia in the back of people's minds. I highly encourage checking it out, it's much more effective than any kind of training, worth every penny.

NevergirlsOFFICIAL posted:

We resell KnowBe4.


Bam!



Note this screen shot is from January 2016, and reflects MSRP prices. I believe cost went up by $1/seat/year.


A few thoughts on knowbe4: the phishing simulations are great. Regarding the video trainings, I've heard "love it" and I've heard "extremely boring". Administration is really easy - I got a 30 minute MSP training, and now it takes me about 15 minutes to spin up a client. Another alternative to compare: comptia's CyberSecure.org.

wolrah posted:

Those things are neat, and the price is surprisingly reasonable, but installing a 120GB normal SSD to use as a boot/applications drive and leaving the spinny drive for large files seems like it'd be better when possible.

I can see the cache thing working out for laptops or ultracompact desktops where a single 2.5" bay is all you get, but if there's room the benefits of using Optane for this purpose seem to be relatively nil compared to just a normal SSD.

Now that said, if they can also be used as a normal NVMe device then I could certainly see throwing the small one in as a place to put swap, /var/log, etc.

Internet Explorer posted:

Let the squeaky wheel squeak. That's when it gets the grease.

This seems to be a hard lesson for IT people to learn. I know I've had to lecture engineers on it several times before it sets in. As IT you want to fix problems. Maybe you see a problem and you know you can't fix it or it really is part of a larger problem, so you put a bandaid on it and talk to the higher-ups about a real fix. Okay, that's fine, that's part of the job. Then it happens again, as you knew it would, and you put another bandaid on it and talk again to the higher-ups. Third time comes around? You need to let that poo poo break or let employees bitch about the problem, otherwise it is never going to get fixed. If so, it would have gotten fixed the first or second time around.

GargleBlaster posted:

A lot of our customers and suppliers are in Europe so it does affect us somewhat, with the pound having jumped off a cliff.. that said the Euro doesn't seem to be far behind us so the rest is uncertainty - not getting long term contracts because of worries about the future etc.
But yeah they do seem to struggle with some of the management as well.
I get less than half that a month actually!

Thanks Ants posted:

Your employer is poo poo

pixaal posted:

You have huge red flags, unless you feel staying there is making your resume look really good due to responsibilities and title you need to get out while it's good. Good news is you have a job, you can be picky in your search. You can't be as picky when you don't have a job. That company is going to go bankrupt, if you can't afford to replace stuff you are dead.

GargleBlaster posted:

The company's actually a long way from going under (they won't spend because they always want to be making a profit and think it'll help make a bigger one if they spend nothing and shout louder at the sales people) and it's rare for them to make a loss. I think one year they only made a small profit and were furious. So it's annoying, but it's better than nothing...

GargleBlaster posted:

I think "enabling" is giving me a bit too much credit. When I leave one of two things will happen

1) They breathe a sigh of relief at being £20k per annum better off and toss the local IT company a fraction of it to cover for the other guy when he's on leave and everything carries on as it did before (albeit with more stress and overworking for the other guy, and without the nice little automations and intranet-based data retrieval things I keep knocking together for them), or
2) They do as I've seen in other departments over the years: hire someone new who starts off bright eyed and enthusiastic, they spend a year learning how the company works, then see what's going on get worn down and leave, and the cycle continues.

Neither of these will change the management, assuming that is the problem. Time will though (everyone retires eventually) meanwhile I can at least try and influence things from inside, even if it's mostly unsuccessful