@Dashrender said in Re-evaluating Local Administrative User Rights:

@Obsolesce said in Re-evaluating Local Administrative User Rights:

@Dashrender said in Re-evaluating Local Administrative User Rights:

@Obsolesce said in Re-evaluating Local Administrative User Rights:

@jmoore said in Re-evaluating Local Administrative User Rights:

I would agree in most situations no user needs to be admin on their own box. I think this is the way to go about things. Of course there are a lot of other factors as others have mentioned. However, if someone at your company tells you to compromise, what about having a seperate admin account that they only use when necessary? Then the rest of the time they use their regular account.

Perhaps. But actually logging into an admin account means they they would be logged in and have admin rights full time while logged on, and that works around the whole thing.

As a compromise, I think sticking to exceptions being able to temporarily obtain local admin rights, with warning, acceptance message, etc. That will force consciousness of the fact.

Are you using a product that allows for this temporary gaining of local admin rights?

Yes you could say that.

Why so coy?

Not intentionally, just wanting to stay on the main discussion.

That will return from the default index. To specify an index add it in the URL:

curl 192.168.1.100:9200/index/_search?pretty'

@Dashrender said in Email Migration Advice::

the IMAP connection goes to the address you setup, not the MX record for the domain in question.

What does an MX record have to do with anything? I think you have no idea WTF you are are talking about.

@Dashrender said in Dropbox and Box - billing issues:

So it was only verbal demands to pay for 600 users? no actual bill sent?

yeah - scummy sales BS.

Sounds like they make it scummy sales BS only after getting caught doing something far more illegal. Don't let them water it down after the fact. It's like getting caught trying to hot wire a car but convincing the cops that they weren't stealing the car, just stealing the Taco Bell food that they saw in the car... still illegal but not grand theft auto that they were actually caught attempting in the beginning.

@black3dynamite said in Spin VMs quickly with KVM + virt-sysprep:

@stacksofplates said in Spin VMs quickly with KVM + virt-sysprep:

I usually use virt-builder to build the image, and then I can clone from that. Then you have nice really small images to build from.

Have you ever created your own repo using virt-builder-repository?

No I've always pulled from upstream. I've honestly never looked into that before.

As above what they are are saying is that using Hybrid AD is fine with a domain name that is not the same as long as you add the UPN in Active Directory Domain Trusts and then you adjust all the users in the domain to match that domain either manually or scripted.
https://docs.microsoft.com/en-us/office365/enterprise/prepare-a-non-routable-domain-for-directory-synchronization

My only concern with this is that you might not need to sync AD but if you are already setup then it is kinda hard to revert.

@biggen said in Getting started with automated provisioning?:

I’m not sure the difference between a clone and a copy. I’ll look that up.

Clones are linked. Copies are discrete.

@stacksofplates said in How can I write two separate outputs from one command?:

@IRJ said in How can I write two separate outputs from one command?:

I ended up moving out of /tmp and the permission issue was fixed. It still failed because I wasnt specifying /bin/bash before script file. Once I changed that it worked.

Ah ok. Did you have #!/bin/bash in the script? I've never had it complain about that before?

Nope lol.

@scottalanmiller

Whole article is great but the last 2 lines are 👍 👍

Shame that NextCloud + OnlyOffice is not really there, I tried it when I was working with MSFF... definitely interesting but needs some time.

@stacksofplates Thanks, good info. Im learning ansible now.

@Obsolesce said in LibreOffice - Runs so slowly:

@scottalanmiller said in LibreOffice - Runs so slowly:

In giant shops (thousands of users and up), the problem with MS Office is that you don't pay for it just for the users who would benefit from it, but you pay for it for everyone.

That is so totally false. I have not seen that anywhere, including where I currently work which is many thousands users.

So your claim is what... that they 1) don't actually pay for the software or 2) they use it only for a few people who would actually benefit from it or 3) the kind of work that they do is both appropriate to an office suite and so insanely heavy that they actually get to the point where MS Office is noticeably more efficient, yet still an appropriate tool to use?

If any of those, how does that work?

If 1... okay piracy.
If 2... how do they interoperate with others, or is it all office suites for only individual use?
If 3.... what the heck kinds of tasks are they doing that are so different than any other company?

If this client has something like -----Client 1\Change Orders\ for a path you would simple add a -replace '-----','-' which would remove all of the extra hyphens which aren't actually being beneficial in anyway to the process.

@IRJ said in AVG deleting data:

Setup FIM to see what is causing it 100%

FIM?

@scottalanmiller said in Policies vs Network Access Control:

@Dashrender said in Policies vs Network Access Control:

@IRJ said in Policies vs Network Access Control:

This is not a problem that can be fixed with compensating controls. It needs to be nuked from orbit and rebuilt properly with employee buy in.

At this point - that seems very unlikely if you have users who are willing to nuke their own machines and reinstall. They'll likely demand or at least attempt to demand local admin rights.

Really just becomes the same as BYOD. Easy enough to manage. Not ideal, but doable.

Exactly - better model in most cases anyhow.
Just change how you (the OP) deliver services.

@JaredBusch

There is a current issue with the SSL let's encrypt that I just submitted to them to resolve (they are using an outdated version with Acme 1 instead of the newer Acme 2):

FYI - we've resolved the issue, and I can only assume anyone else that has installed Postcards should have the same issue.

The problem is indeed an issue with Let's Encrypt, and specifically:

docker: jrcs/letsencrypt-nginx-proxy-companion

To fix this issue, please update the docker-compose.override.yml file during builds.

Row 35 should read: image: jrcs/letsencrypt-nginx-proxy-companion:latest

This will insure that the current version for the let's encrypt proxy is called and eliminate the issue.

@WLS-ITGuy give this a try, you may need to go back more than a year though.

@JaredBusch said in Can all phones read QR codes natively?:

You do not even take a picture, just put it in the camera sights.

yeah - that is pretty cool...

@Obsolesce

The thing there is market place for this since VirtKick turned there back on the supporters, and we need simple front end with simple installer (yes looking at you OpenStack)

Discussion on the policy side of this is over here:

https://mangolassi.it/topic/20894/policies-vs-network-access-control