@Dashrender said in MDT Resources:

I make an image once per major update from MS, so twice a year - roll out that image, install the latest Cumulative Update

I also just do that - I just import the stock WIM from the MS iso and use that. Everything else is GPO, PS and PDQ Deploy.

@VoIP_n00b said in MSP Helpdesk Options:

@scottalanmiller said in MSP Helpdesk Options:

They literally get to pay LinkedIn to bypass the spam blockersmessage people who aren't connected to.

One and the same. They have a spam white list that you can pay to get around.

@FATeknollogee said in UNMS backup question:

@JaredBusch said in UNMS backup question:

If you want to restore an individual unit, that process is already built into the system so what are you trying to get exported?

I'm just asking for info purposes in case of a future restore.

You can download a specific device backup from within UNMS. When you do so, it asks you if you want one for restoring to the same system or a different system (because of the UNMS key negotiation).

@scottalanmiller Thank you sir. Your and everyone's input is valued and appreciated.

@Pete-S said in Raspberry Pi 4 as thin/fat client:

@Emad-R said in Raspberry Pi 4 as thin/fat client:

@Pete-S

Hey if your bussiness can use LibreOffice, you dont need MS Windows. Or google Docs, basically if you can do your job via terminal and web browser you have alot of options and freedom

Thanks Emad but I'm not the one looking for VDI solutions. I just wanted to share my test with the raspberry pi 4 is it might be interesting to use as a thin client.

Something extra nice about an RP4 as a thin client is that it has the power to run things locally too. I know lots of people who use them as a fat clients. Being that cheap and dual purpose is great.

@JaredBusch said in Incoming Call Issue:

@VoIP_n00b said in Incoming Call Issue:

Running FreePBX v14... No resent changes made, except to change the name on an extension.

When some calls in, and let's say they dial 555 then end up getting 511, 511 can then forward the call to 555 no issue, but I have no idea what is causing this.

Because they released a horrible fucking update to IVR.

Edit your IVR and set strict dial time out to No - legacy

That fixed it! Thank you so much!!!

@JasGot said in Cost Pros and Cons for VDI in DataCenter:

Thanks. This will be good to make sure I don't miss any high points to demonstrate why it is a bad idea for this particular business.

The main "bad" is the complete lack of any benefits.

That's the real crux... absolutely zero reason to even consider it. Tons and tons of negatives, and what seems like no positives.

@JaredBusch said in Taking over IT for a small business:

@scottalanmiller said in Taking over IT for a small business:

@JaredBusch said in Taking over IT for a small business:

@scottalanmiller said in Taking over IT for a small business:

@Dashrender said in Taking over IT for a small business:

LOL - If I were the boss, I could do that. She has already ordered me to remove her from the monthly updates - so I have to nag her to do those manually, they can't be pushed to her via WSUS, because of reboots.

Make sure you have a "get it in writing to remove HIPAA requirement automation."

OH, good one.. She's breaking HIPAA by not being updated.

Over a certain time frame, yeah. 🙂 That's going to be the big motivation here. Maybe he should even go to the owners and say "as you title me an IT decision maker, I meed a sign off to allow disregarding the law and a statement that I'm not allowed to follow HIPAA against my requirements, knowledge, and recommendations." Don't argue it, just make them state that they've accepted responsibility by demanding he not follow HIPAA.

But since automatic is disabled, he has no insight to know the time frame is being kept. So yeah.

Right, even if she promises to do it as HIPAA requires, he needs to be indemnified from that.

Here is the complete list of required ports.

@Carnival-Boy said in Learning Python from Microsoft:

I'm planning on learning Python to help my son who is studying it at school (with a useless teacher).

Python 3 is definitely the best option for learning. My kids have had some luck using the learn online free tools out there.

@Dashrender Confirmed, our MailCow is using ActiveSync to my phone, works beautifully.

@Pete-S said in How do I install gparted on RHEL 7.7 with GUI?:

@JaredBusch said in How do I install gparted on RHEL 7.7 with GUI?:

@Pete-S yum install epel-release absolutely should work.

If I understand correctly yum install epel-release only works on CentOS, not real RHEL.

It was a fresh install too from rhel-server-7.7-x86_64-dvd.iso

Ah, you are correct. I skimmed the RHEL bit. Totally my bad.

Nope.

####################################################################################### ## Network Internet ## ####################################################################################### static.network.ip_address_mode = static.network.span_to_pc_port = static.network.vlan.pc_port_mode = static.network.static_dns_enable = static.network.pc_port.enable = static.network.primary_dns = static.network.secondary_dns = static.network.internet_port.gateway = static.network.internet_port.mask = static.network.internet_port.ip = static.network.internet_port.type = ##V83 Add static.network.preference =

Just installed 19.10, 120MB

@Pete-S said in Can I use the first IP in a subnet, for instance 192.168.0.0?:

OK, I did some more research and made some test. I believe most people got this one wrong and for reasons that are historical.

Assume we have the network 192.168.1.0/24.
Subnet mask 255.255.255.0. The address range is 192.168.1.0 to 192.168.1.255.

192.168.1.0 is a valid host IP - contrary to what most people believe.
192.168.1.255 is reserved for directed broadcast.

Why?

An IP like 192.168.1.0 used to be excluded from use by a host in the past. This was obsoleted in conjunction with the introduction of classless subnets, CIDR. Mentioned in 1995, RFC 1878, which also obsoleted something related, which was the exclusion of certain subnets called subnet zero and the all-ones subnet.

In the past IPs like 192.168.1.0 has also been used as a broadcast address but that practice is also obsolete. RFC 1812 (also 1995) states that 192.168.1.255 should be used for directed broadcast in the 192.168.1.0/24 network and that 192.168.1.0 is forbidden to use for that purpose.

Problem when something becomes obsolete is that you still have old equipment, old protocols and old habits in use. So it takes many years before you can actually stop doing certain things that were needed in the past.

To test the state of things today I spun up some VMs. I used 172.16.0.0/24 as my network.

No problem setting 172.16.0.0 as IP address on CentOS or Debian for example. Everything works as you would expect.
centos_network_addr.png

You could however see some remnants of the past, like this:
broadcast_ping.png
As mentioned above, it was a long time since that was considered a broadcast address.

Windows 7 was however another story. You can't enter 172.16.0.0 as a valid IP address in network settings. But you can do it on the command line with netsh. And then it shows up as expected. Network works as expected too.
win7_network_addr.png

So all in all, it is technically OK to use the first IP as an host IP. It's not reserved anymore and hasn't been for more than two decades. Protocols that used that IP for broadcast or reserved for the network address are not in use anymore.

The biggest risk is probably to run into applications where they on purpose don't allow you to enter a specific "invalid" IP address.

That said, it would probably be very confusing for most people.

I would assume in a /24 network to not use x.x.x.0 when there are other networks, but in a bigger network, perfectly fine since it's inside the network range.

@mroth911 said in Routing port 80:

So is there any services that I can use, or do I have to build a server? or what can I do to simplify the process.

An external service can't help because you need to direct the traffic once inside your LAN. You just need a reverse proxy, like Nginx, running somewhere and all port 80 pointing to that, and it in turn pointing to the internal resources. So it can be a dedicated server or shared with some other task.

Update: this is what I ended up with.
Route based VPN using this guide as a template.

Master site: 1x ER 12 + 1x ER 4
Sites A, B, C & D :1x ER4 each location
Colo: 1x ER4 & 1x pfSense (SM x10SDV-TLN4F+)

Well, it looks that it is actually FreePBX as part of the problem again with some stupid cron jobs.

And there is an issues with Moodle but I think that is more of an authentication issue and not actually a spam issue.

@WLS-ITGuy

Look good to me .

If you need to send emails from the box itself you need to open additional, but usually you rely on third party services for that like SMTP2GO or SendGrid and for that you dont need to open any additional ports.

I used to firewall port SSH but then i was like I would like to work on machines from anywhere, so I just enable strong SSH auth based security.

However both approaches will work, the thing is imagine if you want to connect on that machine on emergency, you have to go to the 74 IP or vpn to it.