@scottalanmiller said in Need to Install SQL Server Management Studio:

@Pete-S said in Need to Install SQL Server Management Studio:

I'm pretty sure you can install the management studio on any computer. Doesn't have to be on the computer that actually has the SQL server installed.

That's correct. SQL Studio requires Windows, but SQL Server does not. So we sometimes do that, as well.

Yes or a 64-bit Windows 10 with a new version of Management Studio, managing an older 32-bit Windows 7 SQL Server install 🙂

@black3dynamite said in Is it possibe to remove local admin on Windows Server?:

@dbeato said in Is it possibe to remove local admin on Windows Server?:

@Grey said in Is it possibe to remove local admin on Windows Server?:

@dbeato said in Is it possibe to remove local admin on Windows Server?:

@Grey said in Is it possibe to remove local admin on Windows Server?:

@pmoncho said in Is it possibe to remove local admin on Windows Server?:

@dbeato said in Is it possibe to remove local admin on Windows Server?:

@Pete-S said in Is it possibe to remove local admin on Windows Server?:

ve the local admin account on Windows Server that belongs to a domain? Or prevent logins.
Or is always possible to login as local admin (if you know the name/passwd)?

I wouldn't disable the local admin of a server, it would come handy if you need to restore stuff or remove and add from the domain. LAPS works but beware 🙂

I agree with @dbeato. When sh$% hits the fan with the server, no networking or no cached credentials, you will long for a local admin account.

I do disable the Administrator account after creating my own local admin with 20+ char strong password. Less worries on both the security and DR front.

Yes, but if you have physical or kvm access, even virtual, you can use linux ntpass to turn on the admin account and reset the password. This would be the last resort if you really lost the admin access, which is rare.

Not since UEFI... At least it doesn't work with Windows 10 and subsequent kernels.

I can imagine you had problems because of bitlocker or something similar, but not UEFI, unless the system was locked out to only boot a certain way through config. Maybe you could test a UEFI boot with a Hiren's USB boot just for fun?

I have tried with the latest Hiren's Boot drive and still doesn't work for Windows 10 for some reason in UEFI... Even if it was bitlocker I could always decrypt and then use it if worked properly. At least the old ntpasswd didn't work (this one https://pogostick.net/~pnh/ntpasswd/) With WIndows 10. Just for giggles I will try it on a VM today with this https://www.hirensbootcd.org/howtos/

You just use Ubuntu, enable the repo that provides chntpw package to make changes to Windows accounts?

Yeah, I have used that.

@FATeknollogee said in Setup a Cloudflare Origin Certificate for use on a backend server:

@scottalanmiller said in Setup a Cloudflare Origin Certificate for use on a backend server:

@FATeknollogee said in Setup a Cloudflare Origin Certificate for use on a backend server:

noob question here:
If you're hosting on Cloudflare, this should be used instead of LE?

Not about "should", it's about which makes more sense for you in a given situation.

"could" would probably have been a better word choice.

Yup, you definitely can 🙂

@JaredBusch said in ipv6 @ home:

@Obsolesce said in ipv6 @ home:

@notverypunny said in ipv6 @ home:

Thoughts on using IPv6 at home? Pros and cons? I'm not running it at present and was wondering if anyone has any recommendations either way.

Chances are that your router already has a public IPv6 address and block from your ISP and your computers are already using them.

WTF? Using the ISP router? Because that is the only way for that to happen by "chance"

Huh? No idea what router he is using. Mine wasn't from the ISP. I bought it off of Amazon many years ago and ipv6 was g2g by default.

@scottalanmiller said in What's the status on DMARC?:

@JaredBusch said in What's the status on DMARC?:

That image is a stander O365 box that only takes a few clicks to setup. How have you not seen that?

Very few customers using O365 and none using that feature, I'd imagine. How does it display to people not on O365?

We see something else from all kinds of users all different systems all over.

A lot of SPam Filtering systems do have that option as well. A lot of medical and financial businesses enable this.

We are using this, by the way. Just deployed one this past week or so.

@Pete-S said in SAS to USB:

@scottalanmiller said in SAS to USB:

@Pete-S said in SAS to USB:

Always best to replace with identical drives with the exact same firmware - which you're not getting if you are buying new drives.

I've never had this experience. What's the concern? I'm not saying I have lots of experience one way or the other, just never seen an issue like this and wondering what happens.

You might have to upgrade the firmware on the older drives as well as firmware on the controller just because you want to replace one old drive.

It also depends on what you mean with "new" drive. Is it new model or new old stock.

In my experience, new as in shipped from Dell as a replacement, so it could be either.

And I have never had an issue plugging in a drive and it just working and beginning a rebuild. Unless the drive was not empty.

Connecting the drive to anything, starting DBAN for a moment, and then cancelling out works enough.

@jt1001001 said in Softphones - complaints:

Ask your users if their kids use Steam. Most of my home users have older "kids" I tell them to have their kids stop there Steam games. The users are like what's that?? But as soon as steam is stopped their perfomance comes right back to nominal.

It would be them downloading more games, most likely.

@scottalanmiller said in Gluster and RAID question:

@biggen said in Gluster and RAID question:

So your VMs are running off the Gluster?

Gluster is generally used for that, yes. Because backup storage rarely can leverage the advantages of Gluster, it just doesn't make sense. But for VMs, that's Gluster's bread and butter.

VMs really "never" should be running off of a SAN. That's exactly the least likely option to make sense.

We used it for automounted home directories for a while. It works well for that also.

@WLS-ITGuy Here you go.
https://www.mangolassi.it/topic/21589/upgrade-freepbx-14-to-freepbx-15

Date/Time issue?

@stacksofplates
basically you have to update the planet definition and also include the public identity into the fold. Then they find each other and are online. I will bow try to make it work as a cluster. Keep this post updated...

@Dashrender said in How to set up Unifi Controller For Unrouted Private Network?:

@WrCombs said in How to set up Unifi Controller For Unrouted Private Network?:

update:
L6U1LJA.png
The tablet connects to the Network, with a Static IP of 192.168.128.103
the Ip of the AP is showing as 192.168.2.41 ..

But it is connected..
is that normal??

sure, it can be. All depends on the routing.

I assume you have the AP connected somehow to the second port on the ER-L, and that it's getting DHCP from that, but that same switch also has a connection to the secondary NIC in your Server, so the static IP'ed traffic can get around on that. You've kinda created a bridge between the networks via the AP, and if the password is the default, that could be a problem.

password is not default.

@scottalanmiller said in File Sharing Issue Windows 7:

@Dashrender said in File Sharing Issue Windows 7:

@scottalanmiller said in File Sharing Issue Windows 7:

@Dashrender said in File Sharing Issue Windows 7:

@scottalanmiller said in File Sharing Issue Windows 7:

@WrCombs said in File Sharing Issue Windows 7:

@scottalanmiller said in File Sharing Issue Windows 7:

Literally just got off of a meeting where we put the last piece in place for our first in house POS system, BTW 😉

i'm interested.

Not for hospitality industry. But this is our first foray into POS and crossing over industries in the future is obviously very possible.

you made it for the Vets?

Yes

You guys should look into making pharmacy software, you could likely make a killing, and be light years ahead of the seemingly junk crap that's out there now.

That's a great idea. And my family is all pharmacists, so we have like endless direct access to resources.

I really don't know the requirements for the interconnectedness - which this are... but yeah, so many of the systems are just old as F.

@scottalanmiller said in Starting to work on an initial FreePBX setup script:

Corrected the title to FreePBX instead of FeePBX, lol. Although that name would be useful somewhere, too.

go me

@Grey said in Private DNS architecture?:

@Pete-S said in Private DNS architecture?:

@Grey said in Private DNS architecture?:

This all sounds very complicated. Why not use the DNS and DHCP at your datacenter and turn off all the others, and then give the routers an ip helper address config? Does your network hardware not support that?

@Grey It may very well be too complicated. At the same time it has to be fast, robust and the parts have to be able to work independently if a VPN link goes down.

Ok, cut the line to the internet. Can they still function? What doesn't work? What gets cached at your app server? How much data is transferred when the line returns?
How much actual resilience does the business need vs what they can sustain, and what's the risk? Has anyone answered these questions before?

The diagram is a simplified. It's only internal company traffic that goes over the VPN in the drawing. The data centers also serves other clients that are not connected over VPN. That actually their primary job - they are serving customers, not just internal workloads.

When it comes to resilience and risk, it's the data centers that have to be up and running. So they have redundant everything. The rest is just ordinary SMB stuff.

PS. Also in the data center we are doing HA in the application layer and not the hypervisor layer. So having two DNS servers made sense to me since that will be natural HA in the application layer.

@stacksofplates said in Termius cross platform sync:

@scottalanmiller said in Termius cross platform sync:

@stacksofplates said in Termius cross platform sync:

@scottalanmiller said in Termius cross platform sync:

@JaredBusch said in Termius cross platform sync:

@stacksofplates said in Termius cross platform sync:

@gjacobse said in Termius cross platform sync:

@stacksofplates said in Termius cross platform sync:

@IRJ said in Termius cross platform sync:

Remina is great on Linux platforms, but the question for me is why is this a need?

This seems like everyone could and should manage this independently. All you need is DNS name or IP to initiate a remote connection. In my opinion, it's better for IT team to know exactly where they are trying to go instead of clicking the wrong button or sending the wrong command

Yeah I agree. I'm assuming it's for syncing credentials across devices. Which means you'd have to trust their cloud service with your system credentials.

While yes, it would be nice to sync the entire session - connection and UserID / password. I'm more concerned with the connection itself. Yes, I can keep track of the addresses - but it gets to be a pain.. UserId / Passwords are different. I could care less - I mainly want the address; IP address or dns name..

I mean, honestly what's the difference between a word document/text file and the syncing at that point?

Right. An besides, even Windows has native SSH now. So why use anything else anyway?

Right, I've not used PuTTY in quite some time. Not that it isn't good, I just don't see the point of installing third party software that doesn't do anything any better than the built in tool that is always there and ready to go. And quite frankly, I find PowerShell's terminal to work far better for me.

I can't stand PuTTY. I'm not sure why, I've just always hated it.

I hate that it lacks a local shell and you have to launch the damn thing for every connection!

Maybe that's what it is. Tunnelling is a pain, I just find it awkward.

That, too. Other than doing a good job rendering fonts and being available back in an era when nothing else was, PuTTY really doesn't offer anything positive.

ZeroTier (with Flow rules) + RDP is how I solved this for my clients.
Can you make a guide I'd be interested in that read.

I wrote this a long time ago. It was to run on my EdgeRouter but I also mention how you can use it with another internal device.

https://hooks.technology/2017/08/dyanmic-dns-with-cloudflare/

Obviously this assumes you're using Cloudflare.