@travisdh1 said in Apple 2FA:

@Dashrender said in Apple 2FA:

@JaredBusch said in Apple 2FA:

@black3dynamite said in Apple 2FA:

Allow approval from notifications. But it's disabled if you enable Authy protection PIN.

@Dashrender read the entire fucking line....

The app supports it unless you proctect it in the first place. which you should..

It has nothing to do with the service.

I don't recall such a conversation - I'm specifically talking about push notifications - I was unaware that third parties were able to register for and receive push notifications like Google and MS (and frankly Apple) provide their MFA apps.

This is a whole other topic again.

When do you think apps stopped being able to do push notifications? That's all it is.

huh? The MS authenticator registers itself for push notifications from MS, GA does from Google - are you saying you can do that with Authy for google and microsoft services?

I completely understand that I can add TOTP to Authy for MS and Google, but I quoted and am specifically asking about push notifications from those via Authy.

My google foo is finding nothing but people bitching about how authy does NOT support push, but does support TOTP.

Now all that said - I see that Authy has created One Touch - and that One Touch as an API that allows push notifications, but I can't find anywhere that says that Google/MS have enabled that feature.

I use this 61 watt apple charger for all my USB-C charging needs.

It even works for my P1, but only slow charges that, but as you can see, USC-C dishes out high voltage and at 3 amps, as well as lower voltage for phones.

20200317_073732.jpg

If you can limit a client to just one IP and just tcp 3389 in your firewall that should be enough.

Disable shared drives or the user is able to infect the work pc with files from his home pc.

Typically when we connect with VPN to enterprise networks to do work on certain servers or what not, we get a static ip and then they have firewall rules to determine what IPs / ports we can reach. So yes, the computer we use is on their LAN but only through a very small and restricted opening that just allows RDP to just the one server we need to access. Everything else is blocked.

Oh I see. Will have to check that out too then. Thanks!

Going to work on this, finally, after dinner tonight.

Thanks for those that posted.

@Natchos said in 3rd party spam filter solution pricing:

We have been using MS Exchange Online Protection for the last 8 years. It's been working good with our on-premise Exchange server.
Price we pay is 18.99$ per user per year. We are almost at 50 users.

I signed up for this. It was only $1/user/month

Switched things today. So far, all is working normally.

@krzykat said in Postcards for SMS by Skyetel.:

@JasGot

Have you checked your LE credentials to see that its working properly?

Not sure how. The only sign of LE I can find in the OS or the Docker is a file called letsencrypt_services_data
I can't find a conf file or a binary to do a manual run of LE.

@IRJ said in New to Windows Active Directory and Group Security Management:

Make an AD group called workstation_admins and add that group to local administrators account on each desktop. This group does not need any AD rights and nobody's account should be in there except for IT admin accounts. Even those IT admin accounts should not be used on local desktops to login on a regular basis. Only when elevation is actually needed, and even then you should use run as.

I do this - Those who need it have a workstation admin account and a local non admin normal account.

@pmoncho said in Outbound Email group terminology:

@Dashrender said in Outbound Email group terminology:

@pmoncho said in Outbound Email group terminology:

@Dashrender said in Outbound Email group terminology:

@pmoncho said in Outbound Email group terminology:

Thanks group.

At this time, we currently we use Kerio Connect for email (users use webmail function not Outlook connector). That will hopefully change in the future based on changes that are currently happening at work.

I will check into the shared mailbox scenario also. Nice to know that there are possible options out there. Armed with the search terms, it definitely helps when researching my current and future email apps.

What's wrong with kerio?

It was bought by GFI. That is the biggest issue. Large price increase and development prior to their purchase was much better. Support is not what it use to be either.

I'm being a little @scottalanmiller'ish as it has become more of a moral issue. 🙂

Plus, I would like to eventually SasS.

EDIT: Prior to GFI, I really liked Kerio. Stable release updates and support was awesome. Felt they had a huge chip on their shoulder and wanted to kick MS Exchange A$$. That trait is now gone and it reflects in their product.

If you're being Scottish.. then you don't want to look at Hosted Exchange. 😉 If you're like him, you'll look at Zoho.

They will be on the list if they can help me with this situation.

That's who we use and we are very happy.

@JaredBusch said in Notification by MeshCentral after a computer comes back online:

This is not a MC request or support forum.

I'll make a note.

@Dashrender said in Spoofing Caller ID:

@JaredBusch said in Spoofing Caller ID:

@Dashrender WTF does this ahve to do with Caller ID?

Doximity allows licensed medical pros to spoof their outgoing number to that of their office (I'm guessing it's just a softphone into Doximity's system) so it solves the problem I have for my licensed medical personal, but not my none medical staff - like billing personal, or myself.

FFS. You are not spoofing. You own the number. You can send it.

@IRJ said in Running Plex in Multiple Vehicles:

This just seems like a bad idea all-around.

Offering it free Several thousand dollar investment in equipment and labor (free I suppose) Wonky setup that isnt user friendly and doesn't give a good user or driver experience This isn't setup and forget about it. Don't forget to factor in maintenance Relying on celluar data

whats wrong with being free? the equipment listed in this thread are pretty cheap - though frankly, 60 person bus, not sure a R-Pi could handle that many streams (worse case) hard not to agree here - Plex wasn't designed for this. You likely want something like the airlines have, and yeah, it's going to be expensive as hell! yep, will likely require maintenace cellular - well no, OP already said connection for this system will be WiFi to the headquarters only.

But I have some followup -
How much WiFi bandwidth is needed to support 60+ devices for streaming media?
will the media distributing device have enough bandwidth to support 60+ devices?
The OP mentioned that passengers can use the WiFi to get online via the cellular link in the bus - will there be only one WiFi network on the bus, to get to both the internet and the local video streaming? Are there any security concerns with this?

@black3dynamite said in Mesh Central Device on more than one Login:

@scottalanmiller And there's no way to assign a device to multiple device groups or user groups?

No 😞

@Dashrender said in Subnetting help:

@scottalanmiller said in Subnetting help:

s this, but they didn't pay attention to their own example. Because they use the old, silly notation it is less obvious how they

They, the authors, are probably assuming old school classes for the network on 192.168.123.0 of /24... which is horrible writing, and lack of explanation.. but possible.

Right, and if they are, it means they don't know the most basic pieces of IPv4. Classful subnets were replaced in 1993. And even pre-1993, it was still less solid than would make what was presented by the author here accurate.

Given that it has been 27 years, there is really no excuse for the oldest, most out of touch networking person to think in classful terms. For 95% of the industry, classful networking hasn't existed during their careers. For 50% of the industry, it hasn't existed in their lifespans. In "IT generational" terms, it's been like five or more generations of IT pros since classful existed, so the "mentors teaching interns" problem has had five or six generations for people to catch on.

This means that the authors not only aren't doing a good job explaining, but lack the skills required for the A+ and certainly aren't prepared to sit for the Net+. This is the first stuff you have to learn about IP networking, because without it, you can't determine how to document or know what the network addresses of your network are!

@Obsolesce said in ADV200005 | Server Message Block 3.1.1 (SMBv3) Vulnerability & Workaround:

ADV200005 | Microsoft Guidance for Disabling SMBv3 Compression

Microsoft is aware of a remote code execution vulnerability in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target SMB Server or SMB Client.

To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server. To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it.

Workarounds

The following workaround may be helpful in your situation. In all cases, Microsoft strongly recommends that you install the updates for this vulnerability as soon as they become available even if you plan to leave this workaround in place:

Disable SMBv3 compression

You can disable compression to block unauthenticated attackers from exploiting the vulnerability against an SMBv3 Server with the PowerShell command below.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 1 -Force

Notes:

No reboot is needed after making the change. This workaround does not prevent exploitation of SMB clients.

You can disable the workaround with the PowerShell command below.

Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" DisableCompression -Type DWORD -Value 0 -Force

Keep in mind that the vulnerability is only listed for Windows 10 1903 and up and Windows Server Semi-Annual Channel 1903 and up.

Folks should have inbound file/print turned off at user endpoints via Group Policy anyway so that eliminates that vector.

We don't deploy containers so no Server SAC anywhere in our stable.

With Appflow you need to make sure you have authentication enabled for the users so it tracks per user. The Data Collection is for sure nice but it is only the top sites and no much information.
https://www.sonicwall.com/support/knowledge-base/help-with-user-level-authentication-settings-like-local-users-ldap-radius/170503274714653/

https://www.sonicwall.com/support/knowledge-base/configuring-app-flow-monitor-to-view-real-time-incoming-and-outgoing-network-data/170505632951042/

https://www.sonicwall.com/support/knowledge-base/how-can-i-track-which-users-or-ip-addresses-are-accessing-a-certain-website-using-appflow/170505832815323/

https://www.sonicwall.com/support/knowledge-base/how-can-i-collect-traffic-details-by-ip-address-on-the-firewall-through-log-reports-and-appflow/170503950787011/