Just wanted to take a minute and say thank you to everyone. I've been in and out of MangoLassi for about the last year, but frequenting much more in the last 4 months or so. I only post here and Spiceworks really. MangoLassi gives some things that other sites really haven't. The threads here seem to start with a focus, and when the issue is resolved, it often spins off into another direction of good conversation. Not always a bad thing since the conversation can continue and the OP can just stop watching if need. Where other sites discourage that, which doesn't make sense cause you really don't need to start a new topic for every conversation shift. But I digress.

I've definitely taken to a different perspective on things here, rather than just a rigid mindset that I've found in other threads. I find myself considering new concepts while surfing through MangoLassi, and that is really important for continued growth.

A special thanks to some people that have given me some extensive time in private chat, whether it's idle conversation about what's going on, or diving deep into different concepts and ideas about stuff. Seriously, thank you for your time and knowledge. You're the kind of people that make this community truly great for me and help provide a path to being better in more than one regard. @scottalanmiller @zuphzuph @MattSpeller @RojoLoco @dafyre @Dashrender @RamblingBiped @coliver

What's the old saying, "When you get hit by a truck, you get back on that horse." I was never good with sayings, so here's a story.

It's been about a month now. I got laid off just before Christmas because of a telecommunications deal with a few major carriers that went sideways. The company couldn't afford the head count so people were let go. I didn't realize how far up it went until just last week. I have never, ever been let go from a job before. On the contrary, the guy letting me go was actually getting choked up about it, because he's a great guy to work with and I do miss him. He even pushed for 2 months of severance, so that was nice as I had to pay for another semester of school which doesn't come cheap. I also found out last week I didn't get a scholarship I really needed, even though I have a 4.0 and was making no money at the time of applying.

I got laid off at around 11am. I was sitting in my car with all my shit packed up, thinking "well what am I going to do now... I need a drink." But instead of going home, getting wasted, and feeling sorry for myself, I reacted. I put on my Sunday best, and hit the bricks to look for a job. I cut out online jobs, because I've always gotten great jobs cold calling. I had my first interview at 1:30pm, "perfect" I thought, "maybe I'll have a job by the end of the day. Wouldn't that be something." Interviews kept rolling in, but I couldn't lock anything down either because of super low pay, junior engineering positions, or just weirdo companies I didn't want to work for. But I didn't let it discourage me.

So I kept my head up and within a week I had a job. "Man, this is great. I get 2 months severance and now I'm back to making money!" Well that didn't go as planned. That company was paying me engineering wages to do less than sexy work, knowing that I'd be moved into engineering quickly. They weren't transparent about their engineering department, so I put in my first day worth of work, and opted not to return. The manager did say I was very respectful though, and was welcome back any time because I was a great culture fit.

Bummer! Back to square one... I could really use that drink now. By this time I was sifting through online jobs during nights and weekends, and walking the streets looking for a job during operational hours. I love cold calling. I got interviews at every single place I was targeting, but because it was near the end of the year, operational budgets were scarce, so it looked like I wouldn't be employed till the start of the year.

Some days, it has been hard. My girlfriend kisses me goodbye in the morning before she leaves for work, and I go about my day. I text her sometimes, part way through, and tell her it's a rough one and I'm barely keeping it together. She's encouraging, and I'm lucky to have her. I keep my head up, and get back to it.

There was this one company, the first company I applied to and got an interview at the same day I was let go. They tried working around my school schedule, poking at the budget to see if any nickels would fall out to pay me if I could come on. But there was nothing there, and they couldn't work with my schedule. Fast forward to earlier this week. I had gotten a call to come back and interview. Again, I nailed the interview. This was a culture fit interview. They pointed out that having someone with engineering knowledge is great, but they can teach someone anything. They determined I was a great fit for the company, and are paying a good wage to boot, with benefits. I've been in the doctor's office more than a 28 year old should, so medical is important to me.

Today, I accepted an offer from that company. I start on the 4th with the new year's budget. Their final words, "Welcome to the team!" still ring in my ears. It is a very welcomed feeling. For a company to want you to represent them, because you're a great culture fit, and good at what you do. I've never truly appreciated the jobs I had, until I finally lost one.

So now I'll have that drink. Not because I feel sorry for myself, but because I'm celebrating. Cheers everyone, and happy Friday!

-Brandon

People thought I was crazy, but I found it. It takes the form of a car dealership. Cleverly disguised.

I put in my two weeks notice this last week. Mostly because I hated where I worked, absolutely toxic place. So I found new opportunity. I spent the last couple weeks helping out as much as I always have since they lost 2 other people for similar reasons. Those two people were trying to get out for some time.

Today I walked into a firing squad. I walked in and they walked me right back out. In tech, I get it. It's standard in the industry but a shitty thing to do. You're expected to give two weeks so they can get their affairs in order, but they don't do the same so you can get yours in order. I had a really nice email sitting in my drafts for my departure, waiting to be sent to some select people I really valued working with. I held off, because I was asked to keep quiet.

Sitting here with some good German beer in hand (dunkel, if you're wondering). Cheers to bad experiences behind, and to the unknown in front. More importantly, cheers to a 5 day weekend.

Mmm, mango lassi and Taj? Yes please.

Always baffles me when you see a server hasn't been rebooted in over a year. It's my opinion that servers (all servers, regardless of the OS), should be rebooted as part of the monthly patch cycle, to test the hardware.

How could anyone know it will come back following a power outage, or something which forces a reboot...

Client gets infected with cryptoware, a surprising conversation went as follows:

Person: "Please tell me $client has healthy backups."

Me: "Yep. I receive health reports every day and mitigate issues as soon as I receive faults."

Person: "Well they just got hit with cryptoware."

Me: "Yikes. Time to break out the backups."

Person: "Are you joking? You don't just immediately think to restore a server."

Me: "Well that's why we have backups, and it's the only way to sanitize the server... What do you recommend?"

Person: "Isolate the server and go through the logs. Clean it up, don't restore it."

Me: "That doesn't make any sense... Clean WHAT up? The files are all encrypted."

Person: "Have you even looked for a decryptor?"

Me: "No... that wastes more time than just restoring for around the next hour."

Person: "Seriously, do not restore servers as a go-to. That's just lazy."

I'm lost here... I don't think I missed something. You get hit, you restore. Server crashes, you restore. That's why we have backups...

I had to give a user a quote for a MacBook Pro. They need dedicated graphics and I went to look at Apple for a build-to-buy. Looks like they really slimmed that down. The only one that doesn't just have Iris graphics is their highest end model for $2499.99 ....

I am Jack's complete lack of surprise.

I was thinking about this on the way to work today. A colleague is going to be putting in their notice, and we were on the discussion of how much time to give. I've never been slighted by an employer before, but here's what I've witnessed over the years:

*Person puts in their 2 week notice. They finish it out and move on.

*Person is somewhat on their last leg, puts in their notice, employer fires them since they are leaving anyway.

Person puts in their notice with an employer they have a REALLY good relationship with. Working with the employer, they are really cool and level headed. Employer fires this really good employee on the spot after receiving a 1-month notice. I ask the employer, very surprised. Employer's response, "meh, he's leaving anyway. F** him. It's just business."

*In an environment highly concerned with security, I saw many people get put on administrative leave during their two week notice. I was actually given the option, "We can either put you on leave and phase you out, you'll be paid the entire time, or you can work and be paid." I opted to be put on leave with pay, and they could contact me with any questions about the transition. I received many questions, as well as a comment of "geez... you have a lot of institutional knowledge. Would you like to come back during the duration?" I already had a new gig so I declined.

I've had employers tell me they want me to give as much notice as possible, because talent in that area was very sparse and it took a long time to find someone. While others would fire you if it meant you wanted to leave.

Bottom line, how much notice do you put in? Because if you have a good relationship, and are trying to help out the employer by giving a HUGE notice, they may not return the favor. I think the average is typically 2 weeks as it's pretty standard...

Likely, I missed something. There have been a couple different people either using a term at work that is not correct, or I am wrong here.

Me: "Is that SAN FC or ethernet?"
Person 1: "It is iSCSI."
Me: "Ok, so the physical interface is ethernet then...? I need to know what card is in it."
Person 1: "It is iSCSI..."
Me: "Right, that is the protocol the servers connect to it by. I need to know... nevermind, I'll just look myself... Glad I looked, it's FC."

Received an email from another person about something completely unrelated to the SAN discussion... "the new iSCSI switches are NOT trunked to the rest of the network." ... so, ethernet switches?

Am I missing something here? There's no physical 'iSCSI' I thought... it's an IP based networking protocol, not an actual physical interface.

I'm going to try to stay on point and not jump all over the place with this one. I'm not really trying to resolve an immediate need, so much as it is rethinking some fundamentals in client environments. What I'd like to cover:

*Small clients being able to use, possibly, a site to site VPN with a colo.

I was going to bring up what people have been using a VPS for, but I'll save that for a different thread as I could possibly be getting too far off topic with that.

I've got some general business practice questions. Nothing really specific that I'm trying to solve right now (though in writing this, maybe I will end up generating a couple specific questions in regards to client scale). There are quite a few times where I try and help a client displace some operating costs with systems procurement. What I mean by that, is there are times when a client is generally on the fence with scale where it's hard to justify spending thousands on a physical server, but at the same time they could benefit with having onsite DNS/DHCP/AD (or equivalent)/file server.

With extremely small clients (some with 10 or less users and no growth anticipated) having come from previous providers, I've dumped their physical servers all together. I leveraged DHCP with their firewall, a password policy was required so I ended up using Azure AD (nothing on-prem), and no internal DNS was needed. Also since Synology now has a plugin for a central directory (focusing on a password policy still), no reason for me to have AD or the associated Microsoft licensing. File services was, in most cases, handled by SharePoint Online or an onsite Synology NAS (backed up with BackBlaze B2 for ~$45/year); depending on the needs for collaboration, sharing links externally, etc.

With clients slightly larger, I found it more difficult to displace all their servers as they required a central directory (in most cases AD is used), remote desktop, radius, etc. In many instances using Hyper-V, XenServer, or VMware (depending on which provider we picked them up from or if we are rebuilding the environment).

So with the clients that are just large enough to have a need for systems, but just small enough that possibly leveraging a site-to-site VPN with a datacenter, it gets me to thinking if that's even realistic. In my last job, we had a couple datacenters between Fiberpipe in Idaho and Switch in Nevada. All the clients would just use a site-to-site and they paid a flat fee for a month. The price was typically pretty competitive with how we built out Azure in the data center (SQL back end, Hyper-V hosts, cloud built with SCVMM, and Azure Pack installed on top for billing/self service provisioning, etc).

After setting up a site-to-site VPN from a smaller company to the data center, I still had one problem; Internet throughput. Assuming I could even find fast enough speeds for ~50 users (roughly 30/30Mb dedicated fiber), the costs are up to around $800/month; up from about $75/month for 5Mb DSL.

Anyone think it's viable to use a site-to-site to displace customer equipment costs? If so, is there something that you're doing to keep costs down and throughput at acceptable levels?

I had an interesting event happen about a year ago, and I'm wondering how more effectively I could have handled this one. Here are some of the high points:

• I take on a new account, a global aerospace company.
• They are using a mix of Windows and Linux systems.
• The CEO of that company is an enterprise admin. Why they have this or where they find the time to do anything on the network without breaking lots of things is beyond me. I asked about it, but was never given a valid response; moving on...
• The CEO made some bad choices, and was terminated in spectacular fashion.
• I was not told before hand that the CEO was going to be fired. I wasn't actually even told for about a week they were gone. I had finally emailed the CTO after the CEO stopped responding to messages (no forwarding was setup on their account, because I was never told).
• The CEO still has remote access, and has created some service accounts that keep being added to enterprise admin security group.
• Eventually figured out the CEO was behind this, after looking into some audit logs.
• Company's legal team sent out a cease-and-desist.
• I change the passwords on all the service accounts possibly related to him, disable all those accounts, and do the same for his own domain account.
• Removed him from all security groups, as well as the service accounts. In hopes this would at least slow him down if he still had some kind of access.
• Created more specific legal banners.

After that, it was basically a dance of disabling accounts, looking at account auditing logs and setting up alerting about new accounts being created/changed/etc.

Here's the question... what more would you be doing if you were in that situation, dealing with someone vindictive and had that level of access to begin with?

I have a pretty standard process:

• Employee is terminated.
• AD account disabled.
• AD account moved to 'Disabled Users' OU.
• AD password changed.
• Membership for all groups removed.
• Mailbox converted to shared mailbox for any mailbox needing to be actively monitored (frees up a license).
• Email forwarding setup if needed in the interim.
• Mailbox archived to PST and stored on a file server when it is no longer actively monitored.
• Mailbox disabled (automatically purged after 30 days).
• AD account removed after 30 days.

We took on a larger account a few years back. The setup was pretty awful. Changed some things along the way, and now we're at the point of redesigning some big moving parts.

Fast forward to 6 months ago, the company we took on consisted of originally 3 guys who broke off from another company, became successful in the same industry, and turned around to buy the company they came from. 2 months ago I told them we should absorb that account, so we did.

That company's network is... gross; to say the least. it's much smaller, but far worse. The previous provider (part owner of the MSP) has a certification list with some pretty good looking certs: CCNA, MCSE (security, messaging), MCSA, etc.

He originally built this network... in the bathroom. I asked the client about other space we could construct, to which I'm told, "oh yeah, we do lots of add-ons and construction. We could put together a very nice 12' x 12' communications closet just above that ceiling on the second level no problem. It can have AC, ventilation, filtration, power. Anything you need just let us know."

All that comes to mind from the below photo is, "Hurry up in the bathroom, man! The network is down! I need to get in there!" You probably should use the provided keyboard with rubber gloves, because of all the shit particles that are floating around.

I won't go into the laundry list of stuff they have wrong... but some of the highlights are no backups (zero. Never existed. Ever. Only ever had volume shadow copies, aka "previous versions"... which they know aren't backups after they got hit with cryptoware last year and all their shadow copies were deleted) outdated ESXi, everyone remotes into a terminal server (even though they are onsite with desktops and don't need to for any reason), repurposed Linksys WRT54G for internal wireless, ISP fixed wireless with very low throughput and heavily susceptible to rain fade, appears some Cat3 cable in places, UPS' that were discontinued almost a decade ago (not released to market... discontinued), some desktops ranging to 15 years old.

Phase 1: Gut and redesign the systems/network (wearing rubber gloves when touching... anything).

Phase 2: Move the communications closet and get a new ISP (new ISP already scoped out; also wearing gloves).

Optional Phase: Burn it. Salt the land.

It's sometimes interesting where a company will promote itself as a MSP, but when you look much closer you notice they really are a VAR. Both are extremely different of course, but it's sometimes a misconception of identity and what the company thinks they do compared to what they actually do.

We have several of those in the valley that we service primarily.

First addition... we got a new pup. His name is Captain. He's about 10 weeks old, had him about 3 weeks. He's a Corgi/Border Colli mix. Wasn't sure if his ears would stand up or not since Corgi's do and Border Colli's don't.

Second addition... Got a new concealed carry today. Smith and Wesson M&P Shield 45. Was hard to find one without a safety as it hasn't been out long at all. Super slim profile, single stack. Completely disappears in any attire. It's comparable to the Springfield XDS, which has been out for quite some time. Going to replace the sights with Trijicon HD's or XS Big Dots, Apex trigger kit, spring and sear upgrades, etc.

I forgot how much I loved soft phones. We are using a bunch of Polycom gear and the service is hosted with a provider. The CEO posed the question "how much of you love your desk phones?" Personally, I hate my desk phone. It's something that just takes up space, and could be virtualized.

If I had a soft phone, I wouldn't be able to use it if my computer crashed. But if my computer crashed, my phone would be the least of my worries since I couldn't manage anything or help anyone without a workstation.

Is anyone else using soft phones, or better question... What are people using for VoIP in small-medium business, for the back end? The last thing I setup and configured was Cisco UCM... Did not like it.

I've tested them both a great deal. The EcoBee definitely gives you more options than the Nest. We went with the Nest this spring. I liked the app interface a bit more. Plus we liked the dial to change the thermostat if we're not using the app and walking by, just a little quicker. We also don't go up stairs so we didn't need extra sensors offered in the EcoBee. Personal preference really.

The EcoBee, for the most part, does everything the Nest does, plus more, for the same price or less depending on your region.

The interface is arguably WAY more intuitive on the EcoBee, and making adjustments when not in the app, to certain settings, is way easier with a touch screen then the rotating dial.

The extras that go with the Nest, like the smoke alarms and so forth, work a bit better than EcoBee offerings, but maybe updates will change that. One thing the EcoBee has that Nest doesn't, are sensors. If you have multiple areas that need to be monitored, you have to buy multiple Nests. There was talk about the Nest Protects (smoke alarm & carbon monoxide) having temp in their motion sensor but it never came around. The motion is simply for disabling the Nest "Away" function when someone moves around in that zone to start circulating air and controlling the temp. Whereas the EcoBee sensors monitor all over the residence for an even temperature on multiple stories. There are pros and cons with each. But knowing you a little, you'd likely be way happier with the EcoBee.

Awesome thermostat.

Built a client a new PC, super clean build. Went with a red/white/black color scheme.

• Intel i7-6700K

• Fractal Design R5 Blackout

• 2TB WD Black

• 256GB Samsung 850 Pro

• MSI R9 390

• 3200MHz 16GB G.Skill Titan

• Asus Z170 Sabertooth

• Corsair RM750x

• Asus optical drive

• Win10 Pro

• Asus 27" IPS display

• Update: They decided they did want to RAID1 their 2TB worth of storage. So that's the next quick upgrade (not charging labor since I should have recommended it to begin with on this build. Plus it only takes 10 minutes).

Minimal glow, so it's not obnoxious but they can still see the pretty stuff, since it's going to be on their desk beside their monitor, I figured I'd show it off...

I've never worked in an environment that had so much dependency on offline files. This place has 110 users, and each of them have a laptop that they take home each night to work on (some don't, but most do). Their documents target in their library shows the network file share, and when they go off the network, offline files kicks in. When they hit the network the next day, or over VPN, their stuff syncs up and all is well.

This works about 99% of the time. Laptop fails, get them a new one, and their stuff gets cached locally by the file server.

That 1% of the time... everything appears to be working correctly, but doesn't sync everything. Laptop fails, and user is super pissed that they don't have everything. Which I see that as being validated because we should be able to hand them a service that protects from that kind of thing.

It's happened twice in the year I've been here, and I cannot confidently say that I trust syncing out to the namespace/file share that we have on-premises. It's gotten to the point that I get hammered on when a user finds out they lost some work.

Not sure what to do on this one, cause users need offline files enabled (because they aren't on the VPN, all the time), but sync isn't 100%.