@scottalanmiller said in Trying to find a good, on-premises, multi-department help desk application:
@bnrstnr said in Trying to find a good, on-premises, multi-department help desk application:
Looks like Zammad does both SSO and Groups (Departments). I don't use it though, so no experience there...
Zammad is my guess for best option. Not perfect, but probably will do the job.
I'm def going to check it out!
@scottalanmiller said in Looking for some insight/input for setting up a "hot site"/fail-over environment:
@dave247 said in Looking for some insight/input for setting up a "hot site"/fail-over environment:
@wrx7m said in Looking for some insight/input for setting up a "hot site"/fail-over environment:
What type of Windows licensing do you have? Replication can be affected by that.
We have Microsoft Volume Licensing and I haven't looked into weather or not we'd have to purchase "double" or not.. I'm not sure but I thought a backup environment doesn't quite count as production.
You need the second site licensed if it is hot, meaning turned on. You do not need anything if it is cold, meaning powered off. Powered off, it's just a backup that's extremely "ready to go".
I found the info I needed in the Windows Server 2016 Licensing Guide and if I understand it correctly, we would need Software Assurance coverage with our licensing, which we do not have. We purchased licenses only (with necessary CALs).
@scottalanmiller said in Adding LDAP role to domain controller:
AD DS uses LDAP. At its core AD is an LDAP server. LDAP and Kerberos are partners, not competitors. You cant have AD without LDAP.
Yeah see that's what I thought but then when I go into Add Roles and Features, why isn't the LDAP role added?
ok after looking at that screenshot and actually reading it... that is "Active Directory Lightweight Directory Services" which initially sounded like Lightweight Directory Access Protocol to me... but I guess it's not? This guide also had me thinking that was the LDAP role as well: https://docs.microsoft.com/en-us/archive/blogs/microsoftrservertigerteam/step-by-step-guide-to-setup-ldaps-on-windows-server
still reading though...
Hey guys,
I figured I'd post my plan here since I usually get good input that improves my decision making with these sorts of projects.
I have a spare Dell R720 with 8 x 2.5 drive bays. I need about 20TB of storage space (a little less is fine) and I'd like to use enterprise SSD drives for this. I plan to get 6 x 4TB drives in a RAID5 for about 20TB - or some other configuration that yields the same amount of space.
The first place I looked was xbyte.com and then newegg. I'm not 100% sure what drives to use or if it really matters so long as they are "Enterprise SSD" drives, right?
In the past, I usually go through Dell or xbyte to purchase the proper supported hardware for servers (CPUs, RAM, Cards, etc).
Drives I'm looking at now: https://www.newegg.com/p/pl?N=100011695 600415791 601114487 601117981 601325569
I need to purchase two SSL certs for two different sites on the same server. I know how to create a CSR but I was wondering if I create a second CSR for the second cert if that will over-write the first CSR or how all that works... I'm assuming I can create how ever many CSRs I want and they will all be valid/stored in some internal database in IIS but I can't find anything that confirms this.
So is this correct? Can I create multiple CSRs for different SSL certs on the same server? Is there a way to view them aside from looking at the actual exported CSR text file? Even if its just a log that says request # exists...
Not sure how this aspect of it works so any help is appreciated.
anywhoozle the answer is they are stored in the Windows cert store in the MMC snap-in under Certificate Enrollment Requests and I can create as many as needed.
@Pete-S said in Looking for solutions to allow remote users access to their internal psychical computers:
I don't understand how the use of RDP could do anything to cause multiple logins?
If you RDP in to your desktop using the same login as usual then everything is exactly the same as if you're physically there.
Login 1 : User logs into business issued laptop
Login 2 : User connects to company over SSLVPN using domain credentials
Login 3 : User connects to their internal physical PC via RDP using their domain credentials
On top of this, sometimes the company issued laptop is encrypted and they must enter a password (if there's no TPM chip). Then there are usually prompts between the SSLVPN and RDP steps such as SSL cert and other pop-ups. Yes they can check "dont ask again" but this all adds to the chunkiness of everything.
We also had some telephony/call quality issues (that I won't go into) but I will say that I'm just trying to find something that makes the best use of the remote session in terms of data transmission, so like RDP vs ICA or something. I'm not too knowledgeable in this area though.
I wanted to figure out a solution for allowing the users to login to their company issued laptops and then click one or twice and get to their remote desktops as easily and as efficiently as possible.
What kind of license do you have? I just upgraded my environment from 6.5 to 6.7 but I used the custom ESXi images provided by Dell. You will want to do that for your brand of server. Make sure you start by upgrading vCenter to 6.7 first - if you have that.
Not sure if this should be in IT Discussion or IT Business....
I work at a small community bank and have talked to several others in a similar positions as me. One common thing I've noticed is that we all have consistently poor experiences with our core banking vendors, weather its Fiserv, FIS, Finastra, Jack Henry, etc.
What it comes down to is that these are big financial corporations that I feel absorb or consume small community banks and sell them expensive contracts and provide pretty poor levels of product support while continually moving away from the products they sell you. They nickle and dime you for everything and don't seem to really care about providing good long term support. Yes there are occasionally individual employees or technicians that are good people and great at their job, but most the support I talk to do not seem to know whats going on and have to reach out to other people and departments for everything. In our case, it feels like our vendor is too big and spread out/fragmented to really be agile enough to effectively meet our needs as a small community bank. We are just a tiny fish to them. So yeah, the overall experience is that they are just using us as one more "vacuum tube" to suck up money from a small community while doing the bare minimum to hold up their end of the contract.
I was just reading this article which hits home a little bit.
So has anyone here ever worked at or done business with a community bank that actually has consistently good things to say about their core financial vendor? I'm kinda sorta just looking for other companies to suggest we look into at some point..
I just recently found out about BitLocker To Go and encrypting USB drives, so I tried it out on a spare 16GB ADATA drive and it worked well. I just had to start up the BitLocker Drive Encryption service in Windows and then right click and enable it on the drive and set password, etc.
Next, I grabbed a couple brand-new Kingston DataTraveler 100 G3 (32GB) drives and attempted to encrypt those - but to my surprise, it didn't seem to be an option. The Windows 10 BitLocker menu didn't show the USB drive as an option and I didn't have the BitLocker option when right-clicking the USB drive. Strange I thought. So I grabbed a couple more random drives I had laying around and it didn't seem like anything would work with BitLocker.
Finally, I grabbed 2 more additional 16GB ADATA drives and tried those and only one of them showed up in BitLocker and would encrypt.
So now I'm just trying to figure out what the heck is going on. Are there only certain drives that will work with BL? Does the drive need to be normal formatted (not quick format) or anything else? BTW I did try that but it didn't seem to make a difference.
I've tried on 3 different computers running Windows 10 Pro (at work and at home), all connected directly to USB 3 ports on the PC. Doesn't seem to matter.
Any thoughts???
@scottalanmiller said in Net+ Study Help - Subnetting:
@irj said in Net+ Study Help - Subnetting:
@scottalanmiller said in Net+ Study Help - Subnetting:
@itivan80 said in Net+ Study Help - Subnetting:
@scottalanmiller They need to start revising these questions. I mean if they want to get it as close as possible to real life scenarios. Just a thought.
That, too. Like this is not a skill anyone would ever need. Ever.
Especially considering the hundreds of free online calculators. The ones that can do this in their head are network guys from 90s, and the only reason they can do it in their head is because they've worked with it back when there was a lack of technology like VLANs.
Good point. That's so true. Even if you are "good" at this, never ever ever should you try to do it manually. There is zero value to taking that risk.
Yeah, excellent point. I've thought the same. I mean, I get it, they want you to try and get your brain to really understand it but in any real world situation, always use a subnet calculator and double-check it a few times, lol.
@jaredbusch said in Any pfSense users? Are upgrades smooth?:
@dave247 said in Any pfSense users? Are upgrades smooth?:
@jaredbusch said in Any pfSense users? Are upgrades smooth?:
@dave247 said in Any pfSense users? Are upgrades smooth?:
Why don't you do some reading or ask at the pfSense forum?
Obvious troll is obvious. But I will answer anyway.
- No, I will not ask a bunch of tinkerers about a business essential question.
LOL ok. The forum is on netgate's website and the platform is open source so you're going to probably get a mix of knowledgeable people as well as "tinkerers" no matter where you ask. You just have to weed out the responses but I'm sure that's a better place to start than this forum...
I responded to a single thread there.. Yup. useless.
Good lord, LMAO. I'm sorry. I love that you took my advice and went over there only to discover it is indeed absolute stupidity.
Yeah so idk maybe just don't update pfsense for a while? Is there a pressing need to upgrade to the new version? I know its ideal to just have things kept updated and on the latest version but its not worth it when the system updates are such a gamble and there's no real support.
My company has a super old security camera system from like early 2000's. I'm considering purchasing a new system and installing it myself to save us money. Literally anything we could buy (even from Wal-Mart) would be better than what we have. That said, I still want to try and find a nice solid system that has an intelligent and feature-rich user interface and good functionality. I say that because pretty much all the systems I've seen at other jobs have looked and operated like junk.
Basically I need something that would be HD and allow for 25 or more cameras connected via network cable and have a central server that would be located on-prem in the server room.
Any suggestions for where to start looking?
Problem: we have about 10 different shared folders as mapped drives and a handful of simple bat scripts used as AD logon scripts for users. Most users have the same exact list of drives so they all have the same login script referenced in their AD account settings. However, I have a number of users that maybe need just one more or one less of those drives mapped. So my question is is there a more common or simple method to easily map any combination of folders as mapped drives to any combination of users without having to use a separate logon bat script for each? Like I don't want to have a specific bat script for each user's individual combination of mapped drives because then I'd eventually end up with 20+ of them. I also don't want to have some users that get a drive map error because of permissions.
Example of what my logon bat scripts look like:
@ECHO OFF
net use g: /delete /y
net use k: /delete /y
net use l: /delete /y
net use o: /delete /y
net use t: /delete /y
net use g: \\fs1\GeneralShare
net use k: \\fs1\Accounting
net use l: \\fs1\Finance
net use o: \\fs1\Marketing
net use t: \\fs1\IT
Also I understand that its been said not to use mapped drives anymore and instead use UNC share, but I'm not doing that right now. Maybe down the road though.
@gjacobse you could use Notepad++ with the search and replace function. You might have to do a couple of passes but that is how I've stripped things off of multiple lines of text in the past. You'd just replace whatever text you want to remove with whitespace.
@dave247 said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:
@jasgot said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:
@dave247 said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:
The main problem I have run into is sort of a catch-22 in that, while remote, the user can't login until the VPN client has started and the user can't start the VPN client until they are logged in (duh). That means, an employee would take the laptop home and try to sign in with their domain user account but not be able to since the domain would be unreachable until the VPN gets connected.
I use this exact same setup for all of our clients. It works perfectly.
Tell me. When you start up the Laptop, and once you press <CTRL>-<ALT>-<DEL> to login, BUT BEFORE you authenticate, do you see the extra icon in the lower right corner?
And do you see this NetExtender logon when you click it?
It will bring you here next. Building the VPN BEFORE authenticating to the domain.
This should all work for you without any issues.
Woah! I'm glad I posted here.. I completely missed that for some reason!!!! Its working now as intended... DUDE THANK YOU. You just saved me so much trouble. I owe ya
@pete-s said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:
@dave247 Can you use 2FA on the VPN connection when doing it like that? Otherwise that would be a major concern.
Another issue with forced VPN is that if your VPN is down then the users can't login at all and can't work. That's a lot of eggs in the same basket. Does your company have HA firewalls, redundant internet, redundant power etc?
Otherwise using the cached domain password the users could login locally. Then they would be able to use their computers with local files and software and also have access to online resources such as M365 and whatever else you use.
Yes, the Sonicwall supports TOPT codes on the connection, thankfully. The VPN connection wouldn't be forced, though users would obviously need a continuous VPN connection to use apps on the local network. We do also have O365 so they aren't dead in the water if the VPN went down for some reason. Yes, I have redundant firewalls, Internet and power, etc. I have as much redundancy and failover as possible/makes sense to. Internet goes down maybe twice a year since I've been there (5+ years) so it's not really a concern at all. Honestly, this is probably the best setup currently for us in our current state.
@JasGot pretty much helped me the most here to solve my problem, which was just something simple I had overlooked.
/thread
