@scottalanmiller said in Centrally Controlled Local Backup System Options:

Basically we need to treat the backups at the customer the same way that we typically do RMM, AntiVirus, Remote Access and other functions. All of the risk already exists from those covering the same bases. They just seem to all lack the ability to kick off and monitor a backup.

This you can do for free:

Have the built-in backup software do a backup, or even the free version of Veeam. You could use a PowerShell script to run a Veeam backup, verify success, send a webhook to an Azure function or Runbook, or an email, to do whatever you want. This specific part of the how isn't the point, as there's tons of ways to do it to fit any requirement.

But after that part, you can schedule an Azure Runbook to run daily or whenever, to check for X, if not X, then it alerts. If X, then sends success message if you prefer. This way, no matter what, even if the on-prem solution totally fails and MS Azure or AWS is still up, you'll get whatever you want to happen still happen.

Example:

1. Built-in backup runs via powershell or bash script.
2. Backup success or fail webhook or email is sent via powershell or bash, or backup software if supported.
3. Depending on method, you have a free serverless script take care of back end processing.
4. Back-end processing can take care of whether or not something happened when it was supposed to, and if so, if it was a success for failure, and respond appropriately, by doing anything you can imagine... send email, write to database that your fancy web GUI can read, write to cloud storage, basically anything.

There you'll have a way to verify backups whether success, failure, or complete failure. You can even automate, via scripting, backup restore testing as well.

If Windows backup, I know you can back up to VHD(x), auto mount, attempt to restore a known file to somewhere, test for that, respond appropriately.

@Dashrender said in Phone solutions - something like Skype/Teams - why/why not?:

@DustinB3403 company (or his last one) uses Skype for most if not all of their users.

Why did they go this route? What did they gain? What did they lose?

I'm looking at a new phone project and I'm wondering if I should consider a Teams solution instead of a typical deskphone solution, though I'd still need many stations to be actual phones as well.

Yealink has some nice phones that integrate Teams nicely. I was checking them out at a MS conference not too long ago.

@G-I-Jones said in inetpub\wwwroot deleted somehow. OWA, ECP tanked.:

@DustinB3403 @Obsolesce I have no experience with that. Is there a built-in feature or would you recommend a 3rd party?

This is built in. It involves two basic steps:

1. Enable the File System auditing in the System Audit Policies in the Local Security Policy.
2. For the Folders you want to audit, enable auditing in the Advanced Security Settings window Auditing tab.

The auditing results are found in your security event log.

I think it's an issue with Intel. Do they have Intel CPUs?

Same thing with Lenovo atm, they said there are (I think) Intel CPU shortages.

@Pete-S said in Can all phones read QR codes natively?:

Can all the phones on the market today read QR codes natively?

With natively I mean just using the standard built-in camera app.

All the more modern phones I assume, or at least the later Samsung phones I know for sure do. But I haven't tried it with ALL phones.

I see them all the time, and I never use QR codes... like ever. Do you want to visit the website listed on the back of your mayonnaise bottle, or a random QR code posted on some poster somewhere? I never do. The last time I used one was strictly out of curiosity of the thing worked or not.

It feels like one of those neat idea services Google would start but nobody wants to use.

Sounds like this place has no company policies or no enforced company policies.

@JaredBusch said in Hypervisors: revisit your choices!:

@Obsolesce said in Hypervisors: revisit your choices!:

Exactly my point.

You obviously cannot comprehend what you read because he was most certaily not agreeing with you or making your point for you.

Because your fucking point was to use VPS. Which has not a damned fucking thing to do with this discussion.

The VPS was definitely NOT the point of anything I said. Not the point at all. I specified the point several times, the VPS part wasn't my point.

I think it's you who fucking needs to fucking comprehend.

@Dashrender said in Why Do People Still Text:

@Obsolesce said in Why Do People Still Text:

And there is no clutter at all. Well, I suppose that depends on how it's managed. If fools set it up and manage it, then yes I can see it won't work well... just like many things, though.

I'm less familiar with Slack, only used it twice for about 1 min total.. but discord - I'm a member of three groups, and each of those groups have like 20 subgroups.. to me that is a bloody mess.

Discord I can say can be a cluster F. If there's a way to rid all the game xrap forced in your face, it'd be so much better.

@scottalanmiller said in Re-evaluating Local Administrative User Rights:

@Obsolesce said in Re-evaluating Local Administrative User Rights:

@scottalanmiller said in Re-evaluating Local Administrative User Rights:

@Obsolesce said in Re-evaluating Local Administrative User Rights:

@scottalanmiller said in Re-evaluating Local Administrative User Rights:

@Dashrender said in Re-evaluating Local Administrative User Rights:

@scottalanmiller said in Re-evaluating Local Administrative User Rights:

@IRJ said in Re-evaluating Local Administrative User Rights:

@Dashrender said in Re-evaluating Local Administrative User Rights:

@scottalanmiller said in Re-evaluating Local Administrative User Rights:

@Dashrender said in Re-evaluating Local Administrative User Rights:

@scottalanmiller said in Re-evaluating Local Administrative User Rights:

@Dashrender said in Re-evaluating Local Administrative User Rights:

@scottalanmiller said in Re-evaluating Local Administrative User Rights:

@Dashrender said in Re-evaluating Local Administrative User Rights:

As for software/viruii that don't require local admin rights, uhuhm - CHROME, rights levels don't matter.

Huh? Chrome isn't a thread because of this.... no admin access whatsoever.

This was an example of software that could be run in user space with zero local admin rights - nothing more. The remainder of that post (or a followup one) pointed out that I don't want to see users able able to execute an executable that wasn't installed by an admin - but I'm not sure that's possible, or really reasonable.

Yes, but it's "run in the user space". Everything works that way. Office suites, you name it. Chrome is just a "portable app".

Yeah, I just don't like the idea of portable apps - as an admin, I'd like to prevent them. Because there is no reason in most businesses that a user would need to run a portable app. If you prevent execution from any user rightable space, you can kill so much of this malware.

That's not a good way to think of it. You should never dislike portable apps, all that means is that they don't require admin privs or need to be installed to run. Installing just means putting it into the system database.

Portable apps have loads and loads of reasons to exist. They are more stable, easier to maintain, avoid DLL hell, etc. They don't link to system resources and so are more resilient to all kinds of problems and tend to work across more OS versions.

Portable apps tend to be bloated, that's pretty much their only negative.

Execution allowances is totally different. Not allowing end users to make or acquire their own tools and run with their own privs is very different than disliking the avoidance of system dependencies in an executable.

You CAN get rid of all of those things mentioned in locally install apps as well.

There is only negatives to locally install apps IMO. Some would argue that it is required for speed, but in reality a properly built SaaS app does not have issues.

He's not intending to argue the "locally" part, but the "installed" part. The context was installed vs portable apps, both local in this case.

I guess what I want is a white list of allowed executable - I don't care if they are portable or not, I care that users shouldn't be able to execute them unless allowed by IT.

Right, that makes sense. DLL linking or database inclusion doesn't really. Portable doesn't imply any additional access from the users.

Just be aware that while listing means no OS level scripting from end users, even of their own making. But that's not necessarily bad.

Scripts shouldn't run unless they are signed and the cert is allowed. That's how we control that.

The problem is... you can't write your own.

Maybe I'm missing your point. So they can't run Vscode and write a script? Or notepad?

They can't write a script, at all. In any way. If only whitelisted things can run, you can't make any of your own automation.

Write or run?

What are potential underlying issues and fixes that you all may have ran into, causing the perceived requirement of local admin privileges?

Quick easy example to make the question clear:

Issue:

• A certain app some people use requires local admin privileges to install.

Fix:

• Make the app available to install via the "Company Portal" or other self-service software install portals.

@scottalanmiller said in Re-evaluating Local Administrative User Rights:

@IRJ said in Re-evaluating Local Administrative User Rights:

What's the advantage of giving users admin rights?

Some applications are really tough to get working without it, and many lose support if you take it away. No legit app, of course, but the bulk of businesses run totally ridiculous applications.

I believe I have heard this may be one of the issues, for some people... however, I'm still not on board for a blanket enablement because of a fringe app or two for less than 0.05% users.

Edit: But again, still evaluating that.

@Dashrender said in Re-evaluating Local Administrative User Rights:

@jmoore said in Re-evaluating Local Administrative User Rights:

I would agree in most situations no user needs to be admin on their own box. I think this is the way to go about things. Of course there are a lot of other factors as others have mentioned. However, if someone at your company tells you to compromise, what about having a seperate admin account that they only use when necessary? Then the rest of the time they use their regular account.

This is exactly what IT and those users should be doing...

It's what I do - I have a user account just like everyone else at my company and a domain admin account for my admin stuff.

I know that since I can easily do much of my work without local admin - no user in my company needs admin (our uses are pretty low - we are a medical company, not a technical one).

Domain admin is a totally separate discussion and nothing to do with this.

@popester said in Quick question: because I think I messed up.:

Do the Name Server records over ride other records like the SOA records? I have changed the name server records for my godaddy domain which makes DNS unmanageable through their interface. I have the records present in on the hosted name server but I am getting no indication that traffic is being redirected. ???!!!

If you changed the name server, you manage the dns records through the nameserver you changed it to. Not godaddy anymore. You will need to change the name servers back to godaddy if you weren't ready for that change.

Mine updated automatically. I just logged in to check, and was already at 5.3.1

@scottalanmiller said in Stuck supporting out-of-date Windows Servers, what options do I have?:

@StorageNinja said in Stuck supporting out-of-date Windows Servers, what options do I have?:

@black3dynamite said in Stuck supporting out-of-date Windows Servers, what options do I have?:

That’s just putting a band-aid on something that you will to have to deal with again.

Time value money. Why not kick the can down the road and invest in an area of the company that actually produces growth instead?

And maybe it will be the next IT's guy's problem down the road!

...if you plan your cards right.

@travisdh1 said in Stuck supporting out-of-date Windows Servers, what options do I have?:

@FATeknollogee said in Stuck supporting out-of-date Windows Servers, what options do I have?:

Not to threadjack...
Now that I've experienced Fedora WS & Server updates, why do/does Windows updates suck so bad?

Microsoft has never been good at upgrades. You'd think they would have it figured out by now, but nope.

I think they are good now and the method works extremely well. Users literally don't have to do anything to stay up to date. For upgrades, it's handled automatically, all the user has to do is schedule it when prompted to by Windows.

Actually, doing nothing on Win10 presently is the a good bet. You'll get updates when needed (avoiding those occasional breaking changes that all OSs get), but not immediately (like you do when you hit the "check for updates" button, which gives you the latest updates, as it should).

It's only when you start doing things "your" way without knowing what you are doing that things go bad, generally.

But then again, I don't know if the context is business or home use. It depends. But if business, you use business-methods of controlling updates, and you avoid all issues anyways... and is also seamless to the user, completely. Which makes both options excellent presently.

@Dashrender said in Does ChromeOS make sense for a desktop?:

I suppose I should give it another try - just so I can say I've touched it.

I found the fact that they give you a desktop, yet you can't put short-cuts on it extremely annoying.

I have no idea how local storage is used/accessed.

I don't use the desktop for shortcuts even on Windows. I don't see why it's needed. It's just a clutter space, it's so much easier to have the shortcuts on the task bar, or start menu... Windows Key + Search works great on Windows and Linux GUI

@scottalanmiller said in Does ChromeOS make sense for a desktop?:

Getting images from your camera, to the OS, and uploaded somewhere

There's the problem. They should be going directly from your camera to the cloud. That's how we do it on our cell phones and had done it on the Sony DSLR.

@scottalanmiller said in Does ChromeOS make sense for a desktop?:

@Obsolesce said in Does ChromeOS make sense for a desktop?:

@scottalanmiller said in Does ChromeOS make sense for a desktop?:

Getting images from your camera, to the OS, and uploaded somewhere

There's the problem. They should be going directly from your camera to the cloud. That's how we do it on our cell phones and had done it on the Sony DSLR.

In theory, but almost no cameras have their own Internet access.

We used a WiFi SD card in the camera that uses your device's wifi to transfer. In our case, it transferred to the phone, and directly to cloud.
I forget what hte card was called, I'll ask my wife in a little while.