@Pete-S said in SmarterASP.Net - Ransomware Encrypted:

@PhlipElder said in SmarterASP.Net - Ransomware Encrypted:

Those in it for the money are after the low hanging fruit. The easy cool seven figure hit.

Yes, but the lowest hanging fruit has already been picked. Ransomware before 2017 was directed to consumers. Nowadays it's enterprises, government, health care etc that are attacked. What used to be the work of hobbyists have now turned into organized crime for the pros.

There is even RaaS, ransomware as a service. Sophisticated ransomware is developed and then sold as a service to criminals that pay with a percentage of the income. A win-win situation so to speak...

At this point we might as well just throw in the towel eh? 😛

15e84ef1-d057-4aa7-936c-0514976f7866-image.png

Credit: https://www.malware-traffic-analysis.net

User training. Patching ... and ?

@scottalanmiller

Did you ever solve this problem? Just wondering what you solution was if you did.

@JaredBusch said in ConnectWise Zero Day?:

Bad documentation and stupid users.

ScreenConnect has never needed more than ports 8040 and 8041 opened.

The article is talking about ConnectWise Automate

@travisdh1

yh all works just the import/export thing is not 100% if you have 2 awx instances

@rhya said in alternative way to copy stuff with read access:

I am using fedora 22.

Fedora 31 is current. F22 is insanely ancient.

Thanks

@scottalanmiller
Just found this thread. I love AquaMail. Been using it for years. It's worthy of mention!

Not sure anyone mentioned HostiFi. You can get a free account for a single site.

https://hostifi.net

@Dashrender said in Folder Redirection - GPO - W7 to W10:

@PhlipElder said in Folder Redirection - GPO - W7 to W10:

@Joel said in Folder Redirection - GPO - W7 to W10:

@Dashrender Always giving me sound advice. Thanks Dash. I actually figured this out whilst on site earlier today and just saw your responses.
Adding the computers into the security group we had for FolderRedirection and forcing a GPO update did the trick. Cheers

It's better to place the GPO on the User side not the Computer side. Any membership changes are instant not waiting for the 90 minute refresh threshold for Computer policies.

I use both. Some items are machine dependent some are user.

For user endpoints we only use User based policies. It's a lot easier to manage especially if changes need to be made. Log off, log on. Done.

I've seen issues with search for the last week or so. A few people here have been unable to search public folders or their inboxes on and off. Supposedly resolved. We'll see...

@hubtechagain said in Need a Nextcloud Guru:

this is a paying gig.

@JaredBusch

@brandon220 said in how does this work? Modems/IPs/PCI Scans:

@JaredBusch example also is great for home use if you have IoT devices. I have an ERL behind a cable modem and this keeps everything I want separated from my normal LAN.

That is a good way to practice this for business use

@Dashrender said in Netgear Insight Managed Switches:

@pmoncho said in Netgear Insight Managed Switches:

@Dashrender said in Netgear Insight Managed Switches:

For $100, yeah I'd just do it. Otherwise you're looking at 2-4 (or so) 1 Gb/s teamed connections....

Exactly. I was thinking something similar also.

I don't need HA but am looking for a little more speed and more simple setup going forward. One cable vs 2-3 (tiny, tiny part of larger plan), consolidating hosts (soon), creating midday backup plan without penalizing daily workers, plus other changes I am contemplating for the future.

I do want to put the available budget to the best use to get the best value, plus a small morsel for the future too.

yeah, really it does come down to more than just this single port for this server -

Do you need two connections in case one fails? Do you need two switches in the backplane in case one fails? How many other SPF+ ports do you need?

We don't know how many ports you need where.

I try to keep things simple but not any simpler as the phrase goes.

We are an SMB with about 30 users and about 25 external clients that use our servers.
I don't have a need for multiple connections to multiple switches. I do have two separate racks though.

One two post rack that holds Patch Panels for PC's and phones, Switches for phones (on a separate network), switch for pc's/printers and main router.

Second rack has all servers (4 total), two NAS's (old and new), SSL-VPN, switch for servers (currently connected via SPF+ to pc/printer switch)

I was thinking, three SPF+ for three vMware Hosts (one is backup server) and one SPF+ over to 2nd switch for PC's and Printers.

I don't NEED SPF+ just like I don't NEED SSD's in the new server (purchasing soon) but if the extra cost is small why not spend it and be done while also keeping things a little more simple.
Extra $150 for 10Gb simplifies two or three 1Gb connection. Extra $200 for two SSD's in RAID 1 vs 6 10K SAS in RAID 10.

We keep our equipment around a long time, especially servers (7 years with Dell's warranty). This, IMHO, helps me get the value out of the extra money spent.

This is an ERL with a bridge.

The site is a home office. The site needed exactly 1 ethernet port (desk phone) and 1 ethernet port (wireless AP).

The user had no desire for extra devices to be plugged in to fail. This is a good use case for a bridged port. Also speed is not an issue on site, the limitations of the bridge are not slowing the user's speed.

That said, this was also put in place before the ER-X existed. Today I would use an ER-X for this. There is not good use case for a bridge on a router now.

jbusch@fsl-fl# show interfaces bridge br0 { address 10.202.199.1/24 aging 300 bridged-conntrack disable description LAN firewall { in { name LAN_IN } local { name LAN_LOCAL } } hello-time 2 max-age 20 priority 0 promiscuous enable stp false } ethernet eth0 { bridge-group { bridge br0 } duplex auto speed auto } ethernet eth1 { bridge-group { bridge br0 } duplex auto speed auto } ethernet eth2 { address dhcp description WAN dhcp-options { default-route update default-route-distance 210 name-server no-update } duplex auto firewall { in { name WAN_IN } local { name WAN_LOCAL } } speed auto } loopback lo { }

@Dashrender said in UniFi AP XG - Anyone running one yet?:

@MattSpeller said in UniFi AP XG - Anyone running one yet?:

@coliver anyone published an eta on that? I don't have to make a move on this for a year

Then why even talk about it now? Tech moves so fast who knows what could change?

That's not true. Infrastructure hardware is years in development.

@Dashrender said in Remove-Item cannot remove crap in Documents folder:

@Obsolesce said in Remove-Item cannot remove crap in Documents folder:

@Dashrender said in Remove-Item cannot remove crap in Documents folder:

@Obsolesce said in Remove-Item cannot remove crap in Documents folder:

@JaredBusch
I had a little bit of fun... whether useful to you or not.

You can run this script as a regular user that has permissions to create and run scheduled tasks and create a file in specified directory.

This will create a powershell script, and a scheduled tasks to run the script as the SYSTEM account. Then it will delete the script and the scheduled task.

I could test most of it, but not some of it for obvious reasons.

<#---- CHANGE THESE VARS: ----#> # Users to exclude from profile manipulation script, separated by pipe: $excludedKnownUsers = "Administrator|SpecialUser1" # New Script: $newLocalScriptPath = "$ENV:SystemDrive\scripts" $newLocalScriptFile = "testScript.ps1" # SID ending: (likely 21 if domain users) $sidEnd = 21 # Scheduled Task Name: $TaskName = "_Test Task 1" # Scheduled Task Description: $Description = "This is a test scheduled task that runs as the SYSTEM account and will be ran and then deleted at the end of this script." <#-------- END CHANGE --------#> # New Script: $newLocalScript = "$newLocalScriptPath\$newLocalScriptFile" # Gethers list of user profile paths: $userPaths = Get-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*" -ErrorAction SilentlyContinue | Where-Object {($_.PSChildName -split '-')[3] -eq $sidEnd -and ($_.ProfileImagePath -split "\\")[2] -notmatch $excludedKnownUsers} # Creates a 'script in memory': $testScript = $null foreach ($userPath in $userPaths.ProfileImagePath) { $testScript += "Remove-Item -Path "$userPath\Documents" -Force -Recurse`n" $testScript += "New-Item -ItemType Junction -Path $userPath -Name 'Documents' -Target '$userPath\Nextcloud\Documents' -Force`n" } # Create a PowerShell script and save it as specified in vars: if (-not(Test-Path $newLocalScript)) {New-Item -Force $newLocalScript} $testScript | Out-File $newLocalScript -NoNewline -Force # Task Action: $Action = New-ScheduledTaskAction -Execute "powershell.exe" -Argument "-ExecutionPolicy Bypass -File $newLocalScript" # Task Trigger: (task will be manually run immediately and then deleted, so keep 1 year out) $Trigger = New-ScheduledTaskTrigger -Once -At (Get-Date).AddYears(1) # Task Compatibility: $Compatibility = "Win8" # 'Win8' is 'Windows 10' in the GUI # Task Settings: $Settings = New-ScheduledTaskSettingsSet -Compatibility $Compatibility -StartWhenAvailable -AllowStartIfOnBatteries # Run task as local SYSTEM account with highest privileges: $Principal = New-ScheduledTaskPrincipal -UserId 'S-1-5-18' -RunLevel Highest # Create the scheduled task: Register-ScheduledTask -TaskName $TaskName -Description $Description -Action $Action -Trigger $Trigger -Settings $Settings -Principal $Principal -Force <#--------------------------#> # Run the scheduled task: Get-ScheduledTask -TaskName $TaskName | Start-ScheduledTask # Remove the created script: Remove-Item $newLocalScript -Force # Delete the scheduled task: Get-ScheduledTask -TaskName $TaskName | Unregister-ScheduledTask -Confirm:$false

This seems like a HUGE security problem - normal users can schedule a task to run as SYSTEM? Then any virus could do the same thing. So what am I missing?

I assume regular user would need elevated privileges at least... But I didn't test as a non-local admin, which is different than elevated privileges. But either way, that script can be automated and run as a user in the local admin group too with successful results.

I think your script affects every user on the machine - assuming that's Ok for the envivronment - yep, have the local admin run it - and done.

Yeah I designed it like that on purpose, because if users are using the device, whether it's one or 10 (unlikely), IMO they should all be redirected. But that can be changed no problem. But at least if it's one main person using it, it'll hit that one. If others do, they can be excluded. But you can always get the current signed on user and use that as in JB's original script, or in an automated way using other means I could add in if needed.

@Pete-S said in PoE issues with Unifi switch:

@marcinozga
Have you measured if there is any power on those ports?

From what I could find from UBNT materials:

24VDC Passive PoE (Pins 4, 5+; 7, 8-)

I didn't, but I don't have to, all devices are powering on just fine with unshielded cables. The most bizarre thing is that cables from switch to patch panel are unshielded already, it's cable between panel and couplers. And I don't think I mentioned it before, but initially there was a shelf on the wall and all cables were plugged in directly into switch, with same end result. I'm strongly leaning to the fact that shield on all cables are connected with unifi switch or patch panel, and that's the root cause of the problem. Otherwise why would everything have worked on 5xp switch (isolated ports) or when cables going to patch panel are unshielded.

@wrx7m said in Fedora - Automating Config File Modifications:

Without using a CM tool, what is the easiest way to automate modifications to several config files across 7-8 servers? I was looking at sed, but am not sure if there is a better tool that isn't a CM.

More specifically, I have several Fedora servers running squid proxy. From time to time, I need to modify the config file to whitelist a particular domain. Because I will soon have a few more servers, I would like to automate these type of file updates so I don't have to manually go into each server's config and copy and paste stuff in to certain sections; some information is specific to a particular server, where as this section would be universally necessary on all servers. So, I would be inserting lines in specific sections.

I intend to move to some sort of CM for this stuff in the future, but I need to get these going sooner than I could learn the CM tool.

Sync with a s3 bucket hourly. Then you only need to update on s3

East DC was less affected by this. The West DC had way more issues.

@marcinozga said in Massive Searchable Document/File Repository:

Actually, MayanEDMS might be what you're looking for. It does OCR and indexing. I have a running instance, but I haven't used it at all yet.

This looks interesting. I wonder how well it can catalog other digital assets (images, video, etc)