@scottalanmiller said in Container core technology?:

@pete-s said in Container core technology?:

So whatever container solution you run, the core technology is the same.

It varies a lot. Docker is a super lean container tech, meant to run a process and its tightly coupled processes. But LXC includes the entire operating system sans kernel. So if you are using LXC containers, you can run Ubuntu on Fedora, Fedora on CentOS, CentOS on Ubuntu, Alpine on Ubuntu, CentOS on CentOS... the sky is the limit as long as they are okay sharing the same kernel compilation settings and version.

You can run an init process in an OCI container. It's assumed you pretty much won't but it is possible. It's helpful for testing some things and makes it work similarly to something like LXC/LXD.

@dbeato said in I've been asked to set up MFA on internal computers and servers:

@scottalanmiller said in I've been asked to set up MFA on internal computers and servers:

@notverypunny said in I've been asked to set up MFA on internal computers and servers:

@dave247 said in I've been asked to set up MFA on internal computers and servers:

@notverypunny said in I've been asked to set up MFA on internal computers and servers:

@dbeato said in I've been asked to set up MFA on internal computers and servers:

@dave247 said in I've been asked to set up MFA on internal computers and servers:

@notverypunny said in I've been asked to set up MFA on internal computers and servers:

As far as the internet connectivity issues are concerned, AuthLite has 0 dependencies apart from AD. It can also integrate with NPS / RADIUS + AD to provide MFA to just about anything that can use RADIUS.

It's also per-user perpetual licensing 🙂

oh nice, I will check that out immediately. I was looking at Duo too (of course) so I wonder how that compares. I like the idea that it has no other dependencies than AD - that's perfect for our current environment.

Yeah, DUO has dependencies with their service and if the computer doesn't have internet it has the option to let you login without a prompt so that happens. Not sure if AuthLite does the same.

Authlite has support for offline logins (meaning if the machine can't talk to a DC), it just requires the installation of their client on the workstation / server / endpoint in question. You can also require / enforce 2FA on your endpoints.

Here's a thread where one of the authlite guys gives a quick comparison of AuthLite vs Duo.
https://www.reddit.com/r/sysadmin/comments/ct9m31/duo_vs_authlite_for_ad_mfa/

Duo seems to be the easiest and I've been playing with it with the tiral. Its super easy to configure it so without Internet or Duo service connectivity, MFA is bypassed. So in the event we have an Internet outage (happens 2-3 times a year here), users will still be able to get into their computers.

OK.... but then the only thing that you have to do to bypass the security is pull the network cable, right? Unless there's some other requirement it seems like a massive security hole.

I guess "knowing to unplug the cable" is the second factor? 😉

Also you can disable that setting and it won't let you login at all in Duo.

My main problem with this is that we lose internet connectivity a few times per year and people won't be happy if they can't get into their computers. We have limited providers in our small and rural area. I would do offline codes but apparently that is per/pc and we have quite a bit of computer sharing, which would essentially mean people would have to deal with the offline registration pop-up on every pc and/or have an offline MFA added to the app for multiple computers. If I find a good way around this in time, I will disable MFA bypass when offline.

@irj said in Does Mesh Central support blanking remote screen:

@krzykat said in Does Mesh Central support blanking remote screen:

@dustinb3403 said in Does Mesh Central support blanking remote screen:

With another product I had a customer complain because we had to jump into a server because of performance issues, and they could graph that we too access the active console of the server (all virtual). And thought it was a security risk because we could potentially see confidential data.

Of course we are the domain administrator as well so...

Then their option is to hire their own onsite personnel that handle the same tasks, won't be as qualified and cost them more money. If you don't trust your IT team ... well time to move on. I don't want any clients that don't trust us.

Insider threat is the number one threat.

Yup, although even MSP support is still "insider" when used in that context. But it is true, employees of the primary company are a bigger threat than insiders of a secondary.

@dashrender said in Slow "internet" customer says...:

have you actually loaded a single AP with 2-300 devices?

Yes. It works just fine because that is the spec it was built to handle.

@rjt said in Who do you call for IT assistance:

@scottalanmiller As someone who has had to deal with vendor supplied hardware and software for a medical practice, I have come to firmly believe vendors are the enemy, a $very $very $expensive enemy.

Yup. In some cases, a true enemy. In others, just on the other side of the chess board. It's not always malicious, normally it is not. But their interest are very, very different than ours and their financial responsibilities oppose ours. So they are stuck either being ethical to their employers, or ethical to the people they are paid to convince to do things not in their interest.

If they are true to their employer, they can be ethical across the board. If they try to be good for the customer, they have to be unethical to their employer. A nonsensical situation.

@danp said in Why We Recommend Against OpenFiler:

@scottalanmiller said in Why We Recommend Against OpenFiler:

I saw it mentioned in another ancient threat.

freudian slip? 😉

LOL, indeed.

Why WSUS and not Windows Update for Business? It's so much better.

@srsmith said in Dynamics 365 issue - no idea how to fix:

Finally have a temporary solution for this issue. The MSP has put a temporary workflow in place that can be manually run on one or more work orders to generate the documents and attach them as notes to the record. Not ideal, but it works for now and surely beats having to manually create the documents by copying / pasting the data.

@travisdh1 said in Dynamics 365 issue - no idea how to fix:

have them open a ticket with Microsoft

Thanks again for the suggestion - since the MSP has determined that this issue isn't caused by our environment, user permissions, or templates, they did precisely that. Now we wait to see if this is a issue with an update or from something else going on...

Good luck! Microsoft "support" is always a pain with a go-between stuck in the process.

@scottalanmiller said in Laptops versus desktops and roaming users:

@irj said in Laptops versus desktops and roaming users:

@obsolesce said in Laptops versus desktops and roaming users:

I've not worked in hospitals but can image them with different needs and device purposes.

I worked for an 18k employee hospital system. All the support staff (IT, administration, etc) had laptops. The hospitals themselves used desktops as shared stations, but even administrators (or anyone with an office who didn't use shared computer) at hospital locations used laptops.

I work with doctors and we see desktops over laptops. Lots of laptops, to be sure. But desktops remain common that we see. Even in current green field deployments.

Oh - for the doctors themselves - absolutely, in general it seems they don't want to carry anything around with them, so that leaves desktops as the primary interface for them.

In hospitals in-patient care I generally still desktops also generally with swipe care access, at least on in room computers.

@abnerh69 THANKS!!!

@jaredbusch said in Need to split this string in PHP:

This:
https://github.com/sorvani/freepbx-helper-scripts/commit/23ef9bd7aca3d791217aab86ddd53b30d7838563

And yes @Pete-S or @JasGot whichever one of you always yells at me to not use " I know I need to clean that code up more 🙂

@dafyre said in AD/AAD and VPN integration:

I can't quote much on the VPN side of things, but we use MFA here for nearly everything now.

Duo Security (duo.com) is great. You can use hardware keys or the app on your phone, and it's quick and easy enough to manage.

Edit: Even our VPN now requires MFA, lol.

Not everything supports Duo, though, such as WHfB unless you go through another IDP that does support it.

@pete-s said in What am I doing wrong with ffmpeg:

Can you have both ass and srt in the same container and have it working?

Yes, it works perfectly.

Edit: To be more precise, using the "working" multi-step process above, the mux that adds the ass files shows this. So it seems to be converting it. But I can also force it to srt, and various examples from search results show people mixing srt and ass with no issues.
22ae3aa3-bb02-4ce3-adf5-69ce98c14049-image.png

found and am starting here:
https://techwizard.cloud/2020/11/10/powershell-tip-office-365-invoke-re-register-mfa/

@obsolesce said in Is it authentication?? Slow response.:

@siringo watch resource monitor, resmon.exe, when during the delay of opening an app seemingly caused solely by connecting to the wifi network.

For paint.exe to open instantly prior to wifi connection, then slowly after, and instantly off wifi... seems like you'll notice something in resmon somewhere. Maybe A/V or something. Look at everything even the network and possible new tcp connections when you open paint.

I've got some time to look at this today, thanks.

@wrcombs said in How to view .TGZ files?:

I can view all the files from the tgz file after extracting to tar files. but can't actually open or read the files inside of there.. The issue with this is when they send me logs, the logs are also in TGZ files..

I figured it out -
I have to open the archive in 7zip -after extracting, then use notepad++ to open the file, and it is readable in English to me.

@wrcombs - Or drag and drop the PDF file to the local computer and print it locally.

@gjacobse said in Does a script imply Automation?:

@stacksofplates said in Does a script imply Automation?:

What reasons are cited when they fight you on this? This should have been scripted years ago.

Can I buy you a beer, or case,.. or....

There is such a push for 'security' over anything else that it's Not allowed to the point of when onboarding someone, things are missed (or worse; added and not needed) so you have to retouch an account more than once.

I've mentioned it since day one, made suggestions, and even found one that would cover most anything needed... It would only need to be adjusted to this environment...

It's always 'blocked' or ignored or what ever. Powershell Remote execution - even if signed - is turned off. To perform a task needed by a process we are starting (MS AutoPilot) PS is needed - by design.... So, I have to run it - one damn line at a time,.. and circumvent policies and such just to do the tasks needed. It's so seriously ridiculous to need and be told to perform a task - and can't because of the aire of security.....

Find somewhere where you want to work. Life is too short to put up with places like that.

K3B was my go-to app back in the day and it looks like it's still somewhat actively maintained