@gjacobse said in Parental Control options: AD, LDAP, piHole, Other:

Was asks recently about what options he could look at to try to keep his kids on task with the up coming school year and the high likelihood of having to contin he with non-traditional instruction, ie: classes at home.

His first though was of course some kind of Domain; costly and hardly worth setting up for a maximum of five computers.

Another option that came up was LDAP - which I will admit I dont have much experience with.

And then there is piHole, knowing that this is a great tool to blacklist ads, and harmful sights, but could likely be a simple solution.

He’s recently admitted that one of the kids has managed to hack a cell phone to by-pass some or many of the parental settings that had been set.

Costs are of course a factor ,...

We have a domain here at home. But then, I'm in the industry. 😉

We also have a SonicWALL TZ300 set up with security and site monitoring.

DC DNS is set to check OpenDNS (we have a subscription). Root Hints are disabled.

DC provides DNS for the home network. Firewall is set to allow TCP/UDP 53 from the DC only (this is default for client setups anyway).

This catches about 90% of everything that could possible. OpenDNS helps with the search stuff too. It filters out stuff they should be seeing.

We have Microsoft Family set up on all of the kid's machines.

NOTE: Tech companies have deemed themselves owners of our kids. How? When the kid turns 13 they can turn off monitoring. I was right p*ssed off when I figured that out as I wasn't getting parental reports for my eldest son. That changed RPQ.

Use Microsoft Parental Monitoring on all Windows devices. It is helpful though not perfect. We schedule device usage time.

RULE: No. Devices. In. The. Bedroom. PERIOD
RULE: All device work must be done such that the screens face public.
RULE: Devices are Tools not Toys (No gaming here. Go outside, Build something, Clean something)

Note: We home school. Our main goal was, and is, to give our kids the best d*mned education that we can versus the cookie cutter factory schools that teach closet Marxism/Socialism here. Eldest daughter is an amazing artist at 16, 13yo son is into REVIT, Fusion 360, SolidWorks, stress engineering and more, while our youngest just is. They are turning out great.

There you go
http://nitindupare.blogspot.com/2012/08/uninstall-kms-host.html

@JaredBusch said in Vyos Configure DHCP Server:

@EddieJennings his second error is related to DNS.

This is a working DNS setup.

set service dns forwarding cache-size 150 set service dns forwarding listen-on eth7 set service dns forwarding listen-on eth7.2 set service dns forwarding name-server 1.1.1.1 set service dns forwarding name-server 8.8.8.8 set service dns forwarding options server=/domain.local/10.202.0.21 set service dns forwarding options server=/domain/10.202.0.21

Correct. I gambled from his title the immediate interest was DHCP. I lost. 🙂

@AshKetchum said in Dish Network Alternative:

So our Dish network is down and not sure when it will go back. We are outside US, our TV system diagram is like this --- DISH > Encoder (HDMI to IP) > Enseo System/IP network > STB > TV. SInce our source channel Dish is down, can i use roku as source channel? is there a roku channel that continuously going to play movies?

We cut the cord over a decade ago.

Just drop it.

Cache a set of Blu-Ray movies and series that are worth watching.

Put the money saved away.

Take a vacation with it.

@scottalanmiller said in Blocking spoofed emails O365:

https://support.knowbe4.com/hc/en-us/articles/212679977-Domain-Spoof-Prevention-in-Exchange-2013-2016-Office-365

Actually that might work. If the sender is outside the organization and the sender address includes our domain, just put in junk. I'll test this out tonight and see if it works right. Thanks!

@BraswellJay said in FreePBX conference scheduling ...:

With the FreePBX implementation the same PIN is set for every call that occurs on a particular conference bridge which would seem to be a security concern.

That's the same as the others, they are just changing it automatically in between meetings. You'd have to do the same thing... either manually or through automation. It's the lack of pre-existing automation that makes it tough.

@scottalanmiller said in Recover Deleted Items in Outlook:

If there is a way to know this, it would be from the email system, not from Outlook, and would be dependent on what the email system is and how it logs and so forth. But since emails in folders is ephemeral (they can move around all the time) it's a complicated thing to answer regardless.

Indeed. I always forget people attach outlook to non exchange servers.

@Markferron said in NGINX config issues:

@EddieJennings said in NGINX config issues:

I want to make sure I understand the problem. When you request http://my.testingtesting.com you receive a 301 redirect https://1.2.3.4 ?

...You know what. I think I have bigger problems. My machine off campus all of a sudden cannot ping the FQDN. When I remote into campus and ping the website I get the public IP address. Ugh, well I guess ignore this, maybe it'll straighten itself out once I fix this issue.

Use DNS to test what the FQDN is pointing to. Pings are always by IP, so if it doesn't work then it is the wrong IP.

@Dashrender said in Windows Domain routing question - dual-nic:

Though - if you have a second layer network like this, you'll need to inform your external router on the internal networks and how to route them.

Routing to the internet is mostly just a nice to have.

This is how drive testing is such a deep topic. You need to try and match the load, and consider all the things. CrystalDisk does not do that.

You can set up some really good tests with iometer. (I think that's waht it's called, i can't remember now it's been a long time and can't look it up atm)

@Dashrender said in Exchange Online ActiveSync Organization Setting Effect:

So you have to then manually approve them?

You can create rules that would allow devices and such, but, for right now, On-High wants everything quarantined and then manually approved. So specific to your question: "yes"

@brandon220 said in Show Active Users in NextCloud:

Mine is on 18.0.5 via the stable channel and shows there is an update to 18.0.6
Capture.PNG

I ended up with two systems that will not upgrade path 17 all the rest of them are upgraded 18 on the stable channel

@JaredBusch

Nevermind - never knew that was an option

@IRJ

based on this value, the rule worked

<if_matched_sid>31101</if_matched_sid>

<!-- Local rules -->
<!-- Modify it at your will. -->
<!-- Copyright (C) 2015-2020, Wazuh Inc. -->
<!-- Example -->
<!-- ################################### -->
<!-- # NMAP Detection Rule # -->
<!-- ################################### -->
<group name="NMAP_Security_Correlations,">
<rule id="100100" level="10">
<if_matched_sid>31101</if_matched_sid>
<match>Nmap Scripting Engine</match>
<description>NMap Scripting Engine Detected</description>
<location>/var/log/apache2/access.log</location>
</rule>
</group>

0245-web_rules.xml

I examined and combined but I did not understand the logic

9cff8a60-526c-41c4-8594-c6b35d178f29-image.png

@scottalanmiller said in how to disassemble Canon MF644?:

@AshKetchum said in how to disassemble Canon MF644?:

@scottalanmiller lol, nice one.

For real. 🙂

Same.

@Super-Sundae : Can you run Sysinternal's RegMon and patch another machine with InTune? That way you can capture the changes.
Perhaps running SysMon at the same time in case it makes changes to file permissions would help..

If you can find out what the policy changes then you should be able to revert on both machines. Hopefully 🙂

@jt1001001 said in "Microsoft print to PDF" feature in windows 10 not showing drivers when activated:

Sadly latest version of Foxit free (10) got rid of their PDF printer, so Its win10 or Adobe now (haven't checked other PDF utilities)

Boo 😞

@scottalanmiller said in How to monitor switch ports via The Dude Monitoring?:

@Grey said in How to monitor switch ports via The Dude Monitoring?:

OP wants to see what ports are going offline. My Ubiquiti system tells me that. It is a Software Defined Network (SDN). Do you see where I'm going with this? Did you look at the mp4 that I linked?

Ah, but it's that it is Ubiquiti, not SDN, that does that. It's that he would want a monitored system like Ubiquiti. ZeroTier is a more traditional SDN and would not in any way do what he wants. SDN is a red herring here. It's Ubiquiti itself that is what matters.

I suppose that's true. There are different levels of a software defined network and a ZeroTier or Silver Peak would be at a level that's too high to see ports, while a smaller Ubiquiti system definitely looks at ports. I think Meraki hardware & software shows the same thing, and I know they really defined the SDN space for site management. By definition, however, they're all SDNs. The days of using a command line to add a switch, define a vlan, or extend your footprint in to a new building are done, except for troubleshooting.