ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    1. Home
    2. Tags
    3. dashrender
    Log in to post
    • All categories
    • Dashrender

      Weird DNS resolution issue
      IT Discussion • dns dashrender • • Dashrender

      15
      0
      Votes
      15
      Posts
      71
      Views

      Dashrender

      @scottalanmiller said in Weird DNS resolution issue:

      @Dashrender said in Weird DNS resolution issue:

      I suppose it's possible that would have resolved this specific issue as the router would have been the only device making connections to the external DNS... but then again - it could have caused all machines to go without DNS when the upstream server stopped responding...

      Not very likely. Plausible, but not likely enough to avoid it.

      sure - but then again, I've never seen this situation before either - so I would have previously called it unlikely.

    • Dashrender

      Migrating to xxxxx
      IT Discussion • migrate dashrender • • Dashrender

      21
      1
      Votes
      21
      Posts
      418
      Views

      Dashrender

      @scottalanmiller said in Migrating to xxxxx:

      I have a similar situation. There's no more panic. Just "let me do my job and get on with it." People sometimes see that as not taking it seriously when really, I'm just that much more on top of things.

      I've definitely walked into a few crisis that way with my old boss. Actually those were the best of work conditions - the confidence to just roll up the sleeves and get shit done. If only more of my life was like that.

    • Dashrender

      Locking down vendors
      IT Discussion • dashrender remote access • • Dashrender

      22
      0
      Votes
      22
      Posts
      383
      Views

      Dashrender

      @jaredbusch said in Locking down vendors:

      @scottalanmiller said in Locking down vendors:

      @dashrender said in Locking down vendors:

      They MIGHT have an internal team for this, but since we have our own IT department, my management has decide to take the costs internal versus paying the new vendor to set up remote access for themselves.

      That doesn't really make sense as this is all questions about THEIR IT. All your team can do is get in the way 😉

      Right, I have no idea WTF you think you are doing here @Dashrender.

      The most you should do is setup a VLAN or actual separate LAN with no access to your network. The other company can deal with putting something on this shit old device that reaches to their support infrastructure.

      No one on there side has even breathed a word about something like that.

      As I previously mentioned - the old HVAC vendor did all of their own management - I only provided them an internet connection, they managed everything else.
      I can see the advantages of that - time to toss this at the new vendor similarly.

    • Dashrender

      Windows send only specific domains to proxy?
      IT Discussion • dashrender proxy • • Dashrender

      8
      0
      Votes
      8
      Posts
      167
      Views

      scottalanmiller

      @dashrender said in Windows send only specific domains to proxy?:

      @scottalanmiller said in Windows send only specific domains to proxy?:

      Easiest thing is to override DNS for that domain and point to the proxy. Then the proxy can point on to whatever is real.

      How do you propose doing that? remember these are laptops to be used from anywhere, I won't be able to control DNS in most places.

      Are you suggesting putting an entry in hosts?

      But an EASIER answer, I think, is to make your own CNAME.

    • Dashrender

      appear to come from an IP
      IT Discussion • dashrender • • Dashrender

      42
      0
      Votes
      42
      Posts
      446
      Views

      Dashrender

      Well - this vendor has called me back this morning (last bit of information was passed from the owner from a conversation they had with the vendor).

      The vendor knows we are looking for remote access - specifically so we can run reports from home.

      rep said - oh, you need that OK sure, fine - give me the user and their home IP and I'll get that added.

      me - uh - home ISPs change IPs, sometimes daily - how are we supposed to keep you updated?

      rep - oh - they'll have to give us the new IP so we can add it

      me - /sigh - does your system support dynamic DNS based OK I screwed up - I should have just asked - Can you put an internet resolvable host name in your list instead of an IP?

      rep - oh yeah I know what DDNS is

      me - ok do you support it?

      rep - well if you're attaching to your server using some type of VPN

      me - no, that's not what DDNS is, I explain DDNS

      rep - oh, I don't know if our system supports hostnames

      me - can you check?

      rep - sure

      click

      Of course this kinda flies in the face of the licensing issue the owner was told, but there's still hope - though very very little.

    • Dashrender

      Looking for a remote access solution
      IT Discussion • dashrender remote access • • Dashrender

      22
      0
      Votes
      22
      Posts
      492
      Views

      scottalanmiller

      @dashrender said in Looking for a remote access solution:

      @scottalanmiller said in Looking for a remote access solution:

      @jaredbusch said in Looking for a remote access solution:

      @dashrender said in Looking for a remote access solution:

      @jaredbusch said in Looking for a remote access solution:

      Put zerotier on the box in the DC and the user's box. restrict it to only RDP.

      Done.

      I really like this - sadly - our insurance policy requires MFA for remote access. I'll have to see if ZT has anything for that.

      Then put the 2fa on the Windows RDP login with a service like Duo.
      https://duo.com/docs/rdp
      https://duo.com/editions-and-pricing/duo-free

      Just use ZT to lower (all but remove) the attack surface.

      That would get them up to 3FA (which isn't a bad thing) assuming ZT isn't somehow tied to some other authentication mechanism.

      As it's been AGES since I've used ZT - can you make the user have to log into it each time they launch it? If yes - and it's logon isn't associated with AD (as you mentioned) then OK - I see how you consider ZT and RDP MFA.

      The user can be forced to start or stop the process. The fact that it uses a key (something you have) owned by the user makes it MFA regardless of if they automate the login or force it to be manual.

      Don't try to compare it to Duo or something like that which uses "something you have" to generate "something you know." Compare it to a security USB stick like YubiKey. It's a direct "something you have" 2FA in that sense.

    • openit

      Offsite backup and CentOS Upstream - looking for suggestions.
      IT Discussion • scottalanmiller dashrender dustinb centos offsite backups • • openit

      3
      0
      Votes
      3
      Posts
      181
      Views

      JaredBusch

      @openit said in Offsite backup and CentOS Upstream - looking for suggestions.:

      CentOS Upstream: Isn't okay for Production Servers anymore?

      I assume you mean CentOS Stream?

      Honestly it is a more viable solution for a Linux server than CentOS ever was as it is no longer so out dated.

      But, I would give the entire RHEL ecosystem a wide berth at this point.

    • Dashrender

      MS Office documents bring print settings to different computer
      IT Discussion • word ms office excel dashrender • • Dashrender

      9
      0
      Votes
      9
      Posts
      234
      Views

      siringo

      This problem sounds familiar.
      It's not a normal.dot type problem is it? Where the originator used normal.dot as their doc tempate, saved it as .dot again and it's screwing up everyone's normal.dot that reads / alters the document.

    • Dashrender

      Laptops versus desktops and roaming users
      IT Discussion • dashrender roaming • • Dashrender

      52
      0
      Votes
      52
      Posts
      358
      Views

      Dashrender

      @scottalanmiller said in Laptops versus desktops and roaming users:

      @irj said in Laptops versus desktops and roaming users:

      @obsolesce said in Laptops versus desktops and roaming users:

      I've not worked in hospitals but can image them with different needs and device purposes.

      I worked for an 18k employee hospital system. All the support staff (IT, administration, etc) had laptops. The hospitals themselves used desktops as shared stations, but even administrators (or anyone with an office who didn't use shared computer) at hospital locations used laptops.

      I work with doctors and we see desktops over laptops. Lots of laptops, to be sure. But desktops remain common that we see. Even in current green field deployments.

      Oh - for the doctors themselves - absolutely, in general it seems they don't want to carry anything around with them, so that leaves desktops as the primary interface for them.

      In hospitals in-patient care I generally still desktops also generally with swipe care access, at least on in room computers.

    • Dashrender

      Who do you call for IT assistance
      IT Discussion • dashrender support • • Dashrender

      79
      1
      Votes
      79
      Posts
      566
      Views

      scottalanmiller

      @rjt said in Who do you call for IT assistance:

      @scottalanmiller As someone who has had to deal with vendor supplied hardware and software for a medical practice, I have come to firmly believe vendors are the enemy, a $very $very $expensive enemy.

      Yup. In some cases, a true enemy. In others, just on the other side of the chess board. It's not always malicious, normally it is not. But their interest are very, very different than ours and their financial responsibilities oppose ours. So they are stuck either being ethical to their employers, or ethical to the people they are paid to convince to do things not in their interest.

      If they are true to their employer, they can be ethical across the board. If they try to be good for the customer, they have to be unethical to their employer. A nonsensical situation.

    • Dashrender

      script to download and extract MicroSip portable
      IT Discussion • dashrender scripts • • Dashrender

      15
      0
      Votes
      15
      Posts
      349
      Views

      Dashrender

      @jaredbusch said in script to download and extract MicroSip portable:

      @dashrender chocolatey can easily run as non-admin. The question is whether or not the application installs can handle that. Of course your centralized scrips for keeping things up-to-date would not get that use your space one you have to have a script to keep the user space chocolatey package up-to-date also

      Yeah, I'll have to look at it - but only after someone else actually picks ownership of the package back up. The current maintainer has stated he's no longer maintaining it.

    • Dashrender

      M365 Migration - helpful scripts
      IT Discussion • m365 exchange script dashrender • • Dashrender

      8
      1
      Votes
      8
      Posts
      245
      Views

      JaredBusch

      @dashrender said in M365 Migration - helpful scripts:

      @jaredbusch said in M365 Migration - helpful scripts:

      @dashrender said in M365 Migration - helpful scripts:

      @jaredbusch said in M365 Migration - helpful scripts:

      @dashrender You used $group but did not define it in your first example.

      it's not defined on purpose - several of these have undefined, it's expected that you will define/replace them yourself.

      That is a very poor guide. You posted a script. I expect to copy and paste it and see something work.

      Jared is right to a point.

      I've now gone back and added variables to all of my scripts making it easier for someone using these to see that they need to enter their own information into the variables to make it work.
      I could take it a step further and prompt for that data - but one thing at a time.

      1ac5e2e9-a96b-4311-b299-0cd34fcc7b14-image.png

    • Dashrender

      Exchange script to find and remove permissions
      IT Discussion • exchange permissions dashrender • • Dashrender

      1
      1
      Votes
      1
      Posts
      138
      Views

      No one has replied

    • Dashrender

      hot potato workers
      IT Discussion • dashrender mobile • • Dashrender

      72
      0
      Votes
      72
      Posts
      825
      Views

      Dashrender

      @siringo said in hot potato workers:

      I was thinking about this last night. Is there anything you could do with QR codes or similar. Issue a card per device. They swipe/flash the card to log on and the same to log off.

      you know of a windows solution that does that? I don't, though I've never looked for one either.

    • Dashrender

      iPad 2 - are they still considered secure?
      IT Discussion • ipad 2 dashrender • • Dashrender

      13
      2
      Votes
      13
      Posts
      339
      Views

      scottalanmiller

      @dashrender said in iPad 2 - are they still considered secure?:

      @scottalanmiller said in iPad 2 - are they still considered secure?:

      @dashrender said in iPad 2 - are they still considered secure?:

      I'm primarily asking in regards to HIPAA.

      More importantly than "is it secure" would be "does it meet HIPAA requirements?"

      In both cases, the answer is "no". It is a HIPAA violation to use one for PHI.

      Well, people are now making excuses - the data collected on them isn't PHI therefore we don't need to worry about it. /sigh.

      Then the answer is simple... in no way, in no universe, does using an iPad 2 constitute defensible due diligence. No semi-reasonable court would look on that as anything but an intentional lack of effort at the cost of customer data being put at risk.

    • Dashrender

      Digital sign boards
      IT Discussion • dashrender digital signage • • Dashrender

      27
      1
      Votes
      27
      Posts
      703
      Views

      JaredBusch

      @dustinb3403 said in Digital sign boards:

      Again, RP and screenly.io/ose

      Literally 15 minutes and done for a single screen.

      only support the 3.
      3c94e740-8619-4553-8593-24e78efa3da8-image.png

    • openit

      Microsoft 365 group Mailbox Full -How Backup and Delete emails to free up space?
      IT Discussion • jared busch scottalanmiller coliver dashrender • • openit

      7
      0
      Votes
      7
      Posts
      1587
      Views

      dbeato

      @openit said in Microsoft 365 group Mailbox Full -How Backup and Delete emails to free up space?:

      @dbeato said in Microsoft 365 group Mailbox Full -How Backup and Delete emails to free up space?:

      1- It only deletes the individual message they received.
      2- The only tool is to do a E-discovery search for email sent to this Group and then exporting that to a PST.
      3- Yes, 50 GB is the maximum storage for an Office 365 Business Basic and Standard
      https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#mailbox-storage-limits
      You might want to setup an archiving addon for that mailbox or bump the license to E3 so they get 100 GB of Mailbox storage and then archiving is included as well.
      4- YOu can setup a retention policy that deletes all items that is 2 years old and then apply to the mailbox and force the Retention Policy to apply then it will take a day or so but it will run faster.
      https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide

      https://docs.microsoft.com/en-us/powershell/module/exchange/start-managedfolderassistant?view=exchange-ps (To force the retention policy)

      Not sure if you misunderstood. I got confirmed that deleting any emails on Group Mailbox won't any member's mailbox items. Yes, did it that way, went well. Yeah, not an option for me now. Seems nice and faster action, than PowerShell commands Microsoft guys running.

      I wrote the answer 1 in a confusing way. The emails don't get deleted from each user mailbox that received it so no issue there.

    • openit

      System Admin - checklist for Don'ts and Important points please!
      IT Discussion • scottalanmiller dashrender jared busch dustinb • • openit

      36
      0
      Votes
      36
      Posts
      741
      Views

      openit

      @IRJ said in System Admin - checklist for Don'ts and Important points please!:

      @gjacobse said in System Admin - checklist for Don'ts and Important points please!:

      @Pete-S said in System Admin - checklist for Don'ts and Important points please!:

      Maybe I'm alone but on the top of my list:

      Only use Microsoft as a last resort when all other options have been explored. If you get paid by the hour disregard #1.

      Option 1. - What do you say / do when the Owner specifically states, Windows Only environment. NIX and Apply need not apply -

      Look for another job

      Lol 🙂

    • Dashrender

      Softphones - complaints
      IT Discussion • freepbx linphone softphone codex dashrender • • Dashrender

      43
      0
      Votes
      43
      Posts
      619
      Views

      scottalanmiller

      @jt1001001 said in Softphones - complaints:

      Ask your users if their kids use Steam. Most of my home users have older "kids" I tell them to have their kids stop there Steam games. The users are like what's that?? But as soon as steam is stopped their perfomance comes right back to nominal.

      It would be them downloading more games, most likely.

    • Dashrender

      MFA - who pays for authentication solution?
      IT Discussion • mfa dashrender • • Dashrender

      27
      2
      Votes
      27
      Posts
      759
      Views

      Dashrender

      @Obsolesce said in MFA - who pays for authentication solution?:

      @JaredBusch said in MFA - who pays for authentication solution?:

      @Dashrender said in MFA - who pays for authentication solution?:

      @stacksofplates said in MFA - who pays for authentication solution?:

      @Dashrender said in MFA - who pays for authentication solution?:

      @stacksofplates said in MFA - who pays for authentication solution?:

      @Dashrender said in MFA - who pays for authentication solution?:

      @IRJ said in MFA - who pays for authentication solution?:

      Why not just supply hardware tokens? They are not that expensive.

      for multiple sites? Just what everyone wants, a pocket full of tokens.

      EHR
      email
      2nd EHR
      3rd EHR
      4th EHR
      5th EHR

      it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

      This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

      yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

      I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

      As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

      Interesting.. thanks.

      It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine.

      Exactly. Anything that says it uses Google Authenticator, can also use MS Authenticator. Same standards as JB said.

      That part I know, but Symantec VIP uses their own what they call credential IDs, it's not a generic number like GA or MS auth uses... but I'll have to dig into it to see if it's cross compatible.