@Obsolesce said in MFA - who pays for authentication solution?: @JaredBusch said in MFA - who pays for authentication solution?: @Dashrender said in MFA - who pays for authentication solution?: @stacksofplates said in MFA - who pays for authentication solution?: @Dashrender said in MFA - who pays for authentication solution?: @stacksofplates said in MFA - who pays for authentication solution?: @Dashrender said in MFA - who pays for authentication solution?: @IRJ said in MFA - who pays for authentication solution?: Why not just supply hardware tokens? They are not that expensive. for multiple sites? Just what everyone wants, a pocket full of tokens. EHR email 2nd EHR 3rd EHR 4th EHR 5th EHR it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20. This is a joke right? You can use a token across multiple sites. Especially Yubikeys. yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame! I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys. As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that. Interesting.. thanks. It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine. Exactly. Anything that says it uses Google Authenticator, can also use MS Authenticator. Same standards as JB said. That part I know, but Symantec VIP uses their own what they call credential IDs, it's not a generic number like GA or MS auth uses... but I'll have to dig into it to see if it's cross compatible.

@Dashrender said in Weird thing on O365 account: @Kelly said in Weird thing on O365 account: @Dashrender said in Weird thing on O365 account: Alright, the user has confirmed that she made changes yesterday, and those change could associate with GMT based time. Anyone know if the logs are only/mainly in GMT? Almost all O365 logs are UTC 0 regardless of the timezone of the server or requestor. yeah, OK that makes the time line up for when the user added the rules, I'm just curious why it took MS 6 hours to send the noticed of alert? They batch some of their processes, so it may have had to wait for the group to run rather than being on demand/occurrence.

This HIPAA compliance service directly recommends never storing your PHI/PCI data in Excel specifically because it is so easy to have it accidentally be the cause of a breach. https://pcihipaa.com/how-to-protect-your-practice-from-common-hipaa-violations-and-fines/ "A Credit Card Data Breach: Every practice handles patient credit card information. A Payment Card Industry (PCI) violation can also end up being a reportable breach under HIPAA. Securing and properly handling credit card data is imperative. Don’t store any credit card information in QuickBooks, Excel or any other software. Also make sure you are PCI certified and using EMV devices to limit chargeback liabilities." They only mention the PCI piece, because it is so much less of a concern, storing health data in there would be so much worse.

@Ylian Any thoughts on why my system is demanding having the "cert": line added? I did do a startup based on the install instructions node ./node_modules/meshcentral --cert example.servername.com Does that put the hostname somewhere other than the config.json?

@Obsolesce said in Better computer for brownfield situation: @Dashrender You can look into Azure File Shares https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows Cool thanks - I'll take a look! It definitely seems more normal fileshare like than SP - though SP can be webdav mapped as well. Though - I'm curious where you'd see OD4B failing if the users are mainly using it as read-only?

Off top I can think of a few options to help remove the dependence of Excel. This is a short list. Microsoft Power Apps Google App maker Quickbase Zoho Creator

@IRJ said in Email investigation - have we been hacked?: @Dashrender said in Email investigation - have we been hacked?: one of the addresses is for an @ameritrade.com address, but only for one person. I have yet to find any connection via google searches between this person and ameritrade.... so I'm not sure why this was tried? Thoughts? You dont have that data either, right? What do you mean?

@JaredBusch said in Taking over IT for a small business: @scottalanmiller said in Taking over IT for a small business: @JaredBusch said in Taking over IT for a small business: @scottalanmiller said in Taking over IT for a small business: @Dashrender said in Taking over IT for a small business: LOL - If I were the boss, I could do that. She has already ordered me to remove her from the monthly updates - so I have to nag her to do those manually, they can't be pushed to her via WSUS, because of reboots. Make sure you have a "get it in writing to remove HIPAA requirement automation." OH, good one.. She's breaking HIPAA by not being updated. Over a certain time frame, yeah. That's going to be the big motivation here. Maybe he should even go to the owners and say "as you title me an IT decision maker, I meed a sign off to allow disregarding the law and a statement that I'm not allowed to follow HIPAA against my requirements, knowledge, and recommendations." Don't argue it, just make them state that they've accepted responsibility by demanding he not follow HIPAA. But since automatic is disabled, he has no insight to know the time frame is being kept. So yeah. Right, even if she promises to do it as HIPAA requires, he needs to be indemnified from that.

@Dashrender said in Hyper-V 2019 on a domain: @PhlipElder said in Hyper-V 2019 on a domain: All of the above and more but done in PowerShell on our KB site. New-NetLbfoTeam -Name vSwitch -TeamMembers * Nice Thanks I've posted that before.

@DustinB3403 said in Server license or VDI (or possibly desktop with Desktop Windows OS)?: @pchiodo said in Server license or VDI (or possibly desktop with Desktop Windows OS)?: Probably do not need a server license. Most of these type of apps can be run in Client/Server mode on a desktop so I think you would be fine. Bigger question is how many people are going to use the app? Just one? then a desktop or a VDI would be fine. If there is more than 5 accessing then I would move to a 3 tier with a VM using Windows Server. The number of users is actually irrelevant. What matters is the number of concurrent connections and the type of content being hosted. This would fall outside of what MS has allowed in the Desktop licensing. Depends on the mode... number via SMB, doesn't matter. Number by RDP matters.

@scottalanmiller said in Fedora install weirdness: Ah, if DHCP was giving different IP addresses. that makes sense. It has to. Because the installer uses the MAC address. But Fedora uses the Machine ID for DHCP identification.

Spybot has a tool just for blocking telemetry stuff called Anti Beacon. I just set it it "full" and leave it be. Portable version available too. https://download.spybot.info/AntiBeacon/SpybotAntiBeacon-3.1-setup.exe

@wrx7m said in Windows 10 goes to sleep outside listed sleep times: @Dashrender said in Windows 10 goes to sleep outside listed sleep times: @wrx7m said in Windows 10 goes to sleep outside listed sleep times: @Dashrender said in Windows 10 goes to sleep outside listed sleep times: @wrx7m said in Windows 10 goes to sleep outside listed sleep times: Trying to find the console lock display timeout settings for the GPO. Doesn't exist as far as I can tell. I guess I will just have to modify the reg and manually make the change. I had to make reg changes via GPO for mine.. it was pretty easy. Now, if I could figure out which registry setting is to set the "Console lock display off timeout" option to 0, I could just do a single step using a reg GPO. You could also do a logon script that runs the powercfg line I think I am just going to use PDQ Deploy for the powercfg command and set the command to run during the initial deployment phase. It should only need to be run once. I'd be worried that future major updates (the twice yearly thing) might reset it... so finding a way to keep it (stateful) would be good.

@dashrender said in Finding hidden files on Windows: @jackcpickup said in Finding hidden files on Windows: WizTree will always be more accurate than those 2 due to how it discovers files, I can't remember enough to explain. It's also incredible quick at scanning compared to those 2 so always my preferred. You can say that again.. I've never heard of it before.. Now to burn it into my memory. I need to write the author and ask them to post it to Chocolatey. Good idea.

@dashrender said in What exactly imaging software, any open source or free options ?: @dustinb3403 said in What exactly imaging software, any open source or free options ?: To throw a wrench into this conversation. UrBackup is a backup solution that can be run constantly and allows you to restore the backup or any part of it to different hardware. So while it falls in the "Backup" category it also blurs the lines a bit. Most modern backup solutions can do this. Yup, imaging is the process of recreating replicas which are the most common foundation of modern backups.

I can confirm that RDP works again.

@tim_g said in Why restart works ? Technical reason ?: @jaredbusch said in Why restart works ? Technical reason ?: @tim_g said in Why restart works ? Technical reason ?: @jaredbusch said in Why restart works ? Technical reason ?: @tim_g said in Why restart works ? Technical reason ?: @tim_g said in Why restart works ? Technical reason ?: @eddiejennings said in Why restart works ? Technical reason ?: I'll often have users do a restart, but if the issue is recurring, then I'll take the time to try to find the root cause. We do a minimum of forced weekly reboot of computers with updates, regardless of whether or not updates are installed. It's been helping a LOT, and is a free way to fix or prevent many issues that waste time and effort from nobody rebooting. There are (as always) some exceptions. I did this years ago. And no exceptions. The owner buys in to it or he doesn't. The reduction of support costs is always the winning decision. Yes, from the perspective of a company using service provider. But I get paid hourly, so from this companies perspective, it costs the same regardless. No it does not. Because you are wasting time (money) doing tasks that are not needed if you would have the reboots scheduled. It may be the same to your paycheck, but it is not the same to the company. That is always the point of people trying to justify their jobs. Or of the SMB owner thinking he is saving money by using internal staff of lower skill. Yeah, but there are exceptions... not my decision, not my argument. of course, if the decision is out of your hands, absolutely that's not on you - just like Mike Davis spending 4 hrs working on a PC issue and costing more than the value of the PC - because the decision maker told them to.

I also recommend developing the site on pantheon and then moving it to your server. It's much easier to develop there.

@MattSpeller said in USB tracking sheet: @Dashrender @JaredBusch you two are adorable Dude it is 2017. Don't point at them.