@dashrender said in iPad 2 - are they still considered secure?:

Would you consider this a secure device today?

They are pretty shiny and slippery, so I doubt they are secure enough to ensure an unbalanced table leg doesn't slip off of it.

@dustinb3403 said in Digital sign boards:

Again, RP and screenly.io/ose

Literally 15 minutes and done for a single screen.

only support the 3.
3c94e740-8619-4553-8593-24e78efa3da8-image.png

@openit said in Microsoft 365 group Mailbox Full -How Backup and Delete emails to free up space?:

@dbeato said in Microsoft 365 group Mailbox Full -How Backup and Delete emails to free up space?:

1- It only deletes the individual message they received.
2- The only tool is to do a E-discovery search for email sent to this Group and then exporting that to a PST.
3- Yes, 50 GB is the maximum storage for an Office 365 Business Basic and Standard
https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-limits#mailbox-storage-limits
You might want to setup an archiving addon for that mailbox or bump the license to E3 so they get 100 GB of Mailbox storage and then archiving is included as well.
4- YOu can setup a retention policy that deletes all items that is 2 years old and then apply to the mailbox and force the Retention Policy to apply then it will take a day or so but it will run faster.
https://docs.microsoft.com/en-us/microsoft-365/compliance/set-up-an-archive-and-deletion-policy-for-mailboxes?view=o365-worldwide

https://docs.microsoft.com/en-us/powershell/module/exchange/start-managedfolderassistant?view=exchange-ps (To force the retention policy)

Not sure if you misunderstood. I got confirmed that deleting any emails on Group Mailbox won't any member's mailbox items. Yes, did it that way, went well. Yeah, not an option for me now. Seems nice and faster action, than PowerShell commands Microsoft guys running.

I wrote the answer 1 in a confusing way. The emails don't get deleted from each user mailbox that received it so no issue there.

@IRJ said in System Admin - checklist for Don'ts and Important points please!:

@gjacobse said in System Admin - checklist for Don'ts and Important points please!:

@Pete-S said in System Admin - checklist for Don'ts and Important points please!:

Maybe I'm alone but on the top of my list:

Only use Microsoft as a last resort when all other options have been explored. If you get paid by the hour disregard #1.

Option 1. - What do you say / do when the Owner specifically states, Windows Only environment. NIX and Apply need not apply -

Look for another job

Lol :)

@jt1001001 said in Softphones - complaints:

Ask your users if their kids use Steam. Most of my home users have older "kids" I tell them to have their kids stop there Steam games. The users are like what's that?? But as soon as steam is stopped their perfomance comes right back to nominal.

It would be them downloading more games, most likely.

@Obsolesce said in MFA - who pays for authentication solution?:

@JaredBusch said in MFA - who pays for authentication solution?:

@Dashrender said in MFA - who pays for authentication solution?:

@stacksofplates said in MFA - who pays for authentication solution?:

@Dashrender said in MFA - who pays for authentication solution?:

@stacksofplates said in MFA - who pays for authentication solution?:

@Dashrender said in MFA - who pays for authentication solution?:

@IRJ said in MFA - who pays for authentication solution?:

Why not just supply hardware tokens? They are not that expensive.

for multiple sites? Just what everyone wants, a pocket full of tokens.

EHR
email
2nd EHR
3rd EHR
4th EHR
5th EHR

it's PHI so I could easily see insurance companies at some point also requiring it, so that could be another 20.

This is a joke right? You can use a token across multiple sites. Especially Yubikeys.

yeah I know you can with something like a Yubikey - but that assumes that the site supports Yubikeys -and our EHR only supports Symantec VIP tokens - super lame!

I'd argue it might work anyway. Yubikeys support up to 31 or so OATH-TOTP codes (like an RSA token or Google auth app type token). It also supports any number of u2f applications and two slots for TOTP/HOTP, hmac-SHA1, and GPG keys.

As long as the VIP tokens use some standard for the way it generates the TOTP token you can scan it/enter it with the Yubikey Authenticator app and have it manage that.

Interesting.. thanks.

It is the same for using Authy instead of Google Authenticator. A lot of sites only say Google Authenticator, but they all use standards, thus Authy works just fine.

Exactly. Anything that says it uses Google Authenticator, can also use MS Authenticator. Same standards as JB said.

That part I know, but Symantec VIP uses their own what they call credential IDs, it's not a generic number like GA or MS auth uses... but I'll have to dig into it to see if it's cross compatible.

@Dashrender said in Weird thing on O365 account:

@Kelly said in Weird thing on O365 account:

@Dashrender said in Weird thing on O365 account:

Alright, the user has confirmed that she made changes yesterday, and those change could associate with GMT based time.

Anyone know if the logs are only/mainly in GMT?

Almost all O365 logs are UTC 0 regardless of the timezone of the server or requestor.

yeah, OK that makes the time line up for when the user added the rules, I'm just curious why it took MS 6 hours to send the noticed of alert?

They batch some of their processes, so it may have had to wait for the group to run rather than being on demand/occurrence.

This HIPAA compliance service directly recommends never storing your PHI/PCI data in Excel specifically because it is so easy to have it accidentally be the cause of a breach.

https://pcihipaa.com/how-to-protect-your-practice-from-common-hipaa-violations-and-fines/

"A Credit Card Data Breach: Every practice handles patient credit card information. A Payment Card Industry (PCI) violation can also end up being a reportable breach under HIPAA. Securing and properly handling credit card data is imperative. Don’t store any credit card information in QuickBooks, Excel or any other software. Also make sure you are PCI certified and using EMV devices to limit chargeback liabilities." They only mention the PCI piece, because it is so much less of a concern, storing health data in there would be so much worse.

@Ylian
Any thoughts on why my system is demanding having the "cert": line added?

I did do a startup based on the install instructions

node ./node_modules/meshcentral --cert example.servername.com

Does that put the hostname somewhere other than the config.json?

@Obsolesce said in Better computer for brownfield situation:

@Dashrender

You can look into Azure File Shares
https://docs.microsoft.com/en-us/azure/storage/files/storage-how-to-use-files-windows

Cool thanks - I'll take a look!
It definitely seems more normal fileshare like than SP - though SP can be webdav mapped as well.

Though - I'm curious where you'd see OD4B failing if the users are mainly using it as read-only?

Off top I can think of a few options to help remove the dependence of Excel. This is a short list.

Microsoft Power Apps
Google App maker
Quickbase
Zoho Creator

@IRJ said in Email investigation - have we been hacked?:

@Dashrender said in Email investigation - have we been hacked?:

one of the addresses is for an @ameritrade.com address, but only for one person. I have yet to find any connection via google searches between this person and ameritrade.... so I'm not sure why this was tried?

Thoughts?

You dont have that data either, right?

What do you mean?

@JaredBusch said in Taking over IT for a small business:

@scottalanmiller said in Taking over IT for a small business:

@JaredBusch said in Taking over IT for a small business:

@scottalanmiller said in Taking over IT for a small business:

@Dashrender said in Taking over IT for a small business:

LOL - If I were the boss, I could do that. She has already ordered me to remove her from the monthly updates - so I have to nag her to do those manually, they can't be pushed to her via WSUS, because of reboots.

Make sure you have a "get it in writing to remove HIPAA requirement automation."

OH, good one.. She's breaking HIPAA by not being updated.

Over a certain time frame, yeah. :) That's going to be the big motivation here. Maybe he should even go to the owners and say "as you title me an IT decision maker, I meed a sign off to allow disregarding the law and a statement that I'm not allowed to follow HIPAA against my requirements, knowledge, and recommendations." Don't argue it, just make them state that they've accepted responsibility by demanding he not follow HIPAA.

But since automatic is disabled, he has no insight to know the time frame is being kept. So yeah.

Right, even if she promises to do it as HIPAA requires, he needs to be indemnified from that.

@Dashrender said in Hyper-V 2019 on a domain:

@PhlipElder said in Hyper-V 2019 on a domain:

All of the above and more but done in PowerShell on our KB site.

New-NetLbfoTeam -Name vSwitch -TeamMembers *

Nice

Thanks

I've posted that before.

@DustinB3403 said in Server license or VDI (or possibly desktop with Desktop Windows OS)?:

@pchiodo said in Server license or VDI (or possibly desktop with Desktop Windows OS)?:

Probably do not need a server license. Most of these type of apps can be run in Client/Server mode on a desktop so I think you would be fine. Bigger question is how many people are going to use the app? Just one? then a desktop or a VDI would be fine. If there is more than 5 accessing then I would move to a 3 tier with a VM using Windows Server.

The number of users is actually irrelevant. What matters is the number of concurrent connections and the type of content being hosted.

This would fall outside of what MS has allowed in the Desktop licensing.

Depends on the mode... number via SMB, doesn't matter. Number by RDP matters.

@scottalanmiller said in Fedora install weirdness:

Ah, if DHCP was giving different IP addresses. that makes sense.

It has to. Because the installer uses the MAC address. But Fedora uses the Machine ID for DHCP identification.

Spybot has a tool just for blocking telemetry stuff called Anti Beacon. I just set it it "full" and leave it be. Portable version available too.

https://download.spybot.info/AntiBeacon/SpybotAntiBeacon-3.1-setup.exe

@wrx7m said in Windows 10 goes to sleep outside listed sleep times:

@Dashrender said in Windows 10 goes to sleep outside listed sleep times:

@wrx7m said in Windows 10 goes to sleep outside listed sleep times:

@Dashrender said in Windows 10 goes to sleep outside listed sleep times:

@wrx7m said in Windows 10 goes to sleep outside listed sleep times:

Trying to find the console lock display timeout settings for the GPO. Doesn't exist as far as I can tell. I guess I will just have to modify the reg and manually make the change.

I had to make reg changes via GPO for mine.. it was pretty easy.

Now, if I could figure out which registry setting is to set the "Console lock display off timeout" option to 0, I could just do a single step using a reg GPO.

You could also do a logon script that runs the powercfg line

I think I am just going to use PDQ Deploy for the powercfg command and set the command to run during the initial deployment phase. It should only need to be run once.

I'd be worried that future major updates (the twice yearly thing) might reset it... so finding a way to keep it (stateful) would be good.

@dashrender said in Finding hidden files on Windows:

@jackcpickup said in Finding hidden files on Windows:

WizTree will always be more accurate than those 2 due to how it discovers files, I can't remember enough to explain. It's also incredible quick at scanning compared to those 2 so always my preferred.

You can say that again.. I've never heard of it before.. Now to burn it into my memory.

I need to write the author and ask them to post it to Chocolatey.

Good idea.

@dashrender said in What exactly imaging software, any open source or free options ?:

@dustinb3403 said in What exactly imaging software, any open source or free options ?:

To throw a wrench into this conversation.

UrBackup is a backup solution that can be run constantly and allows you to restore the backup or any part of it to different hardware.

So while it falls in the "Backup" category it also blurs the lines a bit.

Most modern backup solutions can do this.

Yup, imaging is the process of recreating replicas which are the most common foundation of modern backups.