@EddieJennings said in Use PowerShell to Disable UAC on Windows 10: @Obsolesce said in Use PowerShell to Disable UAC on Windows 10: What special case needs UAC completely off? I'm curious about this as well. Installing malware

@dbeato said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10: @pmoncho said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10: Just wondering - Is anyone seeing a patch for 2019 with a reference to the KB article? Checked yesterday, last night and this morning. No update that I can see. Currently performing the workaround. https://www.catalog.update.microsoft.com/Search.aspx?q=KB4558998 Thanks. Forgot about the update catalog.

@Dashrender said in Windows Domain routing question - dual-nic: Though - if you have a second layer network like this, you'll need to inform your external router on the internal networks and how to route them. Routing to the internet is mostly just a nice to have.

@Grey said in Issues uninstalling Windows Server 2012 R2 Key: You mean sfc /scannow? Or DISM.exe /Online /Cleanup-image /Restorehealth? @op Check your event logs for more information, and try running the commands above. Ran both, so far nothing, but I will run chkdsk tonight to see if that fixes anything. So far I can't find anything in the logs but I'll keep looking.

That's awesome.

@scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @stacksofplates said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @stacksofplates said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @IRJ said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @IRJ said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: Admin roles are also dying with immutable infrastructure and HA. Designing a system that is immutable and highly available isn't expensive or time consuming on the cloud anymore. But someone is still designing the initial system and someone (maybe the same person) is managing it. Yeah so you don't have an admin here as you admit. You have an engineer designing the system and replacing the system if there is issues. It's all design and no maintenance. Maintenance is automated during build. Not in the real world. That's a nice theory, but applies to effectively no one anywhere. In the real world, engineering almost always is a trivial effort that involves almost no time, skill or planning, and all the effort goes into years of administration that deals with that haphazard system. That's completely false. Engineering is almost always a trivial effort...... It's completely true and I've given example after example. In the real world, engineering is generally done without planning or resources and it works enough for people to accept it. Then all the effort is hoisted onto administration. You can argue, but you can't deny that this is what 95%+ of the market does. No you gave an example of FreeNAS and have completely ignored things like SRE where design upfront including architecture, engineering, coffee design, IaC, etc are all roles for the engineer. Immutability is vital and SREs are embedded in specific teams and only supporting that application. Yes, but the difference is my example represents nearly the entire market. I didn't say that there weren't exceptions. But that's what they are. Outside of F500 maybe but outside of F500 you don't normally have systems engineers and systems admins.

@dbeato said in Access Changed Files on VSS Copy on Write Disk Image: @scottalanmiller said in Access Changed Files on VSS Copy on Write Disk Image: @black3dynamite said in Access Changed Files on VSS Copy on Write Disk Image: Mount the disk image on Windows Server instance, from the mounted disk drive, go to Properties and then Previous Versions? That's what I thought. But it just seemed too easy, lol. Lol, anything that appears with Microsoft as easy should work but emphasis on "should" Emphasis with "assume" too. lol

@JasGot said in Cannot RDP through Windows 10 Computer: Great research! Thanks. And now if I can remember this when it happens to us, I'll be all set! It was so annoying to get to the bottom of it...

@IRJ said in New to Windows Active Directory and Group Security Management: Make an AD group called workstation_admins and add that group to local administrators account on each desktop. This group does not need any AD rights and nobody's account should be in there except for IT admin accounts. Even those IT admin accounts should not be used on local desktops to login on a regular basis. Only when elevation is actually needed, and even then you should use run as. I do this - Those who need it have a workstation admin account and a local non admin normal account.

@flaxking said in PowerShell - Using Variables to Delete SMTP Proxy Addresses in AD: if they do not have previous experience with objects Describes me. lol

@Dashrender said in Compare Azure to Windows On Prem for Normal Business Workloads: @Pete-S said in Compare Azure to Windows On Prem for Normal Business Workloads: @scottalanmiller said in Compare Azure to Windows On Prem for Normal Business Workloads: @Dashrender said in Compare Azure to Windows On Prem for Normal Business Workloads: Hosting Costs 1U Colocation America, /24 IP Range Monthly cost: ~$250/month Yearly cost: 12 x 250 = $3000 5 year cost: 5 x $3000 = $15K Last I looked, 1U was more like $225 with that many IPs. And I think typically you'd get fewer for a lot less cost and/or go IPv6. /24 is two IPs per VM. No need to pay for that. Yes, the basic 1U was $100 with two power outlets and then you get four usable IPv4s. A smaller server, say 16c EPYC, 128GB RAM, 2x500GB SSD, would be about $3500 and something even smaller, like a 8c Xeon @ 3.7Ghz, 64GB RAM, 2x500GB SSD around $2K. So you could scale down everything substantially if you wanted. But if all you are doing is running a few very small workloads then a couple of $5 Vultr VM would be cheaper. another factor is - are you running windows VMs, likely always cheaper to have your own hardware, but yeah, the amount of workloads definitely plays a factor here. That's true, Windows workloads make cloud computing harder to justify. Not much, but a little.

@black3dynamite said in Disable update checks in the Nextcloud client (windows): @JaredBusch said in Disable update checks in the Nextcloud client (windows): jsut upgraded a system from 2.5 something. I made sure the key was set first. after the upgrade it is gone. What a pain in the ass. Where did you add the registry key? HKLM\SOFTWARE\Policies\Nextcloud GmbH\Nextcloud? I did not add the second key because that was to prevent user override? My users don't have admin rights so even if they attempted ot override, it would never work.

@IRJ said in Documenting Firewall Exceptions and Rules: @DustinB3403 said in Documenting Firewall Exceptions and Rules: I had to add some rules to a CentOS 8 server because some things stopped working that were previously working. (Not sure why this worked before, but it did) Adding a few rich rules resolved the issue immediately. None of this makes any sense. It's deny all and permit by exception. Why would you do anything else? That's the default, and that's what was working just fine for a long time. Suddenly it began "not working" and needed the exceptions made.

@wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @Obsolesce said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: t only applies the setting when linked to the OU of the user We'll according to that screenshot, it IS a user setting. Yeah. I want all users or a group of users who login to the RD00 server (and only this server) to have this GPP modifying HKCU to apply. Is it even possible? Yes, it's possible. Ensure the GPO is applying to the user. For example, if User1 is in the Company > Users OU, then make sure that GPO is either in Company or Users OU and the Users OU is inheriting the GPO. Verify with RSOP and gpresult that user is getting the policy. I think, but it's been awhile since I did much with AD GP... (like you are in the screenshot) use item-level targeting to the server name. Test it by having one of the in-scope users log on to a difference server, run gpresult and see if it's applying, then try it on the targeted server and see if it applies then.

@black3dynamite said in Remote PowerShell from Fedora to Windows: @stacksofplates said in Remote PowerShell from Fedora to Windows: Sssd works with multiple domains. If sssd is installed will I be able to use -Authentication Kerberos without needing to join to a domain or when accessing Windows machines that isn’t joined to a domain? No it only works for domains.

@wrx7m said in Microsoft Windows Default Permissions for Fixed and External Drives: @black3dynamite said in Microsoft Windows Default Permissions for Fixed and External Drives: And I noticed that they are different on Servers and Desktops I had no idea they would be different. On the server one of the permissions that stands out for me is the CREATOR OWNER (full control / subfolders and files only. From what I can tell, when a user creates a folder on the root drive, that person will be given the permission of full control of that folder only and then CREATOR OWNER on that folder is also added with full control of subfolders and files only. But for the desktop, on the root drive you are not given any full control of that folder.

@thwr said in Disk Manager with No Search in Windows 10: @dbeato said in Disk Manager with No Search in Windows 10: @scottalanmiller said in Disk Manager with No Search in Windows 10: @dbeato said in Disk Manager with No Search in Windows 10: @scottalanmiller said in Disk Manager with No Search in Windows 10: @Obsolesce said in Disk Manager with No Search in Windows 10: @scottalanmiller said in Disk Manager with No Search in Windows 10: So in our situation, we had to open PowerShell and run diskmgmt.msc and it was able to open it. You have to have the full name. This came about because someone installed some "Classic Shell" hijack software that removes all of the Windows Vista and later functionality to find tools. So the system is almost entirely broken. You could also hit the "Windows" key + r, then type that in the run box and hit enter. Only if you have the full name. diskmgmt.msc will work that way, diskmgmt will not. We tried. Correct. I am surprised this became a post. However I understand with the whole classicshell situation. Yeah, like I never have to know the whole name. I figured it was diskmgmt.exe. Nearly every guide only has it without the extension. And I've never had to type it out before. Yeah, most applications for Windows are .msc or .cpl that control things as below: Services - services.msc Programs and Features - appwiz.cpl Disk Managment - diskmgmt.msc Computer Management - compmgmt.msc For Control panel you would open just "control" and that's it so it can be inconsistent. And so forth. I usually just start mmc.exe. Three simple characters to type (or seven), no need to remember names (I used to know them, but...) and access to all mmc's in one place. Well we can do all that, I am just saying after a while regardless of the OS you get to find your own shortcuts. Problem with MMC is that you need to do like 5 mouse clicks to get to something.

@Pete-S said in How does name resolution work in AD?: @Dashrender said in How does name resolution work in AD?: @scottalanmiller said in How does name resolution work in AD?: @Pete-S said in How does name resolution work in AD?: I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers. I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured. This is common in situations where Linux is not given an opportunity to auto-update the DNS entries, no one makes them manually, and they are not joined to AD. Exactly - have you or anyone else added these servers to AD's DNS? They have been added manually. The name of the service is also not the name as the server. So if a webserver is abc001.company.com the name in the DNS that will send you to that server might be logistics.company.com. if you're being sent to logistics, that's the entry that must be in DNS.. you can have as many entries as are needed for a single server. each name is it's own entry.

@dafyre said in How to mount remote filesystem over ssh (both Windows & Linux): @black3dynamite said in How to mount remote filesystem over ssh (both Windows & Linux): @dafyre Installing sshfs and winfsp via choco is older than the ones from GitHub. If you installed them via choco do this to mount at the host root directory or other directories. https://github.com/billziss-gh/sshfs-win/issues/102 Host root directory \\sshfs\[email protected]\..\.. Specific directory like /var/www \\sshfs\[email protected]\..\..\var\www Thanks for the pointer. I did install using choco. I'm able to make it work now. Edit: Just to see if I can, I may go back and do straight installs. As I said above with the latest version I mount the root directory with \\sshfs.r\[email protected] However, if you want to mount another directory like /var/www you have to do: \\sshfs.r\[email protected]\var\www\ The trailing \ is very important! It just doesn't work without it if your path is more than one directory deep. You also need to use backslash and not the forward slash.

@Danp said in Create an Empty SQLite Database on Windows: @scottalanmiller Yes, Windows 10. Odd, didn't work for me.

@black3dynamite said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?: @wrx7m said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?: @black3dynamite said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?: @wrx7m Is that a computer configuration or user configuration policy? Try applying the rules to only non-admins groups. Yeah, it is at the computer level. I would like to do it via user config but I only want them to apply to users on the RD servers. I need to figure out the proper way to structure AD/GPOs to not screw up everything else. I am guessing creating another OU as a sub container and move the RD servers into. Edit: Since it isn't GPP, there isn't any item level targeting, so I can't do it that way. If you can make those changes directly in the registry, maybe can allow you to use GPP and item level targeting. Hmmm. That makes sense. Let me mull it over.