@IRJ said in Documenting Firewall Exceptions and Rules: @DustinB3403 said in Documenting Firewall Exceptions and Rules: I had to add some rules to a CentOS 8 server because some things stopped working that were previously working. (Not sure why this worked before, but it did) Adding a few rich rules resolved the issue immediately. None of this makes any sense. It's deny all and permit by exception. Why would you do anything else? That's the default, and that's what was working just fine for a long time. Suddenly it began "not working" and needed the exceptions made.

@wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @Obsolesce said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: t only applies the setting when linked to the OU of the user We'll according to that screenshot, it IS a user setting. Yeah. I want all users or a group of users who login to the RD00 server (and only this server) to have this GPP modifying HKCU to apply. Is it even possible? Yes, it's possible. Ensure the GPO is applying to the user. For example, if User1 is in the Company > Users OU, then make sure that GPO is either in Company or Users OU and the Users OU is inheriting the GPO. Verify with RSOP and gpresult that user is getting the policy. I think, but it's been awhile since I did much with AD GP... (like you are in the screenshot) use item-level targeting to the server name. Test it by having one of the in-scope users log on to a difference server, run gpresult and see if it's applying, then try it on the targeted server and see if it applies then.

@black3dynamite said in Remote PowerShell from Fedora to Windows: @stacksofplates said in Remote PowerShell from Fedora to Windows: Sssd works with multiple domains. If sssd is installed will I be able to use -Authentication Kerberos without needing to join to a domain or when accessing Windows machines that isn’t joined to a domain? No it only works for domains.

@wrx7m said in Microsoft Windows Default Permissions for Fixed and External Drives: @black3dynamite said in Microsoft Windows Default Permissions for Fixed and External Drives: And I noticed that they are different on Servers and Desktops I had no idea they would be different. On the server one of the permissions that stands out for me is the CREATOR OWNER (full control / subfolders and files only. From what I can tell, when a user creates a folder on the root drive, that person will be given the permission of full control of that folder only and then CREATOR OWNER on that folder is also added with full control of subfolders and files only. But for the desktop, on the root drive you are not given any full control of that folder.

@thwr said in Disk Manager with No Search in Windows 10: @dbeato said in Disk Manager with No Search in Windows 10: @scottalanmiller said in Disk Manager with No Search in Windows 10: @dbeato said in Disk Manager with No Search in Windows 10: @scottalanmiller said in Disk Manager with No Search in Windows 10: @Obsolesce said in Disk Manager with No Search in Windows 10: @scottalanmiller said in Disk Manager with No Search in Windows 10: So in our situation, we had to open PowerShell and run diskmgmt.msc and it was able to open it. You have to have the full name. This came about because someone installed some "Classic Shell" hijack software that removes all of the Windows Vista and later functionality to find tools. So the system is almost entirely broken. You could also hit the "Windows" key + r, then type that in the run box and hit enter. Only if you have the full name. diskmgmt.msc will work that way, diskmgmt will not. We tried. Correct. I am surprised this became a post. However I understand with the whole classicshell situation. Yeah, like I never have to know the whole name. I figured it was diskmgmt.exe. Nearly every guide only has it without the extension. And I've never had to type it out before. Yeah, most applications for Windows are .msc or .cpl that control things as below: Services - services.msc Programs and Features - appwiz.cpl Disk Managment - diskmgmt.msc Computer Management - compmgmt.msc For Control panel you would open just "control" and that's it so it can be inconsistent. And so forth. I usually just start mmc.exe. Three simple characters to type (or seven), no need to remember names (I used to know them, but...) and access to all mmc's in one place. Well we can do all that, I am just saying after a while regardless of the OS you get to find your own shortcuts. Problem with MMC is that you need to do like 5 mouse clicks to get to something.

@Pete-S said in How does name resolution work in AD?: @Dashrender said in How does name resolution work in AD?: @scottalanmiller said in How does name resolution work in AD?: @Pete-S said in How does name resolution work in AD?: I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers. I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured. This is common in situations where Linux is not given an opportunity to auto-update the DNS entries, no one makes them manually, and they are not joined to AD. Exactly - have you or anyone else added these servers to AD's DNS? They have been added manually. The name of the service is also not the name as the server. So if a webserver is abc001.company.com the name in the DNS that will send you to that server might be logistics.company.com. if you're being sent to logistics, that's the entry that must be in DNS.. you can have as many entries as are needed for a single server. each name is it's own entry.

@dafyre said in How to mount remote filesystem over ssh (both Windows & Linux): @black3dynamite said in How to mount remote filesystem over ssh (both Windows & Linux): @dafyre Installing sshfs and winfsp via choco is older than the ones from GitHub. If you installed them via choco do this to mount at the host root directory or other directories. https://github.com/billziss-gh/sshfs-win/issues/102 Host root directory \\sshfs\[email protected]\..\.. Specific directory like /var/www \\sshfs\[email protected]\..\..\var\www Thanks for the pointer. I did install using choco. I'm able to make it work now. Edit: Just to see if I can, I may go back and do straight installs. As I said above with the latest version I mount the root directory with \\sshfs.r\[email protected] However, if you want to mount another directory like /var/www you have to do: \\sshfs.r\[email protected]\var\www\ The trailing \ is very important! It just doesn't work without it if your path is more than one directory deep. You also need to use backslash and not the forward slash.

@Danp said in Create an Empty SQLite Database on Windows: @scottalanmiller Yes, Windows 10. Odd, didn't work for me.

@black3dynamite said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?: @wrx7m said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?: @black3dynamite said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?: @wrx7m Is that a computer configuration or user configuration policy? Try applying the rules to only non-admins groups. Yeah, it is at the computer level. I would like to do it via user config but I only want them to apply to users on the RD servers. I need to figure out the proper way to structure AD/GPOs to not screw up everything else. I am guessing creating another OU as a sub container and move the RD servers into. Edit: Since it isn't GPP, there isn't any item level targeting, so I can't do it that way. If you can make those changes directly in the registry, maybe can allow you to use GPP and item level targeting. Hmmm. That makes sense. Let me mull it over.

@wrx7m said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @black3dynamite said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @wrx7m said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @dafyre said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @dafyre said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @pmoncho said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @wrx7m Just curious, when you chose UPD, did you choose to store all settings or just certain folders? Some applications don't play nicely with roaming profiles. UPDs mount at the usual C:\Users\user.name and the applications can't tell a difference. Right. But, only when the user is logged in. After they logout, that path doesn't exist. I am trying to figure out how to work around that for adding the custom (for each user) erp shortcut on their desktop in their session. Add the shortcut to C:\Users\Public\Desktop. That way it will always show up on each user Desktop. This would be nice and easy, but each user has a custom shortcut- It has a workstation ID in the target path. https://www.pdq.com/blog/pdq-deploy-and-powershell/ Create a script that creates the shortcut each user Desktop and append the workstation id in the target path.

@Jimmy9008 said in CSV... what happens at a lower level?: That makes sense, would a drop from 1GB/s to 100MB/s be expected? Seems huge... Depending on the system, yeah, especially with certain kinds of operations.

@IRJ said in Kibana Wazuh Agent isn't showing anything in integrity: @DustinB3403 said in Kibana Wazuh Agent isn't showing anything in integrity: Well I'm making progress, I at least have nginx responding when I hit the page with An error occurred during a connection to 192.168.1.100:5601. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG server { listen 80; listen [::]:80; listen 5601; listen [::]:5601; return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443; ssl_certificate /etc/pki/tls/certs/kibana-access.pem; ssl_certificate_key /etc/pki/tls/private/kibana-access.key; access_log /var/log/nginx/nginx.access.log; error_log /var/log/nginx/nginx.error.log; location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; proxy_pass http://localhost:5601/; } } Why are you listening on 5601? proxy_pass http://localhost:5601/; will redirect 5601 to 443 That is no longer in the file, I was testing with it. The below is current. server { listen 80; listen [::]:80; return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443; ssl on; ssl_certificate /etc/pki/tls/certs/kibana-access.pem; ssl_certificate_key /etc/pki/tls/private/kibana-access.key; access_log /var/log/nginx/nginx.access.log; error_log /var/log/nginx/nginx.error.log; location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; proxy_pass http://localhost:5601/;

@DustinB3403 said in Wazuh - operational and can add agents - now what: @IRJ said in Wazuh - operational and can add agents - now what: So you already filtered it. Just click discover on top right Doh that is so easy that I didn't even think that was it. @DustinB3403

It will makes sense of all the alerts and centralize everything

@Dashrender said in PDQ Drops Inventory (Deploy) Agent: @coliver said in PDQ Drops Inventory (Deploy) Agent: @warren-stanley said in PDQ Drops Inventory (Deploy) Agent: @coliver from memory it allowed endpoint status display, along with connection when outside the corporate network for running commands and application management. It was part of the subscription and didn't require any other additional setup - so was nice in theory. Ah. Salt and Ansible can do similar things but would require some backend work. Salt has an agent, right? Yes, and Ansible can be setup in a Pull configuration so it can act like it has an Agent as well.

@Pete-S said in HFSPlus Read Write access on Fedora: Why not Paragon drivers on Windows instead? Virtualize and pass through to the VM. Because I am operating this from fedora to sync the data to cloud. Plus I need my work laptop portable.

@wrx7m said in Windows 10 Updates - Trigger "Update and Restart": @IRJ said in Windows 10 Updates - Trigger "Update and Restart": @wrx7m said in Windows 10 Updates - Trigger "Update and Restart": @IRJ said in Windows 10 Updates - Trigger "Update and Restart": @wrx7m said in Windows 10 Updates - Trigger "Update and Restart": A simple restart command doesn't perform the update step, just the restart, so the update doesn't get applied. This has been an issue for a very long time with windows. I am surprised it hasn't been fixed yet. It's really annoying Well, at least with Win 7, a standard reboot applies updates. At least, I think it does. The main difference between Win 7 and 10, is that they have switched to the osoclient.exe to manage the updates. I'm pretty sure server 2008 and onward had the issue. I don't remember dealing with it on workstations I still have a 2008 R2 box and can test it on the next go 'round. I won't have it much longer, as I am dumping it prior to EOS. LOL - Didn't make this cutoff. Next week, hopefully.

@Obsolesce said in City of Munich Moving to Closed Source Software: It looks like the whole issue was due to their use of some weird distro years ago. That article technically doesn't say why they need Windows now, so for all I know they have some new weird requirements I don't know about, but assuming they don't, I think the decision to go to Windows is a horrible idea. They'd be much better off going to Ubuntu instead. Yes I upvoted a post about how Ubuntu would be better than an alternative. Please no heart attacks people.

Within PowerShell can't use something like Push-Location \\Server\Share\path or Set-Location \\Server\Share\path and then run the cipher command?

@scottalanmiller said in URL Redirect at the Windows Workstation?: @JasGot said in URL Redirect at the Windows Workstation?: Gotta Love RoIT! RoIT Rules! Not until you actually do the actual re-branding

@dbeato said in Windows Server 2012 Remote Web Access not connecting and RDS services showing error 23005: @scottalanmiller Yeah, RDW is the problem I understand now. Basically you can remote desktop without need of App Resources Proxy without any problems. But if you try to load the App Resources from a Windows 10 device then yes I understand now. Yeah. It's a weird "Essentials only" issue, only on 2012 and older. From what I can tell.

Why not filter out the files that you don't need to rename? Summat like: (Get-ChildItem -Path "path\to\folder" -Recurse | Where-Object {$_.Name -contains '•'} | Rename-Item -NewName {$_.Name -replace '•',''} -verbose -ErrorAction SilentlyContinue -ErrorVariable daError)

@scottalanmiller said in Why the Windows 10 EULA Is Applicable to Older Windows Licenses: It then points out that the EULA is not valid only in the case where the source license is not genuine, so like a pirated copy of Windows 8. This entire portion of the EULA is exclusively for the purpose of Windows 7, 8, and 8.1. It has no purpose otherwise. It does. It also applies when you are installing a clean install of a previously legally licensed Windows 10 system.

New-PSSession -ComputerName Host1 New-PSSession -ComputerName Host2 Get-PSSession will show all sessions you created. Use Enter-PSSession to enter one of your opened session

Nice! I was thinking about doing this soon.