@dbeato said in Access Changed Files on VSS Copy on Write Disk Image: @scottalanmiller said in Access Changed Files on VSS Copy on Write Disk Image: @black3dynamite said in Access Changed Files on VSS Copy on Write Disk Image: Mount the disk image on Windows Server instance, from the mounted disk drive, go to Properties and then Previous Versions? That's what I thought. But it just seemed too easy, lol. Lol, anything that appears with Microsoft as easy should work but emphasis on "should" Emphasis with "assume" too. lol

@JasGot said in Cannot RDP through Windows 10 Computer: Great research! Thanks. And now if I can remember this when it happens to us, I'll be all set! It was so annoying to get to the bottom of it...

@IRJ said in New to Windows Active Directory and Group Security Management: Make an AD group called workstation_admins and add that group to local administrators account on each desktop. This group does not need any AD rights and nobody's account should be in there except for IT admin accounts. Even those IT admin accounts should not be used on local desktops to login on a regular basis. Only when elevation is actually needed, and even then you should use run as. I do this - Those who need it have a workstation admin account and a local non admin normal account.

@flaxking said in PowerShell - Using Variables to Delete SMTP Proxy Addresses in AD: if they do not have previous experience with objects Describes me. lol

@Dashrender said in Compare Azure to Windows On Prem for Normal Business Workloads: @Pete-S said in Compare Azure to Windows On Prem for Normal Business Workloads: @scottalanmiller said in Compare Azure to Windows On Prem for Normal Business Workloads: @Dashrender said in Compare Azure to Windows On Prem for Normal Business Workloads: Hosting Costs 1U Colocation America, /24 IP Range Monthly cost: ~$250/month Yearly cost: 12 x 250 = $3000 5 year cost: 5 x $3000 = $15K Last I looked, 1U was more like $225 with that many IPs. And I think typically you'd get fewer for a lot less cost and/or go IPv6. /24 is two IPs per VM. No need to pay for that. Yes, the basic 1U was $100 with two power outlets and then you get four usable IPv4s. A smaller server, say 16c EPYC, 128GB RAM, 2x500GB SSD, would be about $3500 and something even smaller, like a 8c Xeon @ 3.7Ghz, 64GB RAM, 2x500GB SSD around $2K. So you could scale down everything substantially if you wanted. But if all you are doing is running a few very small workloads then a couple of $5 Vultr VM would be cheaper. another factor is - are you running windows VMs, likely always cheaper to have your own hardware, but yeah, the amount of workloads definitely plays a factor here. That's true, Windows workloads make cloud computing harder to justify. Not much, but a little.

@black3dynamite said in Disable update checks in the Nextcloud client (windows): @JaredBusch said in Disable update checks in the Nextcloud client (windows): jsut upgraded a system from 2.5 something. I made sure the key was set first. after the upgrade it is gone. What a pain in the ass. Where did you add the registry key? HKLM\SOFTWARE\Policies\Nextcloud GmbH\Nextcloud? I did not add the second key because that was to prevent user override? My users don't have admin rights so even if they attempted ot override, it would never work.

@IRJ said in Documenting Firewall Exceptions and Rules: @DustinB3403 said in Documenting Firewall Exceptions and Rules: I had to add some rules to a CentOS 8 server because some things stopped working that were previously working. (Not sure why this worked before, but it did) Adding a few rich rules resolved the issue immediately. None of this makes any sense. It's deny all and permit by exception. Why would you do anything else? That's the default, and that's what was working just fine for a long time. Suddenly it began "not working" and needed the exceptions made.

@wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @Obsolesce said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: t only applies the setting when linked to the OU of the user We'll according to that screenshot, it IS a user setting. Yeah. I want all users or a group of users who login to the RD00 server (and only this server) to have this GPP modifying HKCU to apply. Is it even possible? Yes, it's possible. Ensure the GPO is applying to the user. For example, if User1 is in the Company > Users OU, then make sure that GPO is either in Company or Users OU and the Users OU is inheriting the GPO. Verify with RSOP and gpresult that user is getting the policy. I think, but it's been awhile since I did much with AD GP... (like you are in the screenshot) use item-level targeting to the server name. Test it by having one of the in-scope users log on to a difference server, run gpresult and see if it's applying, then try it on the targeted server and see if it applies then.

@black3dynamite said in Remote PowerShell from Fedora to Windows: @stacksofplates said in Remote PowerShell from Fedora to Windows: Sssd works with multiple domains. If sssd is installed will I be able to use -Authentication Kerberos without needing to join to a domain or when accessing Windows machines that isn’t joined to a domain? No it only works for domains.

@wrx7m said in Microsoft Windows Default Permissions for Fixed and External Drives: @black3dynamite said in Microsoft Windows Default Permissions for Fixed and External Drives: And I noticed that they are different on Servers and Desktops I had no idea they would be different. On the server one of the permissions that stands out for me is the CREATOR OWNER (full control / subfolders and files only. From what I can tell, when a user creates a folder on the root drive, that person will be given the permission of full control of that folder only and then CREATOR OWNER on that folder is also added with full control of subfolders and files only. But for the desktop, on the root drive you are not given any full control of that folder.

@thwr said in Disk Manager with No Search in Windows 10: @dbeato said in Disk Manager with No Search in Windows 10: @scottalanmiller said in Disk Manager with No Search in Windows 10: @dbeato said in Disk Manager with No Search in Windows 10: @scottalanmiller said in Disk Manager with No Search in Windows 10: @Obsolesce said in Disk Manager with No Search in Windows 10: @scottalanmiller said in Disk Manager with No Search in Windows 10: So in our situation, we had to open PowerShell and run diskmgmt.msc and it was able to open it. You have to have the full name. This came about because someone installed some "Classic Shell" hijack software that removes all of the Windows Vista and later functionality to find tools. So the system is almost entirely broken. You could also hit the "Windows" key + r, then type that in the run box and hit enter. Only if you have the full name. diskmgmt.msc will work that way, diskmgmt will not. We tried. Correct. I am surprised this became a post. However I understand with the whole classicshell situation. Yeah, like I never have to know the whole name. I figured it was diskmgmt.exe. Nearly every guide only has it without the extension. And I've never had to type it out before. Yeah, most applications for Windows are .msc or .cpl that control things as below: Services - services.msc Programs and Features - appwiz.cpl Disk Managment - diskmgmt.msc Computer Management - compmgmt.msc For Control panel you would open just "control" and that's it so it can be inconsistent. And so forth. I usually just start mmc.exe. Three simple characters to type (or seven), no need to remember names (I used to know them, but...) and access to all mmc's in one place. Well we can do all that, I am just saying after a while regardless of the OS you get to find your own shortcuts. Problem with MMC is that you need to do like 5 mouse clicks to get to something.

@Pete-S said in How does name resolution work in AD?: @Dashrender said in How does name resolution work in AD?: @scottalanmiller said in How does name resolution work in AD?: @Pete-S said in How does name resolution work in AD?: I was wondering how it works because we see a problem where a couple of Win 10 clients can resolve all the internal Windows servers names, but not the statically assigned names of linux servers. I thought if the name resolution works over different mechanisms and uses different ports it could be an firewall or L3 switch somewhere that has been misconfigured. This is common in situations where Linux is not given an opportunity to auto-update the DNS entries, no one makes them manually, and they are not joined to AD. Exactly - have you or anyone else added these servers to AD's DNS? They have been added manually. The name of the service is also not the name as the server. So if a webserver is abc001.company.com the name in the DNS that will send you to that server might be logistics.company.com. if you're being sent to logistics, that's the entry that must be in DNS.. you can have as many entries as are needed for a single server. each name is it's own entry.

@dafyre said in How to mount remote filesystem over ssh (both Windows & Linux): @black3dynamite said in How to mount remote filesystem over ssh (both Windows & Linux): @dafyre Installing sshfs and winfsp via choco is older than the ones from GitHub. If you installed them via choco do this to mount at the host root directory or other directories. https://github.com/billziss-gh/sshfs-win/issues/102 Host root directory \\sshfs\[email protected]\..\.. Specific directory like /var/www \\sshfs\[email protected]\..\..\var\www Thanks for the pointer. I did install using choco. I'm able to make it work now. Edit: Just to see if I can, I may go back and do straight installs. As I said above with the latest version I mount the root directory with \\sshfs.r\[email protected] However, if you want to mount another directory like /var/www you have to do: \\sshfs.r\[email protected]\var\www\ The trailing \ is very important! It just doesn't work without it if your path is more than one directory deep. You also need to use backslash and not the forward slash.

@Danp said in Create an Empty SQLite Database on Windows: @scottalanmiller Yes, Windows 10. Odd, didn't work for me.

@black3dynamite said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?: @wrx7m said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?: @black3dynamite said in Windows Server 2016 RDS - GPO for Disabling Windows Update Notifications for Non-Admins/Users?: @wrx7m Is that a computer configuration or user configuration policy? Try applying the rules to only non-admins groups. Yeah, it is at the computer level. I would like to do it via user config but I only want them to apply to users on the RD servers. I need to figure out the proper way to structure AD/GPOs to not screw up everything else. I am guessing creating another OU as a sub container and move the RD servers into. Edit: Since it isn't GPP, there isn't any item level targeting, so I can't do it that way. If you can make those changes directly in the registry, maybe can allow you to use GPP and item level targeting. Hmmm. That makes sense. Let me mull it over.

@wrx7m said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @black3dynamite said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @wrx7m said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @dafyre said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @dafyre said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @pmoncho said in RDS - Suggestions for Migrating User Profiles from Server 2008 R2 to Server 2016 UPD: @wrx7m Just curious, when you chose UPD, did you choose to store all settings or just certain folders? Some applications don't play nicely with roaming profiles. UPDs mount at the usual C:\Users\user.name and the applications can't tell a difference. Right. But, only when the user is logged in. After they logout, that path doesn't exist. I am trying to figure out how to work around that for adding the custom (for each user) erp shortcut on their desktop in their session. Add the shortcut to C:\Users\Public\Desktop. That way it will always show up on each user Desktop. This would be nice and easy, but each user has a custom shortcut- It has a workstation ID in the target path. https://www.pdq.com/blog/pdq-deploy-and-powershell/ Create a script that creates the shortcut each user Desktop and append the workstation id in the target path.

@Jimmy9008 said in CSV... what happens at a lower level?: That makes sense, would a drop from 1GB/s to 100MB/s be expected? Seems huge... Depending on the system, yeah, especially with certain kinds of operations.

@IRJ said in Kibana Wazuh Agent isn't showing anything in integrity: @DustinB3403 said in Kibana Wazuh Agent isn't showing anything in integrity: Well I'm making progress, I at least have nginx responding when I hit the page with An error occurred during a connection to 192.168.1.100:5601. SSL received a record that exceeded the maximum permissible length. Error code: SSL_ERROR_RX_RECORD_TOO_LONG server { listen 80; listen [::]:80; listen 5601; listen [::]:5601; return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443; ssl_certificate /etc/pki/tls/certs/kibana-access.pem; ssl_certificate_key /etc/pki/tls/private/kibana-access.key; access_log /var/log/nginx/nginx.access.log; error_log /var/log/nginx/nginx.error.log; location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; proxy_pass http://localhost:5601/; } } Why are you listening on 5601? proxy_pass http://localhost:5601/; will redirect 5601 to 443 That is no longer in the file, I was testing with it. The below is current. server { listen 80; listen [::]:80; return 301 https://$host$request_uri; } server { listen 443 ssl; listen [::]:443; ssl on; ssl_certificate /etc/pki/tls/certs/kibana-access.pem; ssl_certificate_key /etc/pki/tls/private/kibana-access.key; access_log /var/log/nginx/nginx.access.log; error_log /var/log/nginx/nginx.error.log; location / { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd; proxy_pass http://localhost:5601/;

@DustinB3403 said in Wazuh - operational and can add agents - now what: @IRJ said in Wazuh - operational and can add agents - now what: So you already filtered it. Just click discover on top right Doh that is so easy that I didn't even think that was it. @DustinB3403

It will makes sense of all the alerts and centralize everything