@G-I-Jones said in GPO to create scheduled task to run netlogon batch script: Did you ever figure this out? No and the person who was working on it has been OOO all day, so its not a priority either.

@Dashrender said in Unifi Controller - Reinstall and adopt APs: @DustinB3403 said in Unifi Controller - Reinstall and adopt APs: @travisdh1 Yeah I'm thinking what happened is someone setup a Unifi Controller on windows at some point, then they engaged us and said yeah we don't have access to the AP's but its all still working. So they were sold a physical cloud key, and still the AP's weren't adopted. Assuming you're at an MSP now, do you host a controller that you could just build a new site for and adopt the APs too? This is what @Bundy-Associates and @NTG do. That is the plan, but for now this is just janitorial work.

I just confirmed, this system is only using the Intel controller, and not SS.

@VoIP_n00b said in Changing Installation Location for MicroSIP Installed via Chocolatey: @Dashrender said in Changing Installation Location for MicroSIP Installed via Chocolatey: @travisdh1 said in Changing Installation Location for MicroSIP Installed via Chocolatey: @scottalanmiller said in Changing Installation Location for MicroSIP Installed via Chocolatey: @travisdh1 said in Changing Installation Location for MicroSIP Installed via Chocolatey: @syko24 said in Changing Installation Location for MicroSIP Installed via Chocolatey: @scottalanmiller said in Changing Installation Location for MicroSIP Installed via Chocolatey: By default, installing MicroSIP using Chocolatey causes the install to go to an inappropriate data folder location and is only available for the admin installing user, rather than for the end users of the Windows system. Does anyone have any experience or ideas in changing the installation location so that system users can actually use MicroSIP when installed and maintained using choco? Asking for @Dashrender and @romo as well. I think this might work: choco install microsip -ia "'/D=C:\SomeDirectory'" choco install microsip -ia "'/D=C:\temp'" Did install it to C:\temp for me Is it working for non-admin users? Yep, I can run the .exe from my C:\temp. You'll probably have to create a shortcut for a user tho. yep, I just tried it - I pushed to c:\program files\microsip and non admins can run it. and you're right, the shortcut is put on the installing admin's desktop, and nothing in the start menu. MicroSIP - open source portable SIP softphone based on PJSIP stack for Windows OS. https://www.microsip.org/ It says right on the website it’s a portable app, why would you expect a desktop icon or anything on the start menu? There is a portable version, sure. But there is also a non-portable version.

@Grey said in Windows 8.1 Microphone Gain Changes Automatically: @scottalanmiller Why are you on 8.1? Customer I assume.

Sorted this out. For some reason the install was setting Allow Global IP and Allow Default Route. Once I unticked these and ticked All Managed IP it all began working.

@EddieJennings said in Use PowerShell to Disable UAC on Windows 10: @Obsolesce said in Use PowerShell to Disable UAC on Windows 10: What special case needs UAC completely off? I'm curious about this as well. Installing malware

@dbeato said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10: @pmoncho said in Patch all your Windows DNS servers - CVE-2020-1350 - CVSS score of 10: Just wondering - Is anyone seeing a patch for 2019 with a reference to the KB article? Checked yesterday, last night and this morning. No update that I can see. Currently performing the workaround. https://www.catalog.update.microsoft.com/Search.aspx?q=KB4558998 Thanks. Forgot about the update catalog.

@Dashrender said in Windows Domain routing question - dual-nic: Though - if you have a second layer network like this, you'll need to inform your external router on the internal networks and how to route them. Routing to the internet is mostly just a nice to have.

@Grey said in Issues uninstalling Windows Server 2012 R2 Key: You mean sfc /scannow? Or DISM.exe /Online /Cleanup-image /Restorehealth? @op Check your event logs for more information, and try running the commands above. Ran both, so far nothing, but I will run chkdsk tonight to see if that fixes anything. So far I can't find anything in the logs but I'll keep looking.

That's awesome.

@scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @stacksofplates said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @stacksofplates said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @IRJ said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @scottalanmiller said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: @IRJ said in Engineering vs Administration - That's what makes Windows and FreeNAS so risky: Admin roles are also dying with immutable infrastructure and HA. Designing a system that is immutable and highly available isn't expensive or time consuming on the cloud anymore. But someone is still designing the initial system and someone (maybe the same person) is managing it. Yeah so you don't have an admin here as you admit. You have an engineer designing the system and replacing the system if there is issues. It's all design and no maintenance. Maintenance is automated during build. Not in the real world. That's a nice theory, but applies to effectively no one anywhere. In the real world, engineering almost always is a trivial effort that involves almost no time, skill or planning, and all the effort goes into years of administration that deals with that haphazard system. That's completely false. Engineering is almost always a trivial effort...... It's completely true and I've given example after example. In the real world, engineering is generally done without planning or resources and it works enough for people to accept it. Then all the effort is hoisted onto administration. You can argue, but you can't deny that this is what 95%+ of the market does. No you gave an example of FreeNAS and have completely ignored things like SRE where design upfront including architecture, engineering, coffee design, IaC, etc are all roles for the engineer. Immutability is vital and SREs are embedded in specific teams and only supporting that application. Yes, but the difference is my example represents nearly the entire market. I didn't say that there weren't exceptions. But that's what they are. Outside of F500 maybe but outside of F500 you don't normally have systems engineers and systems admins.

@dbeato said in Access Changed Files on VSS Copy on Write Disk Image: @scottalanmiller said in Access Changed Files on VSS Copy on Write Disk Image: @black3dynamite said in Access Changed Files on VSS Copy on Write Disk Image: Mount the disk image on Windows Server instance, from the mounted disk drive, go to Properties and then Previous Versions? That's what I thought. But it just seemed too easy, lol. Lol, anything that appears with Microsoft as easy should work but emphasis on "should" Emphasis with "assume" too. lol

@JasGot said in Cannot RDP through Windows 10 Computer: Great research! Thanks. And now if I can remember this when it happens to us, I'll be all set! It was so annoying to get to the bottom of it...

@IRJ said in New to Windows Active Directory and Group Security Management: Make an AD group called workstation_admins and add that group to local administrators account on each desktop. This group does not need any AD rights and nobody's account should be in there except for IT admin accounts. Even those IT admin accounts should not be used on local desktops to login on a regular basis. Only when elevation is actually needed, and even then you should use run as. I do this - Those who need it have a workstation admin account and a local non admin normal account.

@flaxking said in PowerShell - Using Variables to Delete SMTP Proxy Addresses in AD: if they do not have previous experience with objects Describes me. lol

@Dashrender said in Compare Azure to Windows On Prem for Normal Business Workloads: @Pete-S said in Compare Azure to Windows On Prem for Normal Business Workloads: @scottalanmiller said in Compare Azure to Windows On Prem for Normal Business Workloads: @Dashrender said in Compare Azure to Windows On Prem for Normal Business Workloads: Hosting Costs 1U Colocation America, /24 IP Range Monthly cost: ~$250/month Yearly cost: 12 x 250 = $3000 5 year cost: 5 x $3000 = $15K Last I looked, 1U was more like $225 with that many IPs. And I think typically you'd get fewer for a lot less cost and/or go IPv6. /24 is two IPs per VM. No need to pay for that. Yes, the basic 1U was $100 with two power outlets and then you get four usable IPv4s. A smaller server, say 16c EPYC, 128GB RAM, 2x500GB SSD, would be about $3500 and something even smaller, like a 8c Xeon @ 3.7Ghz, 64GB RAM, 2x500GB SSD around $2K. So you could scale down everything substantially if you wanted. But if all you are doing is running a few very small workloads then a couple of $5 Vultr VM would be cheaper. another factor is - are you running windows VMs, likely always cheaper to have your own hardware, but yeah, the amount of workloads definitely plays a factor here. That's true, Windows workloads make cloud computing harder to justify. Not much, but a little.

@black3dynamite said in Disable update checks in the Nextcloud client (windows): @JaredBusch said in Disable update checks in the Nextcloud client (windows): jsut upgraded a system from 2.5 something. I made sure the key was set first. after the upgrade it is gone. What a pain in the ass. Where did you add the registry key? HKLM\SOFTWARE\Policies\Nextcloud GmbH\Nextcloud? I did not add the second key because that was to prevent user override? My users don't have admin rights so even if they attempted ot override, it would never work.

@IRJ said in Documenting Firewall Exceptions and Rules: @DustinB3403 said in Documenting Firewall Exceptions and Rules: I had to add some rules to a CentOS 8 server because some things stopped working that were previously working. (Not sure why this worked before, but it did) Adding a few rich rules resolved the issue immediately. None of this makes any sense. It's deny all and permit by exception. Why would you do anything else? That's the default, and that's what was working just fine for a long time. Suddenly it began "not working" and needed the exceptions made.

@wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @Obsolesce said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: @wrx7m said in Group Policy - HKCU Registry Update (via GPP) For All Users, Only on RDP Server: t only applies the setting when linked to the OU of the user We'll according to that screenshot, it IS a user setting. Yeah. I want all users or a group of users who login to the RD00 server (and only this server) to have this GPP modifying HKCU to apply. Is it even possible? Yes, it's possible. Ensure the GPO is applying to the user. For example, if User1 is in the Company > Users OU, then make sure that GPO is either in Company or Users OU and the Users OU is inheriting the GPO. Verify with RSOP and gpresult that user is getting the policy. I think, but it's been awhile since I did much with AD GP... (like you are in the screenshot) use item-level targeting to the server name. Test it by having one of the in-scope users log on to a difference server, run gpresult and see if it's applying, then try it on the targeted server and see if it applies then.

@black3dynamite said in Remote PowerShell from Fedora to Windows: @stacksofplates said in Remote PowerShell from Fedora to Windows: Sssd works with multiple domains. If sssd is installed will I be able to use -Authentication Kerberos without needing to join to a domain or when accessing Windows machines that isn’t joined to a domain? No it only works for domains.