Topics created by Dashrender

For later when people find this...

https://mangolassi.it/topic/18166/windows-10-goes-to-sleep-outside-listed-sleep-times/53

I ASSUME that their answer is that no one should be emailing attachments like that and they should be sending links to the hosted files instead?

I can't remember the last time that we had to email someone an attachment of an office document, just saying that sounds like a legacy process. Who needs to do that in the modern world?

@pmoncho said in Beelink PC issues:

@scottalanmiller said in Beelink PC issues:

@pmoncho said in Beelink PC issues:

@scottalanmiller said in Beelink PC issues:

@JaredBusch said in Beelink PC issues:

@stacksofplates said in Beelink PC issues:

I've bought a couple of the micro form factor Optiplex computers (9020) and have been happy with them. You couldn't have saved too much by buying something like this I can't imagine? I think I paid $250 for the last one and it came with 8GB RAM, an i7, and a 250GB SSD.

This? Yeah, it does not compare, except price.
3d300516-2370-4fe5-9158-18ceeb8a785b-image.png

Wow, that can't be worth $40 new, but $240 used? What the heck?

It should be worth $40 and my guess for the higher price is economics. It was built well and keep on chugging along. It seems they are continually in demand for a basic pc that needs just a web browser or to act as a kiosk.

Yes, but you can get brand new with much more performance for that price. Why get something that is a decade old, AND used when new and new is possible? Much less flexible. And can that unit even run current Windows?

Because it keeps chugging along and fulfilling the purpose it was intended. If @stacksofplates doesn't have to do anything to it for 2-3 years other than updates and/or deal with any issues @Dashrender is having, then it could be worth the money.

It seems, based on this thread, the issues @Dashrender is having with the more powerfull/lower cost Beelinks are becoming more expensive than if he just paid $550 for a Dell Optiplex 5070 micro. I cannot be sure as only @Dashrender knows the true cost and if the Beelink's are working out better.

I like products that fulfill the purpose and require less maintenance. If that is Beelink or a new $1200 OptiPlex 5090 micro, count me in.

I guess it comes down to the old axiom, "Price is what you pay, value is what you get!"

Gotta remember that we've all had Dell, HP and others be dead on arrival, too. Even in large batches. Anyone remember all those Dell laptops with bad capacitors that they shipped out? I ran the teams that had to go to client sites to replace them (I ran Dell support organizations.) The difference, for sure, was with Dell the customers had purchased long, extensive warranties and everything was on Dell to replace (and they did, normally.)

But you really have to compare bigger scope. That this is his first try with Beelink is concerning, for sure. It's not a good sign. And only a 30 day "warranty" is worrisome, too. It's good for me, because we often ship to places where warranties aren't honored anyway so paying for one is a loss.

But every vendor has issues, from time to time. So you have to be careful with extrapolating a lot of decision from a single datum.

@Skyetel said in Skyetel billing error:

Believe it or not, it was caused by a rouge "%" in a SQL query.

Since % is a wildcard, yeah I can see that.

@Dashrender said in PS to download latest microsip version:

@JaredBusch said in PS to download latest microsip version:

@Dashrender said in PS to download latest microsip version:

I just installed it on a test machine with chocolatey - it installed it into the local admin profile - so any normal non admin user can't use it.

You can run chocolatey without admin rights just fine.

It warns you, but that is because most software is designed to be installed with admin rights in the windows world.

It seems that Microsip does not require that, so run chocolatey as the user itself.

interesting - something else to test then.

will the choco update scripts catch both admin and non admin installed items?

It depends on whether or not it was installed with elevated privileges and whether or not a given software is installed to a location that requires elevated privileges to modify.

@scottalanmiller said in Microsoft script recreates shortcuts deleted by bad Defender ASR rule:

The question is, why are you trying to vilify the entire concept of code review and openness, especially when none of that was involved in the issue, let alone was the issue an... issue.

He must think it's not possible or less likely for closed source to contain bugs, bad code, or malicious actors, and that if it does they would catch and disclose it more openly and better? Unsure of the logic there.

@Dashrender said in wifi for unmanaged devices:

We have a corporate WiFi and a guest WiFi network.

The owners keep asking to put their personal phones on the corporate WiFi - The only thing this could gain them is access to the printers to print from their phones, but it's not something they have ever done.

Am I just dieing on a hill for no reason wanting them to put their personal devices on the guest WiFi?

Flip the ssid names and tell them you did it

@scottalanmiller said in Decentralized Identity:

@Dashrender said in Decentralized Identity:

@scottalanmiller said in Decentralized Identity:

@Dashrender said in Decentralized Identity:

And those situations exist why? because Google and Facebook make a mint knowing more about YOU - the product.

But twitter, GitHub, Discord, Apple and others don't and exist too. It's an easy thing to provide.

Do those platforms offer centralized authentication? And - is it open to anyone to use? i.e. could ML choose to use Apple's APIs to do authentication?

Yes, very common. We have hooks for many (not apple I don't think) available but it's a pain to maintain as they are third party and is it really valuable?

Some sites that I use offer Apple for sure. I see it all the time.

Is it valuable? I'd love the ability to use everything off my MS account - so yes, I think so.

But a websites need to support dozens or more "centralized" or as the stupid video puts it - decentralized - authentication providers would definitely be a PITA for them.

@JaredBusch said in RDP/RDS hardening (borrowed from another topic):

@scottalanmiller said in RDP/RDS hardening (borrowed from another topic):

I don't consider unpatched an issue - at least not an RDP issue.

That one had an exploit live before it was patched.

oh okay, that's a serious issue then, for sure.

@scottalanmiller said in Weird DNS resolution issue:

@Dashrender said in Weird DNS resolution issue:

I suppose it's possible that would have resolved this specific issue as the router would have been the only device making connections to the external DNS... but then again - it could have caused all machines to go without DNS when the upstream server stopped responding...

Not very likely. Plausible, but not likely enough to avoid it.

sure - but then again, I've never seen this situation before either - so I would have previously called it unlikely.

@Dashrender said in Damaged/Lost Iphone in default setup - HIPAA secure?:

@scottalanmiller said in Damaged/Lost Iphone in default setup - HIPAA secure?:

If the question is "Can Israeli quasi-government hacking agencies get your data if necessary", then no. But it was never secure at all.

LOL - Not sure where the Israeli quasi thing came from - but thanks for the laugh.

The world's most advanced hacking toolsets are made by arm's length government contractors in Israel. That's where that tech is currently made pretty much regardless of which governments are using it.

@JaredBusch said in AP's geared toward home use?:

For home use, not being setup like a business, you use the mesh router setups on the market today.

From Ubiquiti, it is the AMPLIFI line

From TP-LINK it is called Deco

Home users should never have business gear setup unless they are a hobbyist or something.

I’ve got an amplifi and my mom has a deco. Both work really well and can easily be managed from the app. This is pretty much what I recommend to people now.

@Dashrender I got th review unit back; and yes you can backup and restore the config from the on board controller:
512eafd3-c287-422a-94c5-00924071b745-image.png

This is fitting from the show Kung Fu:

Youtube Video

@scottalanmiller said in Migrating to xxxxx:

I have a similar situation. There's no more panic. Just "let me do my job and get on with it." People sometimes see that as not taking it seriously when really, I'm just that much more on top of things.

I've definitely walked into a few crisis that way with my old boss. Actually those were the best of work conditions - the confidence to just roll up the sleeves and get shit done. If only more of my life was like that.

@Dashrender That's what I have to play with as I'm not sure at the channel level how permission inheritance works

@jaredbusch said in Locking down vendors:

@scottalanmiller said in Locking down vendors:

@dashrender said in Locking down vendors:

They MIGHT have an internal team for this, but since we have our own IT department, my management has decide to take the costs internal versus paying the new vendor to set up remote access for themselves.

That doesn't really make sense as this is all questions about THEIR IT. All your team can do is get in the way 😉

Right, I have no idea WTF you think you are doing here @Dashrender.

The most you should do is setup a VLAN or actual separate LAN with no access to your network. The other company can deal with putting something on this shit old device that reaches to their support infrastructure.

No one on there side has even breathed a word about something like that.

As I previously mentioned - the old HVAC vendor did all of their own management - I only provided them an internet connection, they managed everything else.
I can see the advantages of that - time to toss this at the new vendor similarly.

@dashrender said in Windows send only specific domains to proxy?:

@scottalanmiller said in Windows send only specific domains to proxy?:

Easiest thing is to override DNS for that domain and point to the proxy. Then the proxy can point on to whatever is real.

How do you propose doing that? remember these are laptops to be used from anywhere, I won't be able to control DNS in most places.

Are you suggesting putting an entry in hosts?

But an EASIER answer, I think, is to make your own CNAME.

Well - this vendor has called me back this morning (last bit of information was passed from the owner from a conversation they had with the vendor).

The vendor knows we are looking for remote access - specifically so we can run reports from home.

rep said - oh, you need that OK sure, fine - give me the user and their home IP and I'll get that added.

me - uh - home ISPs change IPs, sometimes daily - how are we supposed to keep you updated?

rep - oh - they'll have to give us the new IP so we can add it

me - /sigh - does your system support dynamic DNS based OK I screwed up - I should have just asked - Can you put an internet resolvable host name in your list instead of an IP?

rep - oh yeah I know what DDNS is

me - ok do you support it?

rep - well if you're attaching to your server using some type of VPN

me - no, that's not what DDNS is, I explain DDNS

rep - oh, I don't know if our system supports hostnames

me - can you check?

rep - sure

click

Of course this kinda flies in the face of the licensing issue the owner was told, but there's still hope - though very very little.

@dashrender said in Looking for a remote access solution:

@scottalanmiller said in Looking for a remote access solution:

@jaredbusch said in Looking for a remote access solution:

@dashrender said in Looking for a remote access solution:

@jaredbusch said in Looking for a remote access solution:

Put zerotier on the box in the DC and the user's box. restrict it to only RDP.

Done.

I really like this - sadly - our insurance policy requires MFA for remote access. I'll have to see if ZT has anything for that.

Then put the 2fa on the Windows RDP login with a service like Duo.
https://duo.com/docs/rdp
https://duo.com/editions-and-pricing/duo-free

Just use ZT to lower (all but remove) the attack surface.

That would get them up to 3FA (which isn't a bad thing) assuming ZT isn't somehow tied to some other authentication mechanism.

As it's been AGES since I've used ZT - can you make the user have to log into it each time they launch it? If yes - and it's logon isn't associated with AD (as you mentioned) then OK - I see how you consider ZT and RDP MFA.

The user can be forced to start or stop the process. The fact that it uses a key (something you have) owned by the user makes it MFA regardless of if they automate the login or force it to be manual.

Don't try to compare it to Duo or something like that which uses "something you have" to generate "something you know." Compare it to a security USB stick like YubiKey. It's a direct "something you have" 2FA in that sense.