@flaxking said in Domain Trust Group Permissions:

@Obsolesce said in Domain Trust Group Permissions:

I use Domain Local groups for access control to local resources. You can have other group types as members, as well as groups from other trusted domains.

Right, but you can't then add that Domain Local group that has members from the trusted domain to a local group on the server.

Right, you wouldn't want to.

@flaxking said in GitLab install on CentOS using Salt:

The Azure CentOS image I used for testing didn't have firewalld enabled by default

Well a, very, old version of CentOS minimal had that issue natively. Maybe that is what Azure built on.

52ad3d124ec1497006d9ea6863ecb2f2.jpg

@flaxking said in DB Admin/Data Analyst (Remote):

@scottalanmiller said in DB Admin/Data Analyst (Remote):

Location? At least the city?

HQ is Virden, Manitoba, but this position can be done remotely. I believe we can hire across Canada, but anyone not living in Canada would have to be taken on as a contractor.

Thanks

I should give Ansible a go one of these days, because whenever I research it, it seems to fall short of Salt, but it would be nice to really have concrete experience of how it falls short.

My current thinking is that if there's a windows feature that Ansible that Salt doesn't, I could probably just grab the powershell script + any dependent scripts and create Salt state/module wrappers around it.

Alternatively, Salt can run Ansible playbooks on minions, but the wrapper approach is more minimalist (don't have to install Ansible on each minion) and keeps secret security simpler.

@flaxking said in Office 365 SMTP server not advertising StartTLS:

No idea, we don't manage the client's infrastructure

Then it was definitely the UTM, no question.

@black3dynamite said in VyOS native Salt Minion:

@scottalanmiller said in VyOS native Salt Minion:

That's great. I'd not played with that yet.

I wonder when they will get one (or this one) running on EdgeOS. Now that would be awesome.

Is EdgeOS a Debian-based Linux system like VyOS?

EdgeOS is a Vyatta fork, just like VyOS. They are extremely close. To the point that people constantly confuse them.

@flaxking said in Is RD Gateway useful?:

Let me bring my question back at a different angle. If you were paying for a hosted, fully managed terminal server, what would be your expectations for how it would be secured?

Personally, I would sleep fine at night with RDP exposed, but with 2-step authentication, and good log monitoring (and enforcing the security built into RDP and Windows authentication). However, maybe that is not enough for a professional solution.

You can add RDPGuard to the RDS server too.

Although, like @travisdh1 stated, put HTTPS in front and your all good. I use an SSL-VPN myself.

@scottalanmiller said in Hiring infrastructure technician:

@kelly said in Hiring infrastructure technician:

@scottalanmiller said in Hiring infrastructure technician:

The Canadian government hires internationally? That's really surprising.

The posting is on a government site, but the hiring company is a private one: CSS, Inc.

OH!

That's funny. We have a national government run job site, but it's not actually very popular. I do know of one province that has a provincial government run job site though, and is it by far the standard way people search for jobs in that province.

@dbeato said in Can Roaming Profiles be a good idea?:

Before Windows 10 to get a symlinknyou couldn’t do it without elevated permissions now is much improved.

I use directory junction (/J) instead of directory symbolic link (/D), which requires admin privileges. All I wanted is to create a link from c:\users\user1\Desktop to c:\users\user1\Nextcloud\Desktop.

Edit: Now obviously there are more to it than just creating links to have it properly setup.

I have seen so many people do SQL Server wrong, and then they end up throwing hardware at the problem when it was designed wrong in the first place.

take the mystery out of the equation. Make a suggestion that someone run LiveOptics on your current environment(s) to see how they are performing at peak. You can base your recommendation on that and let the numbers speak for themselves in regard to database size and RAM usage.

I think I will make a proposal, thanks for joining the community and reaching out @multiOTP

@flaxking said in Windows Desktop Licensing: Cannot be used as a server:

@scottalanmiller said in Windows Desktop Licensing: Cannot be used as a server:

@flaxking said in Windows Desktop Licensing: Cannot be used as a server:

@scottalanmiller said in Windows Desktop Licensing: Cannot be used as a server:

@flaxking said in Windows Desktop Licensing: Cannot be used as a server:

@scottalanmiller said in Windows Desktop Licensing: Cannot be used as a server:

It would mean that we could use any protocol over the Internet. There is no such thing as an Internet protocol. Things like HTTP and FTP were local LAN protocols first. The Internet made them popular and useful, of course.

The web refers to specific protocols at layer 7. But Internet refers only to the layer 3 + connected to the specific public network called the Internet.

Unless Microsoft tells us they're defining it differently, ^^^ this must be it

I think so. Feels nutty BUT I bet they could explain some logic.... like this is just enough for some development thing or to cover some specific use case but so generally useless that they lose no money.

So you would have to expose to the internet but filter to your public IP in order to be compliant and use it as something functional.

Right. Or just know that there were no internal users. The licensing doesn’t require a strict enforcement system.

Oh, I meant because it's probably pretty much useless to have something public facing with only 20 connections available

That’s what I meant to. It’s enough for like basic testing or a five person company to do something weird. But not enough for anything real.

@quixoticjustin said in Managing Windows Server Updates - Alternative to WSUS?:

Sodium has some really basic pieces of that already built in using Salt. It's very early and definitely not where it should be, but it's Salt with a GUI that is specifically tackling this problem.

That's nice to hear, when I took a peak at Sodium it looked like it was still pretty far behind at using a lot of Salt's capability.

We don't really care about a GUI in this situation, and we're already going to be requiring the power of Salt.

I am curious about how it is implemented in Sodium though, and how the user is expected to interact with it.

This scenerio is the fault of:

IT for giving the user local admin, the local user for allowing a remote person to create a local account the local user for not checking the password requirements for that account the remote support for using a shit password the remote support for allowing use to have access to RDP (assuming it wasn't needed)

I've never tried that. I have no idea.