@wrcombs

Are you printing like this?

https://support.logmeininc.com/gotomypc/help/how-do-i-print-from-my-windows-client-computer

It also seems like you can bypass their printer and print directly to local printer.

https://support.logmeininc.com/gotomypc?articleID=1196625511

@gjacobse said in Does a script imply Automation?:

• Save key to text file with the file name of the computer name, saving to network share.

Saving the key to a text file on a mapped share is really bad lol.

@jasgot said in Does a script imply Automation?:

I'm going to try and demonstrate the difference between a script and automation in a super simple way. This scenario can certainly be expounded on, but this is a super simple way to show the difference between a script and "automation" using the same script.

Here is a Script we have. It is just a script. There is no automation. This script does not run without our input. This script does not run if another event is not triggered. This script does not run on it's own.

The Script. We run MyDefrag.ps1 to start it. When it dies, it is dead.

# Sleep until 19:00
$a = Get-Date -Format HH:mm:ss
$b = [datetime]"19:00:00"
Start-Sleep (New-TimeSpan -Start $a -End $b).TotalSeconds

# get volumes on local system
$v = get-wmiobject win32_volume

# Now get the C:\ volume
$v1=$v | where {$_.name -eq "C:\"}

# Perform a defrag analysis on the C: drive
$dfa = $v1.DefragAnalysis().DefragAnalysis

# Sleep for 24 hours
Start-Sleep -Seconds 86400
# Run Optimize (Defrag) if File Fragmentation is more that 6%
if ( $dfa.TotalPercentFragmentation -gt 6)
    {
    Optimize-Volume -DriveLetter C -Defrag
    }

Now we are going to make it "Automation".
Install NSSM so we can turn this script into a Windows service that starts at boot time with no human intervention whatsoever.

Register the Script as a service with NSSM:

nssm install [serviceName] [PathandScriptName] [arguments]

Now our script starts when Windows boots and runs defrag every evening at 7:00pm if needed, without any human intervention.

Daily Defrags

@travisdh1 said in Does a script imply Automation?:

Where did that question even bubble up from?

This

@dafyre said in Does a script imply Automation?:

TLDR; That depends.

Does your script run entirely without human interaction? Then yes, it's automation.

If it's a script you run by hand to manually accomplish a certain set of tasks that requires your input, then no, it's not automation.

I disagree. You can require input and still have automation. Fully automated and automated are two different things.

@gjacobse said in Powershell Start-Process Differences:

@irj said in Powershell Start-Process Differences:

Have you gave any recommendations on how to use powershell in a secure way? You could ask for a bastion host to that's only purpose is to send out PS scripts and block internet access on it.

Since I'm the new guy.. they don't hear but so well.. maybe in time. And I do bring it up from time to time..

I think sometimes they listen to new guys more. You bring experience from other places

@gjacobse said in Powershell Start-Process Differences:

@irj said in Powershell Start-Process Differences:

How big is the organization? Have you talked to others in IT about what's acceptable and what isn't?

It sounds like you need the ability to write powershell scripts. Why not bring it up to your manager and other teams if need be?

It's been a (sore) subject since I started... Having worked with @EddieJennings and @Dashrender on some scripts and the goal of moving to PS over MS Batch.. I wanted to do more..

But between Execution Policy and such, it's pretty much trying to pour water through a wall... just not going to happen due to security (reasons). We are a clinic - so security is of course important. But the State dealt with PHI and such as well and the Policy was permitted.... sigh

I honestly have no clue what your last paragraph means. PHI requirements are actually very lax, and there's nothing about restricting powershell or remote scripting in HIPAA.

From a security point, what's the difference between batch and PS? You can remotely take over either way?

Have you gave any recommendations on how to use powershell in a secure way? You could ask for a bastion host to that's only purpose is to send out PS scripts and block internet access on it.

There's a ton of things that you can actually do while being security minded that your coworkers cannot reasonably refute.

I've been told NO more than 10 times before and it doesn't stop me from continuing to bring a topic up when I know I'm right. Have some confidence and bring it up to management and force them to give you a written answer to why they cannot do it. Then when their written answer makes no sense, call them out on it. You've been in mangolassi long enough to know how to argue

How big is the organization? Have you talked to others in IT about what's acceptable and what isn't?

It sounds like you need the ability to write powershell scripts. Why not bring it up to your manager and other teams if need be?

@jasgot said in Exchange Environment - Lab:

@irj said in Exchange Environment - Lab:

@jasgot said in Exchange Environment - Lab:

If someone were asking how to write dos batch files, which is decades old, it is still a good basis for understanding and developing scripts; that will help with future learning.

No that's terrible practice and not a modern or efficient way to do anything. Powershell or Bash (neither of which is new) would actually. Ake sense. If you're using bash in 2021, you might as well use a sun dial or high noon to tell time.

Well, you'll never convince me that dismissing the basis and history of any type of knowledge is wise.

I get why some people like technology nostalgia, but it's not helpful for your career. You could do it as a hobby if you wanted, however for your career it's a waste of time. I agree that history is important to know and understanding old ways can be helpful. All you really need to know about batch files can be learned by a quick Google search in 5 mins of reading. Learning to write it is a complete waste of time.

@jasgot said in Exchange Environment - Lab:

If someone were asking how to write dos batch files, which is decades old, it is still a good basis for understanding and developing scripts; that will help with future learning.

No that's terrible practice and not a modern or efficient way to do anything. Powershell or Bash (neither of which is new) would actually. Ake sense. If you're using batch in 2021, you might as well use a sun dial or high noon to tell time.

@hugh-jass said in Exchange Environment - Lab:

Why are you trying to learn how out dated technology?

I actually agree with Studer

@travisdh1 said in RMM Service:

@stacksofplates said in RMM Service:

@dustinb3403 said in RMM Service:

@irj said in RMM Service:

@notverypunny said in RMM Service:

I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.

You aren't using a segmented network with firewall rules blocking incoming ports like RDP and SSH?

How does segmented networking affect the user permissions within Tactical. I get how it would segment the devices, but that does nothing for the RMM side. IE different teams of people to manage different equipment or resources.

He's saying if you segmented the network you wouldn't need to worry about those controls in the RMM at all.

So long as the clients have a connection to the controller, that's ALL an RMM tool cares about. Doesn't matter how many different networks the clients happen to be on or how well segmented the network is. He'd still need some way to manage who has access to certain groups of client systems.

Yeah I get that and @DustinB3403 and you are correct. As long as you manage assets together you could have this issue.

It's rare that workstations and serves are managed the same way using the same type of monitoring and controls. It's not something I've ever seen in my career, but I also haven't worked on Service Provider or consultant side.

@notverypunny said in RMM Service:

@scottalanmiller I know you've said in the past that the smallest VPS from vultr or DO should be more than sufficient for a meshcentral server. Tactial's documentation specifies 2GB of RAM, would a VPS option like the $10/mth DO shared CPU option (2GB RAM, 1CPU, 50G HDD, 2TB transfer/mth) be sufficient or should something beefier be used as a minimum setup?

Containerize it and you will only use the resources you need with the ability to scale when needed.

https://wh1te909.github.io/tacticalrmm/install_docker/

@notverypunny said in RMM Service:

I'd like to have more granular permissions options (like allowing users access to workstations but blocked on servers) but it's not a deal-breaker.

You aren't using a segmented network with firewall rules blocking incoming ports like RDP and SSH?

@dustinb3403 said in AD/AAD: Display Name for Professionals:

If it's available to you to use, why would you not use it?

Something else to maintain for users to bitch about.

Regards,

Joel, CISSP

@pete-s said in AD/AAD: Display Name for Professionals:

@gjacobse According to the standard personalTitle should have titles and not degrees. So it would be Dr. https://datatracker.ietf.org/doc/html/rfc1274#section-9.3.30

MDs are 10 tiers higher than your average person, or at least that's what they think

It's literally the only career where you don't have to the tiniest ounce of respect for your customers yet they expect to be hailed as heros and treated like demigods among pure mortals.

@gjacobse said in AD/AAD: Display Name for Professionals:

@irj said in AD/AAD: Display Name for Professionals:

No

Okay - When you have time, can you explain your thoughts on the matter?

I don't see how it's relevant in any way to AD. Would you create AD group(s) and mailing groups for doctors? Absolutely.

They would also have it in their signature for anyone they communicate with internally or externally to organization.

No

@DustinB3403 I'd love to hear your thoughts so you downvoted my post. I have no problem debating you and anytime I downvote you it is because I don't agree with you. You also know that I upvote you as well even if we aren't best buds

Any vote of yours that I've downvoted is because what you said is wrong or at a minimum disagree. You've been downvoting people out of spite, unless you have a really good argument to what I've posted then I recant the above statement and welcome your debate.

Also everyone that's downvoted you except maybe @stacksofplates has downvoted me before when they disagreed with stuff I've said. @JaredBusch @Obsolesce , @travisdh1 but they've had a reason or an argument to why they've disagreed with me. That's how it's supposed to work.