@openit said in How can we recover data from Hard Drives were on RAID 10 without controller?:

@PhlipElder said in How can we recover data from Hard Drives were on RAID 10 without controller?:

GetDataBack with RAID Reconstructor is a utility set we've used to recover data from a set of drives that were originally in a NAS box.

Don't see any option for RAID 10
https://www.runtime.org/raid.htm

Indeed.

We stopped deploying RAID 10 so long ago that I'd forgotten that sorry.

NAS Recovery only does RAID 5 too.

Ugh

@gjacobse said in Parental Control options: AD, LDAP, piHole, Other:

Was asks recently about what options he could look at to try to keep his kids on task with the up coming school year and the high likelihood of having to contin he with non-traditional instruction, ie: classes at home.

His first though was of course some kind of Domain; costly and hardly worth setting up for a maximum of five computers.

Another option that came up was LDAP - which I will admit I dont have much experience with.

And then there is piHole, knowing that this is a great tool to blacklist ads, and harmful sights, but could likely be a simple solution.

He’s recently admitted that one of the kids has managed to hack a cell phone to by-pass some or many of the parental settings that had been set.

Costs are of course a factor ,...

We have a domain here at home. But then, I'm in the industry.

We also have a SonicWALL TZ300 set up with security and site monitoring.

DC DNS is set to check OpenDNS (we have a subscription). Root Hints are disabled.

DC provides DNS for the home network. Firewall is set to allow TCP/UDP 53 from the DC only (this is default for client setups anyway).

This catches about 90% of everything that could possible. OpenDNS helps with the search stuff too. It filters out stuff they should be seeing.

We have Microsoft Family set up on all of the kid's machines.

NOTE: Tech companies have deemed themselves owners of our kids. How? When the kid turns 13 they can turn off monitoring. I was right p*ssed off when I figured that out as I wasn't getting parental reports for my eldest son. That changed RPQ.

Use Microsoft Parental Monitoring on all Windows devices. It is helpful though not perfect. We schedule device usage time.

RULE: No. Devices. In. The. Bedroom. PERIOD
RULE: All device work must be done such that the screens face public.
RULE: Devices are Tools not Toys (No gaming here. Go outside, Build something, Clean something)

Note: We home school. Our main goal was, and is, to give our kids the best d*mned education that we can versus the cookie cutter factory schools that teach closet Marxism/Socialism here. Eldest daughter is an amazing artist at 16, 13yo son is into REVIT, Fusion 360, SolidWorks, stress engineering and more, while our youngest just is. They are turning out great.

@scottalanmiller said in Use PowerShell to Disable UAC on Windows 10:

@Obsolesce said in Use PowerShell to Disable UAC on Windows 10:

What special case needs UAC completely off?

Company purchases an application that requires it.

For those kinds of apps we use ProcessExplorer and ProcessMonitor to find where it needs MOD access and tweak accordingly.

Shimming also works.

@flaxking said in Use PowerShell to Disable UAC on Windows 10:

@PhlipElder said in Use PowerShell to Disable UAC on Windows 10:

@scottalanmiller said in Use PowerShell to Disable UAC on Windows 10:

@Obsolesce said in Use PowerShell to Disable UAC on Windows 10:

What special case needs UAC completely off?

Company purchases an application that requires it.

For those kinds of apps we use ProcessExplorer and ProcessMonitor to find where it needs MOD access and tweak accordingly.

Shimming also works.

The most common culprit is it writing to its Program Files folder

Yup.

There are a number of impolite words for that kind of coding that's so QuickBooks 2009.

@DustinB3403 said in Unable to mount Exchange 2013 Database:

@JaredBusch take a look here it seems this guy was able too from a while back.

http://blog.mpecsinc.ca/2012/05/exchange-eseutil-d-defragment-temp-file.html?m=1

Heh ... that looks familiar.

@biggen said in NVMe and RAID?:

@Pete-S I'll have to look again then at Intel offering. I figured AMD had Intel blown out of the water as far as cost-per-core offerings go nowadays.

On a pound for pound basis the AMD EPYC Rome platforms we are working with are less expensive and vastly superior in performance.

@biggen said in NVMe and RAID?:

@PhlipElder

The ROMED6U-2L2T is mATX? Whats the advantage there over a full size ATX board?

Smaller chassis. It's the next best thing to Mini-ITX but without the pains of dealing with Mini-ITX.

@biggen said in NVMe and RAID?:

So this Icy Dock enclosure would connect to both of those SlimSAS port with what exactly? Four of these?

Edit: No that wouldn't work. Like you said, need a Y-cable. Something like this?

Correct on both counts.
https://blog.mpecsinc.com/2020/07/27/custom-build-s2d-the-elusive-slimsas-8x-sff-8654-cable/

@biggen said in NVMe and RAID?:

The SFF-8654 to dual SFF-8643 is a bit of a unicorn isn't it? Heck, the SFF-8654 isn't even listed in the SAS wiki.

They are now. Finding them was a real challenge. And even then, we need to order them in bulk.

We may put a few up for sale for folks doing custom builds since they are so hard to find.

We have plans for them.

@biggen said in NVMe and RAID?:

But what about the server case itself? What models are you putting these components in? I'd probably do a tower for the initial build.

Pedestal: Silversone CS381.
Rack Chassis: We go barebones from a variety of vendors. Intel, TYAN, ASRock Rack, and others
Rack Chassis Standalone: Chenbro comes to mind. Silverstone also makes them. We've looked into iStar and Rosewill though never jumped on board.

@openit www.runtime.org
GetDataBack for NTFS with RAID Reconstructor.
We've had excellent success with their product.

@mr-jones The shared printer should have a machine name associated with it? Grey matter isn't firing on all cylinders yet ...

Connect to that printer and check the Advanced properties to see what the name of the host is.

This one could be a tough one.

@eleceng Pic the server setup with the cover open, the motherboard, the motherboard's make and model, and the power supply make and model.

We've been building servers for eons. We may have a compatible PSU sitting in our bin or at least be able to indicate what to get from auction site(s).

As far as activation goes, does Safe Mode work?

EDIT: Boot the VM to Server 2003 .ISO --> Recover --> CMD --> slgmr /rearm [ENTER].

@gjacobse Set up the Hyper-V host from scratch about 60-75 minutes up to date.

Set up the required base OS virtual machines about 45-60 minutes (count does not matter).

Greenfield Active Directory, OUs, GPOs, DNS, DHCP, Folders, and Shares about 45-60 minutes.

Import and configuration of base GPOs about 60 minutes.

Exchange on-premises about 30 minutes post Exchange install.

Script to set up users, their groups, and their mailbox about 60 minutes.

Time to run the script: 60 seconds.

Done.

User count does not matter. All in PowerShell.

And yes, all of our clients are on-premises Exchange.

EDIT: We charge a flat fee for the above.

@dashrender said in Windows images - ACHI or RAID/RST?:

LOL - I love it

reply 1 - leave it alone, use their driver
reply 2 - flip it, use normal AHCI driver.

Thanks guys.

Yup. Could get religious. ;0)

Reason for flipping it: Single drive no RAID.

Someone royally screwed the pooch in imaging on this one IMNSHO.

@beta said in RAID 6 in my backup VM host on spinning rust?:

Hear me out...I have a Dell server that I use as a Veeam replication target. This host is used as a backup in case my primary server dies - I just turn on the replicas and run from it until primary host is repaired.

This backup host currently has OBR10 comprised of 10 600GB 10K SAS drives. I'm running up against storage capacity limitations and have ordered 2 additional 600GB disks to add to the array, but I was thinking while I am in the process of rebuilding this array, maybe I should change it from OBR10 to RAID 6? My concern is that while I am pretty sure the OBR10 will give me enough space to last until I schedule a complete replacement of the server, the margin will be very slim whereas the RAID 6 I'm sure will give me plenty of extra breathing room until the server is replaced.

Would this be crazy to do? Or should I just stick to OBR10? Thanks!

Prior to implementing all-flash on SATA SSDs we'd run with eight to sixteen 10K SAS spindles in RAID 6.

Those arrays were running anywhere from four to ten virtual machines. There would be a DC, Exchange, Remote Desktop Services usually in farm mode, SQL, and a series of LoBs.

The largest RAID 6 rust array was sixteen spindles.

350 IOPS x 8 = 2,800 or 5,600 for 16 spindles. Ugh, can you believe it?
Mean throughput for 2.5" SAS drives was about 150MB/Second per drive for older less dense platters and about 250MB/Second for newer high areal density drives.

Since this is a replica server, the expectation would be that it would not be as performant as the main server so no real worries there.

Just so long as there isn't 100+ ms response times that is. That would become very painful very fast.

What version of Veeam?

A SOBR set up with a cloud layer with BackBlaze B2 and immutability is a huge step ahead in protecting an org from an outright blotto event or malware.

@eleceng said in What are your Thoughts on Using LAPS to manage local admin account passwords on a domain?:

What are your thoughts on Using LAPS to manage local admin account passwords on a domain?

Use it. It's excellent.

Tie in DUO for 2FA on critical infrastructure like DCs and the backup server(s) and good to go.

@scottalanmiller said in What do you think about .app domain names?:

@pete-s said in What do you think about .app domain names?:

@scottalanmiller said in What do you think about .app domain names?:

If it is under the hood, why bother. If it isn't under the hood, I think customers get confused.

So you mean if it's customer facing it's better to stick to .com and there will be no confusion?

Right, asking customers to type in .app typically comes with problems.

So that's myprog.app.com then?

We've been doing a fair amount of DOMAIN.Social lately (Mastodon on Ubuntu 20.04) with folks not having much of an issue with either typing the site's URL in or clicking the link for it.

@adamf said in CentOS - What is the current opinion here?:

So I have 1 server that needs migrated from CentOS8. What is the current state/opinion here about migration? Ubuntu is a clear choice, and most likely the path I will take, but wanted to get some other opinions as well. Is anyone using CentOS stream in a production scenario?

I've looked through here:
https://docs.ansible.com/ansible/latest/installation_guide/intro_installation.html#installing-ansible-on-rhel-centos-or-fedora

I don't see any specifications for cores/threads and storage requirements which I find odd? Is there a *NIX assumption or something about system resources?

Ah ... as I get closer to a more accurate set of search terms the search foo increases ...

https://docs.ansible.com/ansible-tower/2.2.2/html/installandreference/requirements_refguide.html

Anyway, my though/search strings aside, we're doing Mastodon on Ubuntu 20.04 LTS with not an issue other than tweaking scripts that were written for an earlier version of Ubuntu.

Ubuntu is my suggestion for an OS.

@Fredtx said in Multiple Tombstoned DC's:

I've got 11 AD sites. 1 of the 11 has 6 inbound neighbors that have not replicated since 08/2021, possibly because someone deleted the VPN tunnels to those sites, and did not look at the dependencies of that tunnel.

I'm familiar with the demoting/promoting process, including the DNS cleanup that comes with it. My question is, do I need to demote all 6 of those inbound neighbors? Or is there a better way to handle this. I read that some people have had success with using the Lingering Object Liquidator (LoL) Microsoft tool, and forced AD replication by modifying the Allow replication with divergent and corrupt partner reg key.

You can flip the tombstone limit beyond the time they've been offline, give them a bit of time to get themselves caught up, then put the limit back to where it was before.

We've done this a few times where the work to remove the errant DCs was way more than flipping the bit, waiting and watching to make sure they don't screw anything up, and then flip the bit back.

Make sure to take a System State of your FSMO Role holder(s) before starting.