@scottalanmiller said in Windows 10 vs Windows 7:

Now, of course, in the MSP space, the resources exist to do testing. But....

Imagine MSPs asking customers to provide testing hardware, licensing, and to pay for IT labour to do testing. ...>

We have our own lab to test with. Our clients pay a small monthly fee that's part of their monthly management. We use that fee to keep the lab relatively up to date.

There's no excuse for any IT company to not have a lab to work with whether provided for by their partner vendors or built-out on their own. None. Nada. Zippo.

http://blog.mpecsinc.ca/2016/11/whats-in-lab-profit.html

@scottalanmiller said in Windows 10 vs Windows 7:

@PhlipElder said in Windows 10 vs Windows 7:

I'm not sure I've ever met an admin that would trust an OS update/upgrade from any vendor out of the box without testing it at all ... just blindly install everything that comes their way. <-- @scottalanmiller Is that what's being claimed here?

Yes, that's how nearly all SMB works. In the real world, the vast majority of companies are either unwilling or unable to pay for testing gear and licenses. And of the few that do, most don't have reliable testing mechanisms. And even of those, it doesn't always work because things still vary that can't be accounted for, especially when talking about desktops.

Everyone knows that testing is a great idea. But it's crazy to think that SMBs can actually do it. Thankfully, with things like Fedora, there isn't a fear around it, that's unique to the Windows space. Is it know that it could be an issue, sure. But it's also known to be a ridiculously minor concern, something that is more theoretical than real. It is exclusive to the Windows world that testing is so important, and also unique that it is so hard and costly.

But given real world factors, it's totally unrealistic to expect small companies to test updates. How do you perceive that working. Even having uniform environments is incredibly rare. Given that most companies can't get the basics covered in their budgets, budgeting a large amount for testing that does almost nothing for them doesn't make good IT sense.

Remember that the cost of testing is very high for small environments. In the enterprise, doing basic testing for 50,000 users has a trivial per user cost. In a five person environment, the testing needs are about the same, but the cost per user is literally 10,000 times higher.

Our SMB clients have been paying us to regression test and deploy patches for years. That's what we're here for. But then, we're the exception to the rule and thus the "All SMB belongs in the cloud" attitude at Microsoft.

As far as avoiding patches that's been going on since I can remember with the old rule of thumb being no OS upgrade/changes until SP1 comes down the pipe. So, nothing has changed there on most any platform.

@scottalanmiller said in Windows 10 vs Windows 7:

@PhlipElder said in Windows 10 vs Windows 7:

The reality is that we need to regression test and litmus test those patches to make sure they work for our systems. That's our responsibility not theirs.

For third party apps, yes. For the OS itself, no. No other OS puts OS testing on the end users. This just reinforces the thought that it's not production ready. Especially for the SMB space. Especially when test devices aren't licensed for free. Making things unstable means more sales, means less production ready.

What you are describing is a "lower bar" for Windows than for its competitors. You are asking the end users to accept a lesser product when considering Windows. Things we wouldn't find acceptable if it were macOS or Ubuntu. But when it's Windows, we are supposed to feel it is okay.

macOS. Yeah, right. We've had our fair share of problems on that platform as well as the iOS too.

I'm not sure I've ever met an admin that would trust an OS update/upgrade from any vendor out of the box without testing it at all ... just blindly install everything that comes their way. <-- @scottalanmiller Is that what's being claimed here?

@fuznutz04 said in Intel NUC:

We want to put up a big TV in the office for a Trello type board. Also to view stuff in company meetings. Any suggestions for a super small computer to power this thing? Basically, the only requirements are that it should be able to run Google Chrome. That's about it. I was thinking a low powered Intel NUC. Any other suggestions?

We use the Intel Celeron powered NUC for all of our cloud-PCs that are essentially dumb terminals. They run Windows Pro to allow them to be integrated into a security setup delineated by Group Policy along with user logon rights and such.

We've been in a lot of situations where folks start out with the same specifications but end up using it for more than the intended use. I do suggest at least a Core i3 with 8GB RAM and a 256GB Intel M.2 SSD to keep things moving along at a good pace but priced reasonably.

@JaredBusch said in Windows 10 vs Windows 7:

@scottalanmiller said in Windows 10 vs Windows 7:

Speaking of Windows Updates. I literally just found my first Windows 10 machine that successfully detected 1809 and attempted to update. No word yet if it will be successful. But this is the VERY FIRST time that I've not had to use the media creation tool to get it to recognize that 1809 exists.

Also speaking of updates.

https://www.howtogeek.com/369656/dont-click-check-for-updates-unless-you-want-unstable-windows-10-updates/

Hype, FUD, click-bait, whatever.

Jiminy Cricket folks sure love to blow their horns.

We've been on 1803 and our clients have and our contractor's clients have pretty much since it was released.

We've been deploying all new systems with 1809 patched and up to date because it just works.

I find that the primary problem with patching is a lack of regression testing by the folks doing the patching. For those that are, see www.patchmanagement.org and join the lists.

Microsoft has been "failing" at QA for patching for freaking years now. There's just too complex an ecosystem for them to cover all of the bases anyway so the idea that everyone's setup can be patched immediately is befuddling at best and suicidal at worst.

The reality is that we need to regression test and litmus test those patches to make sure they work for our systems. That's our responsibility not theirs.

Caveat: While the above is definitely a very not-so-humble opinion, Microsoft should have their collective defecation together at least for their own hardware line. But then again, folks install all sorts of stuff on their machines that seemingly take them off-spec so the above applies yet again.

The only patching issues we've had to date on the Windows 10 platform have been with users that took their machines out of deployment spec by installing whatever. Our in-spec Win10 deployments have been quite stable patch wise.

@scottalanmiller said in Windows 10 vs Windows 7:

Speaking of Windows Updates. I literally just found my first Windows 10 machine that successfully detected 1809 and attempted to update. No word yet if it will be successful. But this is the VERY FIRST time that I've not had to use the media creation tool to get it to recognize that 1809 exists.

From what I understand the throttling is being pulled off now.

@Emad-R said in Windows 10 vs Windows 7:

@PhlipElder said in Windows 10 vs Windows 7:

We're flipping all of our clients over to Windows 10. It's a lot easier to maintain patch wise though the recent move to split-out .NET gives us a bit more complexity.

Whether Win7 or Win10 it's important to disable SMBv1. The following is PowerShell:

# Disable on Windows 10
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -Restart

# Check
Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol

# Check and Disable on Windows 7
Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}

# Disable SMBv1 on Windows 7
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
Restart-Computer

# Disable on Windows Server 2012 RTM
# Check
Get-SmbServerConfiguration | Select EnableSMB1Protocol

# Disable
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$False

What do you mean split out .NET ?

You can install latest version of .NET on both systems, and the only split .net done was in 4.0 they made one full and one for client, then they realized it us mistake. and never did it again.

Windows 10 Update structure:
1: Servicing Stack Updates (Requires an acknowledgement prior to entry)
2: Latest Cumulative Update
3: Latest .NET Update for Windows 10 (I've not found a URL for this one yet)

Meaning, .NET will not be delivered in the LCU anymore.

We're flipping all of our clients over to Windows 10. It's a lot easier to maintain patch wise though the recent move to split-out .NET gives us a bit more complexity.

Whether Win7 or Win10 it's important to disable SMBv1. The following is PowerShell:

# Disable on Windows 10
Disable-WindowsOptionalFeature -Online -FeatureName smb1protocol -Restart

# Check
Get-WindowsOptionalFeature –Online –FeatureName SMB1Protocol

# Check and Disable on Windows 7
Get-Item HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters | ForEach-Object {Get-ItemProperty $_.pspath}

# Disable SMBv1 on Windows 7
Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters" SMB1 -Type DWORD -Value 0 –Force
Restart-Computer

# Disable on Windows Server 2012 RTM
# Check
Get-SmbServerConfiguration | Select EnableSMB1Protocol

# Disable
Set-SmbServerConfiguration -EnableSMB1Protocol $false -Confirm:$False

@huzefa22 said in Same subdomain name internal and external i have an issue with the DNS, specifically emails:

Re: Internal domain name same as external domain - DNS issues!!

Hi, i am new this site, so just poping in as i am facing a similar type of issue if anyone can assist me on it.

• we have just deployed our new child domain and the name same as our subdomain which is also used for emails e.g. our email subdomain is abc.xyz.com and our child domain is also abc.xyz.com. our emails are on office365 and the domain is parked on godaddy.
so now when i do a nslookup from my domain or any pc connected to that domain, it takes me to the godaddy, which is causing email sending issues.
i tried to setup a mx record on the child domain to point it to the office365 dns but it doesn't help. still i get the same godaddy on nslookup.
when i change the users DNS from local child domain dns to the isp dns, i get the nslookup query resolved for the domain correctly to the office365 records.
Is there anyway you can assist me on this or give some suggestion?
Your assistance will be highly appreciated.

Best regards.

What does the MX record for abc.xyz.com say from the Internet and from NSLookup internally? They should match.

http://dig.menandmice.com <-- Freebie DIG

@JaredBusch said in On-Premises soft PBX:

Once you have a working system that you like, you set it up again cleanly.
Connect your SIP trunk.
Buy phones for all users.
Schedule a go live for the users.
On that go live forward your main numbers to your new DID.
Then you can port your old numbers to your SIP provider.

Heh. Sounds like fun.

Okay, here's the deal: We have one POTS number as mentioned and one toll free 888 number resident with Tagline.CC that we'd like to port over as well.

I'm really not interested in delving into this stuff on my own as I have a pile of cluster lab work that is revenue focused on the To Do List.

Folks who do this stuff for a living, please DM me a cost and a monthly cost if need-be along with a brief description of what's needed. I'll touch base with the current phone provider to see if we're bound into a contract or not. I don't think so as I don't remember signing something but the grey matter's not so reliable as of late.

Thanks folks!

@scottalanmiller said in On-Premises soft PBX:

@PhlipElder said in On-Premises soft PBX:

@Pete-S said in On-Premises soft PBX:

@scottalanmiller said in On-Premises soft PBX:

@Pete-S said in On-Premises soft PBX:

We installed and ran a couple of options to see what would work best for us and for our needs 3CX was the clear winner.

We are running the debian version of 3CX on xenserver. It has worked very well.

What did you test against? Was FreePBX one of the options?

There are loads of things worse than 3CX, like Mitel or Cisco that we've found. No question there.

Of course we tried freepbx.

Okay, so we can look at 3CX or FreePBX as two options.

What else do we need to make this work?

I jumped on FreePBX's site for a boo and there's something there about a SIP Trunk?

They make their money trying to sell you things. FreePBX is totally free and can use any SIP trunk you want. But you are welcome to buy SIP trunks from them directly, if you so desire.

That's the catch. I'm not sure what is needed and from where given our location in Canada.

@Pete-S said in On-Premises soft PBX:

@scottalanmiller said in On-Premises soft PBX:

@Pete-S said in On-Premises soft PBX:

We installed and ran a couple of options to see what would work best for us and for our needs 3CX was the clear winner.

We are running the debian version of 3CX on xenserver. It has worked very well.

What did you test against? Was FreePBX one of the options?

There are loads of things worse than 3CX, like Mitel or Cisco that we've found. No question there.

Of course we tried freepbx.

Okay, so we can look at 3CX or FreePBX as two options.

What else do we need to make this work?

I jumped on FreePBX's site for a boo and there's something there about a SIP Trunk?

@scottalanmiller said in Annoyed with spam and spoofed emails? SPF, DKIM, and DMARC is your magic spell!:

@PhlipElder said in Annoyed with spam and spoofed emails? SPF, DKIM, and DMARC is your magic spell!:

@coliver said in Annoyed with spam and spoofed emails? SPF, DKIM, and DMARC is your magic spell!:

@PhlipElder said in Annoyed with spam and spoofed emails? SPF, DKIM, and DMARC is your magic spell!:

And, sadly, Microsoft has decided to keep DKIM in O365 leaving on-premises Exchange 2019 deployments out in the cold. Third party only.

Don't deploy exchange. Problem solved.

Tried that with Kerio. Ugh ... that was not a happy experience.

Nothing against Kerio, but hardly the alternative most would suggest to sample the non-Exchange world.

Zimbra, Kopano, Axigen, MailDaemon, etc. Lots of options that people routinely have great experiences with (like being easier than Exchange.)

I've not tried Kerio, but have used many. The experiences have been all over the place, but pretty universally easier to deploy than Exchange. Which is acceptable itself, not complaining about it. But by comparison, it required more training and prep and was still harder to do.

Example... as a certified Exchange Admin, Zimbra was still easier to do. And Axigen easier than that. Axigen, if I remember correctly, is the easiest deployment I've done for email.

Timing off the top:
1: Install Windows Server 2019 with latest CU slipstreamed in: 15 minutes
2: Initiate Exchange install and run: 30-60 minutes depending on guest performance
3: Run PowerShell scripts to set up for production: 5-10 minutes
4: Exchange SSL setup: 5 minutes
5: Done

@coliver said in Annoyed with spam and spoofed emails? SPF, DKIM, and DMARC is your magic spell!:

@PhlipElder said in Annoyed with spam and spoofed emails? SPF, DKIM, and DMARC is your magic spell!:

And, sadly, Microsoft has decided to keep DKIM in O365 leaving on-premises Exchange 2019 deployments out in the cold. Third party only.

Don't deploy exchange. Problem solved.

Tried that with Kerio. Ugh ... that was not a happy experience.

Exchange just works. It's low maintenance and easy to deploy and migrate. We've been working with it since the 5.5 days (Back Office Server then Small Business Server).

And, our on-premises deployments have 100% up-time across the life of the solution set which is five years in most cases. Maintenance has been quite simple since the advent of the Cumulative Update.

And, sadly, Microsoft has decided to keep DKIM in O365 leaving on-premises Exchange 2019 deployments out in the cold. Third party only.

The cloud hosted PBX topic spurred some thinking juices.

We landed a 500/500 fibre connection at the shop this summer and have moved our voice over to their coax based setup which is a separate cost and SLA. I'd be more than happy to drop the extra cost of their phone POTS replacement and run our own.

It's been a very long time since I've ventured into or even thought about VOIP.

We have our own redundant systems built-up on Hyper-V, Storage Spaces, and Storage Spaces Direct (HCI) along with the requisite power protection.

As far as guest operating systems we have the given with Microsoft but also Ubuntu has been a go-to for our Grafana/InfluxDB/Telegraf graphing, monitoring, and history setup.

What would all y'all recommend for us?

We're in Alberta, Canada so that may play into the final setup I think?

@Pete-S said in DELL PowerEdge T410 - Memory Configuration Issues:

@PhlipElder said in DELL PowerEdge T410 - Memory Configuration Issues:

As a rule, the primary slot in each channel should be populated. So, 4 sticks per CPU.

Make sure Memory RAS settings are default and not stripe or mirror. That may be part of the problem.

Make sure the sticks are in the primary slot for each channel which is usually a different colour than the secondary and furthest from the CPU.

T410 is old 5500 series chipset which is triple channel, so I don't think you gain anything with 4 per CPU.

Heh .. I didn't clue in to the generation indicator thus my mistake. Apologies ...

As a rule, the primary slot in each channel should be populated. So, 4 sticks per CPU.

Make sure Memory RAS settings are default and not stripe or mirror. That may be part of the problem.

Make sure the sticks are in the primary slot for each channel which is usually a different colour than the secondary and furthest from the CPU.

@Dashrender said in What Are You Currently Reading Outside of Tech:

@PhlipElder said in What Are You Currently Reading Outside of Tech:

@scottalanmiller said in What Are You Currently Reading Outside of Tech:

@PhlipElder said in What Are You Currently Reading Outside of Tech:

Picked up Timothy Zahn's new Thrawn Alliances book so am re-reading its predecessor then the new one.

He is a fantastic writer. Great book(s).

There is a new one in the series? I just found my copies of the old trilogy a few days ago.

Yeah, Disney's new canon versus what is now called the "Legends" series or old canon originally doctored by Lucas himself.

The new canon covers the movies, TV series, other online series, and any of the new books published since "The Force Awakens".

In a way, it's a good thing and in a way the decision was a bad thing.

It was good because Disney was not locked in to retelling what was already written in the plethora of Legends books and series. It was bad for much the same reason. So much was left behind.

Another good that came out of it is Zahn's ability to write using his hindsight and augmenting things. The first book was and is amazing. I'm already 3/4 of the way through it. I expect no less from the new "Thrawn Alliances" book.

I'm halfway through the new book... I'd say neither of these live up to the memory I have of the original Zahn triology. They are good, but definitely not as good. As a matter of point - I started reading Alliances 4 weeks ago, and haven't gone back to it.

I haven't really thought of it that way.

I've read the Legends Thrawn Trilogy at least two or three times. They are one of my favourite set short of some of the Han Solo sets, the Millennium Falcon stories, the ongoing tension and eventual marriage of Luke Skywalker to Mara Jade, and many of the other series sets.

I get a sense that much of what Zahn wrote in the Trilogy is there in the new book. There are plenty of references to key bits and pieces. What I'm enjoying is the delving into the Empire's court politics and Thrawn's ice breaker smashing through it for lack of a better analogy.

I especially like the first person bits throughout the book. It's neat. We get a pretty good idea of what is going on with Thrawn as he moves about his various challenges. Eli is a good offset character too. They work well together.

All in all, the original trilogy still stands as one of my favourites right up there with Asimov's Foundation Series. The current one, and it's left to be seen about Alliances, would fall somewhere in the top 25 maybe.

@scottalanmiller said in What Are You Currently Reading Outside of Tech:

@PhlipElder said in What Are You Currently Reading Outside of Tech:

Picked up Timothy Zahn's new Thrawn Alliances book so am re-reading its predecessor then the new one.

He is a fantastic writer. Great book(s).

There is a new one in the series? I just found my copies of the old trilogy a few days ago.

Yeah, Disney's new canon versus what is now called the "Legends" series or old canon originally doctored by Lucas himself.

The new canon covers the movies, TV series, other online series, and any of the new books published since "The Force Awakens".

In a way, it's a good thing and in a way the decision was a bad thing.

It was good because Disney was not locked in to retelling what was already written in the plethora of Legends books and series. It was bad for much the same reason. So much was left behind.

Another good that came out of it is Zahn's ability to write using his hindsight and augmenting things. The first book was and is amazing. I'm already 3/4 of the way through it. I expect no less from the new "Thrawn Alliances" book.