@dashrender said in CAL Counting:

@scottalanmiller said in CAL Counting:

@eleceng said in CAL Counting:

We will be using terminal services in a redundant setup so at least 10 RDS cals

Terminal SERVICES doesn't require more CALs when redundancy. But if you mean your TERMINALS (the thin clients) will be redundant, then it will.

One CAL gives you access to unlimited RDS servers.

RDS CALs are also concurrent, aren't they? Or did they change that?

Had this discussion a few years ago. From my understanding, RDS has a "pool" that grabs a license from the pool for each logged in user. It will re-up every 90 days each time the user logs in. So if you have multiple users that only log in once every 89 days, that can waste a ton of licenses, thus having to purchase more than actually is required.

@eleceng said in CAL Counting:

@dashrender the organization already has user CAL's because all employees have email and can log in to the local computers, etc.

Do need user CAL's for every employee on every system or does 1 user CAL cover an employee on any and all systems corporation-wide?

One Windows Server User CAL covers one employee company wide.
You will also need a one Windows RDS User CAL for each user connecting to all RDS servers company wide.

@obsolesce said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

Not instead, in addition to.

If Hyper-V Server as a single product is going away, then it can't be "in addition to". He said Hyper-V Server, not Hyper-V.

@scottalanmiller said in KVM or VMWare:

ASHCI is MS doubling down on Hyper-V, not abandoning it.

Right, not what I was referring to. He said, "Hyper-V Server". We all know that Hyper-V is not going away.

So basically, correct me if I am wrong, one has to pay to use Hyper-V going forward in the future (After Hyper-V Server 2019 is EOL)?

@stuartjordan said in KVM or VMWare:

@pmoncho said in KVM or VMWare:

@stuartjordan said in KVM or VMWare:

@obsolesce said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

Not instead, in addition to.

If Hyper-V Server as a single product is going away, then it can't be "in addition to". He said Hyper-V Server, not Hyper-V.

@scottalanmiller said in KVM or VMWare:

ASHCI is MS doubling down on Hyper-V, not abandoning it.

Right, not what I was referring to. He said, "Hyper-V Server". We all know that Hyper-V is not going away.

I was Indeed Meaning Hyper-V Server, not the Hyper-V role.

I am wondering if MS expects businesses to be all cloud in the next ten years? Those that are not, they don't care about.

Is indeed what they want I believe, especially with Windows 365. They already had a method of creating RDS solutions in Azure. They have just made it easier to do with Windows 365.

I was going through the costs with their old RDS server solution they had about 5 years ago until they ditched it. It would have actually more cost effective for us.

Their new solution raised costs by about 40% so I said HELL no.

@pete-s said in Slow "internet" customer says...:

I have a customer and they have one location where they hold meetings with about 30 people in attendance and say another 10 people in the office. People in the meetings sometimes complain about slow internet. Problem is that they have 500 Mbit/s fiber and no hosted servers or anything on-prem.

I haven't been on location yet so I have no clue what equipment they have. I'm suspecting consumer grade AP/router/firewall stuff.

How would you go about troubleshooting this problem?

Without knowing anything about equipment on-site and/or limited knowledge about the environment, I start with the basics:

www.speedtest.net -Will give you a better idea of true bandwidth
ping google, microsoft, Cloudflare, <site their connecting to>
tracert google, microsoft, <site their connecting to>
Check device performance in OS supplied performance monitor
Compare wired vs wireless performance if possible

Not much else you can do until you get more equipment info IMHO.

@dashrender said in New customer - greenfield setup:

User education is next thing - and we do provide user education at hiring and then once a year. I really wonder - for the average worker - how effective is it? I think the answer to this comes down to your employees themselves. Again, someone also already mentioned that as well.

In my company, KnowBe4 has been really good. Users get yearly and quarterly videos and are encouraged to ask questions. Plus I setup a random monthly phishing scam test in addition to my very targeted bi-annual spear phishing tests I setup.

I really like it when users ask for help to decipher whether an email is phishing or not. We go over the potential red flags and if it is a Phishing test, I will let the user decide whether to click the link or not. 99% of the time they pass. If they click it, we have a small chat right then and there about what just happened.

Management only gets serious about it when they hear something in the news or through the client grapevine. Then its all hands on deck until.....

IMHO, it has been pretty effective when they see demonstrations of what is possible as compared to letting them read a PowerPoint, answer a couple questions and move on. Kind of like the great Medical - Fraud, Waste and Abuse presentation. All I hear is, "Ugh, anyone have the answers?" or similar statements.

@dashrender said in Email retention for non-regulated businesses?:

@scottalanmiller said in Email retention for non-regulated businesses?:

@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.

Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.

I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.

@dashrender said in Email retention for non-regulated businesses?:

@pmoncho said in Email retention for non-regulated businesses?:

@dashrender said in Email retention for non-regulated businesses?:

@scottalanmiller said in Email retention for non-regulated businesses?:

@pete-s In the US they tend to say "as short as possible." Email is always a legal quagmire and the best thing to do is to delete is as quickly as possible. Which, of course, can't be that fast. So we are generally talking 1-2 years. But you rarely want to keep it longer not because it likely contains details of people breaking the law, but because a legal discovery request is extremely expensive and a great way to attack even otherwise honorable businesses. It's a huge cost you can leverage against someone that they can only reasonably mitigate by not having much email to go through.

Man - that would be so awesome. But even if management did agree that - you'd have people that would be looking for ways to maintain the data for a much longer period - like printing and saving in a cabinet.. shudder.

I like many of the replies I get about cleaning out email. "Why, its free!" "Why, my 50 GB of email is nothing when we have 16TB drives for $200" "Why do I have to remove email older than 13 years, it isn't hurting anyone" "Why would I do that, I may need it later (Medicare Newsletters prior to 2010)" and the list goes on and on.

Exactly!

But you do have a reply as to - Why - it's not hurting anyone - yes, yes it is.. it's hurting the company if we ever get sued and have to do a legal discovery through that data - not only is it time consuming - the information could be damning either for the thing they are looking for or something completely unrelated.

This explanation has fallen on deaf ears numerous times. As they say, people learn best from pain. So until it happens and the company has to fork out $$$$ for discovery, it won't change. Heck, it may not change after that.

@scottalanmiller

I misread that. Yeah only 140 agents.

Apparently I am far behind.

@scottalanmiller said in Email auto CC:

@WrCombs said in Email auto CC:

@Pete-S said in Email auto CC:

@WrCombs said in Email auto CC:

Can someone help me understand GSuite email admin stuff??
Customer opened ticket to add her as a CC on another employees emails - we set up the rule yesterday and tested - worked fine from my understanding but ticket was reopened with the notes that when the employee who is copied emails send an email to the other employee from the email that is supposed to be cc'd on all incoming emails - there is no response /cc notification - My thought is because its coming from email that is supposed to be CC'd it's not sending the CC to prevent loop back emails - but I dont know much about it.

anyone have any insight?

Contact google support instead. They are there to help you and they should know how it is suppose to work and what settings to check if it doesn't. And they can probably see things in your account that you can't.

Gotcha. My manager and I were bouncing ideas off of each other on this one and we came to the conclusion that google is being to smart for it's own good - Like it's not copying her on emails being sent to that other employees email from the CC'd email to prevent loop back emails - we explained this to the customer -

Maybe a good chance to step back and figure out the end goal. Why would she want to be CC'd on her own email?

A few users do that here. I asked why and the individuals stated that it was reassurance that the email went out if they see one come into their own mailbox.

I decided to win a different battle.

@scottalanmiller said in POTS line replacement:

@Pete-S said in POTS line replacement:

@pmoncho said in POTS line replacement:

@Pete-S said in POTS line replacement:

@pmoncho said in POTS line replacement:

We also have a call into our Security/Fire Alarm company on the costs of a replacement alarm system is and if it can work over cellular. We will then see which will have the best ROI depending on years of service.

It's highly unlikely that you need to replace the alarm system, as most commercial security systems can be expanded with different modules. Moving from POTS to IP or cellular is very common.

It's also very possible that your alarm system will not work over your AT&T ATA (POTS emulation). Some alarm systems don't use the same signaling as a modem or fax would.

I found the manual online and this is the section describing the transmitter itself.

"Digital Alarm Communicator/Transmitter
Two modular phone jacks allow easy connection to telephone lines. Modular jacks are labeled PH1 for Primary Phone Line and PH2 for
Secondary Phone Line. Two telephone line active red LEDs are provided as well as a green Kissoff LED. The integral digital communicator provides the following functions:
• Line Seizure: takes control of the phone lines disconnecting any premises phones
• Off/On Hook: performs on and off-hook status to the phone lines
• Listen for dial tone: 440 Hz tone typical in most networks
• Dialing the Central Station(s) number: default is Touch-Tone, programmable to rotary
• For tone burst or touchtone type formats: discern proper Ack and Kissoff tone(s). The frequency and time duration of the tone(s)
varies with the transmission format. The control panel will adjust accordingly.
• Communicate in the following formats:
Ademco Contact ID
SIA-DCS-8
SIA-DCS-20"

With regards to signaling, this is the only thing that stuck out to me.

It has for sure more capability than your typical ATA. For instance I've never seen line seizure, off/on hook and rotary dialing. It's likely that they use a specific codec optimized for tones and not talk as well.

Yeah, never seen line seizure either. Of course, there are no lines to seize so the issue should be moot.

Also @Pete-S

My apologies for not specifying. This is from the fire alarm manual not the ATA.

@Dashrender said in POTS line replacement:

@scottalanmiller said in POTS line replacement:

@Pete-S said in POTS line replacement:

@pmoncho said in POTS line replacement:

@Pete-S said in POTS line replacement:

@pmoncho said in POTS line replacement:

We also have a call into our Security/Fire Alarm company on the costs of a replacement alarm system is and if it can work over cellular. We will then see which will have the best ROI depending on years of service.

It's highly unlikely that you need to replace the alarm system, as most commercial security systems can be expanded with different modules. Moving from POTS to IP or cellular is very common.

It's also very possible that your alarm system will not work over your AT&T ATA (POTS emulation). Some alarm systems don't use the same signaling as a modem or fax would.

I found the manual online and this is the section describing the transmitter itself.

"Digital Alarm Communicator/Transmitter
Two modular phone jacks allow easy connection to telephone lines. Modular jacks are labeled PH1 for Primary Phone Line and PH2 for
Secondary Phone Line. Two telephone line active red LEDs are provided as well as a green Kissoff LED. The integral digital communicator provides the following functions:
• Line Seizure: takes control of the phone lines disconnecting any premises phones
• Off/On Hook: performs on and off-hook status to the phone lines
• Listen for dial tone: 440 Hz tone typical in most networks
• Dialing the Central Station(s) number: default is Touch-Tone, programmable to rotary
• For tone burst or touchtone type formats: discern proper Ack and Kissoff tone(s). The frequency and time duration of the tone(s)
varies with the transmission format. The control panel will adjust accordingly.
• Communicate in the following formats:
Ademco Contact ID
SIA-DCS-8
SIA-DCS-20"

With regards to signaling, this is the only thing that stuck out to me.

It has for sure more capability than your typical ATA. For instance I've never seen line seizure, off/on hook and rotary dialing. It's likely that they use a specific codec optimized for tones and not talk as well.

Yeah, never seen line seizure either.

Odd, I've definitely seen/heard of this before.

I believe the line seizure in the Fire Alarm is to knock off any device currently using the line to send alert signal in case of a fire.

@Dashrender said in POTS line replacement:

@pmoncho said in POTS line replacement:

If there is paper to start and confirmation is needed, then I don't see how the process can be cut down any further than what is there other than automating the file name, watermark the barcode and the software "filing" the doc in the system against the patient.

Exactly.
In our case, a person must tell the system what type of document it is, and what do do with it once it's uploaded. That can either be done, and the output generates a barcode - the barcode goes on the page - then scan/upload to the sytem.
OR the person scan/uploads the document - then while confirming it's on the screen - they tell what kind of document it is and what to do with it.

To me the barcode is a huge waste of everything. AND introduces a failure point (what if the scan does a bad job on the barcode?

I'm guessing you probably have users that misclassify scans too? What is required if that happens?

@ElecEng said in Windows Volume License Vendor:

I am in need of some volume licensing help for a small business with around 25 users. Can someone recommend a good knowledgeable vendor to assist?

@Yonah-S at https://datacenterwarehouse.com/

@RojoLoco said in What hardware do you use for online meetings?:

Our new setup includes 2 different models of Dell's video conferencing monitors. Built in camera (pops up from the top edge), as well as a decent array of mics and speakers below the display. I think management didn't really think it through, as our office is mostly cubicles. 2 or more people on a call turns into a weird, multi-node speakerphone, complete with odd echoes that come from both latency and physical distance. They probably would be great if everyone had them at home, but it's not really a practical solution if you have a budget.

Setup a two this week and it has not been a fun experience. We have the Dell 24" models and had to hook them up on old pc's using DP and USB-C to A adapter. They do work pretty well when setup via USB-C on newer laptop.

The microphones, IMO, are not the best but the monitor and camera are pretty decent. For only $229 on Amazon, they are ok.

@JasGot said in Hard disk encryption without OS access?:

We have a customer who is being told they have to ensure all their data is encrypted when at rest. They are being told by their franchisor.

The software product they use for running their business is the only app on the server and the software vendor will not allow access to the server OS.

I know the hard ball way to deal with this, but I am looking to know and consider all of our options.

Moving away from the current software vendor is a nearly insurmountable task.

The software is running on Red Hat. Not sure which version.

If the client controls the server hardware, then SED SSD is a an option.

Reddit has a post that Rackspace had an email ransomware incident.

Don't know about its credibility though.

@Obsolesce said in User migration to azure:

@Dashrender said in User migration to azure:

@Obsolesce said in User migration to azure:

@pmoncho said in User migration to azure:

@Dashrender said in User migration to azure:

@Pete-S said in User migration to azure:

@Dashrender said in User migration to azure:

@Pete-S said in User migration to azure:

@lilyleiden said in User migration to azure:

We just tested migrating a small batch of test users to our new Azure tenant.

While migrating the PC/user account was no problem, the fact that people get a completely blank user profile, certainly was a showstopper!!

Many of our users has had their AD profile for years, even a decade and has a lot of individual settings, ways to work, shortcuts, quick links, favorites/browser cached passwords etc. and they loose all that.
Management has currently halted the process due to the protests.

So I am on the lookout for a way to link/migrate the old profile/profile settings, when Azure joining the PC?

I would use this as an opportunity to remove unneeded customizations and old ways of doing things and introduce new ways of working instead.

For instance is it really wise to rely on browser cached passwords? To me that's a signal that you need to look over you password management policy. Maybe your users need a real password manager or setup SSO to apps they're using.

I'm really on board with this! We don't migrate when people get new machines, that said - we have few users that do much customization to their setup...

Yes and it's also question of setting the right expectations. For instance saying: IT allows users to customize their desktops but will not provide support for it. New machines, reimaged desktops etc will be reset to company default.

I do this - I don't support end user shortcuts to their desktop. If you figure out how to get it - or get others around you to do it for you, fine... but IT does not support your shortcuts.

Wondering what others do for users bookmarks? Do you just have them create and use their own Google/Firefox/Microsoft account so they follow the user?

They can sign in and use their corporate email to sync in the web browser.

huh - a PITA making users make three separate accounts (one for each browser) based on their corporate account... but doable.

Three separate accounts for what? I only use one web browser for work, and only one work account, and have all my work bookmarks on that, and synced. Why would someone do all that on multiple browsers?

Government Healthcare websites. That is why. Medicaid (per state), Medicare (per jurisdiction), Insurance websites, different EMR websites, etc... etc... etc... etc...

Yes, it is a BIG PITA. Heck, up until last year, Eclinical EMR (version based) still wanted IE and refused to use Chrome/FireFox/Edge. It can now be used on Chrome/Edge but doesn't like FF, yet for Medicaid, they like FF better than Chrome/Edge. UGH

(Just a little bitter....)