@Phil-CommQuotes said in Provide Foreign Toll-Free Number to US Call Center:

@JaredBusch @wrx7m Hope I responded right but yes we can get Toll Free numbers a la carte anywhere in the world (well almost anywhere!). Mexico yes! Hit me up

Thanks to @Phil-CommQuotes (and to @JaredBusch for the referral)- He recommended TollFreeForwarding.com. We have setup a much less expensive Mexican toll-free number to forward to our call center.

Circling back to GPP. Thanks to @FiyaFly , who was able to help me out with the syntax for the fields. Do not use quotes in the target or start in paths.
Target Path:

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Arguments:

--incognito --proxy-server=squid1.domain.com:3128 --user-data-dir="%LOCALAPPDATA%\Google\Squid1\User Data"

Start in:

C:\Program Files (x86)\Google\Chrome\Application\

I also used the create option and desktop (standard, not all users desktop).

I am setting up Windows 2016 RDS server to retire an old 2008 R2 RDS server. The server provides access to our ERP system, FileMaker and Fishbowl Inventory for remote users. Each of these applications still only support Server 2016.

I currently have about 30 active user profiles on the old one and they are automatically created and pointed to a D:\ partition. I had forgotten about the newer (than 2008 R2) User Profiles Disk feature and am wondering if I should look at moving to that configuration, or just stick with the current type of config.

Are User Profile Disks the standard now? Are they good, bad or it depends?

If I should just keep doing what I am doing, is there an actual migration process for the profiles
or
should I use something like ForensIT to migrate the profiles
or
just have everyone login to the new server and do a robocopy of certain directories (like the desktop)?

Upon boot, I am getting the EDAC skx: Can't Get tolm/tohm error after upgrading my Vultr instances from Fedora 29 to Fedora 30. Has anyone else experienced this? Is there a fix for it?

EDIT: Changed the thread title to reflect my findings in posts 16-21

Which is preferred and why?

I recently ran into an issue after starting to use PSWindowsupdate (https://mangolassi.it/topic/19897/pswindowsupdate-use-powershell-and-other-tools-to-automate-windows-updates) where Server 2016 had GPOs set to point the servers to a local WSUS server. The problem was that the server was actually going to Microsoft's public internet update server. When running the following in PowerShell -

$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager"
$MUSM.Services | select Name, IsDefaultAUService

I found that the IsDefaultService for Windows Server Update Service was set to False and Windows Update was set to true.

Name                          IsDefaultAUService
----                          ------------------
Windows Store (DCat Prod)                  False
Windows Server Update Service              False
Windows Update                              True

I found that these GPO settings, as outlined by, alexander.polomodov, at serverfault.com (https://serverfault.com/questions/857607/windows-server-2016-not-updating-through-wsus/868356), fixed the issue. There may be settings that aren't really required, but I do know that this fixed my issue. Now IsDefaultAUService shows true for Windows Server Update Service.

Here is his post-

"The problem is with Dual Scan trying to connect to Windows Update (online) and failing. When it fails the system just stops trying and refuses to connect to WSUS.

The added problem is the server install media has a bug in it which prevents the Dual Scan from changing. It just ignores the policy and keeps the default update source Windows Update.

Here is what you have to do to fix it: Run the following commands in Powershell on the offending server

$MUSM = New-Object -ComObject "Microsoft.Update.ServiceManager"
$MUSM.Services | select Name, IsDefaultAUService

You will get something back like this:

Windows Update Standalone Installer - False
Windows Server Update Service - False
Windows Update - True

If it says "Windows Update - True" Then that is your default source, no matter what your GPO says...

The first thing you have to do is make sure the following patches are installed on your server.

kb4103720 and kb4462928

You need them BOTH. They are both huge, they both take forever and a day to install and they both require a server reboot.

These KBs fix the dual scan issue so the server will respond to the GPO telling it which default source to use.

Now you need to configure Group Policy to tell the server to only use the WSUS server. Per Microsoft these are the required settings (I am dubious on some of them, but I haven't tested each one... I am just happy the thing is finally working)

**Computer Configuration > Policies > Administrative Templates > System > Device Installation

Specify the search server for device driver source locations**

Set to "Enabled"
Select search order: "Do not search Windows Update"

Specify the search server for device driver updates

Set to "Enabled"
Select Update Server: "Search Managed Server"

Computer Configuration > Policies > Administrative Templates > System > Internet Communication Management > Internet Communication Settings

Turn off access to all Windows Update features (In Microsoftspeak that means their online server, not 'make so it can't get updates')

Set to "Enabled"

Turn off access to the Store

Set to "Enabled"

Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Update

Do not allow update deferral policies to cause scans against Windows Update

Set to "Enabled"

No auto-restart with logged on users for scheduled automatic updates installations

Set to "Enabled"

Specify intranet Microsoft update service location

Set to "Enabled"
Set the intranet update service for detecting updates: "http://[YOUR SERVER]:8530"
Set the intranet statistics server:"http://[YOUR SERVER]:8530"
Set the alternate download server: "http://[YOUR SERVER]:8530"
Uncheck the box Download files with no Url in the metadata if alternate download server is set

Move your servers into an OU with this GPO enabled. I created a separate OU in my Servers OU just for 2016 server and linked this GPO to it.

Run the above powershell commands again.

It should now say

Name                                   IsDefaultAUService    
-------                                 --------------------------  
Windows Server Update Service              True  
Windows Update                             False

If you get "Windows Server Update Service" True, then it should work!"

Updating this thread. I ended up setting up the squid.conf file with the following config to get it to work.

First, at the top of the localnet lines-

acl localnet src 205.205.205.1/32

Then, I added the only domains that I wanted to provide access to. This whitelisted them.

acl GOOD dstdomain .google.com
acl Good dstdomain .domain.ca

Followed by, the allow and deny lines

http_access allow GOOD
http_access deny all

Finally, "uncommenting" the Safe ports/services for 80 and 443.

Mapped network drives? Activesync device?

You can also checkout Netwrix AD lockout examiner.
https://www.netwrix.com/account_lockout_examiner.html

Used it in the past and found it was usually those two.

@dbeato said in Bookstack Backup to S3:

@wrx7m said in Bookstack Backup to S3:

@dbeato Are you running bookstack in AWS?

Not at the moment. I am just backing up to S3.

Look at Wasabi for S3 compatible object storage. Significantly cheaper.

We are looking at starting a leasing program for our printers. It seems like this would be common, but I wanted to confirm- They want to install a program

"That will only ping your devices once a day to get meter reads, report issues for servicing purposes and allow us to manage your account better and more efficiently by maintaining your devices on a pro-active basis."

Any issues with this?

You should be able to only have a single license server. Anyone else know of a reason you can't run the license server on one of the RDS servers? I wouldn't run it on the DC.

@JaredBusch said in Can I use the first IP in a subnet, for instance 192.168.0.0?:

@dafyre said in Can I use the first IP in a subnet, for instance 192.168.0.0?:

@Pete-S said in Can I use the first IP in a subnet, for instance 192.168.0.0?:

Is it possible / bad practice to use the first address in the network, for instance 192.168.0.0 (netmask 255.255.255.0) ?

If I remember correctly a long time ago it wasn't possible but nowadays it is. I never use it but when you have small subnets like /29 it could be nice.

@Pete-S : The short answer is No. The longer answer is that it depends on the math.

In 192.168.0.0/24, 192.168.0.0 is the network address... 192.168.0.255 is the broadcast address.

In a 192.168.0.0/23, 192.168.0.0 is the network address, and 192.168.1.255 is the broadcast address.... 192.168.1.0 is a usable IP address in that network.

No that’s not how that works. The first address and a subnet is never usable. The last address and a subnet is never usable. There is no in between. Every single subject has exactly one first address and exactly one last address.

That is what he is saying. The network is 192.168.0.0, so 192.168.1.0 is usable.

@Dashrender said in MDT Resources:

I'm curious - if you're using FOG to deploy it - why are you bothering with MDT at all?

Also curious about this.

Related to the Windows updates, I just do that after the MDT deployment, using GPO to specify the WSUS group and server and then use PSWindowsUpdate powershell module to check for updates.

For 2016, I start with 6 GB of RAM and 2 vCPU. Rebooting takes a bit with less of each. Windows updates are much worse and will take forever to install and then after .net updates, when they come back up, will take forever to complete.

@dbeato said in Windows Offline files:

I disable Windows Offline Files for that reason, it is a pain to deal with and causes more problems than anything else. But yeah, even if it was locked out and the computer went to sleep it will mark it as offline since the computer detected a change on the network connectivity.

^^This. I have been disabling offline files for 15+ years. It never works the way people expect. #chasingghosts

@pmoncho said in Netgear Insight Managed Switches:

debating putting in a 10G SFP+ card because they are only an extra $100

Don't debate. Just do it.

@coliver said in Buttercup Password Manager:

@wrx7m said in Buttercup Password Manager:

@coliver said in Buttercup Password Manager:

@wrx7m said in Buttercup Password Manager:

@coliver Right, bitwarden.

I am.

And, how do you like it?

I like it a lot. It does everything I need it to do.

I am currently using keepass (have been for like 15 years). I store the db on dropbox and have it sync to all my systems and phone.

@Pete-S said in Need suggestion for local Windows backup:

Need a backup solution for one Windows workstation where backup target is local USB drive or possibly NAS.
Cloud backup isn't an option as the internet connection is too slow.

Suggestions on what to use?

As others have said, +1 for Veeam.

I had to convert an old ps script from old school FTP to SFTP that uploads files in a few different "local" directories and throws them in the root of our web server. After some digging, I came up with this script. Because the files are in different paths, I used a variable and separate command for each. It works just fine, but I was wondering if there is a more elegant or best practice way of doing that.

# SFTP Upload of Inventory From CSV files to WPEngine SFTP. Requires installation of Posh-SSH 
# Install-Module -Name Posh-SSH (https://github.com/darkoperator/Posh-SSH)

# Set the credentials
$Password = ConvertTo-SecureString 'passwordgoeshere' -AsPlainText -Force
$Credential = New-Object System.Management.Automation.PSCredential ('usernamegoeshere', $Password)

# Set local file path and SFTP path
$FilePath1 = "D:\Data\SW\SWRUN\BA\BAUPC.CSV"
$FilePath2 = "D:\Data\SW\SWRUN\MI\MIUPC.CSV"
$FilePath3 = "D:\Data\SW\SWRUN\NM\NMUPC.CSV"
$FilePath4 = "D:\Data\SW\SWRUN\SS\SSUPC.CSV"
$SftpPath = '/'

# Set the Hostname of the SFTP server
$SftpServer = 'domain.sftp.wpengine.com'

# Load the Posh-SSH module
Import-Module Posh-SSH

# Establish the SFTP connection
$ThisSession = New-SFTPSession -ComputerName $SftpServer -Credential $Credential -AcceptKey -Port 2222

# Upload the files to the SFTP path
Set-SFTPFile -SessionId ($ThisSession).SessionId -Localfile $FilePath1 -RemotePath $SftpPath -Overwrite
Set-SFTPFile -SessionId ($ThisSession).SessionId -Localfile $FilePath2 -RemotePath $SftpPath -Overwrite
Set-SFTPFile -SessionId ($ThisSession).SessionId -Localfile $FilePath3 -RemotePath $SftpPath -Overwrite
Set-SFTPFile -SessionId ($ThisSession).SessionId -Localfile $FilePath4 -RemotePath $SftpPath -Overwrite

#Disconnect all SFTP Sessions
Get-SFTPSession | % { Remove-SFTPSession -SessionId ($_.SessionId) }

After reading the Linux architecture post, I was thinking, "I wish there were a good list of sites/resources for learning Linux." Didn't have to wait long. I only dabble in Linux and have setup some things like Cacti, Owncloud and others. I started on ZeroTier, but had to put that down to do some other things. I would love to become proficient enough with Linux to actually use it on my resume.