@dashrender said in Lenovo - if it's on your network, you ARE breached.:

@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

@gjacobse said in Lenovo - if it's on your network, you ARE breached.:

I'd like to see recent references; everything I have found hasn't been updated / linked to since 2019 about the 2014-2015 incident.

What has changed? Nothing.

Why should anyone keep reporting no news?

Exactly - There's nothing newer because they haven't been caught doing any dirty shit in the past 2-3 years. But at the same time - the same management is in charge, so why would we expect them to do things right?

I think that they've been caught. It's just so unimportant to American consumers if Chinese companies are spying on them that literally reporting it has no value.

@jasgot
Working to - Someone suggested I put all of my 'collection' in Github.

@obsolesce said in windows based FREE imaging app:

@dbeato said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@notverypunny said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

they generally come with AV and other crap you don't want at purchase

Oh I see, that sucks. Are the company devices being bought from Walmart or something?

Seriously?

I order these from DCW. I haven't had a laptop not come with at least some third party AV in ages...

I suppose one of the reasons to not order Dell/HP, or at least not the default stuff.

Can't speak to HP, but with Dell, unless you get setup with their imaging program (you provide them with your desired stock image and it's $$$ from what I recall) they're sending you their stock OEM image with a significant amount of bloat-ware. In a corporate / enterprise setup consistency is king so it's normal that you want to reimage with something that's tested and known to play nice in your environment.

Business class devices shipping with trial anti-virus software that is well known to be much worse than the default Windows Defender? That alone is reason enough not to go with that manufacturer (still not a showstopper, as automation can fix that in later steps). If you need to touch a device before an end user gets it, you're wasting a ton of time and money. That's decades old procedures... having your IT department receive the device, reimage, configure, maintain images, and all the requirements that go along? That is a huge waste of resources.

Wouldn't you rather have a device sent directly from CDW to the end-user, without needing a special image, ready to go for the user and the work environment... managed, configured, secured, and compliant as part of the OOBE?

Dell charges a bit more for imaging with your Intune AutoPilot profile but can be arranged and most Dell with Windows Professional and up licensing barely come with bloatware as far as I have been working with them.

CDW and many other CSPs will register them in Autopilot for you for a couple dollars extra, OEMs can do it too, there's no need for a custom image. For some special purpose orders, sure, but not typically needed.

Perhaps this is something newer I simply haven't looked into yet.

I'm not using autopilot. Perhaps the vendors know that that extra crap isn't wanted, so they don't bother to include it in machines that companies pay more dollars for the vendor to include in autopilot.

@hobbit666 said in Help with renaming PC:

I use this when setting up new machines

$ServiceTAG = "PC-$((Get-WmiObject Win32_BIOS).serialnumber)"
$OLDNAME = (Get-WmiObject win32_COMPUTERSYSTEM).Name
Rename-Computer -ComputerName $OLDNAME -NewName $ServiceTAG -force

$ServiceTAG = "PC-$((Get-WmiObject Win32_BIOS).serialnumber)" $OLDNAME = (Get-WmiObject win32_COMPUTERSYSTEM).Name Rename-Computer -ComputerName $OLDNAME -NewName $ServiceTAG -force

this was a great help, thank you @hobbit666 . I changed it to this:

"B311-$("$env:computername$(get-random)")"
$OLDNAME = (Get-WmiObject win32_COMPUTERSYSTEM).Name
Rename-Computer -ComputerName $OLDNAME -NewName $ServiceTAG -force -restart

As the netbios names were displaying as the same.

This problem sounds familiar.
It's not a normal.dot type problem is it? Where the originator used normal.dot as their doc tempate, saved it as .dot again and it's screwing up everyone's normal.dot that reads / alters the document.

@skyetel said in Did you notice the Skyetel outage today?:

I put this on another forum, but I figured you guys would like to read this too:

For those interested, Our network operates in 4 AWS regions that we keep siloed from one another (meaning no region knows about the existence of another one). When the connectivity issues started, we disabled the network connectivity for all Skyetel assets in the two impacted AWS regions which caused our network to fully failover. (Because the impacted regions had partial connectivity, our network did not fully fail over and tried to limp along with all 4. This is by design; we don't want to automate disabling network routers of our network for obvious reasons... so an engineer needed to click the buttons).

The impact of this was some calls failed to establish, but if they did establish, they would work normally. This is because we are not in the audiopath of the calls. Once the distressed regions were fully down, our network could fully fail over and 100% of all calls completed normally.

The total impact time was 19 minutes, and we estimate about 7% of our calls failed to establish during that period. Sorry for the inconvenience 🙂

Did I mention @Skyetel is awesome lately? Being fixed almost before the customers noticed was insanely awesome.

@jasgot Yes i have i have customers using these a lot the brand and different models as well.

@gjacobse if you are going to link an image it has to be https, http links are ignored.

@gjacobse said in Mesh Central: Display Change on remote:

Does MC all for full interaction when making Display Changes? Specifically - When applying settings, can you click the Keep Changes?

It must because I do that all the time.

@eddiejennings said in Reverse Proxy for Single Public Facing Server:

@dashrender said in Reverse Proxy for Single Public Facing Server:

@eddiejennings said in Reverse Proxy for Single Public Facing Server:

@dashrender said in Reverse Proxy for Single Public Facing Server:

That's pretty easy to do when you're self hosted, but if you're doing something like Vultr instances, I'm guessing it's a bit harder - unless Vultr allows for the creation of VMs that only exist on a private network.

True and that why I specifically mentioned a self-hosting scenario. I think I have a thread from the past asking about whether or not people bother with reverse-proxy for things hosted in Vulture or the like.

I don't think that it makes a difference.

@vigneshn said in magento:

how i fix this
Too many arguments, expected arguments "command".

When are you getting this error, and where?

@wrcombs said in Certificate Authorization Error:

@jaredbusch said in Certificate Authorization Error:

@wrcombs said in Certificate Authorization Error:

Any ideas?

Also, update windows and Chrome.

Did windows updates this morning and chrome is up to date..

You just want to make sure Windows and Chrome have the latest CA root certs in their stores... that's why he's recommending doing that.

@rjt said in Adding remote storage to Proxmox:

@jaredbusch nfs on top of ZFS.
ZFS should be the underlying block/fs for everything whether a single hard drive, block storage like iSCSi, file storage such as NFS or CIFS. I like TrueNAS for this purpose. As you can see, I love ZFS. My problem is I also love CentOS. Need to figure out easy ways to get ZFS on CentOS. We should all write a letter to Larry asking him to open up the license.

Most of us here do not subscribe to The Cult of ZFS. Yes, it has a place, but not nearly like it's made out to be.

We use DNS health checks for this, Route53 and CLoudFlare have this but it comes at a n additional cost.

@gjacobse said in Annoying issue: iOS and chrome:

Today's refresh has me not being signed into the forum. .. (eyeroll)

I suspect there's a link between not closing the tab, and exiting the browser.
Then when loading the browser and the tab, problems.

@siringo said in hot potato workers:

I was thinking about this last night. Is there anything you could do with QR codes or similar. Issue a card per device. They swipe/flash the card to log on and the same to log off.

you know of a windows solution that does that? I don't, though I've never looked for one either.

@irj said in ADUC Set Password Expiry:

@gjacobse said in ADUC Set Password Expiry:

@irj said in ADUC Set Password Expiry:

You gotta teach good culture

Good Luck

Sometimes people have to be inconvenienced for security

Don't disagree - but can't stop doing business either.

Managing all these exceptions is an operational nightmare that will create a load of technical debt.

No lie - and no argument there. But resetting the expiry date/time doesn't seem all that different than resetting any password. few clicks and poof.

I can understand your point, but some responsibility for security must fall on the user. Management of course has to buy in on this and/or give full control of IT policies to a CISO/IT manager/generalist (depending on size of business).

Again - no disagreement. Barring this - being able to set a date for the password to expire that isn't to far out of policy seems better and more ideal than some of the options.

@francesco-provino said in Air Gap Backups:

I have done it with the S3 Vault Lock feature, you can use it in conjunction with Storage Gateway (effectively emulating tapes), or using objects directly.

Once put in compliance mode, there is no way to delete the objects before the compliance period ends. It's also very cheap.

I'm trailing this now. Well to S3 storage, if it works I'll enable the Lock bit