@scottalanmiller said in Active Directory Domain name:

@stacksofplates said in Active Directory Domain name:

@dbeato said in Active Directory Domain name:

@scottalanmiller said in Active Directory Domain name:

used that way. No certificate maker should ever have included it (and I've never heard of that as it would always indicate a scam CA as you cannot own that domain by definition).

The Majority if not all did add the .local, .lan and others, unless you think all CA are scams then I wouldn't say they are a scam.

Yeah from a quick search looks like at least GoDaddy and Digicert offered them.

Nov 2015 is when CA/Browser Forum set the standard to not allow internal domains. So looks like most if not all would have supported it before that.

https://cabforum.org/internal-names/

Damn, that's a major security hole! So I could go get a cert issued for a domain someone else used and there had to be zero verification since.... there was nothing to verify!

Yup.

@gjacobse said in Why was the BSOD Blue?:

@dashrender said in Why was the BSOD Blue?:

@gjacobse said in Why was the BSOD Blue?:

The (BSOD) thing is - that for some reason I can't play any YT video some parts of the day. Open anything and all you get is the swirly loading icon. But, you can click the timeline and see that content is there, regardless of browser... And no one can tell me why - as we don't block it or throttle it. People are playing Spotify at the same time - so it's bandwidth issue either.....

I've had issues like that before too - never found a solution.

I would test cross platform, but since I get 'yelled at ' for Powershell, I'm not putting Linux on the network.

Not to give your network / sec guys any problems, but run it in VirtualBox with the network set to NAT... then from the perspective of the ones doing the yelling it should only be seen as just another app.

@obsolesce said in Gaming PC Setup:

@breitenberg said in Gaming PC Setup:

it is cheaper to build a gaming PC rather than buying a pre-built gaming PC. ... In most cases, the more expensive a prebuilt PC is, the more the cost of assembly and profit margin of the seller will be. Therefore, it is indeed cheaper to build a PC.

That's not completely true currently. If I want to build a gaming PC with an RTX 3090, that alone will cost me at the very least $3k for an off brand card... Yeah just the card itself. However, I could order a pre-built gaming pc with that card for about the same price or just a little more. Some even less.

That's why I went with a Dell. The whole computer was cheaper than the card on its own.

@stuartjordan said in Neglect in the highest? Shocking!:

How can this still be happening in nearly 2022.

Because these aren't IT pros or IT firms. These are VARs scamming customers.

@jaredbusch said in Unifi Controller update for Log4J:

I ran an old controller on a local network with no internet to support a site with old hardware. They were upgraded back in January, and migrated to my main controller. But easily workable for something like that.

Yeah that's what i'm thinking. We are slowly replacing but some site will take longer as they will need access equipment to get to.

@dashrender said in Lenovo - if it's on your network, you ARE breached.:

@travisdh1 said in Lenovo - if it's on your network, you ARE breached.:

@gjacobse said in Lenovo - if it's on your network, you ARE breached.:

I'd like to see recent references; everything I have found hasn't been updated / linked to since 2019 about the 2014-2015 incident.

What has changed? Nothing.

Why should anyone keep reporting no news?

Exactly - There's nothing newer because they haven't been caught doing any dirty shit in the past 2-3 years. But at the same time - the same management is in charge, so why would we expect them to do things right?

I think that they've been caught. It's just so unimportant to American consumers if Chinese companies are spying on them that literally reporting it has no value.

@jasgot
Working to - Someone suggested I put all of my 'collection' in Github.

@obsolesce said in windows based FREE imaging app:

@dbeato said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@notverypunny said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

they generally come with AV and other crap you don't want at purchase

Oh I see, that sucks. Are the company devices being bought from Walmart or something?

Seriously?

I order these from DCW. I haven't had a laptop not come with at least some third party AV in ages...

I suppose one of the reasons to not order Dell/HP, or at least not the default stuff.

Can't speak to HP, but with Dell, unless you get setup with their imaging program (you provide them with your desired stock image and it's $$$ from what I recall) they're sending you their stock OEM image with a significant amount of bloat-ware. In a corporate / enterprise setup consistency is king so it's normal that you want to reimage with something that's tested and known to play nice in your environment.

Business class devices shipping with trial anti-virus software that is well known to be much worse than the default Windows Defender? That alone is reason enough not to go with that manufacturer (still not a showstopper, as automation can fix that in later steps). If you need to touch a device before an end user gets it, you're wasting a ton of time and money. That's decades old procedures... having your IT department receive the device, reimage, configure, maintain images, and all the requirements that go along? That is a huge waste of resources.

Wouldn't you rather have a device sent directly from CDW to the end-user, without needing a special image, ready to go for the user and the work environment... managed, configured, secured, and compliant as part of the OOBE?

Dell charges a bit more for imaging with your Intune AutoPilot profile but can be arranged and most Dell with Windows Professional and up licensing barely come with bloatware as far as I have been working with them.

CDW and many other CSPs will register them in Autopilot for you for a couple dollars extra, OEMs can do it too, there's no need for a custom image. For some special purpose orders, sure, but not typically needed.

Perhaps this is something newer I simply haven't looked into yet.

I'm not using autopilot. Perhaps the vendors know that that extra crap isn't wanted, so they don't bother to include it in machines that companies pay more dollars for the vendor to include in autopilot.

@hobbit666 said in Help with renaming PC:

I use this when setting up new machines

$ServiceTAG = "PC-$((Get-WmiObject Win32_BIOS).serialnumber)"
$OLDNAME = (Get-WmiObject win32_COMPUTERSYSTEM).Name
Rename-Computer -ComputerName $OLDNAME -NewName $ServiceTAG -force

$ServiceTAG = "PC-$((Get-WmiObject Win32_BIOS).serialnumber)" $OLDNAME = (Get-WmiObject win32_COMPUTERSYSTEM).Name Rename-Computer -ComputerName $OLDNAME -NewName $ServiceTAG -force

this was a great help, thank you @hobbit666 . I changed it to this:

"B311-$("$env:computername$(get-random)")"
$OLDNAME = (Get-WmiObject win32_COMPUTERSYSTEM).Name
Rename-Computer -ComputerName $OLDNAME -NewName $ServiceTAG -force -restart

As the netbios names were displaying as the same.

This problem sounds familiar.
It's not a normal.dot type problem is it? Where the originator used normal.dot as their doc tempate, saved it as .dot again and it's screwing up everyone's normal.dot that reads / alters the document.

@skyetel said in Did you notice the Skyetel outage today?:

I put this on another forum, but I figured you guys would like to read this too:

For those interested, Our network operates in 4 AWS regions that we keep siloed from one another (meaning no region knows about the existence of another one). When the connectivity issues started, we disabled the network connectivity for all Skyetel assets in the two impacted AWS regions which caused our network to fully failover. (Because the impacted regions had partial connectivity, our network did not fully fail over and tried to limp along with all 4. This is by design; we don't want to automate disabling network routers of our network for obvious reasons... so an engineer needed to click the buttons).

The impact of this was some calls failed to establish, but if they did establish, they would work normally. This is because we are not in the audiopath of the calls. Once the distressed regions were fully down, our network could fully fail over and 100% of all calls completed normally.

The total impact time was 19 minutes, and we estimate about 7% of our calls failed to establish during that period. Sorry for the inconvenience 🙂

Did I mention @Skyetel is awesome lately? Being fixed almost before the customers noticed was insanely awesome.

@jasgot Yes i have i have customers using these a lot the brand and different models as well.

@gjacobse if you are going to link an image it has to be https, http links are ignored.

@gjacobse said in Mesh Central: Display Change on remote:

Does MC all for full interaction when making Display Changes? Specifically - When applying settings, can you click the Keep Changes?

It must because I do that all the time.

@eddiejennings said in Reverse Proxy for Single Public Facing Server:

@dashrender said in Reverse Proxy for Single Public Facing Server:

@eddiejennings said in Reverse Proxy for Single Public Facing Server:

@dashrender said in Reverse Proxy for Single Public Facing Server:

That's pretty easy to do when you're self hosted, but if you're doing something like Vultr instances, I'm guessing it's a bit harder - unless Vultr allows for the creation of VMs that only exist on a private network.

True and that why I specifically mentioned a self-hosting scenario. I think I have a thread from the past asking about whether or not people bother with reverse-proxy for things hosted in Vulture or the like.

I don't think that it makes a difference.

@vigneshn said in magento:

how i fix this
Too many arguments, expected arguments "command".

When are you getting this error, and where?

@wrcombs said in Certificate Authorization Error:

@jaredbusch said in Certificate Authorization Error:

@wrcombs said in Certificate Authorization Error:

Any ideas?

Also, update windows and Chrome.

Did windows updates this morning and chrome is up to date..

You just want to make sure Windows and Chrome have the latest CA root certs in their stores... that's why he's recommending doing that.

@rjt said in Adding remote storage to Proxmox:

@jaredbusch nfs on top of ZFS.
ZFS should be the underlying block/fs for everything whether a single hard drive, block storage like iSCSi, file storage such as NFS or CIFS. I like TrueNAS for this purpose. As you can see, I love ZFS. My problem is I also love CentOS. Need to figure out easy ways to get ZFS on CentOS. We should all write a letter to Larry asking him to open up the license.

Most of us here do not subscribe to The Cult of ZFS. Yes, it has a place, but not nearly like it's made out to be.

We use DNS health checks for this, Route53 and CLoudFlare have this but it comes at a n additional cost.