@jaredbusch said in Use powershell to create a scheduled task to reboot computers on schedule:

This thread reminded me I needed to update my process for forcibly rebooting user computers.

As I use GPO less and less as systems are switching to non-AD, I wanted to handle this with a scheduled task like I was pushing out with GPO.

This should be pretty self explanatory.
Create variables with the pieces of the command.
Then use the register command to create the task.

# Create task action
$taskAction = New-ScheduledTaskAction -Execute 'powershell.exe' -Argument 'Restart-Computer -Force'
# Create a trigger (Mondays at 4 AM)
$taskTrigger = New-ScheduledTaskTrigger -Weekly -DaysOfWeek Monday -At 4am
# The user to run the task
$taskUser = New-ScheduledTaskPrincipal -UserId "LOCALSERVICE" -LogonType ServiceAccount
# The name of the scheduled task.
$taskName = "Weekly Reboot"
# Describe the scheduled task.
$description = "Forcibly reboot the computer at 4am on Mondays"
# Register the scheduled task
Register-ScheduledTask -TaskName $taskName -Action $taskAction -Trigger $taskTrigger -Principal $taskUser -Description $description

Good idea!

Maybe you should add a test to check if the task is already created?

That way you could use the same script to modify the time or whatever you wanted to do. Without having several tasks created I mean.

@eleceng said in Move VM Back and Froth From Workstation to ESXI:

@pete-s

It's mostly industrial automation applications where an additional license or a floating license is uber-expensive and not available.

Lots of them are legacy applications of which licensing of any type can no longer be purchased (P2V), etc.

Workstation has the features I need just can't find any documentation on it.

In that case I'd just run the VMs from a portable SSD when you're out and about. When you're in the office plug the SSD into a server/PC running Workstation as well. It's more flexible that way as you can run the VMs on whatever PC you want. I wouldn't bother with esxi...

I'm not exactly sure if Workstation has all the files needed in the same folder structure. I know Virtualbox does for sure. What you want to avoid is having to import/export when you move the VMs.

@dashrender said in MFP Scanning to ODfB:

@jaredbusch said in MFP Scanning to ODfB:

@pete-s said in MFP Scanning to ODfB:

And then the attachment is saved where you want.

Except, you have no way to save to a users ODfB space.

It is easy to do this to non user locations or a user home folder on a server, but not the user's ODfB.

I am sure it can be done with all kinds of delegation or something setup. But in @Dashrender's case, I would assume some of the stuff is PHI that potentially shouldn't be able to be accessed by an account like that.

Yeah - I'm guessing that each person would need to create their own PA for this to work without having to worry about delegations, etc.

That exactly what the example I linked to showed. It standard stuff. No problem putting files in each users onedrive.

I think you use templates or something to do it for many users in Power Automate. As I said we use Zoho Flow but they all work the same. It's just scripting without having to code.

@athornfam2 said in Milestone VMS Hardware:

Hi all...

We have an external vendor that's providing us security camera services which I believe could be better. In saying that, we are hitting roadblocks with expansions to our surveillance on our campus due to their suggestions to a previous set of leaders that were passive. With that said I'm trying to apply a bandage until we can go through our budgeting process to acquire funds.

What we have:

HP ProLiant ML350 Gen9 (Intel Xeon E5-2609 v4, 32GB Ram, 4TB of internal storage) with Mobile Server, xProtect Service Channel, and xProtect 2017 R3. Total of 58 cameras with an estimated projection of 150-200 through 7 buildings
HP ProLiant ML350 Gen9 (Intel Xeon E5-2609 v4, 32GB Ram, 4TB of internal storage) with Recording Server.
Cameras range in megapixel from 2.1 to 12
Ingested bandwidth ranges from 70-115 mbps depending on motion

Solutions:

1. I think that we could upgrade the CPU's (since we are still on xProtect 2017) or upgrade to a newer version of xProtect to replace the CPU's and add a Nvidia card for hardware acceleration.
2. Another option would be to migrate the physical server to our VMware cluster since our compute typically sits around 5-15% usage... We have (6) E5-2680 v3 @ 2.50GHz in our cluster but lack the 8TB's of storage... However, I just decommissioned a SAN from our production environment which contains 16TB's (raw) 10K drives. So, I could setup iSCSI again to our environment solely for the camera system.

The only problem I see is that both the 3 servers in our cluster and the physical camera servers need replaced by 2023-2024 which is right around the corner. Its another story but the idea was to eventually to consolidate our 4 physical servers into a VM cluster with 4 or 5 servers total and add more storage to the HP MSA (only using 6 bays out of the 24).

If CPU is the problem you should upgrade the CPU on those server. The E5-2609 v4 is very slow.
With something faster such as dual E5-2680 v4 you will have at least twice the performance per CPU, but probably more.

Next, you want to check the memory configuration on the servers so that you are running with 4 or 8 RAM DIMMs per CPU. Preferably PC4-2400T type. This will give you the best memory bandwidth.

I think Nvidia GPU acceleration is probably not going to do much for you, since you have Intel Quicksync hardware acceleration in the CPUs for transcoding.

I would get refurbished CPUs since a CPU is a CPU. It's more or less impossible to wear them out. And since you intend to replace the servers in a year or two, you will have a hard time justify the budget for twin E5-2680V4 or similar performance.

You might want to have a look at the licensing as well on that server. Some opt for dual 8 core CPUs to optimize licensing. In that case the E5-2667 v4 is the one you want.

@athornfam2

CPU & RAM upgrades are easy to do cause it's doesn't require any changes to anything. Only power down the server, taking out the old and putting in new CPU and maybe RAM and power up.

@stuartjordan said in KDE/Plasma DVD Burning MKV Files:

Might just tell my mate to bring a usb round, might be easier. he's got a brand new smart tv so it will might be able to read the files.

Fixed it for you!

@eddiejennings said in Does a script imply Automation?:

@gjacobse said in Does a script imply Automation?:

Simply thus

Does a script imply automation?

No. Often a script is used as a tool to create automation, and usually one would write a script with the end goal of eventually automating something. However, just a script alone in a vacuum does not imply automation.

That's not really true because automation is not just IT automation like DevOps.
Automation comes from ancient Greek and means "acting on it's own will".

So everything that is "acting on it's own will" is automated. If you start an install script, it will do things on it's own will. That is automation. If you use Ansible (a bunch of scripts) to do something, it's also automation.

Neither of those are fully automated because they will not initiate the process themselves and also requires some manual input.

In contrast things like large modern manufacturing plants are often fully automated and will run by themselves. However operators are needed to make decision and adjust the process so the end result is satisfactory. The ones that make the programs for a factory are called automation engineers.

@stacksofplates said in Does a script imply Automation?:

@pete-s said in Does a script imply Automation?:

@eddiejennings said in Does a script imply Automation?:

@gjacobse said in Does a script imply Automation?:

Simply thus

Does a script imply automation?

No. Often a script is used as a tool to create automation, and usually one would write a script with the end goal of eventually automating something. However, just a script alone in a vacuum does not imply automation.

That's not really true because automation is not just IT automation like DevOps.
Automation comes from ancient Greek and means "acting on it's own will".

So everything that is "acting on it's own will" is automated. If you start an install script, it will do things on it's own will. That is automation. If you use Ansible (a bunch of scripts) to do something, it's also automation.

Neither of those are fully automated because they will not initiate the process themselves and also requires some manual input.

In contrast things like large modern manufacturing plants are often fully automated and will run by themselves. However operators are needed to make decision and adjust the process so the end result is satisfactory. The ones that make the programs for a factory are called automation engineers.

I feel like this is splitting hairs way too finely. I don't think we can use that definition here.

Opening a browser and going to google.com would then be automation because I don't manually send the tcp request and then send an acknowledgement. I don't manually search the cache for data.

Same with any task on a computer. If we use that definition the only thing that's not automated is manually changing magnetic polarization on the platter by hand.

I believe there's a point where we can say things are automated or not based on what the script/task is.

I think what you are referring to is the fact that there are different degrees of automation. Fully automated would be completely automated and making it's own decision without any form of human intervention.

But it's also the control of the operation and not the operation itself that will determine if it's automated. For instance a motor in a car runs by itself. But that doesn't make the car automated. Because the control of the car is not automated.

A fully automated car would drive itself without human intervention.

I don't think it's hairsplitting, it's just that IT automation doesn't have the same degree of maturity that some other field of automation have.

PS. Just the fact that people are talking about automation is a sign that the IT sector has a long way to go here. In automation of manufacturing nobody talks about automation anymore because it's a given. Has it's own budget and everything for every project.

@stacksofplates said in KVM or VMWare:

@irj said in KVM or VMWare:

@irj said in KVM or VMWare:

@stacksofplates said in KVM or VMWare:

The integration with the REST APIs is more important than any of the anscillary features of qemu/libvirt.

Exactly. Stuff isn't done manually anymore.

It's not even that about manual process. It's about being able audit, and have a repeatable process.

Auditing in KVM is pretty much not there lol.

Just a side note, but what type of auditing are you talking about? Security audit? Compliance audit?

@scottalanmiller said in Laptops versus desktops and roaming users:

@pete-s said in Laptops versus desktops and roaming users:

For the same money you get more power in the desktop.

The enterprises I know have a mix of both. Those that may have a need for a laptop have one. The rest are predominantly desktop based. Especially if they are not office workers.

My bigger concerns are always durability and usability. My desktop setups tend to be faster, sure, but also they don't get dropped, banged around, broken hinges, dropped, filled, with coffee, etc.

I love laptops, I'm on one now, but generally I like to have desktops for the desk and laptops on the go rather than docking stations. More money, but I think in many cases, especially more "advanced" users, it's the better way when you need to provide mobility. The laptop gets used much less, giving it more lifespan (less chance to be dropped) while also giving users a backup device.

I do the same. Desktop + laptop.

@dafyre said in Need to split this string in PHP:

If the preg_match stuff is too aggravating, I have a way that might work.

It's ugly and hacky, but I tested it with two random strings and it seems to format like you want it...

It returns an array.

I'm impressed by the effort!

@jaredbusch said in Need to split this string in PHP:

@jasgot said in Need to split this string in PHP:

@jaredbusch said in Need to split this string in PHP:

I have this bit of information.
"Jitsi2.10.5550Windows 10"

I need to split it into

$brand = "Jitsi";
$model = "Windows 10";
$firmware = "2.10.5550";

Jitsi is fixed, so easy to substring.

But the model and firmware not so much for me this morning.

I don't know what you are working on, so this may not work, but if you knew all known firmwares, you could put them in an array and then when you have a hit, all that remains is the OS.

it is a user agent sent by a sip register

Use a regular expression to split it.

The first group is letters, second is numbers and dots (perhaps some - and / as well), third group start with letters and ends at the end of the string.

Use this function: preg_match($regex, $string, $result)
https://www.php.net/manual/en/function.preg-match.php

@stacksofplates said in KVM or VMWare:

We work with large companies ranging from DoD (Platform One, GD, ), to Walmart, to big 4 accounting, to even training Red Hat. We also work with small companies down to 4-5 IT/devs. You are out of touch. All of them want CNCF landscape cloud native tooling. Some still use more legacy tools like Jenkins, but still want cloud native.
Just because the local branch of the single fortune 10 company you say that you work with uses on prem servers means nothing.

A used car sales man could with 100% confidence say that basically all families are looking to buy a new car. He meet lots and lots of them all the time and everyone has this same issue.

We all live in bubbles. I have no argument on either side of KVM hiring but it's very risky to think that what we ourselves is experiencing is happening everywhere.

The latest Goldman Sachs survey shows that the 2000 largest companies in the world, only have 23% of their workloads in the public cloud. Other surveys shows about the same numbers.

I have worked with a few of the companies on that list and they are not cloud centric at all. If I would guess I'd say they have maybe 5% in the cloud. But I wouldn't dare extrapolate that into thinking all of them are the same.

Another thing is that people lump things together. You're either running on-prem servers with no automation and no containers and nothing modern or you are 100% on cloud infrastructure and IaC. I don't think that's how things work. There might be huge difference just within the same company and different divisions.

Wordperfect

Norton Commander

Novel Netware

Turbo Pascal

Microsoft Word

etc,
etc,
etc...

They're all have a blue color scheme.

@dustinb3403

Unfortunately tech that goes obsolete always causes problems but it's more technically sound to monitor through the OOB management interface.

It's after all independent of the OS running on the hardware, independent of the server's NICs, independent of most hardware failures and can be used for a lot more than just monitoring.

And in any modern installation, the OOB management should have been setup and in use already.

@dashrender said in Where are MSP managed on-prem workloads moving?:

I've recently moved my email to M365, so SAAS for that.
We're about to start planning our move of file share data to Sharepoint/ODfB - again SAAS.

That leaves me with two items left on-prem - and old EMR I have to keep alive for at least 2 more years and our accounting software.
Additionally, we have a laboratory interface for some of our testing equipment that only runs on Windows Server (legally) so that needs to live somewhere as well.

We'll definitely keep the old EMR on-prem until we retire it.

It looks like we can buy a hosted solution of BusinessWorks if we really want to go that route - it's slow as molasses over a VPN connection pulls all kinds of data down locally - very old school solution. So for good performance I'd assume we'd have to remote into a desktop that's more local to the host of BusinessWorks, driving the price up.

I'd love to move the laboratory software to a tiny 'nix box, lock it down and forget about it - basically only allowing it to talk to a control IP inside my network and the Lab itself, but again, the software is for Windows only. I suppose I can do the same with Windows, but that would require potentially 3 licenses so I don't have to worry about VPNs back to a central server for all three locations.

Thanks, it does makes sense to move to SaaS solutions for a single customer that is doing their own IT.

But a MSP is in a different position because they, besides know-how, have a larger scale. So it can make economic sense to host things for their customers that doesn't make sense for each individual customer.

For instance does it makes sense for a company to have a server to host their website on? No, it doesn't. But if you're an MSP and your customers have a thousand websites that needs to live somewhere, it might make sense for you to host them.

I guess it also depends if you're an MSP that just manages things or if you also have your own hosting/cloud infrastructure or use another provider for that.

@dashrender said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

@pete-s said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

@dashrender said in Goodbye hardware monitoring on HPE Gen10 and newer equipment running ESXi:

I agree, in this day and age - that's super risky, i.e. you get compromised and all of your customers are now compromised.

though just because you have 100 passwords, one for each client, that info has to be stored somewhere and perhaps it would be compromised as well - and your clients are still compromised...

Risk has to be managed but it's not more risky having 100 customers with one server each on-prem than having 100 servers in one location.

Oh, I completely disagree. Now if you tell me all the creds for those 100 on prem servers are in one place, then I tend to agree with you, but if they aren't then they are a tiny bit, if not a lot more secure.
In this situation - it really comes down to them being managed by and MSP/ITSP that's the weak link.... If the MSP/ITSP is breached and the hackers get all the creds, be it one cred or 100 creds, then the customers are fooked either way.

I think I was a bit unclear.

What I mean is VPN is just an extension of the LAN. So 100 physically spread but centrally managed servers have the same risk as 100 servers in the same location managed locally.

If the managing thingy is compromised, then every server is potentially compromised as well.

If you on the other hand have a 100 servers physically spread and managed locally and not centrally, well than the risk is a lot smaller. But you don't get any of the benefits of central management either or economies of scale.

As you said it's the central management from the MSP/ITSP that's the weak link.

@dave247

On every Windows PC I've seen setup with VPN, you login in to the PC first, using the domain credentials (which I assume are cached). Then you "manually" connect with the VPN client using MFA.

So maybe you're overcomplicating things.

@dave247 said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@pete-s said in Looking for simplest/secure setup for connecting a domain joined computer to corporate network when remote:

@dave247

On every Windows PC I've seen setup with VPN, you login in to the PC first, using the domain credentials (which I assume are cached). Then you "manually" connect with the VPN client using MFA.

So maybe you're overcomplicating things.

Yeah I think that's my issue. I was at home when I joined my test system to the domain so it couldn't finish the task and cache my credentials. I will have to play around with stuff a bit more not on the weekend. I think I can get this working the way I want...

For starters have a look at "Interactive logon: Number of previous logons to cache (in case domain controller is not available)".

I think Windows 10 will cache by default but not if there are GPO settings overriding it or the registry has been altered. I haven't played with it much so I'm not sure if there is anything else that needs to be looked at.

@dashrender said in New customer - greenfield setup:

@jaredbusch said in New customer - greenfield setup:

@dashrender said in New customer - greenfield setup:

Should they go DNS filtering or NGFW with filtering subscription?

2 years ago, I would have said DNS filtering. But now browsers are starting to go around DNS with built in DNS over TLS and such.

I know several DNS providers were starting to provide DNS over TLS, and that several of the browser vendors were saying - as long as the provided DNS provider used DNS over TLS or HTTPS then the browser would respect the system's IP settings.

Have you found that to be not true? - then again, how would you know other than the traffic going to known browser based DNS over TLS IPs.

That's just the thing. You need to block that crap.

• Block DNS over TLS in the firewall (port 853 outgoing).
• Block DNS over HTTPS in the firewall (port 443 outgoing to IPs of all known DNS providers like 1.1.1.1, 8.8.8.8 etc).
• Block DNS in the firewall (port 53 outgoing)
• Set up your DNS filtering and set the firewall to provide that DNS to everything on the LAN.

My general rule is to block everything outgoing except 80 (for redirect purposes) and 443. Then open up as needed.