@JaredBusch said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:

@Fredtx said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:

@scottalanmiller said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:

@Fredtx said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:

@scottalanmiller said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:

@Fredtx said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:

@scottalanmiller said in Wide ransomware virus infection sourced from 3rd party IT's remote agents.:

@Fredtx how did it get determined that it was their agents that did it and not just a coincidence or something?

We received several support calls from the whole Oregon area and that was one of the common denominators for all the computers that were infected with that variant. I for one hand did not work with the customer, but that's what our techs saw and found. Tbh, I'm trying to understand how that could happen when most of the ransomware cases involves a self executable file.

So many different MSPs, but they all shared one tool?

It was only one MSP (PM Consultants) who’s agent spread the infection to their own customers. Their customers called our support desperate for help.

What agent was it? Knowing which program was compromised is a big deal, those agents are hosted by the vendor 99% of the time.

I was told it was Connect Wise.

Old and Unpatched, or weak passwords then.

Likely. Attach probably came through an MSP workstation.

Thanks everyone for y'alls input as I value the knowledge. This all makes perfect sense. I was just chatting with my colleague's about these details and they are making sense of it too.

@Fredtx said in Ethical vs Legal for user mailboxes:

have all emails forwarded to them for a specific user

This is stupid though.

Instead access to the users mailbox can be granted. Gods, who want sot have multiple peoples email all showing up in their inbox..

People are so fucking stupid.

@Dashrender said in Is Spectrum's modem really bridged?:

@scottalanmiller said in Is Spectrum's modem really bridged?:

@Dashrender said in Is Spectrum's modem really bridged?:

@scottalanmiller said in Is Spectrum's modem really bridged?:

Even the Windows RDP client does allow saving creds, it's a commonly used setup.

https://www.nextofwindows.com/how-to-save-password-in-a-remote-desktop-connection-in-windows-8

lol I looked for that, but forgot to click advanced.

Still doesn't solve the problem using using a horrible password (length along is horrible to some) each time you want to log into your box.

Sure, but neither does a VPN. You can control the passwords in either case, or you can let the end user use horrible passwords in either case. The VPN doesn't change the basic issue.

Sure. and now we're just running in circles.

I did start by saying you are correct.

🙂

At the end, VPNs just don't solve those problems. A VPN's benefit is only in having a second mechanism, if it is kept completely decoupled from the original. But it's a poor approach when it is used to cover up a lack of security applied to the core protocol.

@scottalanmiller said in Anybody ever work at Microsoft? If so, how was it?:

I have a friend that started there recently and really liked it. He's more on the training side of things. But MS is well known for being a good employer. Way better than the companies famous to non-tech people for being good employers. MS is at the top end of the big software makers.

Tech companies pretty much have an arms race between each other for hiring and maintaining staff. It's not just in the pay. I have 15 weeks full pay maternity/paternity/adoption leave as an example of a benefit. I have unlimited vacation (I took ~7 weeks off last year including the entire month of June).

The biggest dig against Microsoft used to be they used stack ranking but I hear they stopped that.

In general with tech the expectation is you deliver results (high expectations) how and when you do it is really up to you.

@fredtx said in DC fsmo role issue:

@brrabill said in DC fsmo role issue:

@jaredbusch said

Restoring a DC is nothing in a SMB with only a single DC.

As has been discussed many times here on ML, it really is so easy, it's a wonder why it isn't done more. (AKA, the single DC route.)

Wouldn’t users in sites that don’t have a local DC experience performance issues?

Not typically, AD does essentially nothing. The amount of time it takes to pass a password around in this day and age is milliseconds. A few milliseconds during a login operation is not something people notice in the least.

@fredtx said in Can I Restore files from c:\$recycle.bin\guid??:

@kelly said in Can I Restore files from c:\$recycle.bin\guid??:

You would probably have better success with a tool that can recover deleted files. I'm not sure what is the best these days. I used Recuva a few years ago and it did the trick, but it was finicky.

Yes. I ended up using EaseUS Data Recovery and it worked like a champ. Thanks for your feedback!

Also if you had Shadow Copies you might have been able to restore.

@jaredbusch said in Remoteapp issue Windows 10 workspace.:

@fredtx did you reboot after clearing those keys? I’m not using workspaces anyplace at the moment to try and test this.

Yes I did. This may be from the aftermath from last Friday where I had to fix the RD Broker that wasn't allowing new remote apps on "any" workstation. Couldn't even access rd web from the broker itself. I had to give full access to IIS_URS and Network Service groups for both Tempasp.net files and c:\windows\temp folders. Restart IIS and that fixed the company wide issue. However, this 2 computers are giving me issues still.

@tim_g said in Software used for documentation recommendations?:

If I did it for 4 employees, chances are they'd all be using Linux and other Free and open source software... there wouldn't be anything to put in SnipeIT.

Exactly, I'm dealing with several companies like this. Some are 100% open source and have nothing to track. Others have huge numbers of users/employees but so little to track that there is still no point. Like maybe five licenses total.

updated.

https://drive.google.com/file/d/1OmIwV1c2_Lr9N_EUxUe_YEpVrhfaF0V_/view?usp=sharing

@scottalanmiller said in Any recommendations for new backup solution? Client wants to take backup copies offsite.:

@wrx7m said in Any recommendations for new backup solution? Client wants to take backup copies offsite.:

Veeam does have tape library integration, but I am not sure how it works with the agent side of things. I am assuming nothing is virtualized in this scenario. It also has integration with Starwind and Amazon S3/Glacier VTL.

Agents work the same as long as you are using the paid console based version.

I have a mix of both VMs and physical (not for much longer). The agents didn't fully integrate with the console until 9.5 U3, which was released last month-ish.

I think the technology experience you list depends on whether it is 1) relatable to the technology the new role requires you to use or 2) is specifically the technology the new role requires you to use. Anything else is just noise. I'd encourage you to watch the video here
titled A Recruiter's Advice to the IT Pro. It has some good advice for LinkedIn, etc.

Make sure LinkedIn is updated with all of your skills and experience (and I mean all of it). Then take that and whittle down to those items that can be highlighted to get you the new job.

@scottalanmiller That did the trick. Didn't even cross my mind. Thanks!

@dashrender said in Dcpromo /forceremval wiped new DC. Help!:

@scottalanmiller said in Dcpromo /forceremval wiped new DC. Help!:

My guess is that the second DC failed and never actually became a DC. If there wasn't solid confirmation of that, this would be the expected result.

How can you move the FSMO roles if that was the case? I would have expected that to fail as well.

Oh right, of course. It had to have worked.