With the week I've been having I might be interested... How much does it pay? Can I work remotely? Do I have to interface with any Microsoft software?

Update:  So I got sick of chasing my tail on the problem and blew the machine out of the water and did a fresh build.  Upon finishing updates, re-joining the domain, and moving the laptop into the new OU to apply the new policy to squash document redirection and... it automagically works!

Upon further investigation, the user had tried to initially make changes to the registry to "fix/correct" document redirection that was put in place by default. Yes, I know, "USERS SHOULDN'T HAVE THE ABILITY TO EDIT THE REGISTRY!!!" Well, in my case and the use case for these devices they have to have that ability.  The laptops are used for development and they need to have full control over the systems.  Also, the user is the CEO.

Thank you for the help!

@thwr said in Disable folder redirection for specific users:

@RamblingBiped said in Disable folder redirection for specific users:

@thwr said in Disable folder redirection for specific users:

A deny-rule should do:
https://support.microsoft.com/en-us/kb/816100

Well, I want the folder direction to apply to everyone, just not people using this specific laptop (and possibily other laptops in the future). From what I understand I should be able to create a new OU nested within my Domain structure as described above, link the new group policy forcing folder redirection back to local directories, and then put any devices on the domain in that OU to make the changes effective.

The basic idea is that you just apply the rule to everyone (or everyone in a specific OU) and just deny execution / parsing of the rule for specific users or groups. Just see the security tab, you'll get the idea.

But that will kill document redirection on other domian joined assets for the same user. I don't want to disable document redirection on his desktop, just on his laptop that will be leaving the building frequently.

@thwr said in Disable folder redirection for specific users:

A deny-rule should do:
https://support.microsoft.com/en-us/kb/816100

Well, I want the folder direction to apply to everyone, just not people using this specific laptop (and possibily other laptops in the future). From what I understand I should be able to create a new OU nested within my Domain structure as described above, link the new group policy forcing folder redirection back to local directories, and then put any devices on the domain in that OU to make the changes effective.

@momurda said in Disable folder redirection for specific users:

That setting in Computers> Policy>Admin>System>Group Policy loopback processing mode seems... weird. You could probably just make 2 policies one with the redirection enabled, one with disabled, and apply one each to a different OU that you make.

That's what I tried first... When that didn't work I dug a little deeper and found the loopback setting that is supposed to supercede the previous setting. That didn't work either...

I am trying to disable redirection of domain user Documents folder for specific users. I've got a document redirection group policy enabled for the root OU in our domain structure. Beneath that OU I've got two OUs, one for Users, and one for Computers. In the Computers OU I created an OU called "Disable Document Redirection" and linked a group policy to it that should specifically do that...

The policy is setup as follows:

• User Configuration > Policies > WIndows Settings > Folder Redirection { Documents: Setting-> Basic - Redirect everyone's folder to the same location, Target Folder Location: Redirect to the local userprofile location} (this is done for the Documents, Pictures, Videos, and Music folders)
• Computer Configuration > Policies > Administrative Templates > System > Group Policy { Configure user Group Policy loopback processing mode: Enabled, Mode: Replace }

I've got the Policy marked as Enabled and Enforced, and I've made sure it is replicated across both domain controllers. I place the laptop I am wanting to revoke document redirection on into the new OU and do a "gpupdate /force" on the client to push the changes. I reboot, login, and the document redirection is still in effect...

Any pointers on how to properly achieve what I'm trying to do?! From everything I have looked up on technet this should work and it isn't...

@scottalanmiller said in FreePBX Remote Extension Problems:

@RamblingBiped said in FreePBX Remote Extension Problems:

@scottalanmiller said in FreePBX Remote Extension Problems:

@RamblingBiped said in FreePBX Remote Extension Problems:

Aaaaaand I just received another call from some random extension.

Problem un-resolved.

Well that sucks. Look for a setting called something like "Anonymous SIP".

How about "Allow SIP Trust Server Only"?

That sounds good.

So far I'm back to sweet sweet silence... I'll keep my fingers and toes crossed.

@wirestyle22 said in FreePBX Remote Extension Problems:

@RamblingBiped said in FreePBX Remote Extension Problems:

Aaaaaand I just received another call from some random extension.

Problem un-resolved.

Is there a direct number associated with the phone that they could be calling directly instead of routing to it?

No, I've actually got the DID/inbound route for dialing the phone directly tied to a Ring Group that rings a pair of phones; that is one of the reasons I know it is being dialed directly.

@scottalanmiller said in FreePBX Remote Extension Problems:

@RamblingBiped said in FreePBX Remote Extension Problems:

Aaaaaand I just received another call from some random extension.

Problem un-resolved.

Well that sucks. Look for a setting called something like "Anonymous SIP".

How about "Allow SIP Trust Server Only"?

Aaaaaand I just received another call from some random extension.

Problem un-resolved.

@scottalanmiller said in FreePBX Remote Extension Problems:

@RamblingBiped said in FreePBX Remote Extension Problems:

@scottalanmiller said in FreePBX Remote Extension Problems:

@coliver said in FreePBX Remote Extension Problems:

With that Yealink I'm pretty sure you can limit communication over SIP to just the Asterisk server. I think it is the security section.

That's not where the security concern is, though. It's the other way, you want to limit it on the PBX. That people can use your handset for other things really doesn't matter.

The problem is the calls are being made directly to the device, circumventing the PBX completely... I'm getting odd extensions like 10001 and 1001 ringing the phone constantly.

I found an option in the devices configuration for IP calling that was enabled. So far (fingers crossed) since disabling that the problem has stopped.

For anyone else experiencing the issue, the option is:

Yealink WEB UI > Features tab > General Information Page > "Allow IP Calling"

Set the above to Disabled and confirm changes.

Sorry, I had misunderstood. Yes, disabling IP calling would likely solve the issue.

Yep, seems to have fixed the issue. However, I do find it kind of odd that FreePBX GUI has an option for defining a specific port number for an extension that basically does nothing...

Either way, problem resolved! Thanks to @coliver for pointing me in the right direction. I had initially looked through the configuration and not found the BURIED option that I was needing.

@scottalanmiller said in FreePBX Remote Extension Problems:

@coliver said in FreePBX Remote Extension Problems:

@RamblingBiped said in FreePBX Remote Extension Problems:

The caller is not originating from our FreePBX instance, and is spamming the device directly.

Wouldn't that seem to indicate that blocking all traffic but the SIP traffic from the PBX would resolve the issue of unsolicited calls?

I guess I might have the wrong end of the stick... are the phones getting calls that are NOT from the PBX? Rather than the PBX having anonymous calls routed through it?

Exactly. It seems that there are scripts running constantly looking for open sip ports on public IPs. When they find them they attempt to make calls directly to the IP hoping to uncover an avenue of exploitation.

@scottalanmiller said in FreePBX Remote Extension Problems:

@coliver said in FreePBX Remote Extension Problems:

With that Yealink I'm pretty sure you can limit communication over SIP to just the Asterisk server. I think it is the security section.

That's not where the security concern is, though. It's the other way, you want to limit it on the PBX. That people can use your handset for other things really doesn't matter.

The problem is the calls are being made directly to the device, circumventing the PBX completely... I'm getting odd extensions like 10001 and 1001 ringing the phone constantly.

I found an option in the devices configuration for IP calling that was enabled. So far (fingers crossed) since disabling that the problem has stopped.

For anyone else experiencing the issue, the option is:

Yealink WEB UI > Features tab > General Information Page > "Allow IP Calling"

Set the above to Disabled and confirm changes.

@scottalanmiller said in FreePBX Remote Extension Problems:

What do you mean that it does nothing? Do you mean that the change does not take effect, or that calls keep coming in regardless?

Yes, it is like it does not recognize the port number being changed. It still registers the device on 5060 instead of say, 5072. I'm not sure what I'm missing.

@scottalanmiller said in FreePBX Remote Extension Problems:

What do you mean that it does nothing? Do you mean that the change does not take effect, or that calls keep coming in regardless?

I change the port number on the extension from 5060 to a nonstandard port, save the changes, and apply configuration and there is no change. The phone stays registered and continues receiving calls.

If I go into the phone and change the registration port manually it immediately loses registration until I change it back to the standard 5060.

(Yealink T23G)

I'm doing testing with a remote extension that I'm setting up for use by an employee that will be working across the pond in the near future. I've recently been getting unsolicited calls from extensions that do not exist on our network. The caller is not originating from our FreePBX instance, and is spamming the device directly.

From everything I've read changing the port number that the client registers on from the default of 5060 should pretty much take care of the calls, but every time I try to change it on the extension in FreePBX GUI it does nothing.

Any pointers on how I can make this change?

BASH scripts and SNMP is about as basic as you can get... I use Nagios for monitoring my network printers. It warns me of prolonged paper jams, toner, and any other errors.

Not that I care though.

Because, you know, they're printers and they are inherently evil; put on this earth to spread discord and foster feelings of hate and distrust.

@DustinB3403 said in I'll Show You Mine If You Show Me Yours, Home Labs:

@RamblingBiped Your lab seems to be unplugged and disassembled....

I don't have any current pictures with it in operation. Whenever I have my buddy do his build I'll take some updated pictures. I also don't have a rack yet, it's just sitting on top of some totes in the corner of my basement.

Dell PowerEdge R710 (Dual 2.26ghz QC E5530 Xeons, 72GB DDR3 ECC memory, and PERC H700 Raid controller with 4 X 2TB drives in Raid 10).

It is currently running XenServer, but I am going to let a friend who is studying Linux use it to learn how to install/configure KVM-QEMU in the next week or so.

I'll eventually be in the market for a NAS and possibly a second hypervisor, but for now this gets the job done. Of course it lives in my basement, not my dining room table... These images were taken shortly after delivery/unboxing.

@stacksofplates said in Vagrant and KVM:

What's the advantage to vagrant over just using Ansible with kickstart/preseed config?

From what I understand, Ansible integrates with the VM provisioning done using Vagrant. At the time of VM creation you can define a specific Ansible playbook from withing the Vagrantfile that can completely configure your VM from the base Vagrant image, and kickoff subsequent builds/configurations.

Vagrant alone is usually used directly by developers to build one-off environments that conform to the production environment's constraints. Ansible is most often used as an automation tool for Operations/DevOps to force/maintain uniformity/conformity of configuration in a production environment. Blending the two together aids in simplifying the configuration management of both production and development environments.

Hypothetically, I believe you could do everything you need to do in the absence of Vagrant just using Ansible and Ansible playbooks. I have a hunch that Vagrant allows you to abstract the base VM configuration out of your Ansible Playbooks and configurations and helps reduce the complexity of your playbooks and speeds VM deployment and administration. I'll hopefully be able to confirm that in the not so distant future...

http://docs.ansible.com/ansible/guide_vagrant.html