@Kelly said in Office365 MFA vs 2FA:

2FA is really no longer a thing (if I'm understanding what you're talking about). MFA is the means for utilizing additional means of authentication. MFA is a superset of 2FA. If you disable MFA then you're disabling 2FA effectively.

I was just really confused by the whole delivery of this setup. I have configured and migrated to a ton of O365 setups and something was just unnecessarily difficult with this one. I understand now that the newer versions of Outlook support MFA and connect much easier than say an iphone. On the iphone, it would redirect and tell the user they have 14 days to setup MFA. If you proceed with setting up MFA the user has to download the MS Authenticator app and then flip back and forth to add their code and copy and paste a url. The redirection asks they scan the bar code but can't really scan a bar code on the screen of the device you are setting up. I assume the proper way to set with up would have been to have the user login to a computer first and get their authenticator setup before adding the account.

I agree that multifactor should be used but if they are going to require it by default, there should be a better way to get the users setup.

I was hoping someone can explain the difference between MFA and 2FA. I was setting up a client with a new O365 account today and came across the requirement to setup MFA on their phones or skip for 14 days. The process then take you to a website to download the Microsoft Authenticator app and jump through more hoops. If I disable MFA and try to use 2FA on their phones with application passwords, I am able to connect but then their email receives something along the lines of their account has been blocked by the administrator.

Am I correct in saying that MFA is the new 2FA and the old 2FA can no longer be used or is being phased out? This whole setup was the worst I've ever dealt with.

I was also seeing forums mentioning that Microsoft is kind of forcing users to use Outlook on their mobile devices instead of the built in mail apps.

@fuznutz04 - https://mxtoolbox.com/NetworkTools.aspx - If you go to the tcp option. I don't think there is a udp option though.

@fuznutz04 said in Internet connection sharing:

We are moving into a new office building and we have the following setup:

Comcast ISP
Block of 5 static IPs from Comcast. We only use about 3 of them.

We have another business in the building that will be sharing our connection. They will have their own router.

I was thinking about just having my Edge router plug into the Comcast modem, and using my assigned IPs on the WAN interface of the Edge router like I do now. Then have the other business plug into the same Comcast router and assign the 1 IP that I am not using to their router. This should work I believe, unless I am missing something. Assuming this works, then that's great, but I would have no way to control traffic if I would want to. For example, I couldn't limit the bandwidth to the second router.

Would it be better to run the 2nd router through my Edge router? I don't want to create a double NAT situation. Is this possible? OR is it better to just do the first scenario and not worry about limiting bandwidth to the second business?

First thing I would make sure you are not violating terms of service with Comcast before doing this.

You could possibly throw a cheap managed switch between Comcast and their router and set the port speeds on the managed switch to limit their bandwidth. Alternatively, you can throw an EdgeRouter X between Comcast and their router. Assign their router's WAN a private static IP. Then setup a DMZ on the EdgeRouter and point it to the private static IP of their router. This will pass all port forwards to their router.

I came across this looking for an easy to deploy VPN solution for a client. It seems similar to a ZeroTier like option. While I would typically use ZeroTier I don't want to have to go in and approve every connection - I know less secure. However, it allows you to hand out the VPN network name and then give employees the password to connect.

Anyways, I was just checking to see if anyone has used it or has any opinion on it. I believe it is Windows only but possibly will have a linux client in the future.

https://www.radmin-vpn.com/

@scottalanmiller said in Dell PERC H740 with SSDs?:

@syko24 said in Dell PERC H740 with SSDs?:

Most likely going with hardware RAID as we'll be running Hyper-V.

Well fix that and go to KVM

One of these days I probably will but at this point Hyper-v is what I know and work with in most situations. If it makes you feel better I am moving them from an ESXi environment.

@Obsolesce said in Dell PERC H740 with SSDs?:

@syko24 said in Dell PERC H740 with SSDs?:

I am in the process of putting together a Dell Poweredge T440 and wanted to go all SSD. Is it worth putting a PERC H740 8GB NV Cache controller in or what is appropriate for a RAID controller?

What an appropriate RAID controller is depends on a lot of things besides the type of drives you want to use with it. Will the RAID card you mentioned work well with SSDs? Yes. I've used the previous gen RAID card with enterprise SSDs and it was excellent.

Thanks for the reply. So would SSD be overkill if using the H740? Or would I be better off saving some money and getting 10K RPM drives? This server is going to be hosting MS SQL Server with about 30 users.

@scottalanmiller said in Dell PERC H740 with SSDs?:

@syko24 said in Dell PERC H740 with SSDs?:

Is it worth putting a PERC H740 8GB NV Cache controller in or what is appropriate for a RAID controller?

Well that's a decision that can't be made at the hardware level. If you don't provide hardware RAID, what is your storage plan?

If you plan to use software RAID or some form of RAIN, the PERC is useless or potentially even a problem. But if you don't, it's critical.

Most likely going with hardware RAID as we'll be running Hyper-V. Just curious if I were looking at software RAID I would still use an H330 for passthrough???

I am in the process of putting together a Dell Poweredge T440 and wanted to go all SSD. Is it worth putting a PERC H740 8GB NV Cache controller in or what is appropriate for a RAID controller?

Looks like some good updates came through today and last week. You can assign users to individual systems now instead of the entire group.

https://meshcentral2.blogspot.com/

@Obsolesce said in Android emulator:

@stacksofplates said in Android emulator:

@JaredBusch said in Android emulator:

@stacksofplates said in Android emulator:

Is there an advantage to using BlueStacks over just downloading the x86_64 ISO?

I dunno, I just want to run a couple apps in Windows?

It was a genuine question. I've never run BlueStacks. I was just wondering if it does anything special.

Yes, the advantage is it's managed by BlueStacks and you don't have to dual boot or manage a "VM".

The disadvantage is that you can't run Hyper-V or have it enabled at the same time.

Otherwise it's personal preference of how you want to deal with it.

I didn't know there was a x86_64 iso either. But still, I would rather use BlueStacks because it's such a good experience.

I think they added support with hyper-v enabled now.

https://support.bluestacks.com/hc/en-us/articles/360041390952-How-to-run-BlueStacks-with-Hyper-V-enabled

Comcast brings the phones in pre-programmed with the sip passwords. I don’t believe you ever have access to change the sip password nor do they share these with you. The user accounts they allow you to setup for the users are different than the sip accounts. It’s more like User Control Panel on freepbx. You can make calls from the Comcast apps that are available. My guess is this is what was used to place the calls.

@JaredBusch said in Need help for argument with Comcast:

@syko24 said in Need help for argument with Comcast:

they were responsible

They who? Because this sounds like they bought the self managed solution so far. Which means it is totally on the customer. Sure Comcast might have set it all up. But with that solution, they are supposed to train and walk away.

Just because the customer thinks something, does not make it a fact.

My bad, they being the customer had to create their own logins. The Comcast installer showed the office manager how to create the accounts and most likely suggested a basic password that would be reset when the user logged in for the first time.

Not siding with Comcast but don’t forget there is the Companion application for Windows. There are also mobile apps to connect to the users accounts so they can do calls from the cell as if they are in the office. I had a client that signed up for voice edge a long time ago and I think they were responsible for setting up the accounts for the users.

@Kyle said in Large File Sharing:

@scottalanmiller Have you ever seen NextCloud installed successfully on a Synology?

Came across this while researching solutions. https://luvis.se/software/install-nextcloud-on-synology-dsm-6/

Synology also has Synology Drive which would give you similar options to NextCloud. NextCloud is a little more polished in my opinion but this is quick and easy to get going. You can also use the Synology quickconnect so no need to open ports to access.

@BraswellJay - check which firewall profile is selected for your ZeroTier interface. Is it set for public on your computer or the computer you are trying to access?

@Dashrender said in MeshCentral - Increased Security Installation:

@syko24 said in MeshCentral - Increased Security Installation:

@scottalanmiller said in MeshCentral - Increased Security Installation:

We run as root to allow for the automatic updates. There are security benefits to running as a service account, for sure. But the system is isolated and we run from /opt and do everything like they would on most machines. It's a minor security point. The fear is that someone will break the application and get access to the server more broadly. But as the risks on the machine are entirely access to this app, it's a minor fear.

When you say it is isolated, do mean that it is on a vlan or you guys are hosting it offsite on Vultr or similar and it does not have access to your internal systems?

Lol none of that stuff really matters as much because at the jacked point you now have remote access to all of the machines it connects to.

True but I thought @scottalanmiller had said at one time they use it for on-demand access and not unattended

@scottalanmiller said in MeshCentral - Increased Security Installation:

We run as root to allow for the automatic updates. There are security benefits to running as a service account, for sure. But the system is isolated and we run from /opt and do everything like they would on most machines. It's a minor security point. The fear is that someone will break the application and get access to the server more broadly. But as the risks on the machine are entirely access to this app, it's a minor fear.

When you say it is isolated, do mean that it is on a vlan or you guys are hosting it offsite on Vultr or similar and it does not have access to your internal systems?

Are you guys using this recommendation on your installs? This is from section 6.8 in the online manual. I am trying to understand the added benefit to this install method or in the end is it just a headache.

On Debian based Linux distributions like Ubuntu, a better and more secure way to install MeshCentral is to have it run 
within a user account this restricted privileges.

Veeam Agent for Windows Free works great. I also like the Synology Active Backup if you happen to have a Synology NAS that’s capable.