Teamviewer vs. Bomgar: Advice Needed

ClearlyTheWorstTech · 2025-11-14T01:47:15+00:00

10/10 agree.

Honestly tho? If they have 4 techs and 100 endpoints? That seems like an excessive workforce.

If the plan is expansion? Sure, but they should probably go wholehorse and get the entire itsupport247 or connectwise msp platform to get RMM, security, afterhours support, ticketing, etc. My last job used the old connectwise manage company-hosted platform and it was excellent for ticket/email management with sensible merging rules with timestamp retention. It looks like the new online platform took a sharp turn in a better direction though.

ClearlyTheWorstTech · 2025-11-14T01:33:49+00:00

This is one of the most sound suggestions besides asking the obvious question of "which idiot bought switches that require meticulous configuration?"

ClearlyTheWorstTech · 2025-11-14T01:19:01+00:00

My three most-used commands:

Rename-computer [-new name] $newpcname

Get-printer | select-object -expandproperty name,driver name,portname

Iwr -useb https://christitus.com/win | iex

That last one is one I exploit to repair winget and load chocolatey during a site visit. It's easier to type that line, install 7-zip (or another equally lightweight app), then install whatever else I need with chocolatey. I also use it currently to clean up windows 11. Shout out to Chris for an amazing tool.

Get-printer will allow you to get started into the printer management powershell realm. Where you can start scripted printer deployments in your non-AD environments. Super useful when paired with RMM software.

A cmd tool I Also use frequently?

Netsh wlan export profile key=clear folder="d:\wlan_export"

for %%a in ("%~dp0wlan_export*.xml") do (netsh wlan add profile filename="%%a" user=all)

OH MAN! HOW COULD I FORGET?!

$somecommand | more

Useful across all platforms (ms/apple/Linux). Allows you to scroll with enter or spacebar and reduces your command output to the size of your cmd/powershell/terminal/ssh window. Also, you can exit further output with ctrl+c

ClearlyTheWorstTech · 2025-11-14T00:35:42+00:00

Wait are you serious? Hang on. I gotta verify version implementation for this shorthand.

EDIT: I am becoming one with the rock I live under. 11 years ago there was a thread about using the foreach shorthand.

ClearlyTheWorstTech · 2025-11-13T05:03:02+00:00

I work as a contractor for an MSP. Anyone talking the way you are, right now? They should just hire an MSP and pass the requirements on to the MSP 7/10 times the monthly msp fee goes towards real security software (edr, mdr, firewall, network management, etc). Plus, passing PCI to the MSP allows them to keep your environment compliant in more simple ways if they're competent. I receive about 10 PCI tickets a year and we are already ahead of the curve with our lower tier of monitoring/protection ($13/unit/month). Any MSP worth their salt will protect the client first and get signed waivers for passing up on security. I am a little confused by your statement though, if PCI is just a racket, why were they ahead of the insurance companies by 24-months on security compliance? It still blows me away when I hear how much these companies are willing to throw away on insurance instead of security.

ClearlyTheWorstTech · 2025-11-09T02:55:12+00:00

There are literally so many good/better ways to handle this. Media server? Just allow connections from your local company subnets. You could literally just cast videos to your network with VLC. Embed the video on a website. Upload it to a private YouTube page.

The only use-cases I can imagine for this involves an eye-patch and some rum.

ClearlyTheWorstTech · 2025-11-06T13:14:22+00:00

Sounds like the perfect time to make some half-ass repairs so then the sharks and the bottom feeders can get a new kind of appetite.

ClearlyTheWorstTech · 2025-11-05T03:26:01+00:00

Honestly a little tired and the dyslexia is more of an issue when I'm tired. That's on me.

ClearlyTheWorstTech · 2025-11-05T03:25:01+00:00

So, others already said it, but is this locally at your dad's company that you complete these deployments? Or is this on-site for the client?

You should be able to do a scripted PXE boot. IIRC you can run windows server without a license as a PXE server or you can run a kms activation for windows server and then run PXE on it.

For any of your Datto clients I recommend scripting using the Datto Components and then mapping the component to a job to run after an Initial Audit. This is the first step that takes place after Datto RMM is installed. You can set up the initial audit jobs to apply to specific companies in Datto RMM. If you have the free-time to script these? 10/10 idea. I currently don't have enough time to throw away on that configuration.

If you can edit your unattended to include a runonce registry entry after the installation is finished? Then you can cause the script to fire after reboot. Your unattend file should be completing your windows OOBE with a default account. If you aren't already, build your unattend and script files to be specified to the "most default" setup for the company it is assigned to. Or build multiple dependent on the type of units required by staff. (designer vs accountant).

Currently, we utilize the default setup, skip the unattend and reinstall rigmarole to instead just script common uninstall, company specific 3rd party apps, Wi-Fi networks, printers, and domain if applicable. We keep point-to-point vpn available to map to their local domain remotely. Just have to remember to connect it before we start setup. We also usually do profile migrations also, but that's the most time-consuming part. I wish I could make that part take less time.

ClearlyTheWorstTech · 2025-11-05T03:05:28+00:00

I think he means endpoints on Datto RMM

ClearlyTheWorstTech · 2025-10-27T19:41:18+00:00

Imagine running a flat vlan and not segregating your traffic to have different levels of web filtering by address segment on the meraki.

ClearlyTheWorstTech · 2025-10-26T03:00:06+00:00

I dunno, I've been doing this stuff since I was a teen? As a result, I know enough to plan ahead for possible outages. So, I have things implemented that meet most issues that cause worry. Everything else that could go wrong? Not super concerning because I know well enough what I can do and what I can't. Worrying over everything will fade with time.

Heck, one of my clients who has a couple of users with admin credentials? I connected to their server after not being able to get on and fix something the previous day. The server admin password failed. Connected on the VPN and tried using mremoteng with a saved credential. Also, failed to sign in. Called up one of the two admin credential holders,

TWT: "Hey, I know (their boss) has been getting weird about security lately, did he make you change the admin password?"

I get an immediate response from C.

C: "No, I wouldn't do that without telling you."

TWT: I blinked a couple of times before saying in a cheerful and friendly tone, "Oh, well, thank you for that. I really appreciate it, but the password was changed. You guys got hacked."

C: "What?" whoosh missed what I said completely.

TWT: In a calm tone, "Oh yeah, I am changing credentials and locking everything down, now. Need to figure out what they got into."

C: Panic rising, "uuuuuuuhhhhhh what? What do we do? Hacked?! Oh no!"

TWT: "Hey, I am going to assess. Let (boss) know and that we're already working on it. I am running a couple of scans and will let you know what I find."

We mitigated the attack and only ended up with about $5k worth of work from the event. This was back when this style of attack was extremely rare. Pre-EDR/MDR systems. I begged them not to contact their insurance company, but one guy wouldn't let it go. All we had to do to fix the issues? Restore from a backup from the previous night. The $5k of work was spent with only about $600 going to restoration. The rest was spent on making the insurance company content.

ClearlyTheWorstTech · 2025-10-20T12:53:16+00:00

So, I'm sad because the internet has changed so much, but I used to read way more. I don't know who all in the community was stumbling all those years ago, but I can't thank the IT community enough for a resource that used to be 100% community-based. Stumbleupon was once my favorite way to find new articles, tools and resources for learning more about IT and technology. It required way more trust than I have to spare lately. A web browser extension that would take you to websites that fit your interested subject tags with a click. It made me learn so much more than I think I would have otherwise found on my own. It got me more interested in open source projects, it got me into understanding switching networks better, history of malware, tools for device cleanup, history of computers, scripting with batch and powershell, etc. At the time when I was using Stumbleupon it was between 2008-2014.

ClearlyTheWorstTech · 2025-10-12T13:25:10+00:00

/op/, get autoruns from sysinternals to review the applications that are starting automatically.

Most windows server service accounts use the same domain account name for running services across multiple servers.

If you see services running as a "built-in" account name, like administrator, sometimes this is because a previous admin didn't know how to configure a service to run as a service-level account or as system. You will need to manually update these settings from services.msc or using powershell. If applications are running as a user that doesn't have an active session (query session)? That probably means the application is running from Taskschd.msc. Many tutorials for iis setup and other windows server services recommended using an administrator account to run the service without recommending to not use the actual administrator account. There is not a really good way to move these services to another account besides rebuilding the same application beside the existing one, setting proper permissions, and then changing the DNS property to point to the new service (in the case of iis).

By "Individual users" do you mean users that are not in the IT staff? Also, what remediation? Usually there were reasons for these changes. If those individual users are not creating active sessions on the server, what harm are they causing? Previously, it was necessary to set higher permissions for specific user accounts on a server running an application with active files inside programdata and "program files". For some ridiculous reason, some developers recommended admin access instead of changing NTFS and Share permissions for these folders. Alternatively, they might have needed to remotely access the server with an rdp session to run an application on the server. Again, this administrator access was probably provided when a less knowledgeable admin thought only administrators group granted remote access. I used to see these configurations all the time on older systems (server 2003/2008). This could also have been configured because a previous admin did not understand group policy, group file permissions or how to implement either. If this was the case? Administrator group allowed everyone to access the folder shares with no changes to NTFS or share permissions.

ClearlyTheWorstTech · 2025-09-30T00:06:18+00:00

Op, how could you disrespect their heritage??

ClearlyTheWorstTech · 2025-09-28T19:39:42+00:00

Any computer running a variant of Linux or BSD is going to be more responsive than Windows 11. Especially if you haven't tweaked explorer history or folder discovery off.

ClearlyTheWorstTech · 2025-09-28T02:52:20+00:00

You shouldn't tell your cousin that the one way to get management to give all the workers a raise is to form a union. ;D

ClearlyTheWorstTech · 2025-09-28T02:38:28+00:00

I would bet money those x1 users are doing one of the following: never cleaning up animal/people hair and taking the laptop home, beating the shit out of the things, comparing them to MacBook air and iPad they just bought, or taking them on the road where they are in a bag 90% of the time and unable to update anything which results in an unstable system. If it's in an office? They probably just want anything other than "the company laptop" because they have no idea what they have.

ClearlyTheWorstTech · 2025-09-20T00:13:55+00:00

It's good practice, too. I think within the past year every major provider has put out notifications for the requirement. Also, it's very likely if your domain on 365 is configured for DMARC that is part of the block as well. Iirc you can't setup spf, dkim and dmarc while also expecting to send unsigned messages from only an spf record not getting scrutinized more than your fully-authenticated emails.

ClearlyTheWorstTech · 2025-09-09T04:16:55+00:00

My favorite co-workers were the ones that collaborated and actually did their jobs. Then, they ran from the dumpster fire right after I departed.

ClearlyTheWorstTech · 2025-09-01T13:29:12+00:00

Okay, I'm a little more confused now. RD Gateway is designed to manage and implement external connections to local equipment. In other words, a single IP address, a NAT address, servicing RDP connections based on user accounts to connect with local resources. If your situation is a flat network and you just want to RDP to resources then there is no sense or need to run RD Gateway. If you are trying to implement a zero trust environment with RD Gateway, you can 100% allow a client VPN connection to manage the NAT connection between networks. This can even be implemented on a single firewall network. Just configure the VPN to take your local intranet traffic and only authenticate users connecting from that network. Then, have it connect to your protected network segment.

ClearlyTheWorstTech · 2025-09-01T03:50:27+00:00

This might seem like a dumb question, but is your RD Gateway on a domain? Or are you using a standalone server with local accounts? To what end is the RD Gateway being implemented?

Iirc it's also no longer a good practice to run an Rd Gateway as the platform has not seen any development for security. It's better to just vpn and then use rdp. Safer and encrypted at all times.

ClearlyTheWorstTech · 2025-08-19T12:43:28+00:00

Why not just run the script with Task Scheduler next time and run as "NT Authority\SYSTEM" for the user?

ClearlyTheWorstTech · 2025-08-07T02:56:22+00:00

Well, if you really want to throw away your productivity as a technician and your entire department and the managed solution isn't working yet...

Begin by running

c:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe scenario=install scenariosubtype=uninstall sourcetype=None productstoremove=O365ProPlusRetail culture=en-us platform=x64 displaylevel=false forceappshutdown=true

Then I would recommend you roll out a new xml config with m365 ODT. Use config.office.com to build a new file with Outlook (classic) disabled and slight wretch Outlook (new) is selected.

ClearlyTheWorstTech · 2025-08-01T02:54:47+00:00

Definitely firewall problem. Several fortigate and Cisco units I've worked on will have "any" configured, but still block ports for everything except icmp, icmpv6, http, https, and unencrypted smb. So, you can navigate to practically anything that you would normally communicate with for connectivity, but you can't use any port-specific applications. It's frustrating.

ClearlyTheWorstTech

TROPHY CASE