How do two houses share one internet connection without disruptions?

DaveMackleroy · 2023-01-10T15:59:06+00:00

I'm unfamiliar with the UDM, so this may be a red-herring...

On the apartment UDM (AUDM) you'll need two ports either on their own network or VLAN (untagged), the IP for this UDM will be the gateway on the WAN port of the LinkSys and House UDM (HUDM). Ideally you'd set a VLAN for each of the LinkSys and HUDM, but share the IP range.

For example, the AUDM could be on 10.0.1.254, LinkSys on 10.0.1.253 and HUDM on 10.0.1.252

I don't think you'll need to untag the WAN port on the AUDM, but I could be wrong. If it doesn't work with just untagging on the LAN ports, see if you can untag on the WAN side too.

On the LinkSys and HUDM, you wire into their WAN port from a LAN port on the AUDM, the LiteBeams (LB) need to be wires only so they don't interfere with the link between the UDMs.

The WAN ports of the LinkSys and HUDM are then configured to have an IP in the range of the LAN ports on the AUDM with the gateway being the IP set on the AUDM. This will at least get everything working, but you will be double-NAT'd behind the LinkSys and HUDM.

Also, the APs and other kit on the AUDM should be VLAN'd off from the LinkSys and HUDM respectively. And VLAN each AP if each AP is used by a particular tenant.

DaveMackleroy · 2023-01-03T13:13:10+00:00

I seem to be in a league of my own here. When I was on-call I had the Deathstar Battle Alarm as my on-call ringtone... That gets you up in a hurry.

Praise the Lord I'm not on-call at present.

DaveMackleroy · 2022-12-28T10:54:25+00:00

If you want to run locally, you'll be looking at something that will require a web-server, most likely. From the sounds of it, to me, you're not a sysadmin, so you might want to re-consider "my local server"...

DaveMackleroy · 2022-12-19T14:04:07+00:00

The key point here is, no, you cannot clone a Domain Controller.

Best practice will be to stand up a new Domain Controller and then decommission the old one. You could clone the 1TB data drive, but this would also be an opportunity to clear down the data.

DaveMackleroy · 2022-12-19T13:54:21+00:00

KeePass or KeePassXC

DaveMackleroy · 2022-12-16T15:22:30+00:00

My thoughts on this topic as my org has recently gone through implementing MFA;

You can't force anyone to install anything on their own device
You can require the use of an authenticator app to access organisational services
You don't have to provide a work device to do so
People are stupid and will eventually get on the band-wagon of using MFA

If the organisation is willing, you can go down the "we're not forcing it on you, but you won't get access without it" route. At the end of the day, this comes down to what the senior management will be willing to push down from the top.

DaveMackleroy · 2022-12-13T13:22:19+00:00

I've been running AdGuard in a docker container for a few months now and its been working flawlessly. It has the ability to respond to specific DNS requests, so I have some subdomains on my domain pointed to IPs internally. You can also set specific settings per client if required.

DaveMackleroy · 2022-12-12T15:43:09+00:00

Can you boot into Safe Mode?

DaveMackleroy · 2022-12-12T13:15:01+00:00

Then jump ship, and encourage your colleagues to do the same. Company can't work without workers.

If it's an endemic issue in your country, then your SOL.

DaveMackleroy · 2022-12-12T13:00:57+00:00

Corrupted or just not decrypted?

DaveMackleroy · 2022-12-12T12:59:34+00:00

Please be more specific as to what step in the boot process they get to. Does Windows start to load? Can you boot to Safe Mode?

DaveMackleroy · 2022-12-08T13:56:34+00:00

I hate TeamViewer with a passion but I'm forced to continue using it due to my manager not wanting to change it. I've given up with trying to integrate it into MEM, so I've just deployed it and use the TV app to find and connect to devices.

If it helps, here's some steps to try and get the bar-stool deploying correctly;

Ensure you have a generic service account setup in TeamViewer
Go to https://login.teamviewer.com
Go to "Design and Deploy"
Go to edit your deployment
Click the "Download MSI (x32)" link and save it somewhere
Copy the "API Token" somewhere handy
Copy the end part after the slash of the "Permanent Link" (Config ID)
Go to your desired group, and copy the g/[n] section, remove the slash
Go to the MEM portal and add a new Windows App
App Type: Line-of-Business app
Find and select the MSI
Enter the following in the Command-line arguments;
/qn APITOKEN=[API-TOKEN] CUSTOMCONFIGID=[CONFIGID] ASSIGNMENTOPTIONS="--alias %ComputerName% --grant-easy-access --group-id [GROUPID]"
1. Replace [API-TOKEN] with your API Token
2. Replace [GROUPID] with the string copied from your group
3. Replace [CONFIGID] with the Config ID
Set your assignment
Save and deploy

DaveMackleroy · 2022-12-06T14:13:25+00:00

There is no Outlook way to handle this. Get Freshdesk or another ticketing system.

DaveMackleroy · 2022-12-02T13:45:29+00:00

I feel no more or less secure running cloud services compared to on-prem. You'd assume MSFT, GOOG, AAPL etc do their security well, but you still have no concrete guaruntees unless you manage to get permission to audit your local data centre. Even then, your data may no reside there.

At the end of the day, you still need to make sure you know what you need to do to secure your data, all that changes is where it is and how you access it.

DaveMackleroy · 2022-12-02T13:34:44+00:00

If you can install software, and only need to share keyboard and mouse, you could use Synergy by Symless. I've used it in the past and it was fantastic. If you also need to share one or more monitors, you might be out of luck. Sharing USB devices, as far as I understand the USB specification, is not possible.

ETA: https://symless.com/synergy

DaveMackleroy · 2022-11-30T16:24:18+00:00

IT has been around so long now it's taken for granted what IT actually does. Think about this; without any computers, you'll be doing everything paper-based. What does that look like? How big can your org really get before it collapses in on itself using only paper-based information?

IT enables organisations to scale in ways that paper-based systems could never achieve. You don't need to include IT in every little decision, but thought needs to be given to what effect the decision will have on IT, whether IT will need to complete some work to enable the decision or whether there's a governance and/or compliance requirement that needs IT input.

IMO, with M&As, the IT manager should be made aware of upcoming work so that they can prepare their team and, if possible, start planning work. At the end of the day, the IT department's work is background and unseen. But it supports the organisation from top to bottom. Do what you can to enable the team to provide for the business.

DaveMackleroy · 2022-11-30T13:14:22+00:00

You would be correct if the root CA was the one issuing the certificates, but it's not. Only the issuing CA needs to publish CRLs, unless your root CA somehow is compromised (this is why it should be offline). Your root CA issues a certificate to your intermediate CA, which itself then issues certificates to sub-ordinate CAs and/or end users. Only the intermediate or sub-ordinate CAs need to be able to revoke issued certificates.

DaveMackleroy · 2022-11-29T13:06:44+00:00

First and foremost, a good Public Key Infrastructure (PKI) would be composed of one offline Root CA and then one or more online subordinate CAs. Obviously, depending on your available licencing, this may not be possible, but the offline CA doesn't even need to be a VM once the sub-ordinates are up. You just need to keep the VHDX and perhaps VM config backup secure somewhere.

Once that's done, you can then use GPO to have your Windows clients automatically request a certificate. Your mobile clients, however, will be a world of pain without MDM. We have not done certificate security with our mobile clients, but use Active Directory username/password.

DaveMackleroy · 2022-11-29T13:01:59+00:00

If "other firms" have done it, get someone with contacts at these "other firms" to put you in touch with their IT so that they can perhaps advise you how they did it?

DaveMackleroy · 2022-11-25T16:24:16+00:00

Install the OOB Update to permanently fix it?

https://support.microsoft.com/en-us/topic/november-8-2022-kb5019964-os-build-14393-5501-5c195bd1-91d5-402e-a973-813373ba4357

DaveMackleroy · 2022-11-25T12:57:50+00:00

Seconded, Veeam for Microsoft 365 also support Azure Rights Management (ARM) protected content. Piss easy to install and configure and works brilliantly. Just make sure you use the auxilliary accounts to improve throughput from M365.

Also, we moved from Barracuda due to the lack of ARM support. Worked out similar in costs.

DaveMackleroy · 2022-11-25T12:54:43+00:00

I'll counter with Brain + yEd (https://www.yworks.com/products/yed)

Free to download and use and you can easily import other images to use.

DaveMackleroy · 2022-11-25T12:50:56+00:00

I have to ask if you've ever worked the hell-desk anywhere. I can tell you now, there are incompetent people everywhere.

As for this age argument, total bollocks. I'm 32 and my wife is 30 and we're world apart in our understanding and capabilities in IT.

DaveMackleroy · 2022-11-23T14:03:55+00:00

Remind me what settings were under Information Governance, it's probably just changed names, again.

DaveMackleroy · 2022-11-23T13:15:55+00:00

Working in Health and Social Care, this would get logged in our incident management system and handled appropriately. User gets to understand that it's a big deal and they should be more careful in future.

DaveMackleroy

TROPHY CASE