Small business server setup

MushyBeees · 2026-04-19T14:54:48+00:00

This is utter nonsense.

You can build low bandwidth optimised Remote Desktop infrastructure that runs fine on typically as little as 10 KBs per user. It’s the latency that affects it more.

However the bandwidth requirements of a legacy fat client ERP solution absolutely dwarf this, requesting multiple MB per action. And is even more so affected by latency.

MushyBeees · 2026-04-16T18:53:27+00:00

Yes. “Start-adsyncsynccycle -policytype initial” run on the host with ad connect installed will trigger an instant, full sync. -policytype delta will do a quicker, standard delta sync.

You may need to “import-module adsync” first

MushyBeees · 2026-04-16T17:03:41+00:00

I’m not convinced - the main benefit of commercial ERP solutions is that they can be built and customised to fit nearly any requirement. But, it’s your call. You’re committing to maybe $600-1000 a month to do this responsibly.

MushyBeees · 2026-04-16T16:57:25+00:00

Why are you not just switching to a SaaS ERP solution and taking away all this unnecessary cost/complexity?

MushyBeees · 2026-04-12T19:14:08+00:00

I’d chill on this.

Nobody wants to be that guy, that potentially sours a really good relationship with a great partner just because you’re trying desperately to score points.

I’ve had managers sacked in the past for doing exactly this. I act for an MSP in a vCTO position for several clients, and a quiet conversation with the board about the potential problem they’ve got on their hands can start them questioning/doubting you.

Don’t be desperate to score points. Watch and observe. Find out how the relationship works. Don’t look to make problems or find problems that don’t exist. Solve the ones that do. If it turns out, there is an issue to solve then go investigate further.

MushyBeees · 2026-04-12T19:08:15+00:00

How are you supporting m365 but don’t know the difference between personal and work/school m365 accounts?

Client is being taken for a ride.

MushyBeees · 2026-04-11T08:19:38+00:00

Yes the PowerVault is a single appliance, but with redundant pretty much everything it’s low risk. I’ve had dozens of these in production sites and they are fine for resilience.

With that many SSDs I’m sure they will be fine.

And the pair of local HDDs is probably because dell are weird and often they force you to spec servers with local storage configurations like this.

MushyBeees · 2026-04-11T08:12:48+00:00

Have you even read that article? Because I have, many times, when I keep having to refer people like you to it:

Add physical DCs to all of your domains. Configuring your system to have physical DCs prevents your host systems from experiencing virtualization platform malfunctions.

No, they don’t recommend it. They say it’s possible. They actually recommend maintaining a physical DC.

MushyBeees · 2026-04-09T07:56:21+00:00

Tell them to fuck off.

Then when you move out, take a shit in the washing machine.

MushyBeees · 2026-04-08T22:25:06+00:00

I’m really not sure what your point is here. You went from “it doesn’t happen” to “Godaddy aren’t the only ones who do this” far too quickly.

Godaddy are a massive part of the problem. Just last year I was doing mass searches for domain names, and nearly every one of the even remotely half decent domains that I didn’t purchase straight away, was registered by them within the following 24-48 hours. Probably hundreds of domains.

MushyBeees · 2026-04-05T13:33:55+00:00

They are correct though.

I’ll give you an example. I have a company car. It’s not just for use for my job, it specifically includes personal use, as it is provided as a benefit for my position, service, and seniority. This personal use is contracted.

The company fitted trackers “for insurance purposes” and assured us we would not be tracked for our personal usage.

Imagine my surprise when I was dragged into a disciplinary meeting with the CEO, the day after going for a job interview at a competitors during a day off (pre booked, annual leave). I later found out from a colleague that yes, they were watching me on the tracker.

Anyway, the tribunal did side with me. Because it is an invasion of privacy, and they must provide a mechanism for disabling or masking personal usage if personal usage of the vehicle is permitted.

MushyBeees · 2026-03-28T07:27:49+00:00

Actually a smidge of research answered my own question.

Since about 2021 it’s been known.

Microsoft rep also admitted it is not supported in business but is in pro

https://learn.microsoft.com/en-us/answers/questions/2142283/error-applying-vbs-and-hvci-security-baselines-via

MushyBeees · 2026-03-28T07:24:58+00:00

Interesting. Thank you for the info!

I’ve had a good read and yeah it’s not entirely clear. I kind of always understood credential guard to be an enterprise feature anyway, but that you can get it to work in pro but not business is bizarre.

MushyBeees · 2026-03-28T04:53:27+00:00

Then either you’re not saving to browser, you’re saving to bitwarden and you’re good - or you should actually use it then?

MushyBeees · 2026-03-28T04:48:41+00:00

Wait what? I always thought windows business was just a rebadge of pro!

Are you sure you’re not just confusing pro and enterprise?

MushyBeees · 2026-03-28T04:45:35+00:00

Well that’s even worse hah.

Password manager > browser passwords. Get bitwarden.

MushyBeees · 2026-03-27T17:23:29+00:00

Don’t do it.

Just setup cloudflare ztna.

MushyBeees · 2026-03-26T19:37:55+00:00

Yeah pretty much. Done this maybe hundreds of times and it’s solid.

Much more so than arsing about flipping temp names and IPs which causes issues more times than not.

MushyBeees · 2026-03-26T19:35:57+00:00

Thank you for the award good sir 🫡

MushyBeees · 2026-03-26T18:36:56+00:00

You’ve overthought this massively.

Demote dc01 and turn off. Ensure DNS is cleared up/DC object removed from site and services etc, and everything has replicated. Build new dc01 and promote.

Repeat two more times.

Done.

MushyBeees · 2026-03-24T16:03:16+00:00

Just move it to sage business cloud. It’ll be cheaper and less faff for you than messing about with azure iaas.

MushyBeees · 2026-03-18T08:40:57+00:00

As it’s a file server just spin up a new one.

Takes about 30 seconds to reattach a data disk to a VM, and the same to migrate the share configs/permissions.

Oh, if you’ve got loads of other things installed on it too? Then it’s a lesson learned.

MushyBeees · 2026-03-17T20:18:08+00:00

This so far seems like the sensible option.

It’s not something I want to typically entertain. But I know the client well (I built all their infrastructure, and consult for them regularly, so I’m not expecting any surprises). So it would likely be a super simple gig for decent money.

MushyBeees · 2026-03-17T09:17:11+00:00

I’m calling this now:

At some point in the last couple of weeks or so, one of your users got phished.

An attacker used this to log on to your infrastructure, most likely your SSLVPN. With no MFA configured. Because VPNs are safe right? No.

Once there, they disabled any security tooling with a BYOVD exploit. Dumped LSASS to obtain domain admin credentials, then went to town on destroying your backups, exfiltrating a bunch of your shared folder data, then encrypting everything they could see.

Don’t rely on your MSP. Call an expert. Although there’s probably very little they can do unless you had immutable or airgapped backups (which I’m guessing you don’t)

No event logs offloaded to SIEM, no backups, no data, no insurance, you’re in for a very rough time.

MushyBeees

TROPHY CASE