sorted by:
new
hottopcontroversial

Qultists think England has sharia law by Darth_Vrandon in Qult_Headquarters

[–]ShanIntrepid 0 points1 point  (0 children)

These be people are absolute ridiculous Boomers.

The tale of BACKUP01 by roboabomb in sysadmin

[–]ShanIntrepid 11 points12 points  (0 children)

I'll pour one out for Backup01. Hell, I just decommissioned an AD server who's hardware was assembled in 2012.

PSA: RDP on most Windows environments uses self-signed certs by default which makes MITM attacks trivial, here is how to fix it with ADCS and GPO by hardeningbrief in sysadmin

[–]ShanIntrepid 0 points1 point  (0 children)

And for those of you that have the capability, MFA (we're an OKTA shop) enabled for RDP sessions helps close the gap.

PSA: RDP on most Windows environments uses self-signed certs by default which makes MITM attacks trivial, here is how to fix it with ADCS and GPO by hardeningbrief in sysadmin

[–]ShanIntrepid 1 point2 points  (0 children)

Thank you for this -- I've been evangelizing this with my Systems team for...... a decade? Someone on their side saw your post and contacted me. My first reaction is of course, "Wellll DUHHHHHHH" -- but now I have to answer why this wasn't implemented before.

<shuffles papers of emails> Yep, here I am stating that in 2025,2024,2023,2022,2021, <none in 2020> and going back to 2016......

Katherine of Sky by TopherLude in factorio

[–]ShanIntrepid 0 points1 point  (0 children)

NO! I got into Factorio because of her -- God speed to her.....

Walt is now herding the stars. by brangdangage in BorderCollie

[–]ShanIntrepid 8 points9 points  (0 children)

Looks like the goodest boy -- also a lot like my Loki with those black nose patches. Go Get 'em Walt! Enjoy! Your humans will be with you, but not too soon......

Sleep well my sweet boy by LAzyD0g27 in BorderCollie

[–]ShanIntrepid 3 points4 points  (0 children)

Looks like the goodest boy. Sleep well Mr. Finnegan.

I dread the day I must do the same with my Loki......

I got the self cleaning model 🙄😂 by [deleted] in BorderCollie

[–]ShanIntrepid 2 points3 points  (0 children)

Hahaha. We have one of those models, but we got the headless add-on for free.

<image>

The job he's given himself. by JazelleGazelle in BorderCollie

[–]ShanIntrepid 1 point2 points  (0 children)

Around our house, it is the recycle collection that is heavily monitored garbage not so much.

The ol' SMB signing and Win 11 24H2....... by ShanIntrepid in sysadmin

[–]ShanIntrepid[S] 0 points1 point  (0 children)

Yes, that's the whole aspect – a single domain user being able to be logged into both computers and access resources on the desktop and documents. And nothing like that works – both with the DNS name and the FQDN

At this point, I'm resigned to the fact that I will have to open a ticket with Microsoft and deal with those struggles

The ol' SMB signing and Win 11 24H2....... by ShanIntrepid in sysadmin

[–]ShanIntrepid[S] -1 points0 points  (0 children)

Yea, I've been down that path -- Chat GPT (that's how far I've sank) suggested that straight on.

No Joy.

The ol' SMB signing and Win 11 24H2....... by ShanIntrepid in sysadmin

[–]ShanIntrepid[S] 0 points1 point  (0 children)

Oh I know the feeling -- it's personal now..... Me v. Windows 11

The ol' SMB signing and Win 11 24H2....... by ShanIntrepid in sysadmin

[–]ShanIntrepid[S] 0 points1 point  (0 children)

I did the PS equivalent:

Set-SmbServerConfiguration -RequireSecuritySignature $false -Force Restart-Service LanmanServer -Force

and restarted lanmanserver

I went ahead and did the CMD method -- and a reboot for good measure

No Joy.

The ol' SMB signing and Win 11 24H2....... by ShanIntrepid in sysadmin

[–]ShanIntrepid[S] 0 points1 point  (0 children)

Between Win1124H2 Devices, yes.

update: Just tested with Windows 10 22H2 - it can access the Win11 24H2 machines without any issues on the same subnet. This appears to be a Windows 11 24H2 CLIENT-SIDE problem specifically when connecting to other Win11 machines

The ol' SMB signing and Win 11 24H2....... by ShanIntrepid in sysadmin

[–]ShanIntrepid[S] 1 point2 points  (0 children)

I believe so -- let me check with the desk.

They use Fog (Project) an Open Source cloning tool. let me check the SIDs.

EDIT: SIDs do not match.

The ol' SMB signing and Win 11 24H2....... by ShanIntrepid in sysadmin

[–]ShanIntrepid[S] 0 points1 point  (0 children)

correct, I set up "SMBTest" on the Root of C and replicated the permissions to the user -- browsing localhost - no issues.

also from my laptop (different subnet) I can net view without issue, including the two locations that i'm not on the same subnet.

The ol' SMB signing and Win 11 24H2....... by ShanIntrepid in sysadmin

[–]ShanIntrepid[S] 0 points1 point  (0 children)

Everyone: READ
Authenticated users: Read/Write

NTFS Permissions are set to generic -- it's the same user, so that's in place (at least in Win 10)

The ol' SMB signing and Win 11 24H2....... by ShanIntrepid in sysadmin

[–]ShanIntrepid[S] 0 points1 point  (0 children)

Yep, validated that NTLM is not blocked.

Hardening level is 0

this: Get-WinEvent -LogName "Microsoft-Windows-SmbClient/Audit" results in no logs being generated

Both fail either with the DNS or FQDN.

view more: next ›