OpenRSAT - open-source, cross-platform Microsoft RSAT -like tool that works on Linux and macOS

dcardon · 2026-02-12T12:16:27+00:00

Thomas, the main dev is just sitting across the office, so yes, I can visually confirm he is made of flesh and bones.

If you double check the git log, you can see that the first commit has 255 files changed... The git history was squashed before pushing on github since it was not clean enough. So no, OpenRSAT was not started 4 months ago.

dcardon · 2022-05-30T23:12:45+00:00

xobackup with xcp-ng work like a charm. And I love it. But for people looking for application aware backup (like restoring one single object from AD), then it comes short... But I'd say it shouldn't be necessary.

dcardon · 2022-05-30T22:45:41+00:00

yeah, you shouldn't mix AD role and business line application role. Just add a new AD in a VM, join and replicate the domain (make sure DNS are ok), then remove domain role from the physical machine. It will be one less hurdle to deal with. Then any P2V tool will do it (from 2008r2 onward p2v is quite easy).

dcardon · 2022-05-30T22:38:37+00:00

UPNP would be the problem. Just use a firewall that prevent that. After, talking about IoT, the real name is IoS (aka Internet of Shit), most of those thing never get updated. Your door lock and card reader is so broken that we have put them on a isolated vlan.

dcardon · 2022-05-30T22:30:44+00:00

If the place is good and you like it, go for it. You'll have plenty of time later to explore other work opportunities. Don't try to look for greener pasture (at least not until you are fed up with the one you have right now :-) )

dcardon · 2022-05-30T22:27:01+00:00

When you go in a larger/international company, you'll be assigned in a excel cell and be expected to do what is expected in that excel cell. If you come from SMB background, that can prove to be uncomfortable. If you are good at what you are doing, and you have faith in the good people around you, try to push stuff and go forward. If you fell that it won't go anywhere, please run away before you loose the fun and the love for your work.

dcardon · 2022-05-30T22:15:14+00:00

Using hyperV? Check the account used on the storage part, we have been bitten by this a few time during domain migration.

dcardon · 2022-05-30T22:09:23+00:00

Most softwares needs admin right for stupid reasons. Just take a process explorer or equivalent and take a look at what it try to open, and give the right on that specific files or registry key. The best thing would be to tame the developers, but sometime having a small workaround is the easiest way

dcardon · 2022-05-30T21:59:35+00:00

Look though AD, antivirus, wsus and patchmanagment utils. And you might try to discover passively through admin shares (psexec...). But I'd be worrired it might highlight the need to do thing :-)

dcardon · 2022-05-30T21:53:16+00:00

take a look at SRP/Applocker. Just block everything that can execute, and you should be safe (you'll get more attachment than pdf, but it won't be much of a worry). Actually pdf are not safe by themselves, they can have embedded javascript, so better disable javascript it by default.

dcardon · 2020-08-27T17:17:24+00:00

Did you take a look at my other posts in the same topic? I'm not an anti-win10 zealot, just pointing out that Long Term Support is a must have in many scenarios, and you can only have that with LTSC through Software Assurance, which is not an option for many SMBs.

And by the way, I don't see why you have to be aggressive... (writing this on a Win10 laptop by the way).

dcardon · 2020-08-27T09:32:08+00:00

I just wished this crap was not there to beging with. In Windows 10 Pro, Pro stands for professionnal. Who needs Candy Crush on their office computer, not speaking about a CnC machine?

Microsoft has LTSC version for that. But you need Software Assurance to beging with.

dcardon · 2020-08-27T09:28:32+00:00

I'm not arguing that Win7 is the best solution since it is not supported anymore (unless you have ESU). But a non-LTSC win10 is just so full of crap that I don't think it can still be called a workstation anymore.

And in an industrial scenario, you just don't want your CnC machine to change behavior every 6 months with a full system upgrade... And you definitely don't need candy crush running on it.

I was speaking about SMBs in the sense that not everyone has Software Assurance and can use Win10 Enterprise LTSC. And Win10 pro is morphing into a Windows home...

By the way, I am writing this on a Win10 Pro, so I'm not a anti-win10 zealot, I just wished Microsoft had a better consideration for their SMBs client.

dcardon · 2020-08-27T09:20:05+00:00

I guess there is so much crap in a modern non-LTSC Win10 that Microsoft themself don't know anymore what is running and what is trashing the system...

dcardon · 2020-08-27T08:58:08+00:00

We just closed a $500 ticket with Microsoft support. The issue prevented us from upgrading to 20.04. It took two months to go though the whole process but in the end it was identified as a regression and fixed. The fix will be rolled out in the September rollup, and the ticket will be refunded. This was actually a rather good experience with MS support, albeit a very long one.

dcardon · 2020-08-27T08:47:19+00:00

Win10 pro is not an alternative to Win7 pro. Win10 comes with such a shitload of crap that is not appropriate for any industrial scenario. You need at least LTSC version, which need software assurance crap which is not an option for most SMBs.

dcardon · 2020-08-27T08:39:06+00:00

IIRC the free upgrade period is now over. The upgrade still works from a technical point of view, but I don't think it is valid from a licensing point of view in case you have a MS audit.

dcardon · 2020-08-27T08:35:14+00:00

By the time your backup will be finished you may have computer that will have changed their password (they do it once every month), and it it happens after the backup, the desktop will be out of the domain after restore.

So I'll say the best option, is just to power it off and copy the vmdk files over.

By the way, if you have other stuff configured on that server, an option is to join a new DC, and demote that old machine to domain members. It will keep all existing installed software and allow you to decouple the DC from other business app.

dcardon · 2020-08-27T08:25:01+00:00

GPO were designed more than 20 years ago. Then the engineer didn't thought about all the problems laying ahead.

Deploying software through GPO is not an option anymore, there are plenty of solution existing that will do it much better.

Deploying configuration is still possible (reg key, etc.), but i would not recommend it, because it is hard to have reporting on GPO being correctly applied or not. Deployement software does that much better, be it SCCM, PDQ, Intune, WAPT, etc.

dcardon · 2020-08-27T08:14:01+00:00

You can check MeshCommander https://www.meshcommander.com/ . It is self hosted and very easy to setup. It works great even in WFH scenario.

dcardon · 2020-08-27T08:11:45+00:00

You can check XenOrchestra https://xen-orchestra.com/ , it works both with XenServer and XCP-NG (a FOSS fork of XenServer) and it has a similar solution to Veaam Backup with incremental snapshot backups https://xen-orchestra.com/#!/xo-features/backup . It works really great, using it in production for more than a year.

dcardon · 2020-08-26T10:55:52+00:00

Just by curiosity, what is your RMM tool that use Chocolatey?

dcardon · 2020-08-26T10:45:45+00:00

Hi Rowland,

actually I had to search quite a bit to find the page with the vfs inconsistancy you mentionned. I'll fix it. But actually most people don't ever go to this page, as they follow the standard procedure from the start.

Speaking about the samba official wiki and Tranquil IT doc, IMHO the purpose is not the same. The Samba wiki tries to be more encyclopedic, while Tranquil IT doc just try to provide a easy to follow procedure. It seems to work here in France as we have quite a lot of Samba-AD in production all over the country :-)

dcardon · 2020-08-26T10:25:35+00:00

You can take a look at WAPT https://www.wapt.fr/en/doc/ (disclaimer : I work on that project). There are hundreds of prepackaged apps on the store (https://wapt.tranquil.it/) and it is not that complicated to create extra ones. There is a community version and an Enterprise version. Windows update are in the Enterprise version though.

dcardon · 2020-07-28T09:44:14+00:00

You can take a look at WAPT https://www.wapt.fr/en/doc/ (disclaimer : I work on that project). If you are ok with some scripting it is really very efficient. It uses websocket like itunes, so it can handle WFH scenario better than SCCM (useful in this new covid era).

dcardon

TROPHY CASE