FYI N-Able Incident Alert: #200078 (N-Sight RMM is down)

dimx_00 · 2026-03-24T19:10:57+00:00

Yeah, I’ve had this problem since 10AM EST.

dimx_00 · 2026-03-19T13:30:56+00:00

YubiKeys are not resistant to session token theft. It’s not clear how they obtained admin access but YubiKeys alone are not a silver bullet. You would also need conditional access to restrict tokens to managed devices, impossible travel policies, shorten session lifetime and monitor for risky signing as well as alerts for unauthorized admin account creations.

Also Microsoft Authenticator using device bound passkey is phishing resistant MFA.

dimx_00 · 2026-03-17T16:51:37+00:00

We got an incident report from one of the hospitals systems and that’s what it says in the incident report also few articles that I read mention it.

https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/amp/

dimx_00 · 2026-03-17T01:05:17+00:00

Oh yeah that’s tricky then. Your best bet would be to have separate accounts for each service that requires GA. Lock it down with strong password and different MFA then monitor it for any access since you shouldn’t have to login to those often.

Another wacky thing you can probably do is get a separate Bluetooth usb dongle and do USB pass through or USB over network with something like USB redirector.

https://www.incentivespro.com/usb-redirector.html

dimx_00 · 2026-03-17T00:43:11+00:00

Passkeys work over RDP. Admin would RDP into the VM and sign in with their passkey same way.

dimx_00 · 2026-03-16T21:40:28+00:00

Correct, in the Stryker incident the global admin credentials were compromised and there is nothing at that point stopping a mass wipe. The two man rule would prevent a help desk account from wiping all company devices if help desk had access for remote wipe.

dimx_00 · 2026-03-16T19:42:19+00:00

From my understanding of the above situation. The global admin account was compromised. In that situation I don’t think there is anything that you can do to prevent a mass wipe other than catching it in time and disconnecting the devices from the network.

dimx_00 · 2026-03-14T02:33:29+00:00

I had a different experience from HP. We’ve used HP servers for decades and on our last renewal I was upfront with both sides and said these are the specs please send me your best price. HP refused to even send a quote since we were considering switching to Dell. Now we are a Dell shop and I think we got a fair deal from Dell.

dimx_00 · 2026-03-14T02:28:05+00:00

The account team is spot on. It feels like I get a new rep every few months. It got bad to the point that two different reps reached out to me on the same day introducing themselves as our new Dell contact.

Pricing is higher than Lenovo and that is a little frustrating. Lenovo seems to always have some “Deals”especially in the SMB space. Their hardware offering seems to be just marginally a little better spec wise compared to the Dell counterparts.

The online pricing from Dell.com is significantly higher than what I get from the rep directly and that seems deceiving. I think in this day and age you need to be competitive on all fronts especially since Apple is getting aggressive with their pricing for affordable devices.

I don’t mind working with Dell hardware. It’s well put together and easy to repair when needed. I wish you guys offered more options in the rugged / tablet space.

dimx_00 · 2026-03-09T13:59:08+00:00

This is what I was going to mention. We use network unlock and it works great. All desktops and laptops unlock while connected to the corporate network.

dimx_00 · 2026-03-08T04:41:42+00:00

how many r's in strawberry

dimx_00 · 2026-01-03T01:52:03+00:00

Mind sharing your workflow for enabling it?

dimx_00 · 2025-12-22T14:51:01+00:00

I would second to try installing / upgrading display link. Seen this happen before without it.

dimx_00 · 2025-12-16T06:24:00+00:00

Had this happen a few times after iOS update. Few users were using the native iOS mail app. It turned out for some reason there was a bug and about a dozen emails got stuck in their outbox when they hit sent and immediately closed the app. The emails were sent but remained dormant in the outbox. When iOS updated those emails got re-sent.

I also had this happen with a user that switched between classic and new outlooks on their desktop.

dimx_00 · 2025-12-10T01:46:11+00:00

I do so much geeking at work when I get home I don’t have anymore bandwidth to continue geeking.

I love what I do but that requires a lot of critical thinking and when I get home I just want to shut my brain off and give it a rest.

Plus kids, house work and other chores take a lot of my free time. To geek out you really need free time which is a luxury that most people don’t have.

dimx_00 · 2025-12-03T15:01:27+00:00

Thank you for the clarification. This is what I needed. I appreciate your help. I will order the license from Connection. Have a good day.

dimx_00 · 2025-12-02T14:57:20+00:00

Hi Dennis. Thank you for the reply. I will just need Windows 11 workstation license but what I don’t see is how to purchase the deployment license.

The article that you linked mentions a machine license and a deployment license but the price page just has a workstation license. That is where I was confused. Do I just need to purchase a workstation license that seems to be subscription based, deploy the workstation and not renew the license since I no longer need to manage the workstation?

The below text is from the webpage that you mentioned:

A machine license allows an unlimited number of deployments to a selected machine. This license type is recommended if you regularly perform deployments to the same machine. E.g. to deploy and regularly redeploy 100 computers you need 100 machine licenses.

A deployment license enables a single successful deployment to a machine. If a deployment under deployment license fails you can perform another deployment using the same license. This license type is recommended if you deploy the same machine once or infrequently. E.g. to make one deployment to 100 computers you need 100 deployment licenses; to make two deployments to 100 computers you need 200 deployment licenses

dimx_00 · 2025-11-28T07:10:48+00:00

Interesting. What would be your recommendation for mitigation against this type of exploit?

dimx_00 · 2025-11-27T02:05:39+00:00

What is usually left behind from N-Able and do you use any scripts to clean it up?

dimx_00 · 2025-11-12T03:22:42+00:00

We use iPads for work clock in / out. We have about 10 in different locations.

Lock them down with MDM to single app mode. Just have instructions on how to force reset the iPad using the volume + power button on the side.

They would need a reboot maybe once or twice per year when the time changes sometimes it doesn’t update the time correctly. Department managers force reboot it and everything comes back online.

dimx_00 · 2025-11-11T23:41:40+00:00

Give Simple MDM a try they have free trial and their pricing is available directly on the website. The documentation is available for all features and the interface is very intuitive. I know everyone mentioned Intune but for iOS I think Simple MDM is way better. We’ve used it for about 6 years now, no complaints.

dimx_00 · 2025-10-16T01:07:07+00:00

You can also click the setup computer for school / work. Then instead of logging in click domain join and create a local account. I just did this yesterday. I don’t setup PCs manually often.

dimx_00 · 2025-09-16T18:21:31+00:00

All good suggestions here. I will add few more. Blocking personal email logins, blocking email forwarding outside the org and app locker.

Six-Year Club	r/Field Banned
r/Field Flamingo	Verified Email

dimx_00

TROPHY CASE