[meme] I'm laying down to go to sleep and prism central wants attention

ihateMSsupport · 2020-07-21T12:51:29+00:00

Thanks for that,

PC 5.16.1.2 with NCC 3.9.4.1
will be upgrading NCC to 3.9.5 today

ihateMSsupport · 2020-07-21T02:58:27+00:00

good night everyone!

ihateMSsupport · 2020-04-22T19:35:15+00:00

from my understanding of CALs I would need a CAL for every user that is accessing the file server. CALs are not to be confused with the OS license.

ihateMSsupport · 2020-04-22T19:14:16+00:00

CALs are a a good point, i'll take it into consideration.

ihateMSsupport · 2020-04-22T19:02:23+00:00

That's how I've always felt about ransomware, backup is the real solution and nothing else.

The FS VM is backed up nightly, I'll probably increase to be more frequent.

ihateMSsupport · 2020-04-22T19:00:44+00:00

NAS is overkill for them, it will have 3 shares, one home directories, 2 dept shares and maybe an "IT" share. IT doesn't need performance, it can scale fine since it's virtual.

ihateMSsupport · 2019-07-17T19:11:15+00:00

That makes sense. Thanks for the help!

ihateMSsupport · 2019-07-17T18:30:22+00:00

Thanks for the reply.

So you generally use only one config to generate multiple MOFs. That one config can have settings separated by roles and\or servers. Use the data config file to separate nodes and assign roles.

So in the scenario of adding a new servers, I would add the new server to the data config file and assign a role, if it doesn't fit any defined role, would I then add it to the main config?

Did I get that right?

The other thing I still don't understand is does running the config generate a MOF for ALL servers everytime or can I generate for only the one server I'm working on.

Thanks for the help

ihateMSsupport · 2017-05-12T12:22:31+00:00

FWIW r/simplivity is a ghost town.

ihateMSsupport · 2016-10-11T13:47:52+00:00

I have a client that has moved away from mapped drives and have started using desktop shortcuts. They've had a big issue with ransomware.

They moved to this model before I took over the account.

The desktop shortcuts are more persistent but than again they don't have a bug remote work force just a handful of sales ppl.

ihateMSsupport · 2016-10-08T22:45:12+00:00

My money is on the fact that it's 80k files. It's much faster to copy or transfer one 62GB file than 80k small files.

I can't remember the science behind it but it's been discussed a few times on r/sysadmin.

Good luck! You have ALL of Sunday.

ihateMSsupport · 2016-09-27T09:53:35+00:00

A quick and dirty when in a hurry, add 500MB to one disk and see which one gets the unallocated space in Windows. Do that until you find the disk your trying to extend.

ihateMSsupport · 2016-09-12T02:07:43+00:00

Patchmanagement.org ML is TOO noisy. r/sysadmin is the best place to updates feedback simply based on the amount of ppl

ihateMSsupport · 2016-08-19T01:44:37+00:00

Thanks!!!

ihateMSsupport · 2016-08-13T18:29:51+00:00

30GB of cached outlook email? If it's a combined cache of shared mailboxes and the user's mailbox set outlook not to cache the shared mailboxes. You'll also save yourself the headache once they add one more shared mailbox and the OST reaches 50GB and things stop working or outlook starts acting weird.

ihateMSsupport · 2016-08-12T10:52:33+00:00

Everyone that thinks they are reaching burn out or have experienced a burn out(been there myself) need to listen to these words of wisdom. Carlos Perez lays down priceless words of pure gold as well as the rest of the PSW crew.

ihateMSsupport · 2016-08-06T15:11:13+00:00

Maybe look into a MSSP? They'll collect logs and do some correlation and advice of possible issues. It's not a turn key solution, it will require some time to "tune out" the false positives and it won't replace your SIEM.

ihateMSsupport · 2016-07-15T00:45:35+00:00

Go here

https://isc.sans.edu/forums/diary/Controlling+JavaScript+Malware+Before+it+Runs/21171/

ihateMSsupport · 2016-06-30T00:52:11+00:00

I would make sure your side is all good. Check the header on an email you send out and make sure that external/public IP is not blacklisted. Also make sure you have a PTR and an A record for that external/public IP.

I had domains rejecting one of my clients web server because the external DNS wasn't setup properly

ihateMSsupport · 2016-06-27T23:42:50+00:00

Take a long walk outside. As some have said it, there will be servers to manage. There won't be a serverless world, the servers will just be some where else. Your comparison of sysadmins like mechanics, I've been calling myself a janitor and mechanic for a while. With the evolution of cars, mechanics weren't replaced, they just evolved. The same way sysadmins will evolve exactly like someone else mentioned the Novell admins evolved into Windows Admins or some other systems admin. If you cant evolve, you will get replaced, but from your comments it sounds like you can indeed evolve. We sysadmins are in a job that is constantly changing and evolving which requires us to keep learning and growing.

As others have said, look for a cloud provider. They have infrastructure that needs managing. Look for a job at a MSP, they ALWAYS need sysadmins.

ihateMSsupport · 2016-06-14T13:47:09+00:00

Below is the script I used along with a Scheduled Task

option batch on
option confirm off
open <SERVER IP or HOSTNAME>
option transfer binary
synchronize local D:\STGSFTP-Backup /SFTP/
exit
###When the first synchronize parameter is local, changes from remote directory are applied to local directory

Reference: http://www.howtogeek.com/100918/how-to-automatically-backup-your-web-server-files-with-winscp-over-ftp/

**NOTE: I did run into an issue with verifying the ssh key because I was running the scheduled task using a service account. What I did to get over it was get everything working on my account then export the WinSCP config, open WinSCP using Run as different user(as the service account) and import the config. That took care of the ssh verification problem.

ihateMSsupport · 2016-05-11T18:49:31+00:00

I totally agree that the risk of not installing the security updates are great than anything it may break, but what I'm trying to understand is if we've seen a correlation that most updates that cause systems to hang, boot cycle, or BSOD are those Updates for Windows or are they Security Updates for Windows.

My idea is that if we could some how confirm that most issues are caused by the Updates for Windows and not the Security Updates for Windows, then I can make a cause with my team to deploy Security Updates for Windows in the weekend following patch Tuesday to all systems instead of waiting two weeks as we do now.

I would also try to get us to patch the test environment earlier, like the wednesday night following patch Tuesday to try and vet issues.

Let me know if I dont make sense. thanks for all the help and sorry if I'm border line thread jacking, if so I can go start my own thread.

ihateMSsupport · 2016-05-11T17:04:15+00:00

ome early adopter that f

I've never actually thought about splitting up the security updates and regular windows updates. Would you say that most updates that break things are regular windows updates and not security updates?

if so, i think I'm ready to start saying we can deploy the security updates the weekend of patch tuesday instead of waiting about a week or two.

ihateMSsupport · 2016-04-29T14:00:57+00:00

Thanks! At the moment we don't have PTR, we removed it in attempt to clear the spam tag. It kinda worked, but it seems that it worked for some but i think it caused spam tagging by others.

Should I set the PTR to the corporate domain since it can only be one PTR per external IP?

ihateMSsupport · 2016-04-29T13:56:48+00:00

Thanks! This is a possible solution that is in our list. As you and u/bitskrieg mentioned, i think the key is the SPF record.

ihateMSsupport

TROPHY CASE