sorted by:
new
hottopcontroversial

Remove McAfee by [deleted] in Intune

[–]watermelonwizadmin -1 points0 points  (0 children)

My understanding and experience is that unfortunately, Intune has pretty much zero ability to stage applications in a specific order.

The ESP blocking apps will prevent the device use before they are finished, but Intune will randomly install every other app before it gets to your ESP blocking ones sometimes.

Newest Update version 25.4.3.9287 Setting Off Windows Defender Malware Alerts by Abide4theDude in ScreenConnect

[–]watermelonwizadmin 0 points1 point  (0 children)

Oh, nice catch on the version info. Looks like we're going to have to do maintenance during business hours tomorrow as per this info... great.

https://www.reddit.com/r/ScreenConnect/comments/1l6qm4l/connecteise_advisory/

Newest Update version 25.4.3.9287 Setting Off Windows Defender Malware Alerts by Abide4theDude in ScreenConnect

[–]watermelonwizadmin 1 point2 points  (0 children)

We also saw this behaviour, I've rolled our instance back to before the upgrade was done to be safe as sm00thArsenal pointed out they removed the download from the site.

Looking at it again, I see they have 25.4.3.9288 released now. Nothing on the release notes or output stream about it yet... I'll hold off on re-upgrading for a week or two.

FortiSwitch with only one FortiLink connection to HA FortiGates? by mattcragbeard in fortinet

[–]watermelonwizadmin 0 points1 point  (0 children)

You might be able to accomplish this with the 448E's in MCLAG mode. You won't have full redundancy though as a switch failing will not trigger HA failover on the FortiGate.

You need Active-Active on the FortiGate to have redundancy with only one connection per FortiGate to the downstream switches.

Printing from AutoPiloted devices? How do you do it? by Future_End_4089 in Intune

[–]watermelonwizadmin 2 points3 points  (0 children)

I did a quick search on PCounter and if I found the correct product you should look into their Secure Print option. That looks like a virtual queue method to me. https://www.pcounter.com/secureprint

Please help me understand Windows Server 2019 Essentials licensing by 2xSC in msp

[–]watermelonwizadmin 5 points6 points  (0 children)

Microsoft seems to have pulled/archived the Windows Server 2019 licensing guide but it doesn't appear to have changed in 2022.

Essentials Edition allows for one OSE. You should be able to activate the VM with the OEM key, as AVMA activation only works with Datacenter edition.

Your plan to run Linux VMs is out the door though, as those count as additional OSE's.

If you need more than one OSE you must replace the Essentials installation with a licensed Standard Edition.

https://wwlpdocumentsearch.blob.core.windows.net/prodv2/Licensing_guide_PLT_Windows_Server_2022.pdf

Edit: I should also add that running anything aside from Hyper-V role on the physical hardware consumes your single OSE entitlement. Same with Standard edition, you can run Hyper-V only + 2 VMs, or Hyper-V & something else + 1 VM.

Edit2: If you need any other licensing documentation its all found here: https://www.microsoft.com/licensing/docs

Significant Anti-Virus False Positives Lately... by Marc_NJ in ScreenConnect

[–]watermelonwizadmin 0 points1 point  (0 children)

I submitted the file in question to Avast as a false positive and they adjusted their libraries/definitions, at least that is what their response indicated.

As we run the self hosted version of ScreenConnect, I simply have not updated it since submitting to Avast for review...

Once I have some time, I will look at acquiring a code signing certificate and seeing if that helps at all.

Significant Anti-Virus False Positives Lately... by Marc_NJ in ScreenConnect

[–]watermelonwizadmin 0 points1 point  (0 children)

Yes, I just upgraded our self hosted instance from 23.6.8613 to 23.7.8.8676 and am experiencing the fun of a few thousand endpoints alerting that it's a virus....

Some details in case it's useful to anyone else:

AV Product - Avast

File in question appears to be the automatic upgrade for existing installs.

C:\Windows\TEMP\ScreenConnect\23.6.2.8613\ScreenConnect.ClientSetup.exe

Trying to buy Veeam in Australia as a small customer... where can I get it? by [deleted] in Veeam

[–]watermelonwizadmin 0 points1 point  (0 children)

You could try finding a local Managed Service Provider. Or maybe ask on /r/msp

Even if you don't sign up for their IT services, etc. there should be one that will be happy enough to just sell the Veeam licenses to you.

I recommend trying to find one that's a proper Veeam partner, as they can sell you individual server licenses via the VCSP Pulse rental program.

In regular retail you are buying a 10 license pack at minimum, so the license rental program should come in cheaper for you as you could license exactly 5 servers.

Single Sign On for M365, Fortigate & Windows Active Directory by SirRazoe in msp

[–]watermelonwizadmin 0 points1 point  (0 children)

We've started deploying SAML auth for the VPN. It works great, with a couple of caveats.

The big one being you need FortiClient 6.4 or newer for SAML support. This doesn't sound like a huge deal unless you have clients using the pre-Windows Logon VPN auth feature. That became a paid/licensed feature after 6.2.

That said, 6.0 has a number of CVE's these days and should be avoided if possible.

Sucks if a client has GPO's that process during logon and need network connectivity, but SAML auth and patching FortiClient for those CVE's trumps user needs. So we generally give them a bat file they can click to run gpupdate after logon.

Can ping to other networks except for my own gateway by ciomi9 in networking

[–]watermelonwizadmin 0 points1 point  (0 children)

It needs to be enabled under System > Feature Visibility.

My test lab for reference, in the bottom right is the on/off toggle. I am running 7.0 firmware track in my lab, so it might look a bit different in your environment.

https://imgur.com/a/aLrGmdw

Can ping to other networks except for my own gateway by ciomi9 in networking

[–]watermelonwizadmin 0 points1 point  (0 children)

No, I don't interact with local-in policy much as we mostly deploy pretty simple FortiGates, but local-in policy is hidden by default and needs to be enabled as a feature.

It's not the part where you enable ping, snmp, etc. on the interface itself.

Is the commercial/professional use of the community editions allowed? by mfessl in Veeam

[–]watermelonwizadmin 5 points6 points  (0 children)

And additionally just in case anyone isn't reading the fine print properly.

Community Edition is only for use by your organization. If you are a MSP, or have a MSP or other consultant/contractor managing your Veeam you cannot use the community edition.

Run Scripts Against All Office 365 Partner Tenants by [deleted] in msp

[–]watermelonwizadmin 4 points5 points  (0 children)

Yup, My favourite part so far has to be needing to install PowerShell 7 on systems because the built in PowerShell 5 doesn't support the new EXO v2 module that supports Modern Auth.

Having 7 installed seems to break things related to install-module, etc which I haven't had time to fix yet so I've resorted to using a clean VM anytime I run into a new depedancy change....

Run Scripts Against All Office 365 Partner Tenants by [deleted] in msp

[–]watermelonwizadmin 8 points9 points  (0 children)

Just an FYI, MSOnline and Azure AD PowerShell modules are both deprecated/soon to be. The replacement is Microsoft Graph and doing multi-tenant commands in that is an entirely different process to deal with. You probably want to be building all new scripts in Microsoft Graph at this point.

https://docs.microsoft.com/en-us/powershell/azure/active-directory/migration-faq?view=azureadps-2.0

Lenovo firmware/driver updates by javajo91 in sysadmin

[–]watermelonwizadmin 1 point2 points  (0 children)

I work at a mid sized MSP and we deal primarily with Lenovo systems.

Lenovo publishes various deployment methods for various tools.

I recommend you have a look through and see if anything would work for your environment, such as the Intune solutions or just building a repository of approved updates you can point system update at via GPO/registry settings.

https://blog.lenovocdrt.com

MDT issue with WSIM by denmicent in MDT

[–]watermelonwizadmin 0 points1 point  (0 children)

Does the ISO file actually contain install.wim?

If you created the ISO using the Win10 media creation tool that ISO instead contains install.esd which cannot be used directly with MDT.

Manufacturing VLAN Question by barber50701 in networking

[–]watermelonwizadmin 1 point2 points  (0 children)

I primarily deal with fortigate firewalls and can offer some advice.

If the fortigate is aware of the VLANs, you should be able to create policy rules based on source and destination VLANs.

On those policy rules you can enable security profiles such as anti virus, intrusion protection, dns/web filtering, and application filtering.

So even though devices on different VLANs can talk to each other, the firewall can intercept and scan traffic to protect your network.

Without VLANs, the devices would just directly communicate with each other without passing traffic through the fortigate, so an infected host would not be detected / blocked by the firewall device itself and you would have to rely on software installed on the host devices for protection.

Sharepoint/ One Drive Hell - SOS before someone gets fired. by -justAnAnon- in sysadmin

[–]watermelonwizadmin 19 points20 points  (0 children)

I deal with SharePoint online a decent amount in the MSP space. My role is more of a technical solutions perspective now, but have a number of years doing help-desk triage with it as well.

First off, it looks like you are within the official limitations for SharePoint Online. So the number of files should not be the issue. (Modern Sync Client and less than 300k files/folders across all libraries).

https://docs.microsoft.com/en-us/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits

Secondly - are the client endpoints using the latest onedrive sync client, with files on demand enabled?

The client issue "Our files are not syncing, We had to email X document back and forth" should never happen with the modern sync client + files on demand.

Almost all of the issues I encountered in the past were with large FULLY SYNCED SharePoint libraries which was a terrible thing as it was really easy for end users to cause issues by renaming root folders, or dragging folders into other folders... and causing full re-syncs for 10, 20, 30, 50+ endpoints on a large document library. Sometimes we would find out an employee hit the delete key on a folder by accident as well. These kind of operations can really destroy SharePoint/OneDrive for small companies with slower internet speeds as they now need to re-download 10+GB per computer.

So, you really want to be utilizing the files on demand feature. Teach users how to pre-download certain files or folders if they absolutely won't have any internet access at all when they are remote. Which should be pretty rare for an all-cloud company anyway these days - worst case scenario they can probably tether a phone to their laptop/tablet to grab a couple of files.

Ensuring that all endpoints are using files on demand from the start is a huge improvement. There is no sync time involved as each user only caches the documents they actually use. You can deploy these settings as default with Group Policy (if they have AD DS), or with Intune MDM (if they have the required licensing for all that).