|
Tapedump posted:This isn't my shop internal stuff, but it's a question for a client. They are two CPAs that lease a Remote Desktop Connection to a desktop environment they run their accounting software on. Assuming you need to keep the server-based accounting software solution, there are plenty of MSPs out there more than willing to provide a "private cloud" solution which would provide an SSLVPN connection to them, and they'd connect and then jump into remote desktop or whatever else. Look for MSPs that specialize on the CPA space, local to you in case they need onsite support for something... On the back end it'd probably be AWS or Azure with a VPN appliance and then 1-2 servers. I'd expect such a setup to be about $1k/mo?
|
#
?
Nov 12, 2021 21:47
|
|
|
|
| # ? Apr 27, 2024 10:49 |
|
|
Do it all in Windows 365 or something
|
|
#
?
Nov 12, 2021 21:51
|
|
|
Anyone here running gerrit authenticating against an LDAP (AD, FreeIPA, whatever) server, who would like to hold me tight and tell me everything will be OK? (Rant time: Google, what the gently caress, why you gotta reinvent the entire universe every single time you do something. I know your army of CS PhDs probably have raging boners, but just make simple software that works, OK thanks. Yeah, I realize the irony of me bitching about a free piece of software.)
|
|
#
?
Nov 17, 2021 09:39
|
|
|
Agrikk posted:On two occasions the on-site tech swapped out my working business modem for an xfinity one and then bail with it even after I told him to leave my poo poo alone. It's oddly reassuring to know this is par for the course. I didn't get unlucky with my ISP, it's just normal to have to fight an uphill battle to accomplish anything.
|
|
#
?
Nov 17, 2021 18:58
|
|
|
Our xerox photocopier seems to be screwing up the dns resolution of the office 365 smtp server about like 5-10% when doing scan to email. We have it set to use google dns (8.8.8.8/8.8.4.4) but when I ping smtp.office365.com on my desktop, it seems to lag to resolve the address. The dns records also seem screwy to me (via dig in google toolbox):code:Anyway the vendor has suggested to replace smtp.office365.com with a direct IP address - it seems to be working for now - but I hate that solution because the hostname can resolve to several different server IPs and is constantly being updated by MS. Any of you guys dealt with something like this?
|
|
#
?
Nov 24, 2021 22:28
|
|
|
That's just the result of it resolving the CNAME to the A records, it looks the same for me:code:
|
|
#
?
Nov 24, 2021 22:47
|
|
|
Yeah I figured out after I posted that it's a 3 level CNAME chain that ends with four A records, I still don't really know what to do with this photocopier because I've plugged one of those IPs into it instead of the hostname (working fine for now)
|
|
#
?
Nov 24, 2021 22:51
|
|
|
Maybe the device is choking on the amount of CNAME lookups, does it get better if you just put in outlook.ms-acdc.office.com as the server address?
|
|
#
?
Nov 24, 2021 22:59
|
|
|
That's probably worth a shot, just entered that into the photocopier, thanks e: 2 successful scans so far, gonna have to watch it tomorrow to make sure it's corrected mewse fucked around with this message at 23:26 on Nov 24, 2021 |
|
#
?
Nov 24, 2021 23:05
|
|
|
delete
|
|
#
?
Nov 24, 2021 23:24
|
|
|
It's the size of the DNS packet and the crap resolver in the scanner that bombs out if it's too big a packet. (Often happens when there's additional info tossed into the response). Usually happens when there's authority info added to the packet - which will increase the packet size to >256bytes.
|
|
#
?
Nov 25, 2021 18:36
|
|
|
unknown posted:It's the size of the DNS packet and the crap resolver in the scanner that bombs out if it's too big a packet. (Often happens when there's additional info tossed into the response). Usually happens when there's authority info added to the packet - which will increase the packet size to >256bytes. Holy poo poo I just installed wireshark and pinged smtp.office365.com a bunch of times and triggered a dns response that is 257 bytes 
|
|
#
?
Nov 25, 2021 18:53
|
|
|
unknown posted:It's the size of the DNS packet and the crap resolver in the scanner that bombs out if it's too big a packet. (Often happens when there's additional info tossed into the response). Usually happens when there's authority info added to the packet - which will increase the packet size to >256bytes. This sounds like a reply with a backstory :|
|
|
#
?
Nov 29, 2021 03:33
|
|
|
3 level CNAMEs is the proper way of doing things (public name -> service load balance -> cluster loadbalance -> machines), but because of the old 256b limit, many large entities have had to fix their responses to be below it. The quick fix was to shorten your domain name. (ever wonder why some companies have a weird short domain behind the scenes? Usually this) But these days most combine all the above into a single response (cloudflare/etc) now. The culprit long time ago wasn't printers, but was actually firewalls that ran DNS filter proxies (no one does that any more) that had the same issue and dropped large packets.
|
|
#
?
Nov 29, 2021 15:32
|
|
|
Hi Thread! I recently fell into a position as Technology Director for a small nonprofit, ~60 users. Figured I'd come in and introduce myself and let you know some of the things that are top of mind for me. If you have any thoughts on where I should start or redirect me, I'm all ears!
I think that's all for now. Any thoughts or reactions from you expert Goons would be greatly appreciated!
|
|
#
?
Nov 30, 2021 18:38
|
|
|
dexter6 posted:Hi Thread! I recently fell into a position as Technology Director for a small nonprofit, ~60 users. Figured I'd come in and introduce myself and let you know some of the things that are top of mind for me. If you have any thoughts on where I should start or redirect me, I'm all ears! Hey! Congrats on the new gig and welcome to the thread.
|
|
#
?
Nov 30, 2021 18:47
|
|
|
If you don't already, use your non-profit pricing to get Microsoft 365 E5 licenses. Otherwise, you may run into issues licensing/deploying some of the things you're trying to do.
|
|
#
?
Nov 30, 2021 18:50
|
|
|
Internet Explorer posted:Hey! Congrats on the new gig and welcome to the thread. The Fool posted:If you don't already, use your non-profit pricing to get Microsoft 365 E5 licenses.
|
|
#
?
Nov 30, 2021 18:56
|
|
|
dexter6 posted:
If at all possible, I'd try to lock your department's support down two laptop models of your choosing, one for standard users and one for power users who will need more horsepower, then do not deviate from those two models. That will cut your image management down to two images, which will make your life infinitely easier. The "standard" model should be easy enough to choose. For your power users, I'd recommend speaking to all your power users to make sure whatever upgraded model you choose for standardization will be sufficient for their needs. Then decide how many years you want to go between manual computer refreshes. You will need approval from the brass to do this. For the inevitable presentation you'll need to make to present your case, study up on the statistics regarding how much more expensive old computers are to maintain (including cost of work for lost productivity during outages, which older computers are much more likely to face) than new computers are to cycle through every several years. Believe me. I've worked at companies that do the onesie-twosie dance with laptops (somebody needs a laptop so you're supposed to hop online, go to any old vendor, including ebay, and just find whatever is cheap that day and buy it, then be expected to support it forever) and it just makes the job excruciating. And as a bonus, you end up with closets upon closets of old PC's that maybe do maybe don't work or maybe are maybe aren't new enough to redeploy. Avoid that at all costs. GreatGreen fucked around with this message at 07:06 on Dec 1, 2021 |
|
#
?
Nov 30, 2021 21:21
|
|
|
Adding to the already great advice you've gotten above, I'd say make sure you standardize on business-line laptops, with good warranties. There's a distinct quality difference between home and commercial laptops, and getting good warranties so you don't have to worry about hardware failures will pay invisible dividends in terms of avoiding lost work and IT reputational damage. Lean on your non-profit status with vendors to get whatever discounts you can. I don't know if TechSoup is still a thing, but look into that (or its successor). And congrats!
|
|
#
?
Nov 30, 2021 23:01
|
|
|
Welp, the IT Director is jumping ship and the CTO is bringing in KPMG and some other firm to re-structure ITOps. I'm curious to see what KPMG will say, but I'm still going to polish the resume and keep it in my back pocket in case I need to pull the trigger and gtfo.
|
|
#
?
Dec 1, 2021 02:39
|
|
|
The Fool posted:If you don't already, use your non-profit pricing to get Microsoft 365 E5 licenses. Microsoft is pushin Microsoft 365 Business Premium hard for smaller orgs (non profits included) and there’s a lot there for the price point (including a chunk for free for non profits). Very much worth a look to see if that would cover all your needs
|
|
#
?
Dec 1, 2021 03:58
|
|
|
I had two users batteries "die" (instant 0%, not charging) at the same time last week, both have been running laptops off the DC power adapter and of course both are fully remote WFH 20+ hours away. It looks like both got pushed a windows update about that time but rolling back didnt help. ...Dell apparently decides to throttle the CPU down as much as possible to 22% max frequency due to that perceived missing battery. Did this happen to anyone else within the past few months? Anyone know of a way to force a Dell XPS 15 on Win 10 out of a power/battery saving mode? EDIT: I was able to force the clock speed to 100% by editing the registry, just need to figure out the battery issue but at least the show stopper is resolved. CarForumPoster fucked around with this message at 17:07 on Dec 3, 2021 |
|
#
?
Dec 2, 2021 19:59
|
|
|
mewse posted:Our xerox photocopier seems to be screwing up the dns resolution of the office 365 smtp server about like 5-10% when doing scan to email. We have it set to use google dns (8.8.8.8/8.8.4.4) but when I ping smtp.office365.com on my desktop, it seems to lag to resolve the address. The dns records also seem screwy to me (via dig in google toolbox): You could just stop doing authenticated SMTP for your scanners unless they need to scan outside your tenant. You can just use domain-tld.mail.protection.outlook.com for your SMTP server over 25, and it goes through just fine so long as it stays in org.
|
|
#
?
Dec 3, 2021 07:43
|
|
|
Silly Newbie posted:You could just stop doing authenticated SMTP for your scanners unless they need to scan outside your tenant. Is there any documentation on how this setup works / what this setup is supposed to be used for? I did find the xxx.mail.protection.outlook.com hostname for our o365 tenant and it only resolves to a single IP address with no CNAMEs, I'm just wondering about why it would accept smtp submissions on port 25 with no authentication. e: hmm this looks like it has the details mewse fucked around with this message at 19:36 on Dec 3, 2021 |
|
#
?
Dec 3, 2021 19:08
|
|
|
dexter6 posted:Thank you! Glad to know I’m barking up the right trees here! If you don't know about it already techsoup is your go-to place for NGO software.
|
|
#
?
Dec 3, 2021 21:01
|
|
|
mewse posted:Is there any documentation on how this setup works / what this setup is supposed to be used for? I did find the xxx.mail.protection.outlook.com hostname for our o365 tenant and it only resolves to a single IP address with no CNAMEs, I'm just wondering about why it would accept smtp submissions on port 25 with no authentication. Basically you're delivering email directly to ms365's external server like a normal spam message. It'll get scanned like normal mail, so you'll have to do some tweaks in your exchange setup so the external IP it's coming from passes or something. This way you don't need a license. Also, MS is trying to get rid of normal/plain authentication on pop/imap/smtp eventually so 2FA actually works.
|
|
#
?
Dec 3, 2021 22:48
|
|
|
mewse posted:Is there any documentation on how this setup works / what this setup is supposed to be used for? I did find the xxx.mail.protection.outlook.com hostname for our o365 tenant and it only resolves to a single IP address with no CNAMEs, I'm just wondering about why it would accept smtp submissions on port 25 with no authentication. That article has been the gold standard for years, yeah. It is 100% only useful for mail that stays in your org, and you need to have the locations using it set in your SPF record, as unknown said, but it's amazing at what it does. Doesn't matter what you put in the reply to address, doesn't even have to be an address that exists, so long as it's in your tenant. Mostly it's meant for stuff like scan to email, email alerts from legacy systems that stay in org, that kind of thing. It's absolute magic for its use cases.
|
|
#
?
Dec 4, 2021 07:56
|
|
|
Alternatively, use something like Amazon SES for devices that send email. I like being able to have a unique IAM user for each device that sends mail, and not have to worry about whether that message is also deliverable externally.
|
|
#
?
Dec 4, 2021 11:15
|
|
|
Silly Newbie posted:Doesn't matter what you put in the reply to address, doesn't even have to be an address that exists, so long as it's in your tenant. This isn't 100% true, you absolutely CANNOT use an address that exists as a user. Also, O365s spam filter loves to catch the emails so you might have to do some work there as well to get the mail to get passed to mailboxes.
|
|
#
?
Dec 6, 2021 07:34
|
|
|
Office 365 question - I'm implementing Security Defaults for my organization, but after I turned it on I realized that users can't select SMS/phone call as an authentication method. We like the idea of Security Defaults because it gives users a 14-day grace period to sign up for MFA instead of instantly locking them out until they sign up. However, some users don't have the option of a smartphone app to log in, so they'd need a phone call or SMS code. I know that's not the most secure for those users but, well, here we are. Is there a way to either use Conditional Access and gives users 14 days to sign up, or turn on SMS along with Security Defaults?
|
|
#
?
Dec 6, 2021 15:33
|
|
|
I wouldn't take away SMS for users unless we had solid alternatives, such as a yubikey and app total proficiency. SMS, for better or worse, is the trough that the horses will drink from.
|
|
#
?
Dec 6, 2021 23:48
|
|
|
MF_James posted:This isn't 100% true, you absolutely CANNOT use an address that exists as a user. This is probably true, I've never tried to use an existing address as the reply to. Now I want to, to see exactly how it breaks. I haven't had any trouble with the spam filter, but I've really only used it for scan to email on MFPs and contact us links on websites. gently caress everything about giving third party web devs credentials without MFA.
|
|
#
?
Dec 7, 2021 06:39
|
|
|
incoherent posted:I wouldn't take away SMS for users unless we had solid alternatives, such as a yubikey and app total proficiency. SMS, for better or worse, is the trough that the horses will drink from. Yeah, that's the situation we're in. But we also need the 14-day grace period of Security Defaults (which doesn't allow for SMS).
|
|
#
?
Dec 7, 2021 15:19
|
|
|
Subversion can suck my smelly sticky hairy wrinkly balls for eternity. That is all.
|
|
#
?
Dec 7, 2021 19:40
|
|
|
No. 1 Juicy Boi posted:Yeah, that's the situation we're in. But we also need the 14-day grace period of Security Defaults (which doesn't allow for SMS). 14 days of constant all hands emails and global-teams messages 
|
|
#
?
Dec 7, 2021 20:26
|
|
|
bolind posted:Subversion can suck my smelly sticky hairy wrinkly balls for eternity. That is all. I thought everyone had switched to git lo these many years ago. Did you just upgrade from CVS or something?
|
|
#
?
Dec 8, 2021 00:18
|
|
|
incoherent posted:I wouldn't take away SMS for users unless we had solid alternatives, such as a yubikey and app total proficiency. SMS, for better or worse, is the trough that the horses will drink from. You do have alternatives. As you said, Yubikey or another passwordless option, hardware TOTP Tokens such as https://www.microcosm.co.uk/order/product.php?ProductID=346, or any authenticator app. SMS is a crutch and we'd probably all be better served if MS just disabled it as an option.
|
|
#
?
Dec 8, 2021 00:54
|
|
|
The push notification experience in the ms auth app when paired with azure ad mfa is quite good.
|
|
#
?
Dec 8, 2021 07:55
|
|
|
|
| # ? Apr 27, 2024 10:49 |
|
|
Albinator posted:I thought everyone had switched to git lo these many years ago. Did you just upgrade from CVS or something? They have and we should. I'm working, in parallel, to convert the whole thing to Git, but then the dinosaurs emerge from their offices spouting poo poo they read on usenet 12 years ago. Also doesn't help that my users are not exactly CS PhDs. During my investigations I learned that some dude had committed a 1.5GB PDF. On purpose.
|
|
#
?
Dec 9, 2021 06:34
|
|