Hey guys, so I Googled this quite a bit and found my exact situation before, but none of the solutions I found online seemed to have worked when I've tested them, plus they were a few years old so I thought I'd ask now in case the solution(s) have changed.

I am trying to use local group policy to set a very simple logoff script to duplicate the computer's display when a user logs out. This would help tremendously because, in my work environment, the secondary displays are projectors and tend to go to extend or "screen 1 or 2 only" which confuses faculty. As far as I'm aware, the script should literally be as simple as "DisplaySwitch.exe /clone" which works when called via CMD manually, but will not work for me as a batch file or PowerShell file under the local group policy, for whatever reason.

I have also tried calling the command through the Task Scheduler, but that has yielded nothing just the same as via the local group policy. It doesn't help that I'm playing a guessing game in Task Scheduler as to what is actually considered the logout event, since activating upon logout isn't a normal trigger that you can set. Both supposed logout event IDs, 4634 and 4647, fail to do anything for me as well.

Unfortunately, I do not have the permissions to create an Group Policy Objects, which might just be the fix I am looking for, but I wouldn't know at this point.

So! I have old EsxI hosts x 2 on Essentials only (nonplus) as wasn't required because our setup snap shots to a separate host which can be brought up for DR. Also started with one host and went to 2 in covid.

New system just had 3 shiny new hosts delivered and are now online and I'm sat deciding how to migrate to new hosts.

1. Use Veeam Instant recovery. Just restore out of hours onto the new hosts and job done was my original plan but while I think it will work requires a large amounts of down time to complete each server migration.

2. New thought. Can I load up a new VCentre on the new kit with my new essentials plus license and add say 2 of new hosts and one old and VMotion across ?

Remove the host I've moved and add the other old host and emotion those would be quicker.

8 servers in total and around 17TB of data. Old hosts are vmware 6.5 if that makes a difference.

Anyone done anything similar and any obvious gotchas for either the above.

I’m in a shitty situation. There’s multiple reasons why I’m posting this I suppose. Mostly as a vent, partly as a word of warning. Maybe get some advice or commiseration along the way.

Back in August, a recruiter reached out to me about a job that was a significant bump up salary wise from where I was. It was also a chance to work with a prestigious client. The move required relocation halfway across the county. After some emails back and forth regarding logistics and pay, I accept, give notice at my former job, terminate my current lease early and hire movers. The job would’ve paid a decent relocation bonus, though I still would’ve had to come $5k out of pocket.

The initial offer letter (before I made arrangements) contained the first red flag: mention that the position was contingent on a document being signed authorizing funding for my project. I sent an email back inquiring about the contingency. A VP of the company quickly replied saying the wording was a mistake, the document had been signed and I was good to go.

About 2 weeks later, I get a call from the VP right as I was shutting the door on my moving truck. The document hadn’t actually been signed. We had a frank conversation, and the VP assured me the signature would be forthcoming “soon”. At this point I was effectively homeless and had a lease waiting for me at my new location. The movers had already been paid. I was basically committed to the move. On the bright side I thought, I had time to get my place set up and work on a few personal projects and get to know my new location.

Two weeks ago, I was told that the document still hadn’t been signed, but that the position was paid for and the signature should be coming “in the next two weeks”. I would also be put on payroll to hold me over in anticipation of the signature. At this point I turned on my open to work badge and sent out a few applications as a backup. But I still held on to the hope that this job would come through.

This morning, the same VP who initially assured me the position was good to go emailed me saying the client was unable to secure the document, didnt have any idea of when that would happen and they’re terminating my contract next week. I’m absolutely dumbfounded and in a state of shock. I was beside myself in anger upon reading the email and resisted every urge in my body to not call that guy every word in the book and a few which yet to have been invented. Here I am, a thousand miles from my friends and a decently paying position, in a HCOL city, living off my savings and without a job lined up. In one of the shittiest hiring markets since 2008 to boot. Cherry on top is that it’s close to the holidays and most companies are holding off on hiring people until the new year. The VP assured me they were looking for other positions for me and offered his sincere apologies. Beyond that and the 3 weeks on payroll, the company had offered me absolutely nothing to compensate my out of pocket expenses. 3 weeks pay doesn’t even come close. The VP’s promises that they are “still looking for opportunities” have fallen on deaf ears. I don’t trust these guys a bit. My cynical side was that they wanted profit off my taking the position, thought everything would be lined up before I moved and threw me a token check once everything blew up in their face.

I’ve already reached out to my network and have a few leads. Today and tomorrow I’m getting drunk, working on personal projects, decompressing and processing everything. Starting Monday my first two priorities are going to obviously be looking for a job and finding a lawyer to hold these assholes accountable. Luckily I have the important emails and documents saved. Thankfully I have income in the form of VA disability, though I’m getting close to having to take an early dispersal of my retirement.

Lessons learned:

1. Pay attention to red flags. If you get even a hint of something being amiss, refuse to proceed further until they’re sufficiently resolved in your favor. My mistake.

2. Companies will blatantly lie to your face if they suspect even a hint of profit off you.

3. For the love of god build up your emergency fund. I know it’s easier said than done in this economy but I really wish I had saved up more.

4. Conversely to points 1 and 2, avoid burning bridges without STRONG justification. I know people on Reddit love to live out their revenge fantasies and tell people to quit with no notice and slack off on turnover, but I already have a few leads from previous managers. Had I not given a shit about my network, I’d be in a much worse position.

That’s pretty much it. As much as I’d love to blast the name of the company to anyone who would listen, I’m going to refrain for now to avoid any complications with possible legal actions. If it turns out I’m SOL legally, I will make it a side hustle to absolutely roast them in any form I can. They’re not a huge company and word of mouth will definitely hurt them much more than multibillion dollar corps. After a few hours of calming down, I sent the VP a curt reply acknowledging I saw his message, and a vague reference to “exploring my options” (does he mean in the job search or legally? Who knows!). I’m fairly confident I’ll land on my feet. I just wish I could go back in time and tell past self that these guys were fucking with me.

TL;DR

Moved across the country for a “fully funded” position, position turned out to not be as fully funded as I was led to believe. Slimey staffing firm exec who can self fornicate with a chainsaw offers me 3 weeks pay and “sincerest apologies”.

Hey friends :)

Looking for a more reliable program to setup tasks like program start-ups and force closes at certain times during the whole week

would love to know what third party alternatives you people used and recommend

I'm a Linux sysadmin, but I've recently been assigned a Windows sysadmin role in order to keep my current job (long story short, there’s no demand for Linux skills here anymore, and the only available position was for a Windows sysadmin).

The problem is that I know nothing about Windows (the last version I used was Windows 7). I've been given one month to get up to speed enough to maintain services and backups.

What would you recommend I study? I’m particularly interested in book recommendations. I’ve started reading MCSA Windows Server 2016 Complete Study Guide by William Panek, which seems helpful, but I'd love to hear your thoughts or additional suggestions.

As I look around my office and think about all the time display devices at home and in my personal life, I consider all the hours I've saved by no longer having to manually set clocks forward or back by one hour because the the twice annual time changes. Also thanks to DHCP options 4 and 42.

Resolved. SSPR was on for all. Not sure why it wanted that info when logging on the PC, but not when logging on their office.com account if it is user based. It was set to only require 1 form for password reset. Not sure why it demanded 2.

I know I didn't require it. I work with small nonprofits and mostly super seniors (60 - 89 years old). Insurance made them take the 10 free business user licenses from Microsoft (P2) and the PCs are joined direct to Azure. We do not pay for additional Azure. Users have email from a different provider so no outlook MX. I do not have MFA turned on for users. However, when they log on their PCs, Microsoft asks them to provide 2 forms of 2FA. Phone and App (both required). They get 10 chances to bypass before lockout. Is that a default setting? I do not see it in Intune Config, Compliance, or Conditional Access policies in place. They are not asked for MFA to go to office.com on a different PC browser, so it is definitely a PC based policy. I would like control over the 2 forms of MFA requirement. If we keep it on, only 1 form will be required (phone or app). Any ideas where this default setting is or if I can override it in Intune? Thanks.

We buy computers with Windows Professional, and we’re licensed for M365 E3 which I believe includes Windows Enterprise.

How do we upgrade from Professional to Enterprise?

If my understanding isn’t correct, please let me know.

I'm potentially starting a new role where I'll be working with a range of software for loan origination, CRM, lead tracking, communication, and more. The main tools include Encompass and Optimal Blue for loan operations, 8x8 VOIP for calls, WhatConverts for lead analytics, and Zoho for CRM (alongside Office 365, with MSP support). For document management, we’ll use DocuSign, and there's a plan to eventually set up PowerBI for data analytics.

I'm also expected to connect systems using Zapier, manage credit checks with integrated software, and handle digital marketing through Zoho, HubSpot, or Mailchimp. SharePoint will be the primary tool for collaboration, and Trello will be used for project management.

I’m looking for resources, training, or any tips from others who have experience with these tools. What should I focus on to get up to speed and do the job effectively? Any advice would be greatly appreciated!

Any recommendations for a cheaper version of apple air pods so people can Zoom without wearing headsets? I assume it would Bluetooth to their laptops.

I am being told headsets make you look bad apparently.

Hello!

We have an old printer at work and I'm supposed to make it network available.

It's a Samsung SCX-4521F

It's located in the server room so it has to be connected to the USB port of a proxmox server we have for internal stuff.

I did eventually find the Linux drivers for it (Thanks SULDR) and managed to get SANE and CUPS to work with the printer. (I had to disable XHCI drivers on the VM it's attached to in order for the scanner to work)

Thing is, I don't know how to proceed further from here, I need to make it available to windows clients, if I connect the printer to windows with the http address of cups, it doesn't autoselect drivers and whatever drivers I manually selected are hit and miss. I don't suppose the drivers for the printer would help because it's not a Samsung printer over the network, it's a CUPS printer.

How can I set it up so that it works seamlessly with windows clients so that they auto detect the scanner, adf, auto duplex and all other functions of the printer

I'm sorry if this is a stupid question, but I haven't done this before and I'm not sure how to do it.

P.S. All other printers are network capable, this is a project given by the Senior admins. And we were told to figure it out.

I'm looking to get a sense of whether there's a market for all-inclusive video conference systems utilizing the Logi Rally Bar and Rally Bar accessories with professional services included. Those of you who are using Rally Bar-based video conference systems, did you do the installation yourself, or did you use an AV integrator?

I'm setting up a samba ad dc. I was reading the docs and noticed the recommendations are to set internal domains up as subdomains like ad.example.com instead of example.com. Has anyone actually seen that out in the wild? I've always seen example.com as internal domain nomenclature.

Hey,

I have a job upcoming where the client wants to migrate their emails from cpanel (currently hosted on tsohost) to godaddy (they use Microsoft 365). There is no export function on cpanel so I have a plan below:

1. Log into the email on Outlook 2019 and grab the PST file.

2. Set-up the new MX record to point domain to Microsoft 365 for emails

3. Re-create the emails in Microsoft 365

4. Import PST via Purview

5. Marry up the imported PST's with the new emails.

I'm going over this in my head and it seems like it's going to work just fine? Am I missing something obvious?

Thanks

My neighbor owns a photo and video studio that does a lot of editing and retouching and largely uses PhotoShop. I seem to recall fighting with MacOs when mounting a NAS and experiencing all sorts of problems, but this was 7+ years ago. Anyway, she's having issues with her Synology NAS being laggy and performing poorly when too many users are accessing files on it, and it seems like the synology clilent is a bit flaky when the employees are working remotely over VPN.

I'm more in the SAN world with video and this is not an issues, but our SAN is $$$$$ and managing it is non-trivial so it's not financially feasible nor is it easily supported. What's a better approach for this use case long-term? I wondered if something like an AWS S3 GW might work but it's not great over WAN.

Would love to hear your thoughts and thank you in advance. Something cost-effective in terms of scaling for storage while being robust would be ideal, but I understand that you get what you pay for.

I work for a small company who is still using an older version of Biscom Secure File Transfer. We no longer have support with them because it's too old, and they have been shopping around for new solutions instead. They've known this solution has been on its' last leg for a while, and there is zero interest in keeping it around, but we don't have a replacement solution just yet so it may be around a while.

We're running into this issue where for some reason, one particular type of e-mail notification stopped being e-mailed. But all other e-mail notifications send just fine. Outgoing notifications are from the same e-mail address.

The notification we're having issues with is the workspace file "new file is uploaded" notification. Again all other notifications are working, including the "you have been sent a file by so and so" person to person notification. It's only the workspace ones with the issue. Adding a new workspace participant? Email notification is sent. I know, why not just log in and see if files have changed. But, apparently employees realllly just want to be informed when files have changed/been uploaded and these notifications stopped.

We've done just about everything we can; stopped and restarted services on the server and within the app itself, making sure all 10 notifications in the configuration are enabled (and this is in multiple places, one set of 10 for the org, one for the workspace owner, and one for the workspace recipient lol), re-sending failed notifications, checking through the administrators' setup docs (this is version 5.1), I've searched online for forums/articles. Biscom was purchased and their forums are now behind a paywall.

Right now I'm looking into if somehow the outgoing notifications are being filtered or caught, but that would literally have to be content or title based as the email address is the same and all other notifications are going through. I don't have evidence if they are being sent and filtered/blocked/stopped/erroring, or if they aren't even being generated. The logs don't seem that deep. I'm likely going to have to loop in someone on the email side.

Anyway just a hail mary to see if someone else has knowledge of this Biscom SFT 5.1 app and has any thoughts for what else we could be doing.

Thank you

Let say i want to build a new one, what do you suggest me to add on my project to make it special than other scanners, like something you wish to see in a vulnerability scanner

Based on your experience what’s the most annoying thing or disadvantage about vulnerability scanners that you wish to be fixed

Please help me if you can, thanks ❤️🙏🏼

Hey fellow admins, I’m seeking some advice on how to approach the development of a potentially complicated piece of software for compliance problem I am trying to solve.

I come to realize that there’s a business opportunity here but am concerned about hiring a proper developer to engineer it. Is there anyone that could share their experience or provide some advice on how to approach this issue and protect my idea? How do I continue development and support after it’s engineered for my clients?

I’m completely out of my element on this and any advice is greatly appreciated, I think this tool could greatly improve admins lives in the bio space.

I am looking for someone with Google to Office 365 migration experience to weigh in on this topic. I am gonna move email with bittitan however I am trying to figure out how to move google drive. I have limited experience with Sharegate but i have used it for onedrive to onedrive. I am debating about using bittitan for everything. Anyone with some experience have any suggestions between the two choices?

What are the disadvantages of using Bicep as a tool for infrastructure as code in a pure Azure/Entra ID environment? Debating between Bicep and Terraform. Also, in general, what additional tools are recommended for a full infrastructure as code implementation: for the user interface to support self service, pipeline, approvals, etc.?

Our company utilizes NWN for phone support and since they have bought Carousel the service has gone to shit. Curious if anyone else has felt the same way ? We utilize them for most of our Cisco telephony.

Been tasked with adding an SPF record to our TXT record for our domain. There have been rumbles from others saying its too long and adding more will cause a problem... The bigger problem is, no one wants to help me understand wtf I'm looking at to ensure my addition won't break anything..

I just need to add a simple "spf.xxx.com" record. But I see things like ip4: include: a:b. a:c. What am I looking at? Where are the crash courses out there I can dive into to really understand this, so I don't feel like a complete dunce on the subject? Any help appreciated.

I'm migrating out a server and right now there's a domain DFS where \\domain.local\share1 points to \\oldserver\share1

I need to change it so \\domain.local\share1 points to \\newserver\share2

I know this is exactly what DFS is designed for but I want to confirm that to the end user this should be totally invisible i.e. so long as \\domain.local\share1 is still there we're all good.

I might be being over cautious but they use some really crappy apps that don't always play nicely to path changes and it doesn't take much of an excuse to blame me.

Jas

Hi all! Trying to track down a gremlin...

We have been getting alerts that the domain admin account is locked out, however, we are not getting these reports from our usual lockout system (powershell script monitoring logs) but instead by peripheral system errors that involve using the Admin credentials. All errors state incorrect name or password.

When I check AD for the admin account, i can find it in one of two states: locked, or unlocked. If I unlock, systems can function again for a brief period of time where the account will lock back, or the account is unlocked but the well known password will not work. If I do a manual password reset, the systems will work again for a random amount of time.

When I check event viewer for lockouts, I can find entries pertaining to the administrator account, but the "workstation" field has a name that I absolutely do not recognize. Not a server or workstation name that my company would use, which has me worried.

Have you seen an Admin account not only lock out but also change the password or not honor the correct one? I feel if this was malicious they would also attack my other domain admin accounts but that doesn't appear to be the case.

UPDATE: I have an independent cybersecurity team on this. I know I need to make service-related admin account! lol I will work on this asap

So random Saturday thought after having beers with some friends last night. We somehow ended up on this topic about IT myths (not sure if Myth is the right word here, but come on the journey with me).

All those things some people swear by, but aren't necessarily true or has more to the story than meets the eye usually. Some are funny because surprising, while others are just pure nonsense, but people keep saying them anyway.

Here’s what I’m wondering: What 'myths' have you guys heard that turned out to be totally true? And what are some that are complete BS, even tho people still swear by them?

Examples that pop into my mind, while waiting for the bus:

True Myth - "Just turn it off and on again", super basic, but the reboot trick actually does work a lot of the time. Like, it legit clears up so many weird issues, especially when processes are hung up or memory needs a reset. The average person wouldn'y get it, but the sysadmin is running a process overview in his/her head.

False Myth - "Clearing cache = speed boost" – This one’s everywhere, but it's kinda a half-truth I guess (based on last night's discussions). Sure, clearing cache can help if it’s super clogged up or corrupt or whatever, but doing it too often actually slows stuff down sometimes cause your system has to re-download things over and over again. Double edged sword.

What other 'myths' or low-key funny things do you guys run into? I feel like there’s a ton of these floating around.

I ingest Sysmon logs into a SQLite database where i can perform MITRE sql queries on it. Would sysmon be an appropiate source to use? Are there any other kind of Windows logs I should be using?

Hello admins Please enlighten me. I am an software engineer but not system administrator. I can understand the basic concepts and read/follow the advanced user guides.

Problem: Can I restrict access to comapny internal data, websites, tools, apps by only using conditional access via managed laptop. Or do I need Comapny vpn to fully achieve this?

Situation : Starting a company with 5-10 employees. I will have the managed user machines/laptops. I want to use Manageengine endpoint central for this purpose as it's free for 25 users with all features. I understand that I need to setup user profiles, roles, sso, domain connection to user, user to machine assignment, conditional access, policies using IAM and Directory. I also need to handle the user and device provisioning, Authentication and authorization, OS and package deployment, DLP.

Requirement: I want my company internal data to be accessed only via trusted managed laptops. For examples email, drive, github, project, applications like app.Mydomain.com or Mydomain.app.com. And also want to monitor DLP And outward data sharing. I want to restrict access to these portals via a private laptop for the sake of control and monitoring . I understood that I can achieve this via conditional access and policies on Endpoint/MDM/Directory.

Problem: what I don't understand is if I also need to implement VPN for this restricted data access. Why do I need to force vpn on network. Can I achieve it without implementing company vpn? What are the pitfalls, and pros and cons.

If this vpn implementation is absolutely required, I suppose I can install open source wireguard server on my company server and install client on user machine. Do I need professional enterprise vpn like globalprotect, cisco any connect.

I've setup a Bind9 DNS server on Ubuntu Server 22.04 with a test domain name called nonxdom.com. The Ubuntu Server is on a Virtual Box installed on a Windows 11 machine.

Everything works fine on Ubuntu Server when using nslookup and dig. nonxdom.com is using the same IP addresses in the DNS configuration.

However, Chrome on Windows 11 does not load nonxdom.com that's on Ubuntu Server.

I've entered 192.168.27.9 as the preferred DNS server in the Wireless Adapater settings that I use to connect to the internet.

Sometimes it'll work and load the index page. But most times it won't. I have to set the preferred DNS server to Automatic and then back to 192.168.27.9.

A few hours ago it worked fine. After restarting Windows, it's the same problem again.

How can this be solved?

I'm looking to provision an SQL database using services like DigitalOcean, Linode, Vultr, or AWS, but there’s a good chance that I might host my Node.js API on Vercel, where I have experience deploying to it.

For security reasons, I want to set up this API to interact with the database, as my application is a small WPF desktop app that will be used by no more than three users from their personal computers.

I have experience creating a Node.js API without any security features, primarily for testing. However, I now need to secure both the API and the database.

I realize that security can be a vast and complex subject, but I'm looking for some baseline practices that will allow me to achieve a reasonable level of security without diving into overwhelming details.

What are some practical steps or recommendations you would suggest for securing the API and the database in this scenario? Thank you!