Systems Administration

Facebook's CEO on his latest almighty Zuck-up: OK, we did try to smear critics, but I was too out of the loop to know

The Register - Thu, 11/15/2018 - 17:25
Mark promises independent oversight and AI as Sheryl leans far, far away

Analysis Facebook on Thursday (again) reiterated its commitment to fighting misinformation, following a report that the data gathering biz hired a public relations firm, Definers Public Affairs, to promote content that undermine company critics.…

DaaS Providers For a Small Company

Sysadmin - Thu, 11/15/2018 - 17:19

Yesterday I created a post asking about moving 50 physical users to a virtual desktop environment. Initially, I was thinking of putting them on a VDI, but the office does not have any type of virtual infrastructure nor do we want to spend that much money in order to have one. So turns on what we are looking for is a DaaS, and I have been looking at these for now: VMware Horizon Cloud, Citrix Apps and Desktops, and Amazon WorkSpace.

  1. Do I need to have an image created before had that I will need to import, or can that all be done within the product itself?

  2. Is there anyone that currently uses any one of these three vendors and what are your thoughts on it?

  3. Is there more to it than just signing up with one of these three vendors and start creating a virtual desktop for my users? What kind of information will I need beforehand in order to create a virtual desktop?

submitted by /u/Hananhub
[link] [comments]

VM using 90% of alloted ram no matter how much Ram there is.

Sysadmin - Thu, 11/15/2018 - 17:19

I have a virtual machine set up as a DFS server. it doesn't store any of the file shares. just directs you to what you need to access(wasn't set up by me).

server 2012 r2, also acts as a print server(spooling done on user PCs). hosted on Hyper-V.

for the longest it's had just 2gb of ram and no real issues. doesn't crash or anything. but it triggers an alert to my manager in solarwinds for high ram usage. so I explained the server isn't doing anything out of the ordinary and is always hovering between 80-90% ram usage. when it gets to 95% it sends off the alert.

he insisted we up the ram, which i did, a whole extra GB. now its using 2.7 GB, still around 90% usage. what could this be?

submitted by /u/guywhoshouldknow
[link] [comments]

Server Room Temp/Humidity monitor?

Sysadmin - Thu, 11/15/2018 - 17:17

More like a 6x12 closet.

What are you all using? We have a brand new dedicated A/C unit so I'm not too worried about it, but it's obviously wise to keep an eye on things.

I figure I should be able to find something that warns me multiple ways for under a couple hundred bucks. It would be nice to see temp/humidity graphs over time as well, but not necessary.

submitted by /u/SanduskyTouchedMe
[link] [comments]

Windows Domain Workstation Environment in the Cloud

Sysadmin - Thu, 11/15/2018 - 17:07

Is it possible to create a windows workstation domain environment in aws?

I want to do some GPO and MDT testing for future rollouts with o365.

submitted by /u/rockstarSG
[link] [comments]

Sophos Central vs McAfee EPO

Sysadmin - Thu, 11/15/2018 - 16:45

We're looking for a new solution for endpoint protection as well as disc encryption. We're a mostly laptop shop so being able to remotely push out policies/updates over a VPN is preferred. We've narrowed it down to Sophos Central and McAfee's EPO. I've been going through the trial of Sophos and from the looks of it it seems pretty quick, clean, and easy to use, I'll be working with a McAfee demo pretty soon but I wanted to know what r/sysadmin thinks of the two.

Specifically, if anyone has used Sophos Central or McAfee EPO what do you like/ don't like?

submitted by /u/Shackled
[link] [comments]

Up to three million kids' GPS watches can be tracked by parents... and any miscreant: Flaws spill pick-and-choose catalog for perverts

The Register - Thu, 11/15/2018 - 16:43
Gadgets can be hacked to spy on, find youngsters – claim

Parents could be unwittingly putting their children's safety and privacy at risk, thanks to security vulnerabilities in potentially millions of kids' GPS-tracker watches.…

[REQUEST] Send sms on incoming call and deactivating silent

Tasker: Total Automation for Android - Thu, 11/15/2018 - 16:41

I'm looking for a tasty recipe, I'd like to send an automated sms if someone (only from a cellphone) calls when I'm at work, it should read some thing in the lines of "oi its important call twice in under 3 minutes) and when/if the caller calls a second time it deactivates my silent profile based on my schedule in Google calendar. And then returns to my work task.

submitted by /u/Hampa_D
[link] [comments]

Possible to use NGINX to get around TLS 1.0 limitation with IIS6 web servers?

Sysadmin - Thu, 11/15/2018 - 16:31

Hi.

I am responsible for a couple of web servers running IIS6, Windows Server 2003 (I know, shame on me/my company in this day and age. Long story)

I know that what should happen is the servers be replaced with at least Windows Server 2008 R2 running IIS7 or 7.5, and that is probably what will end up happening before browsers end support for TLS 1.0/1.1 in 2020, but I want to explore other possibilities for the short term.

Many years ago a clever employee of our hosting providers set up an NGINX server to work as a load balancer sitting in front of two Windows based web servers (it was done to overcome Windows' poor and unbalanced built in load balancing)

This NGINX server had the SSL certs installed and passed SSL traffic to the web servers.

That server is long gone so I do not have it to refer to.

I was wondering if I could do something similar for my two 2003 web servers. The nginx server is exposed to the public, and secure connections are made to it using TLS 1.2 or higher, and then the nginx server passes the traffic/connections to the web servers internally either unencrypted, or downgraded to TLS 1.0

Is this possible? Are there guides online on how to do this? I have some experience with Apache, httpd, but very little with NGINX (almost none to be accurate - I've only ever followed instructions provided by the clever guy on how to take servers in and out of the cluster)

(I would not need help setting up a "base" nginx installation. I would only need help understanding how to achieve the above, if it's possible)

Edit: Thanks for the replies so far. It occured to me that I don't think the nginx server necesarily needs to be in the same infrastructure as the web servers, as long as it can see them, so I guess I can set up an nginx server on a vm on my PC and edit the local hosts file (so I can have my browser point at the local nginx instance) and then experiment to my hearts content before making any changes that interfere with the public website.

submitted by /u/mrvimes
[link] [comments]

Apache Guacamole Installation Script for RHEL/CentOS

I have created an installation script for Apache Guacamole in RHEL/CentOS 7.x and up. I was hoping to get some feedback on it and maybe even some help improving it.

The Github repo can be found at https://github.com/Zer0CoolX/guacamole-install-rhel

Some key features of the script are:

  • Allows installing from Stable version or git source
  • Installs and configures dependent packages including Nginx, JDBC/LDAP extensions, MariaDB, Java KeyStore, etc.
  • Can use LDAP as an authentication method without modifying the LDAP server (sign in with AD credentials)
  • Has options for LetsEncrypt cert or self-signed cert
  • Hardened Nginx SSL settings option (scored A+ on Qualys SSL Labs SSL Test)
  • Hardens MariaDB
  • Nginx URI Path parameter (changes URL from default to something shorter like http://domain.com/)
  • Option for DHE/Forward Secrecy via ssl_dhparam in Nginx
  • Logging the script activities
  • etc.

I am interested in feedback, constructive criticism, and help testing and updating the script. Please be kind I am not a programmer by trade and I am well aware the script isn't perfect. The Github repo (especially the documentation) is very much still a work in progress.

Currently I am unable to test the LetsEncrypt portion of the script as I would like. I want to move away from downloading the standalone version of Certbot and instead install it from the Distros repo. The scripts silent/unattended and help portions need attention too. I have listed in the wiki on my Github repo some additional features I would like to add as well.

I am hoping the script will help others and that I/We can further refine it to make it a great option for those looking to setup Apache Guacamole without the fuss of doing it entirely manually.

Thanks

submitted by /u/Zer0CoolXI
[link] [comments]

StorageCraft - Anyone notice these image manager messages along with failed uploads "send error: OnError(): Control channel unexpectedly closed ('' read so far)"

Sysadmin - Thu, 11/15/2018 - 16:01
Storage craft image manager to the Storagecraft cloud

At multiple locations with various firewalls/ISPs/OS etc, we have noticed a troubling number of failed and interrupted uploads to the storagecraft cloud.

The chain of errors will look like this:

14-Nov-2018 08:49:57 Sending D_VOL-b001-i4250-cd.spi

14-Nov-2018 08:52:57 send error: OnError(): Control channel unexpectedly closed ('' read so far)

14-Nov-2018 09:00:18 Sending D_VOL-b001-i4250-cd.spi

14-Nov-2018 09:00:35 send error: The FTP client has not yet connected to the server. The requested action cannot be

Controlled variables
  1. We can verify that the internet connections are not going down,
  2. The TCP timeout has been modified to allow for long uploads.(per support)
  3. No DPI-SSL or any other interference is taking places along the network path on our end.
  4. The host names to the storagecraft cloud can be seen from the servers having this trouble and are white-listed
  5. We are seeing this in servers configured for SSH and SSL upload (SSL preferred per support)
  6. Uploads happen at various times from midnight to 3 am (per support)
  7. Image manager is set to process one job at a time (per support)
The FTP client

I tracked down the creator of the FTP client that is used in image manager they are called "enterpriseDT". the forums seem to indicate that this is a problem with the server closing the connection.

Conspiracy Theories

I am beginning to suspect that the storage-craft cloud may be the problem here. We have had a hard time getting support to respond in a timely manner to our requests. It also appears as though their partners portal keeps going down with a 503 error on top of all these other problems.

My questions for the hive
  1. Is anyone else seeing this?
  2. Have you been able to solve it and how?
submitted by /u/VividObligation
[link] [comments]

5.. 4.. 3.. 2.. 1... Runty-birds are go: 12,000+ internet-beaming mini-satellites OK'd by USA

The Register - Thu, 11/15/2018 - 15:47
FCC signs off on broadband-in-space plans, plus connections to Europe's GPS

America's broadband and telly regulator, the FCC, today approved a vast expansion in satellite networks around Earth.…

intercepting button sequence using autoinput

Tasker: Total Automation for Android - Thu, 11/15/2018 - 15:44

this might be an easy question but i am wondering how to set up a profile to intercept a button sequence. basically i want to be able to quickly press volume down then volume up and have the phone say the time. i can get it to work if i press both buttons together but am not sure how to have it look for a sequence. thanks

submitted by /u/psychic_O2_sensor
[link] [comments]

The Scariest Phishing Attempt I've Ever Seen

Sysadmin - Thu, 11/15/2018 - 15:30

I just had a user ask me what this was. She was looking up words in a thesaurus and this popped up. This is a disguised IE popup to look like a Windows 7 domain login prompt. It will not let you close the window without the task manager so a user will either enter their credentials or call you in order to dismiss this window.

https://imgur.com/1JrnZSi.png

Any tips to help prevent this type of popup in IE without just blocking all popups?

submitted by /u/TotallyRadStuff
[link] [comments]

Don't cross the Application Streams! Actually, maybe you can now in RHEL 8 beta

The Register - Thu, 11/15/2018 - 15:26
Allows updating user space without breaking everything

Hot on the heels of its OpenStack Platform 14, Red Hat has announced the beta of Red Hat Enterprise Linux 8.…

Sonoff Smart Plug with Tasker?

Tasker: Total Automation for Android - Thu, 11/15/2018 - 15:15

Hi guys,

I'd like to use a sonoff plug to turn off power once my phone is fully charged.

Anyone has done that or an idea how to manage?

Thanks!

submitted by /u/sunrisedown
[link] [comments]

SCCM updates for Office 365 client - what in the hell am i doing wrong here???

Sysadmin - Thu, 11/15/2018 - 15:15

The basics:

  • Semi-Annual Channel for users - SAC
  • Semi-Annual Channel (Targeted) for IT - SACT
  • SCCM version is 1806
  • Using GPO to "configure" the update channel. Computer> Admin Templates> Microsoft Office 2016 Machine> Updates> Update Channel = <SAC> or <SACT>
  • Registry value(s) in question: HKLM\Software\Microsoft\Office\ClickToRun\Configuration\CDNBaseUrl -and- HKLM\Software\Microsoft\Office\ClickToRun\Configuration\UpdateChannel

Here is where i am feeling like an absolute failure. The GPO setting is supposed to set the target clients' update channel (obviously), but no matter what i set to, every test client only stays on SAC. I am basing this off the registry values above. Now, this MS article says that the CDNBaseUrl is what needs to change for SCCM to push/deploy updates, yet in alllll my testing, this regkey does NOTHING. However, the UpdateChannel key actually DOES seems to do something - it will allow the clients to get the SAC or SACT Office Updates from SCCM, depending on what is deployed.

So then, what is the point of that GPO if it doesn't seem to correspond to any registry setting that is documented? (this goes to HKLM\Software\Policies\Microsoft\Office\16.0\common\officeupdate\updatebranch - which doesn't do anything for SCCM).

The only way i am able to get SCCM to deploy Office updates is to use a different GP with a Preference that sets the "UpdateChannel = http://officecdn.microsoft.com/pr/7ffbc6bf-bc32-4f92-8982-f9dd17fd3114" (SAC) to set "UpdateChannel = http://officecdn.microsoft.com/pr/b8f9b850-328d-4355-9145-c59439a0c4cf " (SACT) since te CDWNBaseUrl doesn't seem to make a difference yet it defies what the Microsoft documentation is saying.

Where am i going wrong here???

Edit - wording

submitted by /u/Dimsby
[link] [comments]

Heads Up Notifications Not Working

Tasker: Total Automation for Android - Thu, 11/15/2018 - 15:11

Hi everyone!

I'm relatively new to using Tasker. I am using it to build automated separation between my work and personal life, and so far I've set up two different launchers that swap using AutoTools' launcher option. However, as it stands right now, I'm running into one tiny issue that's becoming progressively more annoying.

I use heads up notifications for a ton of my day-to-day tasks so I can quickly respond to messages as they come in, etc. When I started using AutoTools, I started to see some of these stop working. For example, MS Flow, FaceBook Messenger, and Nine Email have all stopped giving heads up notifications, but the stock Pixel Messenger app still shows them (albeit only sometimes).

Can anyone think of why this may be happening?

submitted by /u/Finlin
[link] [comments]

Pages