Just a quick fyi for anyone using Intune to distribute firewall rules with the "Endpoint Protection > Windows Firewall" profile for the first time.
Any rules you set won't be visible in the wf.msc GUI or using PowerShell's Get-NetFirewallRule.

The only place you can see those rules is the registry under this key

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\Mdm\FirewallRules

This post contains a canary message that's cryptographically signed by the official BusKill PGP release key

The BusKill project just published their Warrant Canary #008

For more information about BusKill canaries, see:

• https://buskill.in/canary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Status: All good
Release: 2024-06-11
Period: 2024-06-01 to 2024-12-31
Expiry: 2025-01-31

Statements
==========

The BusKill Team who have digitally signed this file [1]
state the following:

1. The date of issue of this canary is June 11, 2024.

2. The current BusKill Signing Key (2020.07) is

   E0AF FF57 DC00 FBE0 5635  8761 4AE2 1E19 36CE 786A

3. We positively confirm, to the best of our knowledge, that the 
   integrity of our systems are sound: all our infrastructure is in our 
   control, we have not been compromised or suffered a data breach, we 
   have not disclosed any private keys, we have not introduced any 
   backdoors, and we have not been forced to modify our system to allow 
   access or information leakage to a third party in any way.

4. We plan to publish the next of these canary statements before the
   Expiry date listed above. Special note should be taken if no new
   canary is published by that time or if the list of statements changes
   without plausible explanation.

Special announcements
=====================

None.

Disclaimers and notes
=====================

This canary scheme is not infallible. Although signing the 
declaration makes it very difficult for a third party to produce 
arbitrary declarations, it does not prevent them from using force or 
other means, like blackmail or compromising the signers' laptops, to 
coerce us to produce false declarations.

The news feeds quoted below (Proof of freshness) serves to 
demonstrate that this canary could not have been created prior to the 
date stated. It shows that a series of canaries was not created in 
advance.

This declaration is merely a best effort and is provided without any 
guarantee or warranty. It is not legally binding in any way to 
anybody. None of the signers should be ever held legally responsible 
for any of the statements made here.

Proof of freshness
==================

04 Jun 24 14:10:16 UTC

Source: DER SPIEGEL - International (https://www.spiegel.de/international/index.rss)
Fortress Europe: Migrants Abandoned on the Edge of the Sahara
Israel-Gaza-Krieg: Menschenrechtler Aryeh Neier über Schuldfrage und Strafverfolgung (Kopie)

Source: NYT > World News (https://rss.nytimes.com/services/xml/rss/nyt/World.xml)
Middle East Crisis: Israeli Airstrikes Kill Iranian General in Syria
Live Updates: India’s Election Results Suggest a Setback for Modi

Source: BBC News - World (https://feeds.bbci.co.uk/news/world/rss.xml)
Shock for India's Modi as opposition set to slash majority
Gaza ceasefire plan turns into deadly game of survival

Source: Bitcoin Blockchain (https://blockchain.info/q/latesthash)
000000000000000000014cd79802b29c1dcd7fc6debee1e3968cfc216b59bf16

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEeY3BEB897EKK3hJNaLi8sMUCOQUFAmZfIwgACgkQaLi8sMUC
OQXZYA/9ElVoUy3Um3IXFSwUGO+ctkvKd6idD7RuOBjqZyfadr4emrDrfQKYbCpa
Gik4M1H/GWobO/RaDjeSjQtGUmlPn8anhoFzmI6pPz7fBSfg5VGemllyHI2ypPpf
cJ1jLrmzpDGxLqPd/R/WsoE8dY9E7q20JgNESAqEYyjmjxqOjx6EnIjBjy8u+xL3
YWBw5BQn/1XbLXw4X7WJNH1cNIIZDgePdIb8Wq6wEDTzFzAvfw5BPhJ2rVaChV9P
6d25htXLy5FU/qvomiy1C+ZskzbZPKGDNgr8lC/MPeNgLi0d/ps2Rgut/CGjKreW
UiBmp3xslizR2/WhpRrcz0VLYxdNolfPY0odpgXkvQSEqGiZ1gOw5OQIN0f8HMiL
nOXnnxFVgdO/I/x9X2DwKAGwuts/GSeWOHdeNxvflyDGEYJHt9YMT7kXcJ0/dl6z
QSNHDoCMzMkxBCX23mlgY8pDSjw0Lqud0HDIChi1DFuNk7m1SfMIKGOn0ZAPsNqX
RuMiLCMOPzdE8BBBpKFwZFtx0zyC78xAOBK1M8DqlUexT3CBGFjOwCmGY27dLFZe
6ygdrqptb5uDOXFsw63cWSOilCnEcx7M8FDX7QjuV6EUQwvsxpeKvHZIFVlJNQCX
L5F8Lig/y4Q9iCjGiu3oT5zPuuEXPhKkyPsIeM9lC+zP/eC8rL4=
=E7lp
-----END PGP SIGNATURE-----

To view all past canaries, see:

• https://www.buskill.in/category/Canary/

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Price hikes of over 2x widely expected under Broadcom’s VMware, survey finds

300 director-level IT workers making VMware decisions were questioned.

Hello friends. Work email is crushing me. The ticketing systems, plural, email me on everyone's tucket. (Because some people only work tickets via email and others through the web interface.)

Are there any email clients or servers that allow new email to land somewhere other than the inbox? Or allow my view to start elsewhere?

I declare email bankruptcy daily....

Send whiskey.

Edit: I was unclear.

I have filtering, but those all happen after the mail is in the Inbox. I get a quarter second of crazy emails and previews and things moving, then they are gone. (Outlook sucks.)

I don't even want to see that shit. Not at all.

Hello everyone, I hope I came to the right place to ask my stupid question. I'm currently working in a company that stuck way way back in time. I'm talking some people are still working in DOS level back in time. There is some revamping of this in progres, but it's going to be a long run.

The "IT department" (called computing department, lol) consist basically of 2 people, boss and me. Boss loves the old days, he's "happily" using Win XP on his computer and hates everything newer than Win7, although half of everything he tries to do doesn't work there anymore (and don't even start with security of the OS). Anyway... that's about the company background and what to expect.

During currently ongoing upgrades to get this company at least to 21st cwntury, there will be some sw licencing happening. I'm expecting like buying dozens of Office 2021 keys and some other standalone soft too. But there's problem with managing those keys, as there is no precedence, no rules and everything's going to be from the scratch almost. People are coming and going, PCs are dying (remember, there are still some DOS machines), hard drives replacing, etc. etc. Windows domain? Not in this company. Ever.

So, how do you keep track of what is installed and where? Thank you very much.

Hello!

My parents are moving to Italy and need a network. They only have 4G. I'm a little lost when it comes to UniFi and looking for some feedback if I've thought of everything and the setup works.

I was thinking Cloud Key 2, VPN Router Express, LTE Router UMR, maybe a U6 Lite AP to complement the one integrated into the Router if the range in the latter is insufficient, and a US-8-60W for power since only the cloud key and the AP would be powered using it. If they want cameras, I wanted to upgrade to CK2+, add G5 Bullets and use the US-8-150W instead.

I'm not sure whether I need the VPN router when the LTE router is already a router, too, but apparently the LTE router is not really integrated into the UniFi system. I need an AP, anyway, to the VPN Router is fine I think.

What do you think? Am I missing something? Thanks in advance.

Wait, is the UDR sufficient for the first setup? No cloud key, no vpn router, no switch...

So I have been a part of this community for a while and it seems pretty quiet. I know Lemmy is not as big as Reddit so this community will always be much smaller but I kind of miss the activity on r/sysadmin. Infinity for Reddit still works for view only so I have been scrolling though posts on Reddit as some of the stories and discussion there are fun to read.

With that being said, I think we can work to grow this community a bit. From what I can tell this community is home to a lot of quick posting. I am responsible somewhat as I have posted a bunch of articles. However, I am going to make a point to do longer write ups and I think it would be good we posted some stories. Additionally, I would be more than happy to help setup automatic posting for patch Tuesdays and similar scheduled posts.

As far as growth goes, I think we need to get the word out. A lot of people just do not know that Lemmy is a thing. If we can create some more meaningful posts and get some people to come over here from other platforms then I think this community will grow. I also know that mastodon is a pretty big platform so if we can get some people to engage from mastodon it will help as well.

I have created a new Samba community on lemmy.sdf.org

You can find it here:

[email protected]

My goal is to create a support network that is outside of the mailing list.

The location of VMware Security Advisories (VMSAs) has changed on May 6, 2024. They are now available from the Broadcom Support Portal. The legacy VMSA URLs still work but are now redirected to the portal, for example: https://www.vmware.com/security/advisories/VMSA-2024-0002.html points to https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23681.

https://blogs.vmware.com/security/2024/05/where-did-my-vmware-security-advisories-go.html    

Edit: This Post covers what's going on. (thanks to /u/lost_signal and /u/RoomStrange6413)

Sourced from https://www.reddit.com/r/sysadmin/comments/1cn3uhw/vmware_security_advisories_vmsas_are_now_to_be/

Samba is amazing, Windows server is a lot less so. The problem with Windows server is that it takes tons of steps to do basic things. On Samba I had Samba tool and it was very nice and friendly. On Windows server you have a ton of different management panels.

If there was a way I could hold off I would but due to changing requirements I didn't have much of a choice. (We needed Windows Server bare metal and I was not about to go and buy another machine.)

Hey all!

I’m a long time Linux user, and I’ve been avoiding it for the good part of the last ~15 years. Most of my Windows experience is from the XP times.

I’ve changed careers from agriculturing to ICT a few years ago (almost done with school), and while I can say I know my way around Linux pretty well, Windows is an alien landscape to me.

I got a job a few years ago as sysadmin (not so much, but still) / IT-support (more), and I find myself struggling to help customers with Windows / handle Windows servers. I would like to change that.

I have no intention on moving my personal computing to Windows due to privacy concerns, which is a bit contradictory to my goals, because AFAIK learning things this way is the “best” approach. It was the case with Linux for me, at least.

While i do learn Windows at my job, I’d like to compliment it with another approach, too.

Do you guys have any suggestions how I could learn Windows (the whole ecosystem, not just end-users computers)? I’d like it to be fun, as I get bored easily (breaking my Linux time and time again was really fun learning method) Maybe fire up some VMs and go from there, somehow? What do you think are the most essential skills for a Windows sysadmin? Active Directory, sure, but what else?

Hopefully this does not affect you but if you are running something like Arch, OpenSUSE tumbleweed, Debian sid or Fedora Rawhide and use SSH for remote access you should do a full wipe.

I received the below message. It states Skyline Advisor Pro can't be activated after 4/1. This doesn't look good for the Skyline program. I've been using it for a long time and between log assist and the recommendations, i've found it very helpful. I have the Dell integration in place but I haven't really used it much. It's unfortunate that this appears to be getting set out to pasture.

We would like to inform you of some upcoming changes to VMware Skyline's functionality and features, scheduled to take effect on or before April 1, 2024.

These changes are necessary as part of our VMware by Broadcom vision for the future of self-help issue avoidance and diagnostics for VMware Cloud Foundation and VMware vSphere Foundation.

Feature Changes 1 VMware Select Support Effective immediately, Skyline now supports VMware Select Support. This replaces VMware Success 360 (S360) Support, which reached End of Sale (EOS) in May 2023. As with S360 Support, Select Support provides access to Insights Reports, providing insights into the health and performance of your VMware infrastructure.

We highly recommend linking your Select Support Entitlement Account to your CSP Org as soon as possible to ensure seamless access to Skyline's proactive support and Insights Reports.

2 Availability After April 1, 2024

• Skyline Advisor Pro will remain available and fully functional for existing customers.

• Activation of new Skyline Advisor Pro services in new or existing CSP organizations will be discontinued and no longer available.

3 Active Skyline Organizations

Active Skyline Advisor Pro organizations will automatically be upgraded to Select Support level experience in Skyline and have access to Insights Reports. No action is required.

4 Inactive Skyline Organizations Skyline Advisor Pro organizations in an inactive state will be removed from the service.

Customers that have allowed their Skyline service to expire beyond the 60-day grace period must renew their access before April 1, 2024, to continue using Skyline.

5 Organizations in Limited Mode

Skyline Advisor Pro organizations in Limited Mode will be automatically renewed to Skyline at Select Support level experience to ensure full access. No action is required.

6 Technical Adoption Manager (TAM) Engagement

The process for TAM activation will be streamlined. Customers will now have full control over enabling TAM Reports. Once you opt in, no further action is required. The assigned TAM will have access to perform required duties as needed.

7 Integration with Dell's Secure Connect Gateway 5.0

Skyline Advisor Pro's integration with Secure Connect Gateway 5.0 will be discontinued due to the strategic direction of VMware Skyline.

VMware Skyline continues to provide proactive self-service support for your VMware environment. These changes will help deliver on the roadmap for self-help issue avoidance and diagnostics for VMware Cloud Foundation and VMware vSphere Foundation. Please do not hesitate to reach out to our Skyline Community for assistance. We are committed to minimizing any disruptions to your operations.

Thank you for your continued trust in VMware Skyline.

Best Regards, VMware Skyline Team

Here is a video about Intel VDI.

Basically what it says in the title. I did a lot of searching in Internet. I think small form factor computers are mt best bet. But I still feel they are costly for my purpose.

I am going to be running some ansible playbooks periodically on the machine. SBCs i looked at either had very high specs for this use case and thus higher price or they had other fratures i dont want like - wifi, graphics card etc.

I am preferring enterprise hardware because this would eventually be used in business where people will not settle for anything less.

NIST is a US government org that releases industry guidlines on best practices for cybersecurity.

I know that infosec and sysadmin work aren't the same, but in my experience it often falls to sysadmins and systems engineers to fill the gaps. Hope this is useful.

I would never put Nix os into production as it is fairly obscure but since there was a interest here in Samba AD I though this might be interesting to some

Debian has less complexityand is very stable. It has a nice wiki and a Debian system can run for a few years on unattended upgrades.

Edit: this post was originally about cost savings but that is not really a useful metric

Hey guys,

Because of the unclear nature of Sharepoint folder permissions we want to make an export to Excel of each folder and the appropriate rights. Explicit rights only is fine but everything together is also fine.

Having tried and tested for hours I cannot seem to find a working script. Using outdated functions, random errors, etc.

Does anyone know a working script for this? A commercial solution (that does nog charge 4000$per year) is also fine. This is becoming an expensive headache for me.

I have already tried all the usual Google hits as well as ChatGPT. None seem to work but also not work with modern authentication when connecting to Sharepoint using Powershell for example which leads me to suspect they are too old.