Do you guys have NetBIOS over TCP/IP enabled or disabled?
We're investigating a bunch of superfluous traffic on the network and one of the things I'm thinking about is why even have NetBIOS enabled at all? We aren't using any crazy legacy applications or anything, so is it even necessary? Having it disabled should cut down on unnecessary broadcasts, I would think.
While I agree that being insensitive is an issue, so is being oversensitive.
So, I asked an unnamed company to change an MX record.
The result was the MX record was changed incorrectly and they dropped all the email boxes they had. Oh, and you cant change an MX record without deleting everything.
Do you guys have NetBIOS over TCP/IP enabled or disabled?
We're investigating a bunch of superfluous traffic on the network and one of the things I'm thinking about is why even have NetBIOS enabled at all? We aren't using any crazy legacy applications or anything, so is it even necessary? Having it disabled should cut down on unnecessary broadcasts, I would think.
I use it.
I'm fairly positive it's intrinsic to being able to do shit like \\yourcomputer in windows now.
Unless you've got DNS properly set up for everything.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Do you guys have NetBIOS over TCP/IP enabled or disabled?
We're investigating a bunch of superfluous traffic on the network and one of the things I'm thinking about is why even have NetBIOS enabled at all? We aren't using any crazy legacy applications or anything, so is it even necessary? Having it disabled should cut down on unnecessary broadcasts, I would think.
I use it.
I'm fairly positive it's intrinsic to being able to do shit like \\yourcomputer in windows now.
Unless you've got DNS properly set up for everything.
I thought that was just the case with old OS (like XP and before). Maybe my understanding of it is a bit rusty, but I thought NetBIOS essentially did name announcements, shouting "Hey guys! It's me! Look at what I have!" all across the network. Like you said, provided that DNS is set up correctly, I don't think NetBIOS would be necessary.
I've disabled it on my PC to test it out a bit. So far, everything seems fine.
EDIT: Then again, my IP is static with a reservation in DHCP, so maybe my machine isn't the greatest test subject
Le_Goat on
While I agree that being insensitive is an issue, so is being oversensitive.
I wouldn't turn netbios off. You may say you have no legacy apps, but then when that one thing that needs it suddenly breaks and it takes you 2 days to trace it back to netbios, you'll hate yourself for disabling it for no reason other than "I don't like that it's sending some packets over the network"
For example, we cut over to a new primary domain controller last week. the old one was a physical server on dying hardware, so we needed to cut over. Thought everything was covered until we went to set up some Lync phones, they wouldn't contact/authenticate on the domain.
2 of us spending a day on it came back to the fact that we didn't set up WINS on the new domain controller. We had the same logic "we don't really have anything that uses netbios anymore so we don't need WINS on the new domain controller" Well, the lync phones would not authenticate without it. As soon as WINS was set up on the new server, the phones would authenticate.
I also have my station as a static IP, but I don't use the main DNS we do. I'm actually tied to google's DNS servers, and have WINS/NetBIOS set up so I can still reach machines on the network by name.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Be straight up better just blocking facebook and reddit to cut down on network traffic.
Youtube. I'd block youtube before either of those.
Though in all honesty, other than actual illegal things I'm personally not a fan of doing network traffic blocking. If Julie in accounting spends all day on facebook instead of accounting things that isn't a problem with her computer, that's a Julie problem, and needs to be dealt with that way.
I have no problem with Julie looking at facbook at lunch or on breaks or hell even a couple short times during the day. Hell I'm posting on a nerd forum right now myself, so who am I to judge. But there's a difference between checking it and spending all day on it, and that isn't a technology problem.
I was tasked with blocking them anyways, wasn't my direct choice. I don't personally care if people are doing their job or not, that's not my department.
But if someone's getting viruses from those sites, they get blocked without being asked by managers.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
That's good to know. I guess I'll just keep NetBIOS enabled then.
We're going to be doing a more in-depth analysis over the next week and try to cut down on things. WPAD is another thing that showing up a lot, which I'm recommending we remove.
While I agree that being insensitive is an issue, so is being oversensitive.
So, I asked an unnamed company to change an MX record.
The result was the MX record was changed incorrectly and they dropped all the email boxes they had. Oh, and you cant change an MX record without deleting everything.
o_0
Wait what
Sometimes I think certain internet email hosting providers software was designed to be an episode of CSI: Cyber
Hey, any of you set up Debian Jessie with PostgreSQL? I've done this a million times on Ubuntu and previous Debian releases, I've double checked the docs in case anything changed, etc. In short, I install the packages from aptitude, but after doing so postgres is not running, can't be connected to (because it's not running), and there is not /etc/postgresql/ or any of the files that normally live there such as pg_hba.conf or postgresql.con anywhere to be found.
Hey, any of you set up Debian Jessie with PostgreSQL? I've done this a million times on Ubuntu and previous Debian releases, I've double checked the docs in case anything changed, etc. In short, I install the packages from aptitude, but after doing so postgres is not running, can't be connected to (because it's not running), and there is not /etc/postgresql/ or any of the files that normally live there such as pg_hba.conf or postgresql.con anywhere to be found.
Hey, any of you set up Debian Jessie with PostgreSQL? I've done this a million times on Ubuntu and previous Debian releases, I've double checked the docs in case anything changed, etc. In short, I install the packages from aptitude, but after doing so postgres is not running, can't be connected to (because it's not running), and there is not /etc/postgresql/ or any of the files that normally live there such as pg_hba.conf or postgresql.con anywhere to be found.
Hey, any of you set up Debian Jessie with PostgreSQL? I've done this a million times on Ubuntu and previous Debian releases, I've double checked the docs in case anything changed, etc. In short, I install the packages from aptitude, but after doing so postgres is not running, can't be connected to (because it's not running), and there is not /etc/postgresql/ or any of the files that normally live there such as pg_hba.conf or postgresql.con anywhere to be found.
Those /etc/postgresql/* files used to live in the postresql-9.1 package on Debian Wheezy.
I just freshly installed jessie and the postgresql-9.4 package puts all the configs in /etc/postgresql/9.4/, I dunno, man, purge and reinstall.
Huh. I did that multiple times yesterday with no luck. It did the trick this morning, though. Weird. Something bad must have been cached somewhere which wasn't getting properly cleared out.
Funny... the only thing I remember about doing shit like that was tricking a user to run a command which ejected their CD drive. I think it was called "cupholder.exe"
It wasn't malicious, but freaked them out.
Le_Goat on
While I agree that being insensitive is an issue, so is being oversensitive.
+1
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
Funny... the only thing I remember about doing shit like that was tricking a user to run a command which ejected their CD drive. I think it was called "cupholder.exe"
It wasn't malicious, but freaked them out.
Did they then complain when their new computer didn't come with a cupholder?
Just remember that half the people you meet are below average intelligence.
Hey sysadmins... What's the name of a tool that you can use to reset passwords of a Windows 7 box if a user has forgotten it? I remember using a boot cd many years ago that allowed me to remove passwords but that was in the WinXP era and I'm not sure if such a tool exists anymore.
jaziekBad at everythingAnd mad about it.Registered Userregular
edited May 2015
Anybody actually set up ELK from scratch and got it working with windows logs?
I cannot for the life of me get windows event logs to work with Kibana, and I have no fucking idea what I'm doing wrong.
The logs are being sent to elasticsearch, the index is there, it has objects in it. If I give kibana the index, and tell it that the logs aren't time based, then it can show me a list of them, and find all their fields. But if I use the kibana GUI to try and set the timestamp field, like it requires, it doesn't show any fields at all in the field list dropdown.
Actually... we've been discussing a backup overhaul and whether or not physical media is an idiotic approach. After going over the pros and cons, we've agreed that going to a NAS (possibly dedup) and then cloud storage is overkill. The cost alone associated with going to the latter does not outweigh the negatives of physical media.
Our situation is a little odd, where we're a medium-sized business with government retention policies. Our data isn't so large that tapes cannot hold them reasonably or finish within a decent time frame. We also aren't so small that purchasing the equipment/tapes is too much to take on initially that renting cloud storage makes more sense.
I really wanted to move away from physical media, but after our analysis, we honestly think that it's overkill.
While I agree that being insensitive is an issue, so is being oversensitive.
I was hoping for a hybrid approach where you could still perform backup-to-disk for differentials and use tapes for offsite backups. That's the problem we ran into. The idea of using VTL is nice, but what do you do for offsite DR? We felt like we're in between, so unless we totally commit to using disk-based local backups and cloud-based for offsite storage, we didn't see much of a point to moving that way. Otherwise, we'd just be backing up to disk so that we can later backup to tape; that didn't make much sense to us for the situation we're in.
While I agree that being insensitive is an issue, so is being oversensitive.
I was hoping for a hybrid approach where you could still perform backup-to-disk for differentials and use tapes for offsite backups. That's the problem we ran into. The idea of using VTL is nice, but what do you do for offsite DR? We felt like we're in between, so unless we totally commit to using disk-based local backups and cloud-based for offsite storage, we didn't see much of a point to moving that way. Otherwise, we'd just be backing up to disk so that we can later backup to tape; that didn't make much sense to us for the situation we're in.
We have more than one site, so the sites will replicate their VTL storage to each other. Additionally you can export the virtual tapes to a physical tape on demand. The last place I worked at that had a VTL, we just did that with the monthly tapes.
Wonder if anyone here can help me with an IE annoyance.
I've got a bunch of URLs for a site in my history that won't go away. It's a site I develop so it's got a bunch of localhost entries as well as the old server it's on, and I'd like to remove them so that only the current one is there.
When the autocomplete pops up, I delete them from it, but they're there the next time I try.
Wonder if anyone here can help me with an IE annoyance.
I've got a bunch of URLs for a site in my history that won't go away. It's a site I develop so it's got a bunch of localhost entries as well as the old server it's on, and I'd like to remove them so that only the current one is there.
When the autocomplete pops up, I delete them from it, but they're there the next time I try.
In IE,
Tools, Internet Options, Content Tab
There's an AutoComplete section in the middle. Setting button. Delete AutoComplete history button.
Hmm, I was hoping to do it without deleting my entire browsing history, but I guess that's the only way.
It's just going to kill your autocomplete history, not your browsing history. I know that's cold comfort. At least when you visit the site you WANT the first time, your autocomplete should populate with it. I don't believe MS allows that file/db thing to be edited line by line though.
Posts
We're investigating a bunch of superfluous traffic on the network and one of the things I'm thinking about is why even have NetBIOS enabled at all? We aren't using any crazy legacy applications or anything, so is it even necessary? Having it disabled should cut down on unnecessary broadcasts, I would think.
I'm not surprised that the show is bad as much as how bad Patricia Arquette is in it. I hope they paid her well.
Nintendo ID: Incindium
PSN: IncindiumX
I use it.
I'm fairly positive it's intrinsic to being able to do shit like \\yourcomputer in windows now.
Unless you've got DNS properly set up for everything.
I've disabled it on my PC to test it out a bit. So far, everything seems fine.
EDIT: Then again, my IP is static with a reservation in DHCP, so maybe my machine isn't the greatest test subject
For example, we cut over to a new primary domain controller last week. the old one was a physical server on dying hardware, so we needed to cut over. Thought everything was covered until we went to set up some Lync phones, they wouldn't contact/authenticate on the domain.
2 of us spending a day on it came back to the fact that we didn't set up WINS on the new domain controller. We had the same logic "we don't really have anything that uses netbios anymore so we don't need WINS on the new domain controller" Well, the lync phones would not authenticate without it. As soon as WINS was set up on the new server, the phones would authenticate.
Youtube. I'd block youtube before either of those.
Though in all honesty, other than actual illegal things I'm personally not a fan of doing network traffic blocking. If Julie in accounting spends all day on facebook instead of accounting things that isn't a problem with her computer, that's a Julie problem, and needs to be dealt with that way.
I have no problem with Julie looking at facbook at lunch or on breaks or hell even a couple short times during the day. Hell I'm posting on a nerd forum right now myself, so who am I to judge. But there's a difference between checking it and spending all day on it, and that isn't a technology problem.
But if someone's getting viruses from those sites, they get blocked without being asked by managers.
We're going to be doing a more in-depth analysis over the next week and try to cut down on things. WPAD is another thing that showing up a lot, which I'm recommending we remove.
Sometimes I think certain internet email hosting providers software was designed to be an episode of CSI: Cyber
It looks like those files are, for some reason, in a package for bind9 - https://packages.debian.org/jessie/amd64/dms-core/filelist
Those /etc/postgresql/* files used to live in the postresql-9.1 package on Debian Wheezy.
I just freshly installed jessie and the postgresql-9.4 package puts all the configs in /etc/postgresql/9.4/, I dunno, man, purge and reinstall.
This sounds like a bad repository. But also install apt-file to answer such questions quickly.
Huh. I did that multiple times yesterday with no luck. It did the trick this morning, though. Weird. Something bad must have been cached somewhere which wasn't getting properly cleared out.
Nevermind.
Spoken like the Epson shill you are.
Ok, you made me laugh. Thanks.
I swear this was a thing that could happen with equipment back in the 80's. Google says...
It wasn't malicious, but freaked them out.
http://arstechnica.com/business/2011/11/hp-printers-can-be-remotely-controlled-and-set-on-fire-researchers-claim/
Did they then complain when their new computer didn't come with a cupholder?
You will lose any encrypted data under that account if you reset their password.
boot off of pxe and load up winpe, immediately reboots.
track it down to not getting an ip because our winpe image doesn't have the drivers for that NIC
grab the latest dell CAB for winpe, try to apply it. Fails.
After about 15 min of googling find out there's a specific driver import bug when using SCCM 2012 R2 on Server 2008 R2. Apply two hotfixes.
apply dell CAB again, succeeds;
still no network driver in winpe
find exact NIC name, get driver from intel, manually import to sccm, attach to winpe
winpe boots, gets an ip address, now can image.
This has been my Wednesday afternoon :rotate:
I cannot for the life of me get windows event logs to work with Kibana, and I have no fucking idea what I'm doing wrong.
The logs are being sent to elasticsearch, the index is there, it has objects in it. If I give kibana the index, and tell it that the logs aren't time based, then it can show me a list of them, and find all their fields. But if I use the kibana GUI to try and set the timestamp field, like it requires, it doesn't show any fields at all in the field list dropdown.
GRRRRRRRR.
"Can I open a zip file from an email. Says from a police dept in Pennsylvania. Says it is a fax to my email address. That is all it says."
Me: "Were you expecting it?"
"No. The email address checks out according to Internet search. "
"Then delete it. "
"Maybe I will call them. "
"No. Delete it. "
*sigh*
At least he asked, I guess.
Our situation is a little odd, where we're a medium-sized business with government retention policies. Our data isn't so large that tapes cannot hold them reasonably or finish within a decent time frame. We also aren't so small that purchasing the equipment/tapes is too much to take on initially that renting cloud storage makes more sense.
I really wanted to move away from physical media, but after our analysis, we honestly think that it's overkill.
We have more than one site, so the sites will replicate their VTL storage to each other. Additionally you can export the virtual tapes to a physical tape on demand. The last place I worked at that had a VTL, we just did that with the monthly tapes.
I've got a bunch of URLs for a site in my history that won't go away. It's a site I develop so it's got a bunch of localhost entries as well as the old server it's on, and I'd like to remove them so that only the current one is there.
When the autocomplete pops up, I delete them from it, but they're there the next time I try.
In IE,
Tools, Internet Options, Content Tab
There's an AutoComplete section in the middle. Setting button. Delete AutoComplete history button.
It's just going to kill your autocomplete history, not your browsing history. I know that's cold comfort. At least when you visit the site you WANT the first time, your autocomplete should populate with it. I don't believe MS allows that file/db thing to be edited line by line though.