Summary: We will use Bitlocker to secure device data, requiring a PIN or Password to boot into Windows or read the hard drive. This is aimed to be the definitive guide to getting started and managing BitLocker. Technical Details Bitlocker locks the key for decryption with multiple keys (“Protectors”). This can include TPM, TPM and PIN, Password, a USB key, and even certificates. You can have multiple ways to unlock the decryption key The keys appear transparent to the user, even during recovery The hard drive can be removed and put into another computer.
Summary: SSH Agents hold your SSH keys while you traverse to other SSH targets, without revealing your private keys. Longer Explanation The concept of SSH keys should not be lost on you; if it is, check out my post about SSH keys made easy. However, if your ~/.ssh/authorized_keys file is getting long, and especially if you’re the only user, then you could use an SSH agent to help out.
I got disappointed after searching high and low on Google for how to use Group Policy in order to set a default printer. Almost every article I read assumed the reader had a print server available, or would deploy a local printer connection right from the Group Policy Management Console. Finally, I found the solution! In the environment that I support, we have “Printer Packages” by the manufacturer. These packages are essentially printer queues with default settings already entered for the Printer Preferences - you know, the items you CAN NOT change easily from a remote location, to many systems?
Purpose This will let us use our phone as a second-factor for logging in to an SSH session. This helps harden our SSH security, and encourages users to use 2FA in general. Because it asks for a password that changes every 60 seconds along with your known password, it makes the server MUCH harder to brute-force, especially if it is an Internet-facing server. Posted on Github as well - comments welcome!
In a previous post, I talked about why I couldn’t access any file shares, or connect remotely to some systems. The issue was caused by services, protocols and clients missing from the network adapters. Now that the issue had been identified, I had two choices: manually touch every machine, using the mouse for most of the work, or automate the process. This post describes the latter.
Recently, I’ve been seeing posts about the new Skylake-based Intel processors that Dell is using in their Precision, Optiplex and Latitude lines of products. It makes the system fast, even without using much power, but it causes an issue if a SysAdmin needs to install Windows 7 from their installation media - most notably, the USB drive is not available, and neither is the hard drive from the Windows 7 WinPE environment.
So today, I was helping someone with a multi-site WordPress issue, and I linked to my blog. But guess what? It wasn’t coming up! All my external tests seemed to work, including Down for Everyone or Just Me, and even Cloudflare! I could still SSH into my server (as I was watching log files scroll by anyways!), so I knew it was up and accessible. So, what’s next?
Setting up Exim 4 is relatively easy on Debian, especially if you’re only sending mail to yourself (i.e. Server messages, Forget Password requests, etc). Because I have home-level Internet service from my Canadian ISP, I can’t host mail directly on this box - but I also don’t want to rely on Shaw’s mail servers if I ever change service later on in life.
Welcome back to Talk About IT! We had a bit of a mishap, so all the previous content is gone. Backup, backup backup! Luckily, all the customer data has been recovered, with no loss. The server has been reconfigured, with a proper RAID setup, and off-site backups. It is going to make things a lot easier to recover, hopefully! Once the extra computers I’ve ordered have arrived, I’ll work on setting up haproxy and getting some clustering going.