-
Riccardo Bicelli commented on Tactical RMM: Open Source remote monitoring and management for Windows 1 month, 3 weeks ago
Hi Daren! My company is using it and we’re pretty satisfied.
-
Riccardo Bicelli commented on Tactical RMM: Open Source remote monitoring and management for Windows 2 months ago
Yes, at the time I wrote the article you needed to open outbound 443 and 4222 (nats) from agent to RMM to work. In latest releases only 443 is needed.
Agents need also to communicate with https://icanhazip.tacticalrmm.io/ to get public IP info. Unsigned agents need to access https://github.com/amidaware/rmmagent/releases/*.
Signed agents need to access https://agents.tacticalrmm.com. -
-
Riccardo Bicelli wrote a new post, Tactical RMM: Open Source remote monitoring and management for Windows 1 year, 1 month ago
Tactical RMM is a free, Open Source remote monitoring and management tool for Windows. Among the many features it supports are remote desktop control, real-time remote shell, Windows patch management, remote software installation via chocolatey, and software and hardware inventory.
-
Riccardo Bicelli commented on Use OpenSSL-based software XCA as offline root certificate authority for AD Certificate Services 1 year, 10 months ago
You have to set the CRL distribution point in the CA certificate also, then put the CRL in your Web root of Web Enrollment.
-
Riccardo Bicelli liked Generate DKIM keys with OpenSSL in WSL and add public key to DNS. (So far, This post has 3 likes) 2 years, 1 month ago
-
Riccardo Bicelli commented on Use OpenSSL-based software XCA as offline root certificate authority for AD Certificate Services 2 years, 1 month ago
Yes, you can keep it on the DC. You don’t need to install XCA since it’s portable. If you are running a virtual environment it is convenient to create a detachable hard drive which you can use to keep XCA and its database on it.
-
Riccardo Bicelli wrote a new post, Use OpenSSL-based software XCA as offline root certificate authority for AD Certificate Services 2 years, 1 month ago
When Active Directory Certificate Services are deployed, Microsoft recommends at least a two-tier infrastructure, comprising a root CA and a subordinate CA. For security reasons, it’s recommended to keep the root CA offline. Since the root CA is used only for signing the intermediate CA certificates, many sysadmins don’t like the idea of burning a Windows license for a powered-off server. A convenient solution is to use a non-MS offline CA.
-
Riccardo Bicelli wrote a new post, Deploy software with WPKG and Active Directory 2 years, 3 months ago
WPKG is a simple and powerful open source solution designed to deploy software on Windows machines without repackaging installers. It can be used to deploy many formats of installers (MSI, NSIS, Install Shield, and Inno Setup), and it can execute commands and scripts. In this tutorial, we’ll see how to set up a WPKG environment in Active Directory.
-
Riccardo Bicelli liked Leos Marek (Rank: Level 4)
comment. (So far, Leos Marek (Rank: Level 4)
has 1 likes for this comment) 2 years, 5 months ago -
Riccardo Bicelli wrote a new post, Backup script for SQL Server databases 2 years, 5 months ago
Every now and then, a sysadmin has to deal with SQL Server backups. In this article, we’ll set up, and hopefully forget, a simple but effective backup strategy for SQL Server databases, using only the best backup system for SQL Server: SQL Server itself!
-
Riccardo Bicelli replied to the topic Which Devops Certification is Best? in IT Administration Forum 2 years, 5 months ago
Maybe you could look into LPIC DevOps Tools Engineer. https://www.lpi.org/our-certifications/devops-overview
I think is pretty new because there are no study books ready. When buying LPIC-101 and LPIC-102 exam vouchers I got the DevOps tools voucher for free but it seems there’s a lot of study to pass the exam, since there are plenty of technology and tools involved, from Ansible to K8/Docker Swarm, etc. However I think this is a good base for understanding the devops world and be confident with contemporary and future tools.
-
Riccardo Bicelli wrote a new post, How to create an ADMX template 2 years, 6 months ago
In this howto, I’ll explain how to create a basic ADMX template from scratch and use it in a working example. When I was writing my first application that works with GPOs, at the point of writing my first ADMX template, I realized that ADMX Migrator from Microsoft didn’t work as expected. So I dug through official documentation, reverse engineered some existing templates, and found a way to write my own templates.
-
Riccardo Bicelli wrote a new post, Automatic renewal of Let's Encrypt SSL certificates with Cloudflare using Ansible 2 years, 7 months ago
Let’s Encrypt offers a free, easy way to have SSL certificates that are generally secure and don’t produce warnings in your browser. However, with certificates expiring every 90 days, manually updating them could become a tedious task, even more so if you have to deploy the same certificate on multiple machines. In this guide, we’ll see how to auto-update certificates on multiple machines in a typical Citrix XenDesktop/XenApp scenario, using Ansible and some scripting.
-
Riccardo Bicellli commented on DesktopComposer: Deploy Windows 10 Start menu and desktop shortcuts with Group Policy 2 years, 8 months ago
1) In this case settings are defined in the tool. Security is a link that unfortunately can’t be overridden. If you want the user to have calculator, notepad, etc… you’ll have to define them in composer.
2) You can avoid agent install by putting the agent folder on an UNC path (i.e. mydomainnetlogoncomposeragent and in the GPO call the executable. But you have to call the after-installation steps of agent in computer logon scripts (i.e. mydomainnetlogoncomposeragentcomposeragent.exe -install ), which creates the DesktopComposer Local user groups and sets ACLs on Common start menu folder.
-
Riccardo Bicellli commented on DesktopComposer: Deploy Windows 10 Start menu and desktop shortcuts with Group Policy 2 years, 8 months ago
Hi Leos! Glad to be here 🙂
Installation of agent isn’t strictly required, It is just for convenience because the installer does some tasks, like setting ACL on all user’s menu and adding a user group to the system that can be done also in a machine login script GPO (by calling %agentexecutablefullpath% -install).
Start menu items defined in Composition file will replace both the common start menu and user’s start menu. At startup the agent takes a backup of initial user’s start menu, which will be restored at logoff, when agent is called with switch -decompose.
Cheers!
-
Riccardo Bicelli wrote a new post, DesktopComposer: Deploy Windows 10 Start menu and desktop shortcuts with Group Policy 2 years, 8 months ago
DesktopComposer is an open source tool that simplifies Start Menu and Desktop shortcut deployment in Windows 10, Windows Server 2016, and Windows Server 2019 with Group Policy.
-
-