serverfault.com

We want to prevent users from downloading documents to unmanaged devices. To do so, we configured "SharePoint Online admin center", then "Polices", then "Access Policy", and selected the second option: I know that this will prevent users from downloading and printing SharePoint documents from unmanaged devices from the SharePoint UI, and they can only view the document inside the browser. What effect will be applied to the Teams desktop app and Outlook desktop app? If a user has the Teams desktop app, will they be able to use them to chat, view SharePoint documents and upload new documents, or they can only do so using Teams on the web? Thanks

I am planning to migrate from VMware and would like to choose a suitable alternative virtualization platform. Current environment: 5 physical servers, ~40 VMs Storage: local disks + SAN (fiber-connected) Network: 1 Gbps No requirement for Ceph, ZFS, or distributed storage Workloads: Primarily Linux VMs Some Windows VMs (Active Directory, File Server, Veeam Backup) Concerns: Hyper-V: Windows Admin Center is complex, Hyper-V Manager lacks advanced features Proxmox: good UI, but Windows VM performance is not optimal even with VirtIO XCP-ng: no direct experience, but XenServer was previously stable; unsure about current adoption and support Question: Which of these platforms provides the best balance of: Stability in enterprise environments

Is there anyway to find from the logs if a user is added to ediscovery Manager or ediscovery admin role group? KQL or splunk query would be helpful. I suppose for the query the Workload would be SecurityComplianceCenter but what would be the rest of the query specifically the "operation" field if I'm only looking to identify when a user is added to this role group and not for any other changes.

I am attempting to implement block-level remote disk access between two Windows systems: System B (Target): Hosts a physical disk (e.g., \.\PhysicalDrive0) System A (Initiator): Connects over iSCSI and mounts the disk as a local block device Current Approach: Using Windows iSCSI Target Server, which requires virtual disks backed by VHD/VHDX files. Issue: Creating a VHDX for a physical disk results in full-size allocation (e.g., a 400 GB disk requires ~400 GB storage) This introduces: Significant storage overhead Delay in provisioning It prevents instant exposure of the physical disk over the network Requirements: Export a raw physical disk directly (no intermediate full-size VHDX) Enable immediate / near-instant provisioning Maintain read-only access on the initiator side Ensure no additional storage footprint (no disk duplication) Preferably using Windows-native mechanism

I am planning to deploy a high traffic application on AWS EC2. The backend includes both PHP and Node.js. For PHP I need Apache compatibility due to .htaccess and existing behavior, while Node.js handles APIs and background services. I am deciding between using a control panel such as Plesk or cPanel, or configuring everything manually. In both cases the stack would be similar, with Nginx in front and Apache with PHP FPM handling PHP, alongside Node.js running separately. The difference is that a control panel adds extra services like its interface and other background components, while a manual setup would remain minimal. My focus is only on performance and security in a production environment under high traffic. Does a control panel introduce any meaningful overhead compared to a minimal manual setup with the same stack? From a security perspective, how significant is the additional attack surface of a control panel in real-world use? Also

I'm having trouble setting up SPF for my domain. I use email marketing services, but I keep getting SPF errors when sending emails. For example, one of the errors looks like this: 185.225... - SPF fail I'm not sure which service this IP is from. It's a Google IP address, but I don't know how to properly configure SPF for all the services I use (like MailerLite and others). I also have questions about configuring these services with the correct SPF records to prevent errors. My current SPF record looks like this: stratoplan-school.com. 3600 TXT "google-site-verification=Vd2u0DJC65p1w4iGqNS6U9D0u0wa6i8-l5UYtM7qB6I" 8.8.8.8 (103 msec) stratoplan-school.com. 3600 TXT "v=spf1 include:_spf.mlsend.com include:_spf.google.com include:mxsspf.sendpulse.com include:_spf.amocrmmail.com ~all" 8.8.8.8 (103 msec) stratoplan-school.com. 3600 TXT "shop-verification-oa2QwwqvAl" 8.8.8.8 (103 msec) strato

I sort of frequently encounter software that pretends it owns all of a PostgreSQL instance and wants to create a database, even if it's already there and the software uses the account owning the database. I know how to alter user <application_user> createdb;, but would like to have an option to say something like alter user <application_user> createdb matching ('regular expression here');, so that the user can only create databases with names matching the given regular expression. What are my options, please?

Environment Host: CachyOS (Arch-based), KDE Plasma 6.6.2, Wayland (kwin_wayland) Hardware: Lenovo ThinkPad T14s Gen 4, AMD Ryzen 7 PRO 7840U, Radeon 780M Display: 2880x1800 physical, KDE global scale: 2x → logical resolution 1440x900 Kernel: 6.18.17-1-cachyos-lts, amdgpu/Mesa 26.0.2 Guest: Kali Linux, KDE Plasma, X11 session, scale 2x VM: QEMU/KVM via virt-manager Video: VirtIO GPU (virtio-vga), 3D acceleration + OpenGL enabled Display: SPICE server + OpenGL Input: USB EvTouch Tablet (absolute mode) + PS/2 mouse (cannot be removed) spice-vdagent: 0.23.0-1+b1, running (system daemon + user session) Problem The mouse cursor is visually shown at a position exactly half the screen away from where clicks actually register — both horizontally and vertically. This only happens when the guest resolution is set to fill the screen (e.g. 2880x1508, the SPICE preferred mode). The offset is exactly proportional to the 2x host scale fa

I’m running an Ansible playbook that installs coturn using a dynamic AWS inventory (aws_ec2 plugin). Setup Inventory: inventories/coturn/hosts.aws_ec2.yml (aws_ec2 plugin) Group vars file: inventories/coturn/group_vars/aws_ec2.yml Variables defined there: env: "stg" domain_name: "coturn.example.com" bucket_name: "bucket.com" coturn_git_ref: "docker/4.9.0-r0" I have a playbook that calls a role, in that role, have a step to setup a coturn. In the role: - name: clone coturn repo git: repo: https://github.com/coturn/coturn.git dest: /home/bot/coturn version: "{{ coturn_git_ref }}" I get: 'coturn_git_ref' is undefined Confusing part: other variables such as bucket_name (from the same group_vars/aws_ec2.yml) works fine. coturn_git_ref is not found Wh

I have an Ansible task with an an API call and response. Currently it takes one server from the inventory and passes it to API. The API accepts a limit of five calls in series in 300 seconds. When the limit is exceeded, the call fails with the message "API limit reached. Only 5 calls per 300 seconds." The API can handle 50 servers in a single call. Ex : server name: ["svr1", "svr2".."svr50"] I know there is a serial key in Ansible in which we can process five servers at a time. But I don't want to wait for that call to finish all the task then wait for next batch. Since the API handles 50 servers at a time, I want to send as much possible server in bulk for that API call task. The remaining tasks can run serially. Kindly suggest me good way to archive this. My current YML Task 1: Call A uri: https://xyz body: server_names: {{ hostname }} Task 2: register th