serverfault.com

Is there anyway to find from the logs if a user is added to ediscovery Manager or ediscovery admin role group? KQL or splunk query would be helpful. I suppose for the query the Workload would be SecurityComplianceCenter but what would be the rest of the query specifically the "operation" field if I'm only looking to identify when a user is added to this role group and not for any other changes.

I am attempting to implement block-level remote disk access between two Windows systems: System B (Target): Hosts a physical disk (e.g., \.\PhysicalDrive0) System A (Initiator): Connects over iSCSI and mounts the disk as a local block device Current Approach: Using Windows iSCSI Target Server, which requires virtual disks backed by VHD/VHDX files. Issue: Creating a VHDX for a physical disk results in full-size allocation (e.g., a 400 GB disk requires ~400 GB storage) This introduces: Significant storage overhead Delay in provisioning It prevents instant exposure of the physical disk over the network Requirements: Export a raw physical disk directly (no intermediate full-size VHDX) Enable immediate / near-instant provisioning Maintain read-only access on the initiator side Ensure no additional storage footprint (no disk duplication) Preferably using Windows-native mechanism

I am planning to deploy a high traffic application on AWS EC2. The backend includes both PHP and Node.js. For PHP I need Apache compatibility due to .htaccess and existing behavior, while Node.js handles APIs and background services. I am deciding between using a control panel such as Plesk or cPanel, or configuring everything manually. In both cases the stack would be similar, with Nginx in front and Apache with PHP FPM handling PHP, alongside Node.js running separately. The difference is that a control panel adds extra services like its interface and other background components, while a manual setup would remain minimal. My focus is only on performance and security in a production environment under high traffic. Does a control panel introduce any meaningful overhead compared to a minimal manual setup with the same stack? From a security perspective, how significant is the additional attack surface of a control panel in real-world use? Also

I'm having trouble setting up SPF for my domain. I use email marketing services, but I keep getting SPF errors when sending emails. For example, one of the errors looks like this: 185.225... - SPF fail I'm not sure which service this IP is from. It's a Google IP address, but I don't know how to properly configure SPF for all the services I use (like MailerLite and others). I also have questions about configuring these services with the correct SPF records to prevent errors. My current SPF record looks like this: stratoplan-school.com. 3600 TXT "google-site-verification=Vd2u0DJC65p1w4iGqNS6U9D0u0wa6i8-l5UYtM7qB6I" 8.8.8.8 (103 msec) stratoplan-school.com. 3600 TXT "v=spf1 include:_spf.mlsend.com include:_spf.google.com include:mxsspf.sendpulse.com include:_spf.amocrmmail.com ~all" 8.8.8.8 (103 msec) stratoplan-school.com. 3600 TXT "shop-verification-oa2QwwqvAl" 8.8.8.8 (103 msec) strato

I sort of frequently encounter software that pretends it owns all of a PostgreSQL instance and wants to create a database, even if it's already there and the software uses the account owning the database. I know how to alter user <application_user> createdb;, but would like to have an option to say something like alter user <application_user> createdb matching ('regular expression here');, so that the user can only create databases with names matching the given regular expression. What are my options, please?

Environment Host: CachyOS (Arch-based), KDE Plasma 6.6.2, Wayland (kwin_wayland) Hardware: Lenovo ThinkPad T14s Gen 4, AMD Ryzen 7 PRO 7840U, Radeon 780M Display: 2880x1800 physical, KDE global scale: 2x → logical resolution 1440x900 Kernel: 6.18.17-1-cachyos-lts, amdgpu/Mesa 26.0.2 Guest: Kali Linux, KDE Plasma, X11 session, scale 2x VM: QEMU/KVM via virt-manager Video: VirtIO GPU (virtio-vga), 3D acceleration + OpenGL enabled Display: SPICE server + OpenGL Input: USB EvTouch Tablet (absolute mode) + PS/2 mouse (cannot be removed) spice-vdagent: 0.23.0-1+b1, running (system daemon + user session) Problem The mouse cursor is visually shown at a position exactly half the screen away from where clicks actually register — both horizontally and vertically. This only happens when the guest resolution is set to fill the screen (e.g. 2880x1508, the SPICE preferred mode). The offset is exactly proportional to the 2x host scale fa

I’m running an Ansible playbook that installs coturn using a dynamic AWS inventory (aws_ec2 plugin). Setup Inventory: inventories/coturn/hosts.aws_ec2.yml (aws_ec2 plugin) Group vars file: inventories/coturn/group_vars/aws_ec2.yml Variables defined there: env: "stg" domain_name: "coturn.example.com" bucket_name: "bucket.com" coturn_git_ref: "docker/4.9.0-r0" I have a playbook that calls a role, in that role, have a step to setup a coturn. In the role: - name: clone coturn repo git: repo: https://github.com/coturn/coturn.git dest: /home/bot/coturn version: "{{ coturn_git_ref }}" I get: 'coturn_git_ref' is undefined Confusing part: other variables such as bucket_name (from the same group_vars/aws_ec2.yml) works fine. coturn_git_ref is not found Wh

I have an Ansible task with an an API call and response. Currently it takes one server from the inventory and passes it to API. The API accepts a limit of five calls in series in 300 seconds. When the limit is exceeded, the call fails with the message "API limit reached. Only 5 calls per 300 seconds." The API can handle 50 servers in a single call. Ex : server name: ["svr1", "svr2".."svr50"] I know there is a serial key in Ansible in which we can process five servers at a time. But I don't want to wait for that call to finish all the task then wait for next batch. Since the API handles 50 servers at a time, I want to send as much possible server in bulk for that API call task. The remaining tasks can run serially. Kindly suggest me good way to archive this. My current YML Task 1: Call A uri: https://xyz body: server_names: {{ hostname }} Task 2: register th

I'm running Postfix 3.10 on an Ubuntu 24.04 server, with these settings in /etc/postfix/main.cf: smtpd_client_restrictions = # previous entries omitted for brevity warn_if_reject reject_unknown_client_hostname smtpd_helo_restrictions = # previous entries omitted for brevity warn_if_reject reject_unknown_helo_hostname I noticed that the warn_if_reject warnings are logged surprisingly often, e.g.: postfix/smtp/smtpd[86198]: NOQUEUE: reject_warning: RCPT from unknown[2607:f8b0:4864:20::53d]: 450 4.7.25 Client host rejected: cannot find your hostname, [2607:f8b0:4864:20::53d]; from=<[email protected]> to=<[email protected]> proto=ESMTP helo=<mail-pg1-x53d.google.com> Many of the failures are correct (spammers using hosts without reverse DNS records), but many are from supposedly legitimate senders (such as the above example from Google). I manually verified

I need to prevent Microsoft 365 Companion Apps such as People, FileSearch, Calendar from automatically starting. I am administrator for several hundred Windows 11 clients, so I need to do this unattended with a policy or script. I tried removing the apps using PowerShell: Get-AppxPackage *people* | Remove-AppxPackage But the applications are not removable. Another suggestion found online is disabling them in the Microsoft 365 Apps admin center. Here you can disable the installation and the autostart of the apps, but only if they are not already installed. What to do with the devices that already have the apps installed? Then I searched multiple places in the Registry in HKCU and HKLM: \Software\Micros