Listen Up!

IPv6 is here to stay. Removing it can break networking. Do not remove it.

SMBv1is a security hole and has been removed from Windows 7 & above, Server 2008 & up.
SMBv1 has been removed meaning you cannot connect to old operating system, old NAS devices and old printer/scanners.
SMBv1 is a security hole. Do not enable it.

Window 10 is going to update. Get used to it. The people who turned Windows 7 updates off and then blamed Microsoft when their operating got hacked and hosed caused this.

Home group has gone (Windows 10 V1803 and up). Get used to Password Protected sharing and learn how to use it. I wrote an article about this  (look in my Articles for Folder Sharing on modern computers). Do not turn passwords off.

Windows 10 is not Windows 7, does not work like Windows 7 and has dispensed with some old Windows 7 ideas. There is no going back. Get used to it.

You got ransomware from people opening email from strangers. Get a Spam Filter. Train Employees, keep Off-Site backups. It is not a technology problem - it is a management problem.

Amortize expensive software and hardware to create cash for new equipment. "I am stuck on XP because the equipment is too expensive to upgrade" is not an option. Get your accountant to explain this to you.





2
LVL 29

Expert Comment

by:Andrew Leniart
Hi John,

Firstly, thanks for making this interesting post. I have a few comments if you don't mind?

IPv6 is here to stay. Removing it can break networking. Do not remove it.

I have removed (disabled) IPv6 on "at least" a dozen of various clients workstations because it was causing problems for them by having it enabled in their network adapter.

Disabling IPv6 (not removing it) by just unticking it in the network adapters is not likely (and in my experience) never causes any problems, so I'm not sure if you're referring to removal of the protocol from the adapter completely (ie: uninstalling) or just disabling.

If uninstalling, then I agree it's a bad idea because eventually it will be widely needed, however, if you're referring to just disabling the protocol in adapters, I totally disagree because I've yet to see doing that cause a problem - indeed, as I mentioned earlier, disabling it often solves problems.

Which did you mean?

SMBv1 is a security hole. Do not enable it.
When connected to the Internet, I agree with you there 100%!

Get used to Password Protected sharing and learn how to use it. I wrote an article about this  (look in my Articles for Folder Sharing on modern computers). Do not turn passwords off.
Again agreed and great advice.

Windows 10 is not Windows 7, does not work like Windows 7 and has dispensed with some old Windows 7 ideas. There is no going back. Get used to it.
Workarounds are still available and widely used. Ie: Start10, (Not free but very cheap and works extremely well.  

Classic Shell - 100% free, easy to install, configure and use and works just as well as Start10. I've installed both to client machines dozens of times since Windows 10 was released and they all thanked me for it. Never a problem.

You got ransomware from people opening email from strangers. Get a Spam Filter. Train Employees, keep Off-Site backups. It is not a technology problem - it is a management problem.
Agreed and again, excellent advice.

Amortize expensive software and hardware to create cash for new equipment. "I am stuck on XP because the equipment is too expensive to upgrade" is not an option. Get your accountant to explain this to you.
That's not always possible and as the majority of my client base are Accounting firms, I can tell you from personal experience that an Accountant is the last person you should ask for computer-related advice.

The majority of them are hopeless with anything computer related than what they personally use - Ie: Their practice management software. Helping them is where the bulk of my companies earnings are generated from yearly :)

Cheers... Andrew
0
LVL 114

Author Comment

by:John
Thank you, Andrew, for your comments.

IPv6 - Here is one article (of many) that supports keeping. We have not removed it at any client on any workstation or any server

https://www.reddit.com/r/sysadmin/comments/138xo2/friendly_reminder_do_not_uncheck_ipv6_on_your/

Windows 7 - I just adapted to and use the new Windows 10 Start menu. Works fine. All our Windows 10 users are very comfortable with it.

Old software / hardware - I have helped clients off old gear. None left. My ISP (large in my area) is slow getting off Windows 7 to manage their infrastructure boxes,  but they are slowly getting it done. I do not have much sympathy.   I help clients move off old gear and we are all happy.
1
LVL 29

Expert Comment

by:Andrew Leniart
Hi John,

Thanks for the article link. I have a paid premium membership I maintain at reddit but that article you've pointed me to has never come up in my feed and I do follow the sysadmin sub-reddit - though I guess it's always possible that I just missed it. I'll be sure to give it a read later on when I have bit more free time. There are a few article submissions in the queue ready for editing at the moment that I want to deal with first.

We have not removed it at any client on any workstation or any server
I'd say that it's highly likely you've never struck the issues my clients were having or if you did, found and used a different workaround. I can honestly say, however, that unticking the IPv6 option has "never" caused a problem for me or my clients.

If you could give me an example website or two to go to, that will cause issues while I have IPv6 disabled, I'd be very grateful because I'd like to see first hand the issues that you say disabling it causes?

Old software / hardware - I have helped clients off old gear. None left.
I have too, but mostly with my business clients. A lot of my home and small business clients are highly price conscious though and very much appreciate when I can find a suitable solution for them that still keeps them secure - and the funny thing is, they'd often rather pay me for an out of the box solution that isn't all that much cheaper than it would have been to just replace the software or hardware they want to keep using.

I'm always very upfront about costs for workarounds as opposed to just replacing or upgrading hardware and software too, but they still choose the latter and are determined to keep what they've already got. Go figure?

I do not have much sympathy.
That's where we differ. I listen to them and am sympathetic to their situation and needs. Though I have sacked a few clients in past years because they've refused to accept my recommendations with regards to security so refused to act as administrator for them. In 20+ years of being in business though, I have only ever been sacked by ONE client and I'm quite proud of that :)

I help clients move off old gear and we are all happy.
I help them achieve what they want in the best possible way, and they're always happy :-)

Regards, Andrew
0
LVL 114

Author Comment

by:John
I do not lose clients either.  I always work with the Business owner to achieve objectives.
1
LVL 29

Expert Comment

by:Andrew Leniart
I do not lose clients either.
You're obviously an effective and highly experienced admnistrator and consultant, so that doesn't really surprise me.

Did you notice this request in my last comment though?

If you could give me an example website or two to go to, that will cause issues while I have IPv6 disabled, I'd be very grateful because I'd like to see first hand the issues that you say disabling it causes?
0
LVL 114

Author Comment

by:John
I saw your comment, but I read through the Reddit article and that influences my thinking. No issues of any kind anywhere keeping IPv6 enabled and no reason at any client anywhere needing to disable it.
1
LVL 52

Expert Comment

by:noci
there is a few more things from the past that SHOULD not be used anymore from this century onward:
UNENCRYPTED data transfer
like FTP   - use scp or sftp
HTTP - use https
PPTP - use l2tp or better instead
lets not recycle this waste from the 1990's
1
LVL 114

Author Comment

by:John
I agree. I have not used plain FTP or PPTP for years now.
0
LVL 14

Expert Comment

by:Brandon Lyon
I've run into trouble with IPv6 before where it was necessary to disable it. The last one I remember was related to some exotic VPN and router conflicts. I agree with Andrew, the on/off switch for IPv6 was a really easy fix and caused no issues. In an ideal world IPv6 would just work. Also in an ideal world buying new equipment might be an option. Alas we don't live in an ideal world.
2
LVL 114

Author Comment

by:John
We use fairly standard and well known router and VPN boxes and they all seem to work with IPv6.  However, all this stuff will evolve over time.
0
LVL 52

Expert Comment

by:noci
Instead of disabling it it might be an idea to prioritize IPv4 as a temporary measure. So not remove/disable IPv6, but ask A before AAAA...
0
LVL 29

Expert Comment

by:Andrew Leniart
but ask A before AAAA...
(AAAA...)  

Que?
1
LVL 52

Expert Comment

by:noci
DNS Query A = IPV4 address translation, AAAA = IPv6 address query.
2

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month