QuickBooks Desktop Premier 2024 - User Access Controls

 

Intro:

Needed a way to visualize the user access controls presented in the non-enterprise version of QuickBooks Desktop 2024 for a customer. Roles are only available in QB Desktop Enterprise version.

User Access Controls:

1. Company
2. Users
3. Set Up Users and Roles
4. Enter admin Password
5. Add new user

Side Notes:

If you're looking for the options available to Enterprise users please check out the following links:

https://quickbooks.intuit.com/learn-support/en-us/help-article/manage-users/create-manage-roles-quickbooks-desktop-enterprise/L9z3XdBcQ_US_en_US?uid=lozfuvsk

https://www.bza.me/?NLZL15

👽

pfSense - Not Resolving Hostnames to IP Addresses?

 

Intro:

For a while this has been bugging me. You should be able to ping a hostname on the local network and it should return the device's IP address. It's working for some hosts but not all. This is under Windows 10 Enterprise or Pro.

"ping orangepizero3" should return 192.168.2.226 but the ping command is stating "Ping request could not find host orangepizero3. Please check the name and try again.".

Fix:

Call up your pfSense web admin portal.

Navigate to "Services --> DNS Resolver".

Scroll all the way down and at the bottom enable the following two settings:

• DHCP Registration
• Static DHCP

The page will reload, click on "Apply" in green.

Flush the DNS resolver on your machine.

ipconfig /flushdns

Try pinging the host again.

Side Notes:

Google Chrome loves to not work properly on many levels. For the example above I'm finding that it doesn't even attempt to look up "orangepizero3" before returning "Address not found...".

If I call up "http://orangepizero3/admin" in a normal or private Chrome Window, I get the same error. 

• CTRL + Reload doesn't do jack.
• Clearing the DNS cache at "chrome://net-internals/?#dns" doesn't do shit either.

However if call it up in FireFox in either a normal page or private page, it loads the Pi-hole page after a second or two of thought. Subsequent lookups are even faster due to its caching.

At a loss with Chrome.

👽

Thunderbird - Red Exclamation Mark on Recipient Address in Compose

Problem:

Red exclamation mark next to an email address in the compose box. Originally I copied the email address from OSTicket. It looked like this "test@aol.com" with bold on the "t". This was the invalid character. Strange because now I can't reproduce it.

Resolution:

There's a non-windows character in the name somewhere. Try typing the name in directly vs copying and pasting the address from another program.

👽

Orange PI Zero 3 - Initial Set Up, DDNS, and WireGuard Configuration

Intro:

MAJOR EDIT IN PROGRESS!!!!!

This is a multipart article wrapped into one. We'll use the Orange PI Zero 3 as a DDNS update client, Pi-hole server, and as a WireGuard server. This will assume you've read and setup the pi already. (INSERT ARTICLE HERE ABOUT GENERAL SETUP). We'll load some cool tools for administering the network as well.

This entire thing started when you could no longer buy a Raspberry PI for $35.

Usually NVR camera systems will include some sort of dynamic dns service or allow you to use your own update URL. I had the "pleasure" of working on a Speco NVR unit. If you've never heard of them stay away, they're akin with the no name systems sold in big box stores. Five minutes with this thing and you'll want to throw it out a window. There's tons of standard features that are nowhere to be found on these units. I've seen cheaper noname brands that include more functionality.

This particular Speco VX NVR only includes their own ddns service (which does not work) and contains no alternative options. They do not give you the option to use popular services such as "no-ip" or "dyndns". Usually you can get away with using the "dyndns" update url with your own service. Nope, not this time.

In comes the Raspberry PI, great idea but still (10/2023) ridiculously overpriced by scalpers, so this is a no go. Orange PI looks like a viable alternative on paper at a quarter of the cost and is currently in stock.

I'm using the Orange PI Zero 3 for this (tested with 1 & 2gb version). Amazon had them delivered the same day.

Since there are no commercial cases available I have modified another design to include a spot for velcro and or hidden drywall screws. I've also modified it to take the el cheapo Amazon stainless metric socket cap screws that have a splined design on the cap side. My local hardware store has the smooth side version (18-8) which is why they fit easily on the first print.

I can only find two types socket cap screws from McMaster-Carr that fit the bill for this design. One has a smooth side and is labeled " 18-8 Stainless Steel Socket Head Screws" and the other " Super-Corrosion-Resistant 316 Stainless Steel Socket Head Screws" is overkill for this design but I suspect it's what the Chinese have sloppily copied and are reselling on Amazon.

I believe the original designer of this case used the CAD files in Fusion 360 of the 18-8 screws and not a physical measurement of the Amazon specials.

I'm in the process of redesigning this case from the ground up to make the installation easier.

Windows 10 & 11 - Show WiFi Password for Specific SSIDs

Intro:

Use CMD or Terminal to show the saved wifi password of previously connected and remembered SSID's on Windows 10 or 11.

Command Syntax:

List all wifi profiles on current machine:

netsh wlan show profiles

Show wifi password for specific SSID:

netsh wlan show profile name=WIFI-NAME key=clear

If there’s spaces in the wifi name, enclose the name in parenthesis:

netsh wlan show profile name="WIFI NAME WITH SPACES" key=clear

👽

Orange PI Zero 3 - How to Default U-Boot Environmental Variables + Help Output

Intro:

U-Boot shenanigans. While playing around with VxWorks images I figured I better have a copy of this in case something goes wrong. Little did I know at the time that the OS image would reset all the variables back to normal after the first boot. I kept the post in case someone wants the default output or help command output as a reference.

*The serial connection on the Orange PI Zero 3 (MicroSD port at top) from left to right is GND, RX, TX.

*If you default the boot variables or you screw something up, insert a MicroSD card with "Orangepizero3_1.0.2_debian_bookworm_server_linux6.1.31" burned to it and boot it. This should set the env variables again.

Here's the output of the "env" command:

=> env
env - environment handling commands

Usage:
env default [-f] -a - [forcibly] reset default environment
env default [-f] var [...] - [forcibly] reset variable(s) to their default values
env delete [-f] var [...] - [forcibly] delete variable(s)
env edit name - edit environment variable
env exists name - tests for existence of variable
env export [-t | -b | -c] [-s size] addr [var ...] - export environment
env import [-d] [-t [-r] | -b | -c] addr [size] [var ...] - import environment
env print [-a | name ...] - print environment
env run var [...] - run commands in an environment variable
env save - save environment
env set [-f] name [arg ...]

=>

How to Default the Boot Environment Variables:

1. Pull the MicroSD card from the PI.
2. Type "reset".
3. Hit the space bar to interrupt boot.
4. Type "env default -a".
5. Type "reset".
6. Hit the space bar to interrupt boot.
7. Type "printenv" and it should look like the following:

=> printenv
baudrate=115200
bootcmd=run distro_bootcmd
bootdelay=2

Environment size: 62/131068 bytes
=>

After booting "Orangepizero3_1.0.2_debian_bookworm_server_linux6.1.31":

boot_fastboot=fastboot
boot_normal=sunxi_flash read 45000000 boot;bootm 45000000
boot_recovery=sunxi_flash read 45000000 recovery;bootm 45000000
bootcmd=run setargs_nor boot_normal
bootdelay=2
bootreason=unknow
cma=64M
console=tty1
earlyprintk=sunxi-uart,0x05000000
fastboot_key_value_max=0x8
fastboot_key_value_min=0x2
fdtcontroladdr=bbf1aba0
init=/init
initcall_debug=0
keybox_list=hdcpkey,widevine
loglevel=2
mmc_root=/dev/mmcblk0p4
nand_root=/dev/nand0p4
nor_root=/dev/mtdblock4
partitions=boot-resource@mtdblock1:env@mtdblock2:boot@mtdblock3:rootfs@mtdblock4:UDISK@mtdblock5
recovery_key_value_max=0x13
recovery_key_value_min=0x10
selinux=0
setargs_mmc=setenv  bootargs earlyprintk=${earlyprintk} initcall_debug=${initcall_debug} console=${console} loglevel=${loglevel} root=${mmc_root} rootwait init=${init} partitions=${partitions} cma=${cma} snum=${snum} mac_addr=${mac} wifi_mac=${wifi_mac} bt_mac=${bt_mac} selinux=${selinux} specialstr=${specialstr} gpt=1
setargs_nand=setenv bootargs earlyprintk=${earlyprintk} initcall_debug=${initcall_debug} console=${console} loglevel=${loglevel} root=${nand_root} init=${init} partitions=${partitions} cma=${cma} snum=${snum} mac_addr=${mac} wifi_mac=${wifi_mac} bt_mac=${bt_mac} selinux=${selinux} specialstr=${specialstr} gpt=1
setargs_nor=setenv bootargs  earlyprintk=${earlyprintk} initcall_debug=${initcall_debug} console=${console} loglevel=${loglevel} root=${nor_root} init=${init} partitions=${partitions} cma=${cma} snum=${snum} mac_addr=${mac} wifi_mac=${wifi_mac} bt_mac=${bt_mac} selinux=${selinux} specialstr=${specialstr} gpt=1
snum=REMOVED (19 characters)

U-Boot Help Menu:

?       		- alias for 'help'
base    		- print or set address offset
bdinfo  		- print Board Info structure
boot    		- boot default, i.e., run 'bootcmd'
bootd   		- boot default, i.e., run 'bootcmd'
bootm   		- boot application image from memory
bootp   		- boot image via network using BOOTP/TFTP protocol
cmp     		- memory compare
coninfo 		- print console devices and information
cp      		- memory copy
crc32   		- checksum calculation
echo    		- echo args to console
editenv 		- edit environment variable
efex    		- run to efex
env     		- environment handling commands
erase   		- erase FLASH memory
fastboot		- fastboot - enter USB Fastboot protocol
fatinfo 		- print information about filesystem
fatload 		- load binary file from a dos filesystem
fatls   		- list files in a directory (default /)
fatsize 		- determine a file's size
fatwrite		- write file into a dos filesystem
fdt     		- flattened device tree utility commands
flinfo  		- print FLASH memory information
go      		- start application at address 'addr'
gpt     		- GUID Partition Table
help    		- print command description/usage
i2c     		- I2C sub-system
itest   		- return true/false on integer compare
loadb   		- load binary file over serial line (kermit mode)
loads  			- load S-Record file over serial line
loadx   		- load binary file over serial line (xmodem mode)
loady   		- load binary file over serial line (ymodem mode)
loop    		- infinite loop on address range
md      		- memory display
memtester		- start application at address 'addr'
mm      		- memory modify (auto-incrementing address)
mmc     		- MMC sub system
mmcinfo 		- display MMC info
mw      		- memory write (fill)
nfs     		- boot image via network using NFS protocol
nm      		- memory modify (constant address)
pbread  		- read data from private data
poweroff		- Perform POWEROFF of the device
printenv		- print environment variables
protect 		- enable or disable FLASH write protection
pst     		- read data from secure storageerase flag in secure storage
reset   		- Perform RESET of the CPU
run     		- run commands in an environment variable
saveenv 		- save environment variables to persistent storage
setenv 			- set environment variables
setexpr	 		- set environment variable as the result of eval expression
sleep   		- delay execution for some time
source  		- run script from memory
sprite_test		- do a sprite test
sunxi_axp		- sunxi_axp sub-system
sunxi_card0_probe       - probe sunxi card0 device
sunxi_flash		- sunxi_flash sub-system
sunxi_so		- sunxi_so sub-system
tftpboot		- boot image via network using TFTP protocol
timer_test		- do a timer and int test
timer_test1		- do a timer and int test
uburn   		- do a burn from boot
version 		- print monitor, compiler and linker version

👽

QuickBooks 2018 through 2024 - Scheduled Backups Not Working? - Fix

 

Intro:

Let's start by saying this program sucks and support sucks even more. First there's the language disconnect when speaking to tech support and then when you finally do get your problem across to the agent either the phone gets disconnected or they never relay the problem up to the devs.

Scheduled Backups Failing? Let's Fix that:

Should be straight forward, open QB, create a local backup, schedule it, enter your admin credentials, and QB should start making scheduled backups according to the schedule. Yea well their software is shit and hasn't worked properly since 2018. I'm sure it didn't work properly before that either but 2018 is the earliest I've worked with.

If your user is just that, a user, in Windows, log in as them. You will need a admin account for this (we don't want to setup the backup under the user and then two weeks later have them change their Windows password.

1. Schedule your backup in QB, close the workbook and exit QB.
2. Elevate Task Manager and type in your admin credentials.
3. Find the task. It will look something like, "your business name here12345 1234567890".

Try to run it and you'll see the error below:

As an admin edit the task and enable, "Run with highest privileges" on the first page of the task.

Manually run the task again. You won't see the backup box with progress indicator but if you monitor the folder where you told QuickBooks to store your automatic backups you will see a new file with a date and time slightly behind the current time.

Conclusion:

Seriously not a fucking clue why they can't get this backup process right. Intuit if you're reading this, I'd expect a little more value and a fully working program for the money I just spent. $1549.00 That's the Premier Pro base edition marked up $150 from pre 09/31/23 pricing. Prior to that date the base license was $549 and additional licenses up to 5 users was $300/each. That was for QB Premier 2023. They can't even produce a change log of differences nor a justification for the price increase. They're probably trying to annoy the desktop users into jumping ship to the crippled online version.

Now the price for the Desktop 2024 version (which looks identical by the way and seems to function the same way too🙄), is $949/base + $300 for each additional user up to 5 users total.

I guess someone needed to justify their job over there.

👽

Google Blogger - Manage Uploaded Photos & Videos

Intro:

This entire blog is running on Google's Blogger but there's some weird quirks that are a pita to work around. One of them is figuring out where your uploaded photos are kept and how to manage them.

Link:

The following link (https://support.google.com/blogger/answer/41641?hl=en&sjid=17974609572631136443-NA) is a link to the management URL for your photos and videos that have been uploaded to the Blogger platform.

I'm sure this documentation link will change in the future so let's save it to the Wayback Machine for historical reasons (https://web.archive.org/web/20231014015140/https://support.google.com/blogger/answer/41641?hl=en&sjid=17974609572631136443-NA). You're welcome.

Actual Link:

Here's the direct link to the album manager (https://www.blogger.com/mediamanager/albums).

👽

JDownloader 2 - Turn off Clipboard Observer aka LinkGrabber

 

Intro:

Great app for downloading from archive.org but I don't need it picking up every single link I cut/copy while moving around the OS. I only want "LinkGrabber" to pick up what I paste in there.

Turn off Clipboard Observer aka LinkGrabber:

Using JDownloader 2 look for this icon in the main bar at the top and disable it. Toggle it so the checkmark isn't checked.

👽

ffmpeg Syntax for NVR Footage

 

Intro:

Occasionally from time to time I'm asked to pull video footage from NVR systems and send this off to either the customer or police departments. Honeywell systems will dump this footage as ".asf" files and for some reason it's not playable once directly uploaded to Google Drive. 

You also can't speed up the footage without artifacts starting to appear around 7-10x speed and getting worse with higher speeds around 15x. If re-encoded to the container MKV, it's playable on Google Drive. No clue why and I don't have time to figure it out at the moment. I may come back to this in a future article.

ffmpeg Syntax:

Combine Multiple Files:

• CMD
• CD to directory with ASF files to be combined.
• Create a list of files to be combined and save them to "list.txt".
• (echo file 'first file.asf' & echo file 'second file.asf' )>list.txt

• To make things easy, CD to the directory of "ffmpeg.exe".
• Run ffmpeg, concatenating each file in succession found in "list.txt", and save to a single "output.mp4" file.
• ffmpeg -safe 0 -f concat -i C:\temp\list.txt -c copy output.asf
• C:\temp\list.txt references must exist in C:\temp\
• output.asf is generated in ffmpeg directory
• make output file extension same as input then convert to MKV in Handbrake
• output.xxx can be .asf, .mp4, or mkv

Convert MP4 to MKV Container:

• Change the input file and output file names
• ffmpeg -i "INPUT FILE.mp4" "OUTPUT FILE.mkv"

👽

rsync - Syntax for Copying Data Between Two QNAP NAS Devices

 

Intro:

A few weeks ago I had a QNAP box shit the bed. One of the drives in the 8 disk array had a bad sector while another drive was throwing unrecoverable read errors. I needed an immediate way to copy the data to a new QNAP NAS since I could not get access to the SMB shares. When a disk or two fails based on the RAID level, the array falls into what QNAP calls, "Read-Only" mode. The array cannot be written to at this point which poses a problem if this is the first pool and your applications are installed here.

None of the GUI applications like "Hybrid Backup Sync 3" or "File Station" were working. Rsync is now the only option. Thankfully "Hybrid Backup Sync 3" was installed on the source box prior to the drives failing or I don't think the rsync service would have been active (there's a toggle to turn it on in HBS3). There is a way to stop and start all services but not individual ones on these boxes from what I can tell. It really wouldn't have mattered in this case since the applications cannot write temporary data to the pool since it's in a read-only state.

Rsync on QNAP devices seems to be a customized version. They're running "version 3.0.7 protocol version 30" dated 2009. According to rsync's wiki, the current stable version at the time of writing (09/08/23) is 3.2.7. So technically we're using a really outdated copy which may induce errors.

I have a 10Gbps fibre link between these two QNAP boxes using (2) Silicom Intel 82599ES Dual-Port SFP+ cards (there's an interesting article coming about modifying the 82599 EEPROM of Intel based X520 cards to use any brand fibre transceiver, not just Intel branded ones) but because the source system is in "Read-Only" mode the copy operation is being slowed to an average of 150-250 MB/s. There's also other issues with one of the new disks appearing offline which may contribute to this however focusing on getting the data off this box asap is the priority.

So far I've copied about 70 TB over this link at those speeds. Painfully slow. At one point while reading and failing on a file, the read speed dropped to around 30 MB/s. Obviously there's an issue on the disk's surface in that area and that drive is destined for the scrap pile since it's out of warranty.

With the exception of that one small file which I had a backup for, everything else copied without incident taking approximately a week at those speeds.

rsync Syntax:

Here's the syntax I used to copy data from a TVS-871 (QTS) to a new TVS-h874 (QuTS hero):

rsync --progress --protect-args -avhro "/share/CACHEDEV1_DATA/<INSERT FOLDER HERE>/" user@172.16.0.3:"/share/ZFS19_DATA/<DESTINATION FOLDER>/"

Dry-Run:

To do a dry-run without copying anything, add an "n" to the beginning or end of "-avhro". This is good for determining the folder size prior to the actual copy operation.

Excluding Folders:

If you need to exclude folders create a file named, "pattern.txt" and add the excluded folders:

1. "vi pattern.txt"
2. Press "Insert" key to begin editing file.
3. Add one folder name per line i.e.,
• @Recycle
• .@__thumb
• .streams
4. ":wq!" to save and exit.
1. ":q!" to exit without saving.

Run the following command to invoke "pattern.txt" along with rsync.

rsync --progress --protect-args -avhro --exclude-from="/root/pattern.txt" "/share/CACHEDEV1_DATA/<INSERT FOLDER HERE>/" bob@172.16.0.3:"/share/ZFS19_DATA/<DESTINATION FOLDER>/"

Access Shared Mailbox Only via Outlook

 

Intro:

I have a client who changes employees every year and they need to access a single mailbox and not their own. For example they have, "legal@xyz.com" and need 3 people send/receive as that email address and not their own. To do this we'll use what's known as a "shared mailbox".

We need to add users first then add the shared mailbox. I guess you could do it the other way around but without a user how would you access the shared mailbox?

*I'm doing this as a Microsoft Partner so some of the steps may need to be skipped or omitted if you don't have a Partner account.

Process to Add Users:

Login to https://admin.microsoft.com/ or https://admin.microsoft.com/Adminportal/Home#/tenants (double check the tenant you're about to modify).

Select the tenant you wish to modify

Show All --> Users --> Active Users

Add a user --> Name, email address, select license (get from supplier), Roles = user, fill out profile info --> Finish Adding

Process to Add a Shared Mailbox:

Login to (https://admin.exchange.microsoft.com/) or (https://partner.microsoft.com/en-us/dashboard/home). If logging in as a Partner go to Customers --> Select customer --> Select Exchange under Administer Services. You should be taken to (https://admin.exchange.microsoft.com/) and your tenant should be stated near the top left with two opposing arrows to the right of the customer name.

Recipients --> Mailboxes

The user you create previously should be listed here.

Add a shared mailbox

Enter display name, email address, leave alias blank --> Create

Add users to this mailbox --> Add members --> Select members you want to have view/send/receive access --> Save.

Add delegate permissions? Yes.

(To double check this --> Click on shared mailbox in question and on the flyout click, Delegation. "Send as" and "Read and manage (Full Access)" need to contain the user you want to have sending/receiving mail as this mailbox.) You will receive errors if this delegation is not selected.

You'll see, "It might take up to 60 minutes for the change to be effective in Outlook and OWA." or some other time frame. So far I've seen 5 minutes on a Saturday night and 60 minutes on Sunday. Who knows.

Refresh the "Manage Mailboxes" page.

You should see the new shared mailbox.

Currently shared mailboxes that do not have an license attached to it such as Exchange Online Plan 2 are limited to 50gb. See here: https://learn.microsoft.com/en-us/microsoft-365/admin/email/about-shared-mailboxes?view=o365-worldwide

As for the space, here's some context. It took me since the beginning of Gmail in 2004 until today, 2023, to use approximately 14gb of space consisting of emails only. There's the occasional photo or two but mostly text based emails. I use every day for a variety of things. 50gb is plenty for a small business that mainly does text based emails.

Access Only This Shared Mailbox via Outlook:

In this instance this is only an Exchange Online plan with email only. There is no Microsoft 365 (formerly O365) account with Word, Excel, Outlook, etc baked into the license.

Launch Outlook on the PC. If you blew out the profiles it'll ask you for a new profile name. Just name it "default".

Enter the email address for the shared mailbox.

Click "Advanced Options" --> "Let me set up my account manually" --> Connect.

Click on "Microsoft 365". At the time of writing this icon is a red/orange/pink square.

Click "Sign in with another account" in the single sign on box.

Type in the user's actual email --> Next.

Type in the user's password --> Sign in.

Click "Skip for now (14 days until this is required)". This will be replaced with MFA per user. Be sure to set up MFA for your user or have them do it. Use Authy.

Stay signed in to all your apps? Since we only want to sign in to the Office applications and not the entire OS as this Microsoft account, click, "No, sign in to this app only" near the bottom in blue --> OK --> Done.

Exchange Account Settings (verify shared mailbox is at the top of this box) --> Move slider to the right to download all email --> Next --> Uncheck "Set up Outlook Mobile on my phone, too" --> Done.

The shared mailbox is now the only mailbox signed in and the user can continue on. Make sure to send/receive test email to verify the delegation section set above is working.

My Notes:

Process to clear out old Outlook profiles and start fresh:

Outlook 2021 --> C:\Program Files (x86)\Microsoft Office\root\Office16 --> OLCFG.EXE --> Show Profiles --> Select a profile name --> Remove

Delete anything here if all profiles have been deleted: C:\Users\XXXXXX\AppData\Local\Microsoft\Outlook

Start at (Access Only This Shared Mailbox via Outlook) to add a new mailbox from scratch.

👽