|
Docjowles posted:No Openfire pretty much owns, it's worth checking out for sure. With the disclaimer that I can't speak to its scalabality as I've only ever used it in environments of less than, say, 300 users. Hoping on the Openfire bandwagon. Rolled it at my previous place for around 280 users. Was a walk in the park. Maybe I'll roll it out here as a POC and see if anyone uses it. Most of the users here are very inept.
|
# ? May 1, 2013 15:53 |
|
|
# ? May 14, 2024 17:04 |
|
Openfire is very good and should be the default option if you need an in-house IM system. I get the feeling I'm going to be asked to switch us to HipChat soon though...
|
# ? May 1, 2013 17:16 |
|
What are you guys using for clients? Granted I haven't looked very hard, but I haven't come across a decent client that comes as an MSI.
|
# ? May 1, 2013 17:52 |
|
If Lync is not an option OpenFire is the easiest of the free jabber based clients to setup quackquackquack posted:What are you guys using for clients? Granted I haven't looked very hard, but I haven't come across a decent client that comes as an MSI. I never had an issue with Spark. Anything that will do jabber will work though.
|
# ? May 1, 2013 18:04 |
|
We use Psi since it's pretty lightweight and does most of the things that Jabber needs to do. Spark needs Java and hogs a lot of RAM for what it does.
|
# ? May 1, 2013 18:12 |
|
I used some free repacking tool to convert Spark to an MSI, it's been too long to remember details but it wasn't hard. The dependency on Java really sucks, though. I broke Spark for like half the company one day by pushing a routine Java security update (which naturally worked totally fine in my test OU ) that ended up having weird incompatibilities. I use Pidgin personally but again, no official MSI package.
|
# ? May 1, 2013 18:33 |
|
Docjowles posted:I used some free repacking tool to convert Spark to an MSI, it's been too long to remember details but it wasn't hard. The dependency on Java really sucks, though. I broke Spark for like half the company one day by pushing a routine Java security update (which naturally worked totally fine in my test OU ) that ended up having weird incompatibilities. Previous company ran Openfire as an internal messaging server, with Spark being the "officially" supported client. It was included in the build of all Linux and Windows machines we deployed to users. 90% of them (90% being everyone had local admin / sudo) immediately removed it and installed Pidgin instead. Great little client, fairly lightweight and had none of the annoying issues that Spark had, such as disappearing off down to the taskbar and never coming back again until you killed process and relaunched.
|
# ? May 1, 2013 19:53 |
|
I liked Spark because in the call center I could lock it down. Too many immature asswipes changing their screen name to "big daddy killer" and "lulz4thew1nz" and poo poo like that. It was like a loving daycare.
|
# ? May 1, 2013 19:58 |
|
I tried Spark but it felt really slow on our really slow computers. Pidgin was available in Ninite and I've had no complaints.
|
# ? May 1, 2013 23:28 |
|
Anyone using any Active Directory auditing/change tracking software they love/hate?
|
# ? May 2, 2013 17:03 |
|
skipdogg posted:Anyone using any Active Directory auditing/change tracking software they love/hate? We use DatAdvantage for Directory Services from Varonis to audit and report on AD activity. This is the only product of its kind I've used so I have nothing to compare it to, but it works. The UI is not fantastic but acceptable and is reasonably feature-rich. The support is great and they provide updates and improvements regularly. The reporting features are a dream for anyone in management. My manager spent a few hours setting up a bunch of reports and now has DatAdvantage email them to him daily, weekly, monthly, etc. We also have reports automatically emailed out to other departments/managers which has drastically cut down on tedious data collection/format tasks we used to have.
|
# ? May 2, 2013 18:50 |
|
I like how when you connect to a remote computer (over a vpn) through Task Scheduler, your mouse cursor suddenly stops working or is laggy and choppy. Jesus gently caress, it's 2013.
|
# ? May 2, 2013 21:00 |
|
Has anyone gone through deploying smart-card ID badges with RFID? If so, I've got a crap-load of questions for you. My previous employer had this incredibly streamlined approach to it all... ID badge has RFID which gets you through door-fobs and past security guards. You plug your smart-card ID into your keyboard (it has a smart-card reader) which changes the Windows login screen from asking username/password to "please enter your PIN." Enter a 4 digit code you're logged into Windows. My current employer has the HR department doing ID badges, the security department (not I.T. security) managing RFID door-fobs and then of course I.T. resetting user's complex passwords multiple times daily. I'd really like to combine the three things into one simple to use ID smart-card badge (with RFID) for our users but have no idea where to begin. If this is too complex, especially since no one in my department has ever heard of this, please says "get a consultant."
|
# ? May 3, 2013 06:08 |
|
Get a consultant. You're basically going to be driven by whatever you can do with your door system. They're all very, very proprietary and still are usually driven by embedded systems that interface with a controlling server using serial connections, even in this day and age. With luck, the vendor you're already using has something that can talk to AD... McGlockenshire fucked around with this message at 07:37 on May 3, 2013 |
# ? May 3, 2013 07:34 |
|
Our door system is done by Paxton. It's network based and has APIs. Whenever someone mentions doing something with it I'm thankful that we don't have to deal with the 90% of door entry systems that aren't like this. I'm also amazed that we managed to accidentally purchase something good.
|
# ? May 3, 2013 10:44 |
|
Before you even explore doing this anymore, do you have the budget and backing to get something like this done? Unless you can get some serious funding, have multi department buy-in and lots of time I would just drop it. I kicked the idea of doing a smart card badge for login and door access in one of our call centers, but getting all the groups together, and training everyone, and setting up the backend was just too much time and money.
|
# ? May 3, 2013 17:26 |
|
Italy's Chicken posted:Has anyone gone through deploying smart-card ID badges with RFID? If so, I've got a crap-load of questions for you. My previous employer had this incredibly streamlined approach to it all... ID badge has RFID which gets you through door-fobs and past security guards. You plug your smart-card ID into your keyboard (it has a smart-card reader) which changes the Windows login screen from asking username/password to "please enter your PIN." Enter a 4 digit code you're logged into Windows. Look into Imprivata Onesign. Its a Single Sign-On technology that has physical/logical integration, you can tie it in with your door system in such a way that you can stop users logging in to PCs unless they have badged in, or prevent a user logging on to a certain zone altogether. You can also set the SSO module up so that you get smart card or PIN logon to all your applications, legacy or otherwise. Its really slick but you will need a partner to deliver it for you. I used to consult on it and its a really good peace of kit.
|
# ? May 4, 2013 08:34 |
|
Well we just received the ugly request to monitor an employee's activity, so I'm looking for suggestions on what software people have used for that purpose. We're looking to monitor: Active programs with times. Active webpages with times. Can distinguish computer activity vs. simply being logged in and sitting at a webpage, idle. These are the key areas, as well as the usual stealth you'd expect from something like this. Has anyone had to deal with anything like this before?
|
# ? May 7, 2013 16:48 |
|
The few times I've had to do this I've used a remote screenshot program to take a snap of their screen every 10 seconds. It rarely gets that far though. Are you looking for a specific activity, or are you just looking for general productivity reasons?
|
# ? May 7, 2013 17:26 |
|
skipdogg posted:The few times I've had to do this I've used a remote screenshot program to take a snap of their screen every 10 seconds. It rarely gets that far though. It's general productivity. I think a screen capture program like that would work, as long as it captures input only while the computer is active and not idle - the computer is on and logged in basically always, so just having certain things open while the person is doing other work needs to be distinguished. However, I think the guys up top just want a nice tabulated list saying something like: Between 8:00 - 4:00, May 7: Program A: 15 minutes Webpage B: 17 minutes Webpage C: 20 minutes and so on.
|
# ? May 7, 2013 17:36 |
|
Orcs and Ostriches posted:Well we just received the ugly request to monitor an employee's activity, so I'm looking for suggestions on what software people have used for that purpose. Many times, and my reaction is almost always that the manager who submitted the request needs to go do their job. Unless there's something illegal or against AUP going on, I don't get involved with micromanaging someone's employee for them. Once you eliminate illegal/AUP-breaking activities, you've got two possibilities: 1) The employee isn't getting their work done on time. Discipline them. 2) The employee is getting their work done on time. Leave them the hell alone. Yes, I work in a small shop where this answer flies.
|
# ? May 7, 2013 18:09 |
|
Orcs and Ostriches posted:Well we just received the ugly request to monitor an employee's activity, so I'm looking for suggestions on what software people have used for that purpose. I don't know what kind of environment you work in, but if you have a legal department you should probably get an ok from them or at least let them know about it. If any disciplinary action hits this guy and he finds out he was monitored at that level without his knowledge it could get ugly.
|
# ? May 7, 2013 18:36 |
|
Sacred Cow posted:I don't know what kind of environment you work in, but if you have a legal department you should probably get an ok from them or at least let them know about it. If any disciplinary action hits this guy and he finds out he was monitored at that level without his knowledge it could get ugly. Company computer should equate to no reasonable expectation of privacy.
|
# ? May 7, 2013 18:52 |
|
dotalchemy posted:Company computer should equate to no reasonable expectation of privacy. I completely agree. Its entirely based on the environment. The company I work for has had some pretty sue-happy employees in the past so anything involving monitoring or even looking at an ex-employees mailbox has to go through legal and HR first. Its more of a CYA suggestion then any kind of actual requirement.
|
# ? May 7, 2013 19:28 |
|
Yeah, our technology use agreements everyone signs states that we can and will monitor anything to do with our stuff. We're in the clear on that front, but we haven't had the need to detail someone's activity before.
|
# ? May 7, 2013 20:38 |
|
dotalchemy posted:Company computer should equate to no reasonable expectation of privacy. Depends on your country, in Germany taking automated screenshots is illegal even if you do mention it in the employment contract. Logging URLs is allowed, but capturing website content isn't. To capture the URLs you can push out a proxy to the PC by a group policy, then use the log files of the proxy. As for the applications, you could use SCCM to log their run times but that's generally quite useless since the productivity apps generally run in the background all the time. So what you're likely going to find out is that someone starts Outlook at 8:05 and quits at 17:12 but you have no idea whether he spent that whole time playing web games or answering mails.
|
# ? May 7, 2013 21:39 |
|
What are you folk using for network management in 2013? I'm sure SCCM will be pretty common, but what else, has anybody recently compared PRTG, OpManager, Orion, and whatever else I've left off? Not too interested in a roll my own wheel scenario (mrtg, nagios, zabbix, etc) as we've got a budget specifically for this.
|
# ? May 7, 2013 22:31 |
|
vty posted:What are you folk using for network management in 2013? I'm sure SCCM will be pretty common, but what else, has anybody recently compared PRTG, OpManager, Orion, and whatever else I've left off? You'll need to be a lot more specific with what your scope and requirements. What are you trying to implement? What functionality or features do you require? What problems are you trying to fix? I'm assuming by saying Network Management and then immediately listing SCCM as being common that you actually mean Windows client management? Or do you want monitoring, as you list Orion, or network entity management? Figure out the scope and the functional requirements (or at least state them), then start looking at pieces of software.
|
# ? May 7, 2013 22:42 |
|
dotalchemy posted:You'll need to be a lot more specific with what your scope and requirements. I'm asking what people are using to monitor their environments- performance degradation, server/network outages, latency, etc. I derped out and got SCOM mixed up with SCCM. Essentially I'm comparing Orion, ManageEngine, PRTG all of which take a pretty incredible amount of time to configure- would like to know if anyone has compared the recent versions of these and other products I'm missing in their environments. I don't need something that actually manages deployment or updates, or anything of that sort. I code Puppet stuff when that's necessary. Just need a damned good monitoring tool.
|
# ? May 7, 2013 23:08 |
|
We use Nagios, collectd (check_mk on Windows hosts) and Graphite. Given that your preferred solutions still "take a pretty incredible amount of time to configure" I'm curious why you dismiss free and ubiquitous tools like Nagios out of hand. Yeah it will take time to configure and get it right, but so will basically anything. I'm not aware of a silver bullet autodiscover tool that actually works well enough to save time, though I'd be glad to learn about it! Especially if you're already using Puppet, which has tight integration with Nagios out of the box. Having hosts automatically register themselves with Nagios when they come up and delete themselves when you kill it off again is pretty rad. Edit: Zabbix is more all-in-one, but last I used it the UI was an abomination and it was a LOT of work to configure, more so than Nagios.
|
# ? May 7, 2013 23:27 |
|
^^ so much. Any well configured monitoring solution will have taken an incredible amount of time (relatively) to configure and get going - it's the eternal payoff you get for that effort that makes it oh so worthwhile. You really do need to evaluate Nagios and Zabbix though - regardless of your budget, you don't need to spend money on software just for the sake of it. Industrial Light + Magic - everything in the environment is monitored with Zabbix. Everything - it took us over a year to get all the alerts figured out, groups sorted so owners saw important alerts and not everything else and thresholds set to what we wanted. At the end though, if there was an alert, we needed to look at it and take notice. It was a lifesaver on more than one occasion. Other than the folk who spent time working on the project, which wasn't full-time, the entire thing was free. A few virtual Linux servers and an open source download. Having said that, if you really want to just throw money at the perceived problem, get SCOM. It'll take the same amount of time to configure and you'll be able to get the budget allocated again next year for SCOM 2014 Upgrade Project. dotalchemy fucked around with this message at 23:35 on May 7, 2013 |
# ? May 7, 2013 23:32 |
|
For Windows hosts, SCOM is pretty awesome*. It's got some pre-built monitors for specialised metrics in Microsoft products like Exchange/SharePoint that work really well right out of the box. The one thing to look out for with it, is to not install ALL THE MONITORING PACKS, because then you drown in white noise. *If configured properly.
|
# ? May 8, 2013 02:00 |
|
Docjowles posted:We use Nagios, collectd (check_mk on Windows hosts) and Graphite. Given that your preferred solutions still "take a pretty incredible amount of time to configure" I'm curious why you dismiss free and ubiquitous tools like Nagios out of hand. Yeah it will take time to configure and get it right, but so will basically anything. I'm not aware of a silver bullet autodiscover tool that actually works well enough to save time, though I'd be glad to learn about it! I've deployed plenty of Nagios/mrtg/cacti, etc setups (I design datacenters/webhosts/SAAS infrastructures). I've really never been impressed, and I have a great budget so it's not worth the effort to spend a month getting everything going. When I say the other NPMs "take a pretty incredible amount of time to configure" I don't mean even 1/100th of the amount of time to configure Puppet/nagios/etc. It's more of a matter of grouping service/application priorities, things of that nature. I spend most of my time coding manual procedures when I deploy the usual nagios/puppet/chef stuff. Anyhow, this conversation is better off in a non-Windows thread, so I'll take it to the IT thread. vty fucked around with this message at 16:54 on May 8, 2013 |
# ? May 8, 2013 16:51 |
|
So we're looking for a patch management tool to handle our 1200+ computers, about 5:1 Mac:Windows. Ideally it would handle all OS/Flash/Java updates, app install/removal, preferences/policies, etc. Looking at KACE and IBM/Tivoli Endpoint Manager so far. Would folks recommend any others to check out or discourage these? SCCM would be nice, but my boss thinks it might be superfluous for only ~200 Windows machines. Also, we'd ideally handle everything in one tool for both platforms, as opposed to one for PC and one for Mac. the tingler fucked around with this message at 22:51 on May 13, 2013 |
# ? May 13, 2013 22:48 |
|
I can't vouch for it, but I know Lumension handles both Mac and Win platforms and covers most major 3rd party apps. They might be expensive though. I love SCCM, but for a 5:1 Mac:Windows shop I can see where standing up that environment might not be worth the time and resources.
|
# ? May 13, 2013 23:33 |
|
I run it for an enviroment with 100 computers and one with 50 computers. Granted I'm at a University so I don't have to pay for CALs... Windows Updates you can do through WSUS but for everything else you're going to have to stand something up. Running around to 200 computers when a new version of flash comes out is quickly going to be cost way more time than setting up SCCM.
|
# ? May 13, 2013 23:35 |
|
Is anyone doing two-factor authentication for Active Directory? I've got a call into Quest which looks like the best choice. Authlite looks okay, but I'd prefer a system with an iPhone app. I'm mainly looking to protect RD Gateway servers with more than a username/password. I don't really need (and would like to avoid, actually) two-factor authentication on desktops during the day. I assume it's all or nothing, though?
|
# ? May 14, 2013 15:34 |
|
burritonegro posted:So we're looking for a patch management tool to handle our 1200+ computers, about 5:1 Mac:Windows. Ideally it would handle all OS/Flash/Java updates, app install/removal, preferences/policies, etc. Looking at KACE and IBM/Tivoli Endpoint Manager so far. Would folks recommend any others to check out or discourage these? SCCM would be nice, but my boss thinks it might be superfluous for only ~200 Windows machines. I'm of the opinion that it's better to use separate tools for each platform. For Mac, Casper is the big one, although it's pricey (not knowing anything about Tivoli Endpoint or KACE pricing). Would AD+GP+WSUS be sufficient for the Windows PCs?
|
# ? May 14, 2013 17:16 |
|
Erwin posted:Is anyone doing two-factor authentication for Active Directory? I've got a call into Quest which looks like the best choice. Authlite looks okay, but I'd prefer a system with an iPhone app. I'm mainly looking to protect RD Gateway servers with more than a username/password. I don't really need (and would like to avoid, actually) two-factor authentication on desktops during the day. I assume it's all or nothing, though? We used Duo Security at my work to add two-factor to our gateway servers (not in a domain) as well as adding two-factor to our VPN users logging in from home (in a domain). I didn't handle the setup, but the guys who got it up and running haven't really had any complaints about it. If I go to RDP into a gateway server, I enter my username and password, then I get another prompt asking me for my Duo passcode. There are a couple of different options available, 99% of the time I just use "push", which pops up a notification on my phone that I can approve or deny. It can also call you, or send you an SMS that you reply to in order to gain access. I think they charge per user per year, but we were able to trial it for free for a month or two before we committed to it.
|
# ? May 14, 2013 21:28 |
|
|
# ? May 14, 2024 17:04 |
|
Thank you for the replies. It remains to be seen how much KACE and IBM really offer for Mac environments. If using two tools is the best approach, that won't necessarily be a bad thing (more on the resume).
|
# ? May 15, 2013 00:35 |