|
skipdogg posted:Temp account with email forwarding is what I would do. If for some reason this person is running some business critical poo poo through their personal email account and not a shared one, maybe delegate rights to the email account. Exactly what I was thinking. This is a new person, why should they be logging in as someone else. Other than company policy though, do you know of any Microsoft recommended best practices or any type of regulations/standards that say this? I'm kind of looking for a tangible piece of information I can show my boss on why I'm in the right.
|
#
?
Aug 13, 2013 21:26
|
|
|
|
| # ? May 14, 2024 23:38 |
|
|
IT Guy posted:Exactly what I was thinking. This is a new person, why should they be logging in as someone else. If you're subject to HIPAA then the Security Rule would prohibit sharing accounts. I'm sure SOX says the same. If you are subject to any kind of outside auditing they'll probably ding you on it too. It's a pretty fundamental best-practice of the entire industry for the last 10? 20? years.
|
|
#
?
Aug 13, 2013 21:49
|
|
|
Just wanted to say thanks to whoever recommended PDQ for remote software installs. I've been testing it all day and it's working like a charm. Now I just need to convince my boss to drop $225 on it.
|
|
#
?
Aug 13, 2013 23:03
|
|
|
Is Spiceworks still a goon recommended help desk/inventory software? I installed it and it is dead loving slow to do anything. Mind you, it's just sitting on a laptop right now for testing. If I move it to a server, does it get faster or is it always dead loving slow to do anything?
|
|
#
?
Aug 13, 2013 23:41
|
|
|
I found with Spiceworks that it's great for 15 minutes of poking around and going "wow, this is all free" and then after that the total lack of customisability, the speed it runs at, and the constant suggestions from the Spiceworks community get really really annoying really really fast. And then to remove the adverts to not look like a bunch of cheapskates doesn't get you the space they were taking back, you just end up with a page that resembles something Adblock would create.
|
|
#
?
Aug 14, 2013 00:11
|
|
|
I am in the process of configuring a Windows Server 2008 R2 failover cluster that will be hosting MSSQL when we get it running. I also just built a tools server that I am going to be using to manage the failover node, however it appears that you cannot manage a 2008 Failover Cluster from a Windows Server 2012 box. Does anyone know of a workaround for this?
|
|
#
?
Aug 14, 2013 02:22
|
|
|
IT Guy posted:Is Spiceworks still a goon recommended help desk/inventory software? I installed it and it is dead loving slow to do anything. Mind you, it's just sitting on a laptop right now for testing. If I move it to a server, does it get faster or is it always dead loving slow to do anything? If you don't want to spend anything on it, yes. It will get a little faster on a server but don't expect local app responsiveness.
|
|
#
?
Aug 14, 2013 17:05
|
|
|
Cpt.Wacky posted:If you don't want to spend anything on it, yes. It will get a little faster on a server but don't expect local app responsiveness. We don't have a problem spending money but the last time we did (Numera Track-It!), it turned out to be no better.
|
|
#
?
Aug 14, 2013 17:22
|
|
|
Spiceworks isn't that bad considering it's free. In my experience all agentless inventory software sucks because of the agentless nature. For each computer they have to scan/find, test credentials, then do a bunch of slow rear end WMI queries over the network to get the information. Not as elegant as an agent just scanning locally then uploading the data to a server. If anyone is looking for a free open source inventory program we've had a good experience with this http://www.ocsinventory-ng.org/en/ Easy to deploy, setup, and free.
|
|
#
?
Aug 14, 2013 17:30
|
|
|
skipdogg posted:If anyone is looking for a free open source inventory program we've had a good experience with this This looks really good; I've been using PDQ Inventory but its lack of a central server makes it a bit of a kludge to use with multiple people. The only downside I see right now is OCS doesn't seem to be able to group by domain OU. Maybe it can and the demo just doesn't demonstrate this?
|
|
#
?
Aug 14, 2013 17:54
|
|
|
I'm not sure. I never really used our install, but it doesn't seem to tie into AD. I brought up our SCCM infra so I use that to get my reporting. The Engineering guys like this since it will inventory linux machines as well.
|
|
#
?
Aug 14, 2013 18:00
|
|
|
skipdogg posted:Spiceworks isn't that bad considering it's free. In my experience all agentless inventory software sucks because of the agentless nature. For each computer they have to scan/find, test credentials, then do a bunch of slow rear end WMI queries over the network to get the information. Not as elegant as an agent just scanning locally then uploading the data to a server. I've been using it for years and the one thing I can say is that they do slowly but steadily improve it. Merging duplicate tickets was a big enhancement a while ago and they just recently introduced remote agents and remote collectors but I haven't tried them yet. e: I guess those are for machines rarely on the network for scanning, so it's not the same as an agent-based system. But maybe it could be used that way too?
|
|
#
?
Aug 14, 2013 18:10
|
|
|
Possibly, I haven't really used Spiceworks since 4.x, I upgraded our install to 5, but I switched roles in the company and didn't use it much after that. I moved away from managing one of our call centers into a corporate role and deployed SCCM. I did get an email saying 6.x was supposed to be way better, but it's still probably slow. Agents probably would help a ton. I had it running on a dual proc server with 8GB of RAM and only scanning computers on the local 100mbit switched network and it still took most of a day to get it's inventory. We never used it as a ticketing system, just for inventory and altering purposes (low toner, low disk space, basic poo poo like that). Still though, for a free ad supported tool, it's pretty cool I think.
|
|
#
?
Aug 14, 2013 18:22
|
|
|
IT Guy posted:We don't have a problem spending money but the last time we did (Numera Track-It!), it turned out to be no better. Out of curiosity, what were your issues with it? Track-IT is the ticketing system we use and until 6 months ago I was the administrator for our install. It meets the needs of our organization, but of course every one is different. Whatever drawbacks it has, their support is top-notch, both in terms of knowledge-base and getting a native english-speaking person on the phone within a couple of rings.
|
|
#
?
Aug 15, 2013 01:57
|
|
|
PST FILES Here's the situation. We have people that get thousands of little emails a day. They save them forever. We have users with over 100GB PST files but in general they are 20-40GB. You can imagine what happens when someone has their computer crash and that giant PST has to be checked by Outlook for errors which takes half a day. And if ONE message is added or deleted from the PST you have to re-backup the entire new file. I have threatened helpdesk with physical violence if they don't start splitting those into JOE-SMITH-2009.PST, JOE-SMITH-2010.PST etc., but that's been a slow process. The real problem is processes we have in place that will never change, we could keep half of those emails in some kind of notification database (not to mention the same email goes to 15 people). Once in a blue moon, someone needs to look up an email from 3 years ago. I'm thinking a good solution would be some kind of magical box with a couple drives worth of storage that you could just upload a PST file to, and then it'd have some fancy-pants web interface (or better yet, Microsoft Outlook add-on) that let's you search for old messages. Does such a thing exist or is there a better solution?
|
|
#
?
Aug 15, 2013 15:38
|
|
|
Bob Morales posted:PST FILES Maybe a separate Exchange server with a store for archives only?
|
|
#
?
Aug 15, 2013 15:44
|
|
|
LmaoTheKid posted:Maybe a separate Exchange server with a store for archives only? We don't use Exchange at all.
|
|
#
?
Aug 15, 2013 15:52
|
|
|
Why the heck is Group Policy + IE 10 so ridiculously stupid to get going?
|
|
#
?
Aug 15, 2013 16:38
|
|
|
EAT THE EGGS RICOLA posted:Why the heck is Group Policy + IE 10 so ridiculously stupid to get going? Because everything useful is moved to the IEAK and you set preferences now instead. 
|
|
#
?
Aug 15, 2013 17:20
|
|
|
hihifellow posted:This looks really good; I've been using PDQ Inventory but its lack of a central server makes it a bit of a kludge to use with multiple people. The only downside I see right now is OCS doesn't seem to be able to group by domain OU. Maybe it can and the demo just doesn't demonstrate this? We're using an old version of this. The script we have to deploy it has a command to 'tag' the information. We just use the short name for our facility to tag our information. Then, when you log in to the server, just filter by tag and whatever other filters you want to apply.
|
|
#
?
Aug 15, 2013 20:10
|
|
|
Question for anybody running SCCM 2012 R2. We're trying to test it out, I've got it installed on an evaluation copy of Server 2012 Standard. I have BITS installed, but the SCCM installer claims BITS is not installed. Server features says it's installed, I can't install it any more than it already is. Any hints out there?
|
|
#
?
Aug 15, 2013 21:29
|
|
|
Google-Fu is pointing me to an IIS role service missing, probably IIS6 WMI Compatibility
|
|
#
?
Aug 15, 2013 21:39
|
|
|
Yaos posted:Question for anybody running SCCM 2012 R2. We're trying to test it out, I've got it installed on an evaluation copy of Server 2012 Standard. I have BITS installed, but the SCCM installer claims BITS is not installed. Server features says it's installed, I can't install it any more than it already is. Any hints out there? Can you figure out what specific version of BITS it's looking for? I remember when installing SCCM 2007 on Server 2008 R2, the version of IIS installed was higher than the version of IIS SCCM was expecting, so I had to go through some hoops to get everything working. You might be in a similar situation.
|
|
#
?
Aug 15, 2013 21:39
|
|
|
skipdogg posted:Google-Fu is pointing me to an IIS role service missing, probably IIS6 WMI Compatibility FISHMANPET posted:Can you figure out what specific version of BITS it's looking for? I remember when installing SCCM 2007 on Server 2008 R2, the version of IIS installed was higher than the version of IIS SCCM was expecting, so I had to go through some hoops to get everything working. You might be in a similar situation. Thanks for the help, I'll have to take another look as the error message does say what version of IIS it wants. Hopefully it will be as simple as the WMI compatibility.
|
|
#
?
Aug 15, 2013 21:51
|
|
|
Is this the place for KMS chat? I'm trying to get it set up, but it's being a special little princess.
|
|
#
?
Aug 16, 2013 00:21
|
|
|
Yeah KMS would go in here. What's up?
|
|
#
?
Aug 16, 2013 01:19
|
|
|
We have ~65 workstations running Windows 7 Pro and Windows 8 Pro. I've installed the KMS role, along with VAMT 3.1, on a Server 2012 machine. During the setup process, I installed the Server 2012 KMS CSVLK. It's up and healthy, visible on the network, etc. My problem, as far as I can tell, is: All the machines are currently licensed via MAK or OEM keys. This means while I have a large pool, none of them are touching the KMS. KMS requires 5 servers or 25 workstations in order to be legit. On top of that, it looks like even if I have 5 servers that need activation, that does not open the floodgates for workstation activations. So I have 5 '08 R2 VMs that are activated via KMS, but I still can't activate single Win7/8 installs. SO: Do I migrate my MAK/OEM licensed installs over to KMS en masse, and then once I have 25 of them asking for activation, it will work? Do I do that simply by slmgr.vbs /ipk <KMS Client Key>? Also, I'm not clear on how closely VAMT and KMS interoperate. Does importing KMS Server keys for Windows 7/8/Office/etc into VAMT link them with KMS? Or do I also need to import them directly into KMS?
|
|
#
?
Aug 16, 2013 01:39
|
|
|
You'll want to migrate at least 25 to KMS, yes. Once you hit 25 it'll activate by itself and you'll never have to think about it again unless you retire the server. VAMT is just a utility to change the license keys for Microsoft products. You can store your KMS host key in it if you want but you only want it residing on your KMS host; the key itself is what tells Microsoft who you are and what can be activated by KMS. VAMT also has an option to switch a Windows installation over to KMS without putting in a client key, so it'll make switching the machines over easy.
|
|
#
?
Aug 16, 2013 02:08
|
|
|
Sweet, yea, that was pretty painless once I actually got 25 machines moved over. Thanks! Up next, KMS for Office. Wheeeeeeeeeeeeee~
|
|
#
?
Aug 16, 2013 02:16
|
|
|
Nebulis01 posted:Because everything useful is moved to the IEAK and you set preferences now instead. Wait, there must be a way that doesn't suck to manage proxy config settings and stuff. That's ridiculous.
|
|
#
?
Aug 16, 2013 16:02
|
|
|
I had to spin up a 2012 server just for Group Policy because of IE10.
|
|
#
?
Aug 16, 2013 16:14
|
|
|
EAT THE EGGS RICOLA posted:Wait, there must be a way that doesn't suck to manage proxy config settings and stuff. That's ridiculous. Let me know if you find one We had to custom deploy IE10 using the IEAK to get our settings out there because it refused to respect the old GPO's we had in place for IE7/8/9
|
|
#
?
Aug 16, 2013 20:55
|
|
|
EAT THE EGGS RICOLA posted:Wait, there must be a way that doesn't suck to manage proxy config settings and stuff. That's ridiculous. Proxy settings should go in DHCP setting 252 because they're a property of the network, and not of the computer account. If you put them in a group policy and the user takes his laptop to a hotel, that group policy will still apply, IE will search for a proxy it can't reach and they can't get on the Internet.
|
|
#
?
Aug 16, 2013 22:53
|
|
|
Yaos posted:Thanks for the help, I'll have to take another look as the error message does say what version of IIS it wants. Hopefully it will be as simple as the WMI compatibility.
|
|
#
?
Aug 17, 2013 03:34
|
|
|
peak debt posted:Proxy settings should go in DHCP setting 252 because they're a property of the network, and not of the computer account. If you put them in a group policy and the user takes his laptop to a hotel, that group policy will still apply, IE will search for a proxy it can't reach and they can't get on the Internet. This was only for desktop admin staff - everyone that has a laptop is part off a different OU. (edit: lawyers make... unorthodox demands of their staff) EAT THE EGGS RICOLA fucked around with this message at 14:45 on Aug 17, 2013 |
|
#
?
Aug 17, 2013 14:41
|
|
|
EAT THE EGGS RICOLA posted:Wait, there must be a way that doesn't suck to manage proxy config settings and stuff. That's ridiculous. I hope so too, I'll soon have to rig some per-user proxy settings in IE10 :(((((((( edit: and chrome. and firefox. ;_; this is prolly the way to go, but the per-seat licensing is a problem for us: http://www.policypak.com/products/manage-internet-explorer-using-group-policy.html Demie fucked around with this message at 18:41 on Aug 17, 2013 |
|
#
?
Aug 17, 2013 17:25
|
|
|
^ What would be the reason I dont have DCHP setting 252 available in DCHP manager? My list ends at 121 I've had a 2012 DirectAccess server in testing for while and I want to move it to production soon. Does anyone else have their end users using it? Have you run into anything discouraging/Noteworthy?
|
|
#
?
Aug 19, 2013 03:26
|
|
|
Cpt.Wacky posted:If you're subject to HIPAA then the Security Rule would prohibit sharing accounts. I'm sure SOX says the same. If you are subject to any kind of outside auditing they'll probably ding you on it too. It's a pretty fundamental best-practice of the entire industry for the last 10? 20? years. Speaking of HIPPA, what is the best book on this for IT?
|
|
#
?
Aug 19, 2013 17:30
|
|
|
incoherent posted:Speaking of HIPPA, what is the best book on this for IT? It's not much fun bedtime reading but I would start at the source by reading the actual text of the law. You can skip to part 164 for the IT stuff and then it's only about 30-40 pages.
|
|
#
?
Aug 19, 2013 18:44
|
|
|
|
| # ? May 14, 2024 23:38 |
|
|
I don't know if I should be posting here or the IT Sec thread but my company wants to move to a PKI environment and we're trying to squeeze as much as we can out of our Microsoft EA licenses. Has anyone done PKI in a mixed Linux/Unix/Mac/Windows environment using AD CS? I'm trying to figure out if there are any pitfalls using a MS solution instead of a 3rd party product. Any decent reading material would be great too. None of us here have stood this kind of thing up and I pulled the short straw.
|
|
#
?
Aug 19, 2013 19:28
|
|
