|
Has anyone else given up or gotten tired of going the GPO route or creating a deployment for each new Java update? I've been looking into Ninite Pro and Secunia to manage 3rd party app updates. Any recommendations between the two?
|
#
?
Nov 21, 2014 17:24
|
|
|
|
| # ? May 31, 2024 09:56 |
|
|
BaseballPCHiker posted:Has anyone else given up or gotten tired of going the GPO route or creating a deployment for each new Java update? I've been looking into Ninite Pro and Secunia to manage 3rd party app updates. Any recommendations between the two? I've been using Shavlik with WSUS/SCCM 2012 for the past year or so and have been pretty happy with them.
|
|
#
?
Nov 21, 2014 19:19
|
|
|
If I was updating java, I'd be using our install of Solarwinds' Patch Manager, which helpfully downloads install packages for you straight from Solarwinds, but I don't because ADP. At least it's cheap in corporate terms (cost us like $3,000 for a 1,000 node license).
|
|
#
?
Nov 21, 2014 23:10
|
|
|
I like PDQ Deploy and they make Java packages if you pay for a license. I don't pay and I don't use Java so I have no idea if their setup will work for you.
|
|
#
?
Nov 22, 2014 04:26
|
|
|
As horrible as I hate to mention the site, there is a guy on reddit who releases common packages for pdq. I have been using these for Java at my current place. They disable the update nags as well. On my phone now but can link later.
|
|
#
?
Nov 22, 2014 05:28
|
|
|
Try a customized deployment package with a Java 7 MSI and a .reg file to disable automatic updating and three different group policies to customize security settings (one for general use, two for specific web interfaces that have vendor-specific requirements) then test and deploy it across a network with over 6,000 workstations. It should be seamless and problem-free!  
|
|
#
?
Nov 22, 2014 06:45
|
|
|
On the subject of poo poo software, I'm having problems suppressing the update notifications in flash. I have the mms.cfg with 'auto update = false' in place but my users are still nagged. I can't keep on top of the flash update cycle either.
|
|
#
?
Nov 22, 2014 08:06
|
|
|
For some reason I think Flash can be set to auto-update but will also nag in case a user wants to update before it automatically installs. I have no idea why it behaves in that way but it's annoying as gently caress.
|
|
#
?
Nov 22, 2014 13:16
|
|
|
I'm thinking of trying to set up some network shares for a department. I'd like to do things the right way. Before I get started, are there any tools that make this ridiculously easy? I'd hate to do a bunch of work, create scripts and tools and then find out I could have done everything in 5 minutes. Also, anyone have good resources on how to plan this kind of thing, like a template or example setup that I could crib from? Edit: Is there a way to find out where permissions are coming from? I think some users in the IT department have access via a GPO or something that is giving them the power to change permissions no matter how I set the access. Edit2: I guess there are some default domain permissions, like domain admins have read permissions for all objects. Is there a way to identify exactly how this works? Dr. Arbitrary fucked around with this message at 21:55 on Nov 22, 2014 |
|
#
?
Nov 22, 2014 21:11
|
|
|
If they have modify rights, then they can change permissions. You should be using DFS for all file shares and gpo with network folders (not drive shares if these are just pure file shares) to avoid a cryptowallin.
|
|
#
?
Nov 22, 2014 23:22
|
|
|
incoherent posted:If they have modify rights, then they can change permissions. You should be using DFS for all file shares and gpo with network folders (not drive shares if these are just pure file shares) to avoid a cryptowallin. I have a test user who, according to the permissions I have set should have no rights. The tool that shows what permissions a user actually has shows that he can read and modify permissions but nothing else. IT is probably a bad place to start for making a test file share because of how many of them have weird rights or permissions. As for cryptowall, I guess we have a good spam filter because I thought we'd get hit by now.
|
|
#
?
Nov 22, 2014 23:40
|
|
|
Dr. Arbitrary posted:
From experience, it's been websites not attachments that have nailed users. Just train them if the screen gets dim and it asks permissions be loving cautious.
|
|
#
?
Nov 23, 2014 18:10
|
|
|
They don't need permissions to touch any of their own files, or shares.
|
|
#
?
Nov 24, 2014 16:46
|
|
|
Dr. Arbitrary posted:As for cryptowall, I guess we have a good spam filter because I thought we'd get hit by now. I'm awaiting the combo of domain admin escalation bug + cryptowall/locker, it can't take that long to whip up, can it?
|
|
#
?
Nov 24, 2014 18:10
|
|
|
I'm setting up our new firewall (a pair of Sonicwall NSA 3600s in HA) to replace our two existing firewalls because they are no longer being updated and are no longer secure. Besides, the old admin set up the old ones and the configuration is totally loaded with unnecessary crap. Tracing traffic is a nightmare. I want to get the new pair added to the existing network so I can VPN up and running ASP (it's the #1 request with the holidays coming up). Most of the office network is on 10.0.0.0/24, and I set up the new firewall to be 10.0.10.0/24. What is the best way to connect the two networks? Plug the one of lan ports on the new firewall directly to one of the old firewalls? I've attached a graph of our current setup. Default workstation gateway is 10.0.0.1.
|
|
#
?
Nov 24, 2014 19:06
|
|
|
Jeez, you really have a diagram app that uses walls on fire as firewalls? I don't think I'd want to see anything on fire in my diagram. Edit: with burning smoke clouds above them too...
|
|
#
?
Nov 24, 2014 19:32
|
|
|
Anyone work at a bigger company that has implemented Secure Administrative Workstations? Auditors tagged us and I'm internally debating personal VM's vs. Terminal Services for admin tasks.
|
|
#
?
Nov 24, 2014 19:55
|
|
|
skipdogg posted:Anyone work at a bigger company that has implemented Secure Administrative Workstations? Auditors tagged us and I'm internally debating personal VM's vs. Terminal Services for admin tasks. Yes. We have separate physical machines on isolated networks.
|
|
#
?
Nov 24, 2014 19:59
|
|
|
CLAM DOWN posted:Yes. We have separate physical machines on isolated networks. Physical machines are going to be a no go. I'm leaning the VM route myself, but I know larger places ( .mil helpdesk) all use RDS/TS. Tips? Tricks? Experience? I'm going to get some pushback from other IT members, but they'll get over it. I already use one since I work from different places all the time.
|
|
#
?
Nov 24, 2014 20:30
|
|
|
Zero VGS posted:Jeez, you really have a diagram app that uses walls on fire as firewalls? I don't think I'd want to see anything on fire in my diagram. I'm just using a free account on giffly. It's the fastest thing I could whip up on short notice.
|
|
#
?
Nov 24, 2014 20:37
|
|
|
Zero VGS posted:Jeez, you really have a diagram app that uses walls on fire as firewalls? I don't think I'd want to see anything on fire in my diagram. Some IT admins just like to watch the office burn...
|
|
#
?
Nov 24, 2014 20:39
|
|
|
Zero VGS posted:Jeez, you really have a diagram app that uses walls on fire as firewalls? I don't think I'd want to see anything on fire in my diagram. Seriously. A firewall is not a literal wall on fire. Anyway, I Tequila25, if your network is currently 10.0.0.0/24, I believe you won't be able to use 10.0.10.0/24 without routing between the two, which can get messy. I'd probably say to assign the new firewall cluster an IP on the 10.0.0.0/24 subnet (like 10.0.0.2) and do all your testing that way. LAN on the new cluster into your existing LAN switch, WAN on the new cluster into your existing WAN switch. CLAM DOWN posted:Yes. We have separate physical machines on isolated networks. This. Most compliance stuff at my clients is handled by A) having groups of machines/levels of compliance on different VLANs and B) requiring smart card authentication of some sort. Terminal services/VMView/etc is also a good solution to this problem. Keep in mind it isn't a good solution if you have a lot of hardware or local requirements for that terminal (special printers, etc.)
|
|
#
?
Nov 24, 2014 20:42
|
|
|
Okay, I went as far as redirecting the whole desktop/documents folders directly to OneDrive for Business, and somehow with Office 2013 my loving users still manage to lose Word, Excel, and Powerpoint docs. OneDrive's version history is supposed to cover this stuff but people fail to save the original file correctly in the first place... I'm not sure how exactly they're doing what they're doing but they always lose hours of work. The default Office365 Autosave / Recovered Docs / Unsaved Docs folders all turn up nothing. People will just work on a file for 5 hours without saving and then punch through every failsafe to toss their work into the ether. Is there any bulletproof way to keep these people from loving themselves? I want Office365 by default to save a copy of whatever they're working on to OneDrive every 5 minutes no matter what. Something like that.
|
|
#
?
Nov 25, 2014 01:29
|
|
|
Don't Use OneDrive or Office365? 
|
|
#
?
Nov 25, 2014 01:58
|
|
|
Gyshall posted:Don't Use OneDrive or Office365? I'm sorry did you not see the thread title? What should I do, migrate everyone to LibreOffice? Seriously though I'm stuck with this poo poo so I'm gonna have to idiotproof it as well as I can.
|
|
#
?
Nov 25, 2014 02:02
|
|
|
Say 'welp!' and move on because this isn't a technology problem
|
|
#
?
Nov 25, 2014 02:06
|
|
|
skipdogg posted:Anyone work at a bigger company that has implemented Secure Administrative Workstations? Auditors tagged us and I'm internally debating personal VM's vs. Terminal Services for admin tasks. Previous job was PCI compliant with vlans/firewalls/acls out the rear end, we had a single TS VM that all the admins shared that had unfettered access to every network segment for troubleshooting purposes, and we ran all the necessary ad snap-ins from there.. Worked pretty well.
|
|
#
?
Nov 25, 2014 02:16
|
|
|
go3 posted:Say 'welp!' and move on because this isn't a technology problem Pencil erasers and Ctrl-Z aren't solutions to technology problems either, but it would be a bit cruel to eliminate them. If my users are repeatedly making some kind of file-saving mistake, and there's an elegant solution to mitigate that, I'd like to figure it out.
|
|
#
?
Nov 25, 2014 02:19
|
|
|
go3 posted:Say 'welp!' and move on because this isn't a technology problem Yeah, this. If people can't master the act of saving a file in a place that is familiar to them then it's not worth the time loving about trying to fix this with a GPO. The best you can do is get some pricing for basic computer courses and hope that the suggestion isn't taken the wrong way.
|
|
#
?
Nov 25, 2014 02:20
|
|
|
I just started a new job this month and yo gently caress Office 365
|
|
#
?
Nov 25, 2014 02:21
|
|
|
The rear end Stooge posted:I just started a new job this month and yo gently caress Office 365 I dunno, the OneDrive for Business is typically great. Create the initial OneDrive for Business folder, then open the user's profile and simply drag desktop/documents/downloads/favorites/movies etc into the OneDrive folder in one fell swoop. From then on every file on the PC is synced the moment it is altered, with self-service file recovery and version control. I set it up for everyone here and I saved the day for our lawyer by reverting his document to an earlier version. The latest guy I couldn't help but eh. Best part is they can log into the OneDrive site from any device and then work on their files inside a browser-based version of Word/Excel/Powerpoint, and the files will then sync back to their local workstation. I really can't hate on it too much. The one thing I hated is that there's no way to get an imaged PC to properly activate a license without reinstalling the whole O365 suite, but it looks like failing to pull a license doesn't cripple any functionality, and if MS audits me they'll see I'm not using more seats than I purchased.
|
|
#
?
Nov 25, 2014 02:38
|
|
|
LmaoTheKid posted:Some IT admins just like to watch the office burn... There appears to be quite a few odd versions of burning walls, I'm still not sure on the fourth one here: 
|
|
#
?
Nov 25, 2014 03:46
|
|
|
The people that are missing files on OneDrive probably have them saved in their temp folder, usually because the files were attachments in Outlook and opening them directly from there will default to the Outlook temp folder as the save location. It's doubly annoying, because I find that when you do this, they don't even show up in the Recent Files list in Word. Just had this happen the other day with my wife, she opened a Word doc, saved it, and then couldn't find it anywhere. Wasn't listed in any Recent Files dialog I could find. I took a look in %TEMP%, and it was sitting right there. I've seen mentions that a possible workaround is the change the OutlookSecureTempFolder reg key to point to somewhere outside of the temp folder. Might be worth looking at. I think this reg key has changed with the latest version of Outlook, but should still exist in a new location.
|
|
#
?
Nov 25, 2014 03:47
|
|
|
Zero VGS posted:I'm sorry did you not see the thread title? What should I do, migrate everyone to LibreOffice? Seriously though I'm stuck with this poo poo so I'm gonna have to idiotproof it as well as I can. That's my quote in the thread title  OneDrive syncing has a history of being poo poo, so there really isn't much to do about this problem outside of what JBark posted.
|
|
#
?
Nov 25, 2014 16:09
|
|
|
MrMoo posted:There appears to be quite a few odd versions of burning walls, I'm still not sure on the fourth one here: First one gave me a good chuckle.
|
|
#
?
Nov 25, 2014 16:12
|
|
|
Gyshall posted:That's my quote in the thread title If I recall when I was looking at switching users to OneDrive for Business that the consumer OneDrive had way more features. It still seems that way.
|
|
#
?
Nov 25, 2014 16:40
|
|
|
That's hilarious and also v. bad.
|
|
#
?
Nov 25, 2014 17:08
|
|
|
Dropbox called us a few weeks ago basically saying they noticed that our company email is used for quite a few Dropbox personal accounts and that if we are using it at the office, we need to buy licensing. Holy poo poo were users pissed when I walked around uninstalling Dropbox and pushing out a GPO banning it from running.
|
|
#
?
Nov 25, 2014 17:54
|
|
|
I blame condoleezza rice
|
|
#
?
Nov 25, 2014 18:29
|
|
|
|
| # ? May 31, 2024 09:56 |
|
|
EDIT Moving to a different thread
|
|
#
?
Nov 25, 2014 19:05
|
|
