|
GreenNight posted:Dropbox called us a few weeks ago basically saying they noticed that our company email is used for quite a few Dropbox personal accounts and that if we are using it at the office, we need to buy licensing. Holy poo poo were users pissed when I walked around uninstalling Dropbox and pushing out a GPO banning it from running. Look at this IT person, blocking the things we use and not providing a replacement. The nerve of him.
|
#
?
Nov 25, 2014 19:51
|
|
|
|
| # ? May 31, 2024 16:22 |
|
|
Oh we have a replacement. We use Syncplicity for corp, but individual departments don't want to pay for it. So I told each user to get a license approved by their manager.
|
|
#
?
Nov 25, 2014 21:25
|
|
|
Why would you not let Dropbox make good on their threat(protip: they never will) and make THEM the bad guy?
|
|
#
?
Nov 25, 2014 22:56
|
|
|
What's people's go-to option for backing up a couple of Windows servers and NAS storage? I need to backup to a NAS target as well. One of my clients has outgrown BackupAssist and recently discovered the Synology built-in backup to be pretty much worthless as it can't retain versions and wants to roll back an entire share to bring one file back. Unitrends any source to any destination virtual appliances look good but it's more than likely going to be over budget.
|
|
#
?
Nov 28, 2014 09:56
|
|
|
What's their RPO, RTO, type of data/applications that need backed up, and size of the data set? Do you want bare metal restore capability or just data? There isn't necessarily a one size fits all best tool, which is why netbackup is such a goddamn nightmare.
|
|
#
?
Nov 28, 2014 14:46
|
|
|
Thanks Ants posted:What's people's go-to option for backing up a couple of Windows servers and NAS storage? I need to backup to a NAS target as well. Veeam (assuming hyper-v/esxi) or shadow protect.
|
|
#
?
Nov 28, 2014 15:21
|
|
|
Thanks Ants posted:What's people's go-to option for backing up a couple of Windows servers and NAS storage? I need to backup to a NAS target as well. I've been getting some good work out of Datto boxes lately. It can even spin up a backup VM on itself if one of your boxes catches fire.
|
|
#
?
Nov 29, 2014 06:44
|
|
|
Thanks for those suggestions, I'll take a look. Veeam was originally my go-to and while it will happily backup vSphere to a NAS, I need to protect NAS data. This is where I'm hitting a wall. Currently they use a Synology box syncing to another one, but there's no real control over the process, no retention options, no proper reporting etc. and I think it's just a huge problem waiting to happen. I'll give the Datto stuff a try. devmd01 - I'm not ignoring you. I just don't have an answer to any of those questions yet, when I know more I'll have a better idea for what to look for.
|
|
#
?
Nov 29, 2014 19:00
|
|
|
Here is a unusual brain teaser (going to post this in the linux thread as well): I have printers that run solaris that use NFS mounts (no smb/cifs mounts). I have Server and client services for unix installed on my Server 2008 R2 instances. They mount perfectly. However, with 2012 and 2012 R2 Everytime I try mount them I get a OPERATION NOT SUPPORTED. Any Ideals? E: this was fixed with powershell. I don't know who the blame, but there are no fallbacks to older NFS versions. Set-NfsServerConfig -EnableNFSv4 $false incoherent fucked around with this message at 23:29 on Dec 2, 2014 |
|
#
?
Dec 2, 2014 22:29
|
|
|
Thanks Ants posted:Thanks for those suggestions, I'll take a look. Veeam was originally my go-to and while it will happily backup vSphere to a NAS, I need to protect NAS data. This is where I'm hitting a wall. Currently they use a Synology box syncing to another one, but there's no real control over the process, no retention options, no proper reporting etc. and I think it's just a huge problem waiting to happen. What OS is the NAS running? You probably want something like block level replication, or volume snapshots, etc. If it is just a NAS or a consumer NAS, you're probably out of luck. incoherent posted:Any Ideals? Ideally get rid of printers running solaris
|
|
#
?
Dec 2, 2014 22:45
|
|
|
I'm willing to look at any printer as long as they support this obscure and archaic printing specifications.
|
|
#
?
Dec 2, 2014 22:54
|
|
|
We've somehow made it this far without any kind of drive encryption, but it's time to get with the times. Environment is Windows 2008 R2 domain, about 75 users, 60ish Win7 workstations (most of them shared by multiple users) and a dozen Win7 laptops. First priority is to encrypt data on servers and laptops, and then cover all the workstations everywhere. This is all new territory for me, VAR suggests looking at Sophos, McAffee and TrendMicro, so that's where I'm starting. Any tips on what to read, how to roll it out, what to avoid? I'd like something that IT can centrally manage, be able to control keys, set access levels, run reports, etc.
|
|
#
?
Dec 2, 2014 23:17
|
|
|
I've always heard that BitLocker is the least-bad option - integrated with AD, doesn't bog the machines down, doesn't flat out fall over constantly etc. If you have SA then you have access to MBAM which makes it all a lot less painful: http://www.microsoft.com/en-us/windows/enterprise/products-and-technologies/mdop/mbam.aspx Just make sure you have SSDs in your laptops. People will hate you if you do full disk encryption on a spinning platter. I have no idea about server encryption, I thought that was what physical security was for. It would scare me shitless to try and encrypt the disks of servers.
|
|
#
?
Dec 2, 2014 23:20
|
|
|
Alfajor posted:We've somehow made it this far without any kind of drive encryption, but it's time to get with the times. Environment is Windows 2008 R2 domain, about 75 users, 60ish Win7 workstations (most of them shared by multiple users) and a dozen Win7 laptops. First priority is to encrypt data on servers and laptops, and then cover all the workstations everywhere. Bitlocker with MBAM works, but is super dependent on people being online, GPOs working flawlessly, etc. The server piece is basically just reporting and a place for the clients to stash keys and update status, all the actual work is done by the clients themselves, which can be frustrating to track down why the gently caress a particular client hasn't decided it's time to encrypt. If you've got all desktops in one place and aren't supporting remote users scattered around the country who rarely if ever connect back to a domain controller it probably won't be so bad. On the plus side, if you've got TPM on everything, Bitlocker is pretty much transparent to the end-user. If you don't have TPM, it sucks. The 3rd party products are going to be a lot more feature rich than MBAM and give you more centralized control over the clients presumably, but may be less seamless. I've been looking at Sophos and Trend lately for a client, and Sophos is pretty cheap (like $20/endpoint), but offers less in the way of options than Trend (which was around $70/endpoint). Trend has a lot more policies around what happens when machines don't check in, or someone enters their password wrong, etc. which may be more useful if you have specific security or compliance requirements to meet. Maneki Neko fucked around with this message at 23:57 on Dec 2, 2014 |
|
#
?
Dec 2, 2014 23:55
|
|
|
Thanks for the replies. I've got some homework to do. All our desktops and laptops are less than 3 years old, but I have no idea if they have TPM... our inventory is also in need of improvement, which also saddens me greatly.Thanks Ants posted:I have no idea about server encryption, I thought that was what physical security was for. It would scare me shitless to try and encrypt the disks of servers. That's kind of where I am 
|
|
#
?
Dec 3, 2014 00:34
|
|
|
I'm working on implementing Sophos SafeGuard and the one complaint I have on it right now is it wants to use its own credential manager instead of passthrough with Windows' native CM. It's made things difficult with our RFID login system; the system itself is kind of terrible but the users will actively steal the dongles from other computers if they need one since they've become so attached to them. Other than that the centralized management is pretty good and the performance hit has been minimal, even on 5200 rpm laptop drives.
|
|
#
?
Dec 3, 2014 02:06
|
|
|
If they spell it BitLocker Administration and Monitoring, why wouldn't they use BLAM or MBLAM, instead of you know, grabbing the acronym from Malware Bytes Anti-Malware? Anyways, the last few days a ton of people at our call center have been having Office365 dump customer replies into a quarantine. I asked Microsoft "Why the gently caress, can't you guys just have it so anyone we contact through Outlook first is just automatically whitelisted?" and the answer was "Of course not, that would be too easy and make too much sense, you need to add every domain to a whitelist, manually and one at a time of course!" I just said gently caress it and completely disabled the spam filers, people are getting all the emails again and we apparently got virtually no spam to begin with. Obviously that's not ideal as a permanent solution but holy poo poo?!, I'm asking multiple Microsoft engineers what they would do in my shoes and they're all shrugging.
|
|
#
?
Dec 3, 2014 02:20
|
|
|
Zero VGS posted:If they spell it BitLocker Administration and Monitoring, why wouldn't they use BLAM or MBLAM, instead of you know, grabbing the acronym from Malware Bytes Anti-Malware? Sometimes I feel as though most Microsoft support engineers don't understand how the products they support work in a real, production environment. Doesn't really surprise me, though.
|
|
#
?
Dec 3, 2014 04:09
|
|
|
You guys are cute for thinking that Microsoft "support engineers" are anything other than glorified minimum wage outsourced help desk, especially for their cloud offerings. I love Microsoft, but, c'mon.
|
|
#
?
Dec 3, 2014 06:13
|
|
|
Sophos safeguard here. On the laptops there is no noticeable performance hit. Perhaps a bit at boot. Installation was a bit painful. You'll probably need to hold some hands during the process. I get errors on our dell xps laptops due to some disk incompatibility. There's a stupid keyboard shortcut you need to perform at boot to toggle 'alternative ATA mode'. Its finicky. All our newer laptops have tpm chips though so I'm going to push for bit locker. The win7 enterprise requirement is holding me back though (we run pro).
|
|
#
?
Dec 3, 2014 07:18
|
|
|
Swink posted:The win7 enterprise requirement is holding me back though (we run pro). Ah yes, we also run Pro here. I suppose that means that rules bitlocker out as a free option that we already have available.
|
|
#
?
Dec 3, 2014 16:31
|
|
|
What's the best thing to do so I can offer remote access to an environment that needs to be PCI compliant? My understanding is I need a 2FA solution, and I understand Windows Azure can be leveraged for this hooked into my AD environment. But I've never used it and I know when I bring it up CIO will say "well didn't azure just go down a few weeks ago" etc so is there a better solution? Goal is to allow staff to access Windows LAN, shared drives, mail, on prem appliations via thin client(RDP? Citrix?) I have not dealt with 2fa in the ~enterprise~ (is there a PCI DSS megathread?)
|
|
#
?
Dec 3, 2014 20:38
|
|
|
Surprisingly i'm watching the microsoft virtual academy courses for office 365 right now. They have some really great phone based 2FA available in azure. http://www.microsoftvirtualacademy.com/training-courses/office-365-identity-management I wouldn't bring up azure going down as a major serious thing (tm), as AWS had to do a whole system infrastructure reboot to fix a really serious bug. e: I will say that microsoft will obscure the gently caress out of an issue till its too big to protect its SLA. incoherent fucked around with this message at 21:59 on Dec 3, 2014 |
|
#
?
Dec 3, 2014 20:59
|
|
|
NevergirlsOFFICIAL posted:What's the best thing to do so I can offer remote access to an environment that needs to be PCI compliant? My understanding is I need a 2FA solution, and I understand Windows Azure can be leveraged for this hooked into my AD environment. But I've never used it and I know when I bring it up CIO will say "well didn't azure just go down a few weeks ago" etc so is there a better solution? Goal is to allow staff to access Windows LAN, shared drives, mail, on prem appliations via thin client(RDP? Citrix?) VPN and then RDP with access control lists/security groups. VPN => (User has to be in VPN group) => RDP => (User has to be in RDP Security Group) We're using two-factor authentication on most of the VPN connections as well, which should satisfy any PCI nonsense.
|
|
#
?
Dec 4, 2014 15:17
|
|
|
Do any of you guys have some info on the advantages/disadvantages of using DirectAccess with Public IP's / Behind Edge / Using only one interface behind edge? As in, what exactly do we win or lose by choosing one option and not the other. You'd really do me a huge favour if you had something. E: I've found it. Teredo and 6to4 won't work. I don't know why the gently caress Microsoft decided not to document stuff properly anymore, I have to go through technet and hope the loving search engine turns up what I want in that hellhole of a place, loving hell it pisses me off. Ended up reading it in a book called "Directaccess best practices and troubleshooting". orange sky fucked around with this message at 17:58 on Dec 4, 2014 |
|
#
?
Dec 4, 2014 17:46
|
|
|
Thanks everybody
|
|
#
?
Dec 4, 2014 19:38
|
|
|
orange sky posted:Do any of you guys have some info on the advantages/disadvantages of using DirectAccess with Public IP's / Behind Edge / Using only one interface behind edge? As in, what exactly do we win or lose by choosing one option and not the other. You'd really do me a huge favour if you had something. Behind Edge. Don't place windows servers directly on public IPs unless you absolutely have to. Just push port 443 back. Like you found you lose Teredo and 6to4. Both of which are unnecessary.
|
|
#
?
Dec 4, 2014 19:43
|
|
|
When practicing with ESXI, Server 2012 and dhcp, how the heck do you keep the esxi box from handing out ip addresses on your real network?
|
|
#
?
Dec 4, 2014 22:15
|
|
|
Coredump posted:When practicing with ESXI, Server 2012 and dhcp, how the heck do you keep the esxi box from handing out ip addresses on your real network? Create a second vswitch not attached to any real interface, create a second nic on the 2012 vm attached to that vswitch, bind the dhcp service to that nic, and then have whatever other virtual machines you use for this only be on that vswitch and access them through the vsphere console. The best way to do it depends on what you're trying to do and how long this needs to work/good it needs to be. That's what I did when playing around with a router virtual machine.
|
|
#
?
Dec 4, 2014 22:56
|
|
|
Richard hicks has a good session on directaccess from teched. Explains the basics, some gotchas, minimal fluff.
|
|
#
?
Dec 4, 2014 23:41
|
|
|
Coredump posted:When practicing with ESXI, Server 2012 and dhcp, how the heck do you keep the esxi box from handing out ip addresses on your real network? Like thebigcow said, create a virtual switch for your lab. You can even dedicate an interface to be a "lab".
|
|
#
?
Dec 5, 2014 00:40
|
|
|
Cool, I figure out how to get that setup. Thanks everyone.
|
|
#
?
Dec 5, 2014 17:10
|
|
|
Does anyone here have experience doing ndmp copies using Powershell 3 and NetApps, with the NaNdmpCopy cmdlet? I'm trying to script a restore of one lun using another as a source. Both volumes live on the same NetApps filer. Using Start-NaNdmpCopy or Invoke-NaNdmpCopy throws the same error, "Ndmp connection error, DataONTAP,Powershell.SDK.Cmdlets.Ndmp.StartNaNdmpCopy" (or Invoke when I'm using that.) I have verified that the credentials I'm using to connect to the filer, the IP address I'm using for -SrcController and -DstController is correct (same IP for both), and my volume paths are all correct. Not sure where I'm going wrong with this.
|
|
#
?
Dec 5, 2014 21:34
|
|
|
bonestructure posted:Does anyone here have experience doing ndmp copies using Powershell 3 and NetApps, with the NaNdmpCopy cmdlet? I'm trying to script a restore of one lun using another as a source. Both volumes live on the same NetApps filer. Using Start-NaNdmpCopy or Invoke-NaNdmpCopy throws the same error, "Ndmp connection error, DataONTAP,Powershell.SDK.Cmdlets.Ndmp.StartNaNdmpCopy" (or Invoke when I'm using that.) I have verified that the credentials I'm using to connect to the filer, the IP address I'm using for -SrcController and -DstController is correct (same IP for both), and my volume paths are all correct. Not sure where I'm going wrong with this. Anything exciting in the logs on the filer? If you're doing it to the same filer I believe you can leave off DstController.
|
|
#
?
Dec 5, 2014 22:01
|
|
|
Maneki Neko posted:Anything exciting in the logs on the filer? If you're doing it to the same filer I believe you can leave off DstController. All I can find in the filer logs is the NDMP copy being successfully established, then suddenly terminated with no message. I'll try it again without DSTController, I can't shake the feeling this is just some retarded mistake I'm making.
|
|
#
?
Dec 5, 2014 22:04
|
|
|
|
|
#
?
Dec 9, 2014 21:50
|
|
|
Hey guys, windows update question. Saw a user's machine in my company do a 320 meg upload through SSL to a windows update server and am wondering what would cause this? I have never seen a machine send stuff back up stream to windows, much less to an update server so I am very confused.
|
|
#
?
Dec 9, 2014 21:52
|
|
|
That could be BITS, other computers will share updates with each other. http://technet.microsoft.com/en-us/library/dd939927%28v=ws.10%29.aspx
|
|
#
?
Dec 9, 2014 21:53
|
|
|
That's Windows Insider though, as in Win10, doesn't affect anyone in enterprise I would hope. As in I hope to god none of you are running Win10 in production.
|
|
#
?
Dec 9, 2014 21:57
|
|
|
|
| # ? May 31, 2024 16:22 |
|
|
incoherent posted:That could be BITS, other computers will share updates with each other. I'll look into that, thanks for the quick reply.
|
|
#
?
Dec 9, 2014 21:58
|
|