|
MrMoo posted:That's for OpenVPN. Cisco IPsec would be replaced by ShrewSoft: https://www.shrew.net/software
|
# ? May 24, 2015 04:04 |
|
|
# ? May 15, 2024 00:08 |
|
Shrewsoft is the only alternative afaik. MrMoo posted:
Does the Windows native client work with shared secrets in lieu of certificate auth?
|
# ? May 24, 2015 11:25 |
|
Swink posted:Does the Windows native client work with shared secrets in lieu of certificate auth? No, certificates only. Another Microsoft "security" statement.
|
# ? May 24, 2015 15:43 |
|
I'm looking for a way to notify users when there are going to be software installations at the next reboot (GPO/MSI). I tried writing an AutoIt script to read a gpupdate /force window and search for the restart prompt but I wasn't able to get it to capture the output (though it worked fine with just gpupdate). I just need them to know so they can reboot their computer before going home rather than wait 15 minutes in the morning to use their computer.
|
# ? May 25, 2015 14:43 |
|
MC Fruit Stripe posted:Looking for a VPN client replacement. The one I've sworn by for years, seen below, is also pretty out of date. I love it because it lets me create multiple entries - I need to VPN into any number of sites and it lets me import a profile for each. It's spectacuar. It's the Cisco VPN Client pictured here: If you're using that client with a Cisco ASA, Cisco discontinued it and now uses Cisco Anyconnect. The good news is your ASA can have it's licenses upgraded in perpetuity for absurdly cheap (by Cisco standards), for instance on an ASA 5515-X you can get 250 concurrent VPN users for $115: https://www.cdw.com/shop/products/Cisco-AnyConnect-Essentials-VPN-License-license/2645389.aspx Anyconnect will work on Windows, Mac, Android, iPhone, etc, and you can integrate it to have a public-facing portal with AD integration. In other words, you send your users to a website, they log in with their Windows username and password, and then the page downloads the Anyconnect VPN client and walks them through installing it.
|
# ? May 25, 2015 18:03 |
|
We've been tasked with migrating Exchange 2003 to 2013 for the town. We know very little about exchange in general, let alone migrations from a 10 year version gap. Are we hosed? edit: we also have 2 days to do it spiderlemur fucked around with this message at 21:07 on May 25, 2015 |
# ? May 25, 2015 21:05 |
|
If you have two days then you're hosed regardless. Why the crazy deadline?
|
# ? May 25, 2015 21:08 |
|
Thanks Ants posted:If you have two days then you're hosed regardless. Why the crazy deadline? They want to bring everything down and try a live migration. We suggested otherwise but they don't want to.
|
# ? May 25, 2015 21:24 |
|
spiderlemur posted:We've been tasked with migrating Exchange 2003 to 2013 for the town. We know very little about exchange in general, let alone migrations from a 10 year version gap. Yes. You can't even go 2003 to 13 without hopping through 7 or 10. If you don't have too many users and public folder complexity I would consider not migrating but making the separate 2013 instance and importing everyone's mail as psts. Just don't forget the nk2 if you do that.
|
# ? May 25, 2015 21:27 |
|
Come to the exchange thread, we'll also tell you how hosed you are. Just use migration wiz https://www.bittitan.com/products/migrationwiz/about
|
# ? May 25, 2015 21:35 |
|
incoherent posted:Come to the exchange thread, we'll also tell you how hosed you are. migration wiz seems like a decent option, I'll try that out.
|
# ? May 25, 2015 23:18 |
|
Gyshall posted:generally don't blow them away, that isn't a good idea. it means that regular admx files (like the ones for "windows control panel" etc) are literally not there
|
# ? May 26, 2015 00:55 |
|
hihifellow posted:Follow the instructions here https://msdn.microsoft.com/en-us/library/bb530196.aspx to set up a central store. Grab the admx files from the most recent version of Windows server you have available. That will get the dc's and clients ignoring any missing or screwed up policy folders. If you've got messed up GPOs and can't delete them using GPMC you can delete them from the domain sysvol folder but you'll have to load up adsiedit and delete them from system\policies as well. At that point you're mostly fresh; many policy settings will tattoo the registry of the clients so that can cause problems but if you don't want to reverse engineer those you'll have to reimage or reinstall the client os. thank you, on the list for tomorrow!
|
# ? May 26, 2015 00:56 |
|
Any recommendations for FTP software? Ideally one that has similar features to cloud storage (dropbox/onedrive/etc) but doesn't cost as much and is on-site with a license\yearly maintenance? Cloud storage becomes expensive when everyone needs an account randomly at times. I use IpSwitch FTP Server and in all seriousness it's a POS. The web front end has limitations and can't upload anything worth poo poo. I know this is a lot to ask for a FTP server, but it would be nice if it could accept anonymous uploads (through web gui or ftp client) and I can somehow bind that to an internal employees FTP directory. Either way, something super simplified/idiot proof because making 15 FTP accounts a week with different directory share gets old real fast.
|
# ? May 26, 2015 02:17 |
|
Owncloud and Pydio can provide a web front end like Dropbox for your internal storage. Both have enterprise support options but unsure of cost.
|
# ? May 26, 2015 02:40 |
|
lol internet. posted:Any recommendations for FTP software? Ideally one that has similar features to cloud storage (dropbox/onedrive/etc) but doesn't cost as much and is on-site with a license\yearly maintenance? Cloud storage becomes expensive when everyone needs an account randomly at times. IIS? You don't need any licenses for anonymous web users, and as long as the authenticated users already exist in your AD and use any other service in your Windows infrastructure you won't have to pay extra for the CALs either.
|
# ? May 26, 2015 08:17 |
|
Have you looked at CrushFTP?
|
# ? May 26, 2015 08:34 |
|
NevergirlsOFFICIAL posted:it means that regular admx files (like the ones for "windows control panel" etc) are literally not there https://www.microsoft.com/en-us/download/details.aspx?id=43413 those should cover everything and the old versions too. If you want install the ones from 2003 into the PolicyDefinitions folder, overwrite with the 2008 ones, then the 2008 r2 ones, etc if you're worried about deprecated settings not carrying over.
|
# ? May 26, 2015 15:32 |
|
Thanks Ants posted:Have you looked at CrushFTP? Oh god don't, it is garbage. The gui is insane, layers upon layers of tabs. Don't let the pretty website fool you, its very much a "guy in a garage" type operation.
|
# ? May 26, 2015 16:53 |
|
lol internet. posted:Any recommendations for FTP software? Ideally one that has similar features to cloud storage (dropbox/onedrive/etc) but doesn't cost as much and is on-site with a license\yearly maintenance? Cloud storage becomes expensive when everyone needs an account randomly at times. We have IPSwitch FTP server here and I tell you what, the Ad Hoc and Web Transfer modules are pretty drat nice. Of course they cost extra.
|
# ? May 26, 2015 17:07 |
|
I'm trying to build some 'correct' GPOs in our test domain - for example, a rule for Remote Desktop which is stringent to the point of insanity, only allowing what absolutely must be allowed through. And man, this is why sys admins always sweep poo poo under the rug, because it turns out that if you try to do this correctly, it's actually pretty difficult.
MC Fruit Stripe fucked around with this message at 22:04 on May 26, 2015 |
# ? May 26, 2015 21:43 |
|
We give firstname.lastname@domain as an email address and first initial + last name for an AD username. I think that's silly and leads to user confusion. Any reason I can't start assigning firstname.lastname for AD accounts for new hires? I can't think of a reason this would be a problem, but I'm realizing I've never actually seen that account naming scheme for AD.
|
# ? May 26, 2015 22:07 |
|
KS posted:We give firstname.lastname@domain as an email address and first initial + last name for an AD username. I think that's silly and leads to user confusion. The only reason I can think of is the sAMAccountName character limit (20 characters).
|
# ? May 26, 2015 22:16 |
|
Jeoh posted:The only reason I can think of is the sAMAccountName character limit (20 characters). That's why we can't do it. We have a few Indians with long long names.
|
# ? May 26, 2015 22:18 |
|
I don't like having user names presented publicly so I prefer first.last or variation for long names .
|
# ? May 26, 2015 23:45 |
|
We just use flastname where f is the first letter in their first name. If someone else already has it, just keep adding letters (and eventually digits at the end)
|
# ? May 27, 2015 07:13 |
|
If I could redo our naming convention I would change it to how AT&T does it. First and Last initial and then a 4 number sequence afterward. SD1234 could be mine for example. They recently had to replace the last number with a letter, not sure if they ran out or what. Smaller orgs can get away with the flastname or lastnamef but we're starting to see some real struggles around the 4,000 user mark. Especially since we can't reuse sAMAccountNames ever... they tie into our HR record system that can never have entries removed. We use a system (I didn't pick this) of first 6 characters of the last name, first initial, and a number. It's starting to cause problems. I have no idea how huge orgs other than AT&T handle it.
|
# ? May 27, 2015 15:50 |
|
My University probably has hundreds of thousands of accounts at this point, it used to be first 5 letters of last name plus a 3 digit number, but about 6 years ago they switched it to first 4 letters of last name and a 4 digit number. If you're name isn't long enough it gets padded with Xs (Li becomes lixx1234, for example)
|
# ? May 27, 2015 15:59 |
|
We use first.last, which usually works, but over the past few years we've gotten some people with names that are greater than 20 characters. They just get cleaned up or truncated. The only problem is some of the names people are coming in with. I think the biggest has been 35 characters. They had a dual-first name hyphenated together (and it was a retarded spelling with extra y's and poo poo) and then they had a hyphenated last name, neither which were short. Every year my batch account script gets a little more complicated. Now it trims apostrophes and spaces from first/last name, and then if it's greater than 20 characters it just drops the hyphenated names all together (bobby-joe would end up as bobby) - removing the hyphen itself if required, and then if it's still greater it just cuts the end off. Every once in a while someone has a foreign name that gets pretty mangled by the script, but that's just an issue of names that become huge when converted to English.
|
# ? May 27, 2015 16:17 |
|
The university I worked at did first_initial + middle_initial + last_initial + random 3 digits for user names so they worked out to be abc123. This worked for the most part but you will have conflicts here or there. The most annoying part was that the email alias was first_inital-lastname@tld. Thankfully I changed it right away and everyone was super jealous.
|
# ? May 27, 2015 16:30 |
|
f.lastname@companyname.com single sign on supremacy, reporting in
|
# ? May 27, 2015 16:33 |
|
mayodreams posted:The university I worked at did first_initial + middle_initial + last_initial + random 3 digits for user names so they worked out to be abc123. This worked for the most part but you will have conflicts here or there. The most annoying part was that the email alias was first_inital-lastname@tld. Thankfully I changed it right away and everyone was super jealous. What about people that don't have middle names? Or first names for that matter...
|
# ? May 27, 2015 16:37 |
|
skipdogg posted:I have no idea how huge orgs other than AT&T handle it. Xerox gave me a randomly (seemingly) generated 8 character username - a mix of numbers and letters. You learn it eventually.
|
# ? May 27, 2015 19:14 |
|
initials@domain.com
|
# ? May 27, 2015 22:43 |
|
The fact that account name even matters and shouldn't be updated is loving dumb. Use GUIDs for important identification stuff and move on. gently caress legacy stuff that can't cope.
|
# ? May 28, 2015 06:47 |
|
Anyone know of a really basic folder to folder syncing program? I was looking at trying out http://allwaysync.com/ but I am not sure if it is legitimate and safe to install on a server? This is for a really basic case and I can't spend any money on it
|
# ? May 28, 2015 15:00 |
|
Any reason you've ruled out robocopy, or dfsr depending on the situation? A scheduled robocopy /Mir is about as basic as it gets.
|
# ? May 28, 2015 15:14 |
|
I am dumb and forgot about robocopy. Thanks! It looks like it will do the job.
|
# ? May 28, 2015 15:18 |
|
FISHMANPET posted:What about people that don't have middle names? That was handed at the university level. I just inherited all of the usernames into our separate AD.
|
# ? May 28, 2015 15:31 |
|
|
# ? May 15, 2024 00:08 |
|
Stealthgerbil posted:I am dumb and forgot about robocopy. Thanks! It looks like it will do the job. Reminder you can use RichCopy for the GUI and it will give you the command with all the flags to paste into your scheduled task
|
# ? May 28, 2015 19:20 |