|
Happiness Commando posted:If you had to choose between DHCP reservations and static IPs for printers, which would you choose and why? DHCP Reservations. Easier to keep track of and allows you to keep a semi-official record of their IPs.
|
#
?
Dec 24, 2015 17:28
|
|
|
|
| # ? May 16, 2024 00:37 |
|
|
The method that lets me change things around on the network without having to touch multiple devices. Or just leave them all on DHCP on their own subnet and let DNS work it out 
|
|
#
?
Dec 24, 2015 17:29
|
|
|
Thanks Ants posted:The method that lets me change things around on the network without having to touch multiple devices. DHCP as a system of Natural Selection. I like it.
|
|
#
?
Dec 24, 2015 17:32
|
|
|
Happiness Commando posted:If you had to choose between DHCP reservations and static IPs for printers, which would you choose and why? DHCP reservations. I can change IPs on things that are using DHCP reservations a lot more easily if I need to down the line
|
|
#
?
Dec 24, 2015 18:00
|
|
|
People who use static IPs for printers are Hitler.
|
|
#
?
Dec 24, 2015 18:36
|
|
|
I do static IPs so that all my printers can be close to each other in IP range. How often are you guys changing printer IP addresses lmao. I only have like at most 6 printers per company I work with though.
|
|
#
?
Dec 24, 2015 23:02
|
|
|
NevergirlsOFFICIAL posted:I do static IPs so that all my printers can be close to each other in IP range. How often are you guys changing printer IP addresses lmao. I never have to change them because DHCP reservations are MAC based and I have them on their own VLAN subnet.
|
|
#
?
Dec 24, 2015 23:20
|
|
|
Internet Explorer posted:People who use static IPs for printers are Hitler. Agreed. One of my first projects when I came on board with my current company was a consolidated print server for our sister company - 50 some odd printers spread across 6 different print servers with different queue names for the same printer sometimes. Printers were static, and each branch's dhcp was done off the local VPN router, not centralized. Biggest help with the whole thing was HP webjet admin, set it up to scan all the ranges so I could validate what was still real or not. Now everything is dhcp reservations with DNS registration, and it works beautifully. The admin guy at the sister company still has issues with understanding the process though. 
|
|
#
?
Dec 24, 2015 23:37
|
|
|
Another benefit of reservations is if you change the dns server or subnet, dhcp takes care of it. Otherwise you gotta rekey those particular settings in every printer. Granted, these are not common occurrences.
|
|
#
?
Dec 24, 2015 23:59
|
|
|
Internet Explorer posted:People who use static IPs for printers are Hitler. I had a summer job at my university where I had to remove the static ip from every printer on campus (we were migrating over to DHCP management for the printers). I think there were like 250 printers and it was a mix of every brand imaginable. It was awful. Also, dhcp is much better because you don't have to deal with angry people when they move offices without telling you and can't figure out why they can't find their printer on the network. El Mero Mero fucked around with this message at 03:05 on Dec 26, 2015 |
|
#
?
Dec 25, 2015 00:16
|
|
|
CommieGIR posted:I never have to change them because DHCP reservations are MAC based and I have them on their own VLAN subnet. oic. I definitely never have printers on different subnet. I guess I should but I can't see it being worth the effort for the kind of environments I work in.
|
|
#
?
Dec 25, 2015 01:06
|
|
|
NevergirlsOFFICIAL posted:I do static IPs so that all my printers can be close to each other in IP range. How often are you guys changing printer IP addresses lmao. I have one particular building with 7 printers...for 25 users. I hate that building.
|
|
#
?
Dec 25, 2015 19:16
|
|
|
It's me, I'm the devil who sets printers up as static. When I started this job, I assumed DHCP would be standard, but no one else here does anything in a sane way, and the people we deal with are usually technologically illiterate.
|
|
#
?
Dec 26, 2015 18:48
|
|
|
Happiness Commando posted:If you had to choose between DHCP reservations and static IPs for printers, which would you choose and why? I used to to static. I think reservations are the way to go. That way when/if something changes, you just change your dhcp options and let poo poo renew. NevergirlsOFFICIAL posted:I definitely never have printers on different subnet. I guess I should but I can't see it being worth the effort for the kind of environments I work in. I was going to do a different subnet, but figured it was overkill and would confuse my coworkers even more. Currently each main site has the following VLANs: - Wired Production - Wireless Production - Voice - Servers/Management - VDI - Guest - iSCSI - vMotion Moey fucked around with this message at 19:27 on Dec 29, 2015 |
|
#
?
Dec 29, 2015 19:24
|
|
|
Happiness Commando posted:If you had to choose between DHCP reservations and static IPs for printers, which would you choose and why? Some of my reasons have already been covered, but here's the list in no particular order.
On most of my networks the only device that has an actual hardcoded IP address is the router or NAT box. In cases where the DHCP server is separate obviously that is static as well. Pretty much any other network device that needs an unchanging IP address can work just as well with a DHCP reservation and get all the advantages above while still having a static IP for all intents and purposes. For those few devices that do actually need a hardcoded IP or those that simply don't support DHCP due to poor design I still add a matching reservation to the DHCP server both for documentation purposes and to prevent that IP from being inadvertently reserved for another device. It is of course possible to catch yourself in a dependency loop during a cold-start if you take this to the logical extreme, for example I'm pretty sure you can run a domain controller with a DHCP reservation (though it will complain about not seeing a hardcoded IP on the interface) but the Windows DHCP service doesn't launch in an AD environment without being authorized to by AD. If the DCs are waiting on DHCP but DHCP is waiting on the DCs you have a problem on your hands. I may be misremembering one or both of those, I don't do AD or Windows DHCP very often and when I do they tend to be on the same box anyways negating the possibility, but I'm sure you get the idea.
|
|
#
?
Dec 30, 2015 06:56
|
|
|
Yes, you are supposed to give DCs a fixed address to avoid that.
|
|
#
?
Dec 30, 2015 11:14
|
|
|
NevergirlsOFFICIAL posted:I do static IPs so that all my printers can be close to each other in IP range. How often are you guys changing printer IP addresses lmao. This is me. I don't have that many to administer, all but 2 of them are leased so I have a set range set them up and forget about them. wolrah posted:Definitely DHCP reservations. I consider actual hardcoded static IPs something to avoid unless you're forced to or the device having an IP is critical to network functionality.
|
|
#
?
Dec 30, 2015 16:19
|
|
|
Riso posted:Yes, you are supposed to give DCs a fixed address to avoid that. DNS servers would be another one where you can probably run as a reservation in a lot of environments but might cause similar breakage in others if enough things go down simultaneously. Anything like that you have to use your own judgement on and think through how it'll actually work when trying to bring things back up from zero. I prefer reservations wherever possible, but certainly won't knock anyone for hardcoding IPs on a system providing a key service like that. BaseballPCHiker posted:But you make a very convincing argument and I can see know why it'd be worth the effort to switch over the DHCP reservations. Especially being able to configure a new replacement printer with minimal downtime, plus it'd be one less thing to keep updated in the IP scheme. Printers and switches are the main reasons I like this strategy. We've managed to get most of our customers to standardize on one model of each and generally don't use any advanced features, so aside from the IP address and limiting admin access to a certain IP range they're all the same. Using reservations means we can have a cold spare with the admin restrictions configured sitting at their main site and if one fails we just adjust the MAC on the reservation and have them ship out the spare. As long as there's someone on site competent enough to put the cables back in the same spot everything "just works".
|
|
#
?
Dec 30, 2015 17:41
|
|
|
I need to get a one off computer, CFO had an i7 2600 when everyone had core2 duos. Predecessor replaced the core2 duos with i3s and didn't replace the CFOs computer. I need a replacement computer and using WMI monitoring I really think her bottleneck is the harddrive. I'd like to get an SSD, and go with Dell since everything here is Dell. She is using 190GB of Space. Dell offers a 128GB Drive for +$72 and the 256GB is PCIe and over $200 to add and not really an option. I think an i5 with 8GB of RAM would be a perfect fit for the workload. The EVO 850 250GB is $70, and a 500 is affordable too on Amazon. I'd really like to keep the warranty all from Dell, if I ended up replacing everything with these I don't want to track 30-40 original drives and SSD warranties. This wont happen because the i3s are about a year old now. I originally priced something out to $575 with a response of "This seems cheap, and like it will just be slower. I want something fast that will last 5 years" My current goal is to get the price to around $800 and make the added cost actually worth while. She actually does work so it wont go to waste. I have it where I want it it's just that 128GB is not enough space and another $200 for another 128GB is just overpriced. Current computer is being replaced because I had to remove a stick of RAM (bad stick) and the drive was giving SMART errors, so I copied the partition over to another drive. I think it's time to replace that thing before something more important dies. I'm new to running a department and haven't really made a small purchase from a rep, will they be angry about buying a single computer? I'm looking to buy some servers in 2016, should I mention that to try and drive the price down or will that not come into play at all?
|
|
#
?
Dec 30, 2015 19:23
|
|
|
pixaal posted:I'm new to running a department and haven't really made a small purchase from a rep, will they be angry about buying a single computer? I'm looking to buy some servers in 2016, should I mention that to try and drive the price down or will that not come into play at all? Its the CFO dont cheap out. Get an i7, 8GB of RAM, and for gods sake spend the extra money on an SSD. The whole reason you go through Dell is so you have good warranty support so dont cheap out on that either. Get 4 years of next day business support because you have better things to do than baby sit hardware for some C level. Also you're running a department now so you should be looking at the big picture not doing price comparisons to some Toshiba laptop on Amazon that can save you $100 bucks. No the rep wont give a poo poo about a single computer, margins are garbage on laptops so it's not even worth emailing that quote to other vendors to get counter offers most wont care. When you say servers how many do you mean and what type? Blade, tower, etc? Still probably wont do anything but see if you can get in touch with a VAR who might throw you better pricing on bulk deals.
|
|
#
?
Dec 30, 2015 20:09
|
|
|
BaseballPCHiker posted:Its the CFO dont cheap out. Get an i7, 8GB of RAM, and for gods sake spend the extra money on an SSD. The whole reason you go through Dell is so you have good warranty support so dont cheap out on that either. Get 4 years of next day business support because you have better things to do than baby sit hardware for some C level. Also you're running a department now so you should be looking at the big picture not doing price comparisons to some Toshiba laptop on Amazon that can save you $100 bucks. It's a desktop, but point taken. I'm looking at replaced 3 1Us and 2 2Us from 2008 with a pair of servers for Virtualization, it should fit the company need. This is the small shop thread, nothing fancy is expected. I just don't see what advantage an i7 offers when the i5 is less money and benchmarks higher on single threaded applications. Primary applications include office, quickbooks, and Navision which as far as I know all only use a single core.If there is a compelling reason to get an i7 I'll go for it though. I am getting an SSD, the problem is the 256GB is PCIe and jacks the price up ($200 vs $70 over base model) I can buy an EVO 850 500GB for $155, the 256 is only 81. I don't need a PCIe SSD a SATA one would be perfectly fine. I guess I'll see if the rep can get me a SATA in that size. I guess it's more should I worry about saving $150 for keeping track of an aftermarket SSD. The EVO is the most recommended consumer SSD, not something I'd put in a server, but a desktop? Sure why not, I love mine at home. Cheaping out is also not really what I intended with the original quote, I don't have a department budget unfortunately everything goes through the CFO, and she tends to cheap out on everything. The CEO wanted a barcode scanner, and it turned into an hour meeting with him and the CFO over if we needed to spend $75 on a barcode scanner or if I could get one of the Compact Flash barcode scanners they bought in 2006 to work with modern hardware (which I didn't even know about until she pulled them out of a safe during the meeting). $800 seems reasonable, $1000 (what the PCIe SSD brings it to) seems like it would be a hard sell. Getting a 128GB isn't an option, she currently uses more then that. I'd ideally like a 500GB, but that would certainty be aftermarket.
|
|
#
?
Dec 30, 2015 21:15
|
|
|
Riso posted:Yes, you are supposed to give DCs a fixed address to avoid that. IIRC you can't even promote a server to DC if it's using DHCP.
|
|
#
?
Dec 30, 2015 21:52
|
|
|
pixaal posted:It's a desktop, but point taken. I'm looking at replaced 3 1Us and 2 2Us from 2008 with a pair of servers for Virtualization, it should fit the company need. This is the small shop thread, nothing fancy is expected. I just don't see what advantage an i7 offers when the i5 is less money and benchmarks higher on single threaded applications. Primary applications include office, quickbooks, and Navision which as far as I know all only use a single core.If there is a compelling reason to get an i7 I'll go for it though. Well if a $200 difference in price leads to a closed door hour long meeting you've got bigger problems. Honestly even with the server upgrades you plan on doing I doubt you get much of a price break if any from your vendor. If at all possible though spend the extra dough and still go with an i7. The reason being is you can go to that C level say it's top of the line and reasonably expect it to perform well 4 years down the line still. Which leads into the next question. Does your org have a replacement schedule in place for PC's? Your accounting department should be depreciating everything and the bean counters should know you plan on rotating hardware every 4 -5 years or whatever schedule you come up with. You need to have this in place so you dont have to fight for every PC purchase because again you have more important things to do then putz around with desktop hardware. Who is your hardware vendor? Do you have a Dell rep or do you go through someone else? CDW can sell Dells now and I've had good luck working with them in the past. It would be worth looking into getting a rep through them to be able to get quotes from and at least do some price comparisons as well.
|
|
#
?
Dec 30, 2015 21:55
|
|
|
Crowley posted:IIRC you can't even promote a server to DC if it's using DHCP. You can because Azure VMs have to run DHCP even though the end up with addresses that don't change, and you can promote them into domain controllers. It just warns you against it.
|
|
#
?
Dec 30, 2015 21:57
|
|
|
pixaal posted:pair of servers for Virtualization, it should fit the company need. Get three instead of two. Also if you are going with VMware, and don't see expanding past those three hosts, essentials plus should fit the bill. Hell, with the cores/socket today and ram density, you could run so much stuff from a 3 host cluster.
|
|
#
?
Dec 30, 2015 21:59
|
|
|
BaseballPCHiker posted:Well if a $200 difference in price leads to a closed door hour long meeting you've got bigger problems. Honestly even with the server upgrades you plan on doing I doubt you get much of a price break if any from your vendor. If at all possible though spend the extra dough and still go with an i7. The reason being is you can go to that C level say it's top of the line and reasonably expect it to perform well 4 years down the line still. Actual replacement, my predecessor replaced the computers last year. It isn't something I've been too worried about, mostly because I took the job only expecting to keep it for 2-3 years and dump the desktop replacement project onto my replacement. They aren't too keen on keeping things out of warranty so 5 years is the most likely. The contact from my predecessor is a dell business card, so dell directly. I can use whoever I want though. The computer is for her, so maybe she'll be more forgiving in the price. I'd really like to get IT a dedicated budget, but that's another battle. Moey posted:Get three instead of two. Also if you are going with VMware, and don't see expanding past those three hosts, essentials plus should fit the bill. I honestly could get away with a single host, but want a fall back. I'm running 2DCs, a Navision server, a monitoring server (Spiceworks / PRTG / firewall logs) and an RDP Server for remote Nav users because it get horrible performance. Not having a failover for VMs kind of defeats the purpose of having them. The fun part is going to be budgeting some kind of backup solution since I was "gifted" a buffalo terrastation with 4 1TB Drives in RAID6 for backup, purchased a month before I started and full of random stuff. I don't even know where to start with that being wrong, but it isn't enough to backup VMs unless I'm only doing files. I was planning on going with Hyper-V since it's an all windows shop and it seems to fit what I need. I haven't used it outside of a lab, but a friend has used it at his past two jobs and says its great. It's also free. I don't see any feature in VMware that I'd want that Hyper-V doesn't offer. I looked at the last server upgrade I could find (the 2003 tower servers) and it's in the 40k range. I don't plan on spending near that, I'm not sure what the 2008 server upgrade was, the guy before me didn't document anything. All the documentation was last updated in mid 2004. I'm updating it but it's hard to tell what happened in the last 10 years. The last guy did cheap out on absolutely everything though, including buying a used sublimation printer that died less then a year after purchase that I had to get replaced (I got a nice one for $8,000)
|
|
#
?
Dec 30, 2015 22:34
|
|
|
Crowley posted:IIRC you can't even promote a server to DC if it's using DHCP. Usually Windows DC makes the DC's primary network controller static regardless of if it was running DHCP or not. It's one of the first things it does when you promote it to a DC.
|
|
#
?
Jan 2, 2016 06:11
|
|
|
Just wanted to say PRTG is suiting my needs and is free for me since I'm only using 62 sensors  thanks to everyone who recommended
|
|
#
?
Jan 4, 2016 16:57
|
|
|
CommieGIR posted:Usually Windows DC makes the DC's primary network controller static regardless of if it was running DHCP or not. It's one of the first things it does when you promote it to a DC. Not saying it's necessarily a good idea for reasons already covered a few posts back, but it definitely works and you don't have to do anything special to force it to do so. If your DHCP doesn't depend on AD to operate I'm not sure there's even any technical reason it would matter between hard static or "static" via DHCP reservations. wolrah fucked around with this message at 19:04 on Jan 4, 2016 |
|
#
?
Jan 4, 2016 19:01
|
|
|
I asked this over in the Enterprise thread too, but you guys might have different thoughts. I have an older file server that I'd like to use as a disk target for my backups. What's the best of the "free" linux based nas choices for this? The one's I'm familiar with are OpenFiler and FreeNas, but I know there are a bunch of other options too. Looks like FreeNas is probably going to be my choice, but I figured you guys would have other opinions worth hearing.
|
|
#
?
Jan 8, 2016 16:21
|
|
|
wolrah posted:It tosses a warning during the promotion process saying one or more network interfaces are DHCP, but it doesn't make the change automatically or even pop up a dialog asking you to do it. I just did a fresh 2012 R2 DC in a VM to verify and it's happily running as DHCP. Maybe its a new thing with 2012, but 2k8 would not let you continue unless you setup a static for the DC NIC. Huh. Gerdalti posted:I asked this over in the Enterprise thread too, but you guys might have different thoughts. Just going to throw my support behind FreeNAS, as it supports both SMB and NFS mounts as well as Domain Controlled access.
|
|
#
?
Jan 8, 2016 16:29
|
|
|
Come in this morning to file server issues: slow, remote access crapping out, general weirdness. Nothing too unusual with the old box though, usually just a bit over-taxed, have a look... that's a lot of accounts logged in running odd processes... why is the administrator account logged in... aw poo poo... An account with the name 'administrator', logged in via remote desktop, from an ip range in Nigeria. gently caress. And a whole bunch of other newly created accounts (echo, sys, sql, mysql) all with elevated privileges, all with sessions open. Going to be a fun day
|
|
#
?
Jan 8, 2016 19:47
|
|
|
Zakutambah posted:Come in this morning to file server issues: slow, remote access crapping out, general weirdness. Nothing too unusual with the old box though, usually just a bit over-taxed, have a look... that's a lot of accounts logged in running odd processes... why is the administrator account logged in... aw poo poo... All of the files are now compromised if there is any customer data on there you need to notify them. Well not you, but your legal department. I hope you have an I told you so lined up about running your own FTP, or this could turn out poorly for you. I'd nuke the OS, expect it to have a well hidden backdoor already setup. Actually remove liability from yourself and your company get a security expert in if any customer data is on there. If it's only your own stuff (you transfer files to 3rd parties) it's not horrible, but you need to notify people that their password might be exposed. edit: for some reason I thought this was FTP, why do you have RDP exposed to the internet, especially on a server? You should need to VPN in first. pixaal fucked around with this message at 20:07 on Jan 8, 2016 |
|
#
?
Jan 8, 2016 20:05
|
|
|
pixaal posted:why do you have RDP exposed to the internet, especially on a server? You should need to VPN in first. Oh, I asked this exact question at a meeting just before the new year, as we have a VPN. Answer from the CEO was he thought the VPN was too slow, so he'd had the previous sys admin set up direct RDP (why this sys admin actually did this, I have no idea  ). I managed to actually convince him of the security threat this presented, and funnily enough tomorrow I actually am in setting up a new VPN client and some other network maintenance to prevent this exact thing happening.Luckily enough as well, I've been building a new server and domain to replace this creaky old 2003 setup, that's expected to be deployed in the next week. So I've got no issues nuking the whole thing.
|
|
#
?
Jan 8, 2016 20:22
|
|
|
Zakutambah posted:Come in this morning to file server issues: slow, remote access crapping out, general weirdness. Nothing too unusual with the old box though, usually just a bit over-taxed, have a look... that's a lot of accounts logged in running odd processes... why is the administrator account logged in... aw poo poo... Do the song and dance and disconnect completely from the internet. Go into full lockdown and start notifying customers NOW. Assume if he can get into that box, he can get into others. CommieGIR fucked around with this message at 20:26 on Jan 8, 2016 |
|
#
?
Jan 8, 2016 20:24
|
|
|
Zakutambah posted:Oh, I asked this exact question at a meeting just before the new year, as we have a VPN. Answer from the CEO was he thought the VPN was too slow, so he'd had the previous sys admin set up direct RDP (why this sys admin actually did this, I have no idea You sound like you are covered, now cover the company and get a security expert in to do damage control and evaluate if you need to contact customers or anything (get it in writing if he says don't disclose the breach so it's on him).
|
|
#
?
Jan 8, 2016 20:56
|
|
|
Tell the CEO to buy more upstream bandwidth.
|
|
#
?
Jan 8, 2016 21:12
|
|
|
This is the part where I go back a page or two and quote myself when I said do not allow RDP from the Internet. Administrator should have been disabled. I'm betting it was an easy password that never expires? Good times!
|
|
#
?
Jan 8, 2016 21:37
|
|
|
Internet Explorer posted:This is the part where I go back a page or two and quote myself when I said do not allow RDP from the Internet. Administrator should have been disabled. I'm betting it was an easy password that never expires? Good times! Ah, that was a fun fact. I thought it was administrator at first glance, it was actually 'abministrator'. The domain administrator account actually was disabled, that's why I thought it odd when I saw a session active with it's name. It appears there's a few known exploits for Server 2003 that allow remote user creation over the open RDP port. So, it creates a new user called something generic like 'abministrator', or 'tasks', or 'sql'. It appeared these users were quasi copies of the SYSTEM account profile as well, having the same elevations. Then it logs in via RDP with this new account. It didn't appear to touch any of the existing accounts. These particular ones, once they were logged in, seemed to then deploy mail server software to the desktop and keep it running. So, we were being a mail server relay for Nigerian spam  YayStill nuking the whole thing though. The few months since I've started here have been plugging security issues like this all over the place. The previous admin must've been an absolute dickhead. Oh, we're actually pretty lucky as well that none of the customer data is kept on here, and I'm checking with finance to be sure, but none of the employee data either. Those are on a mix of our CRM and a couple of Google Drives; and as the previous admin had never heard of SSO either, none of the accounts are linked. Still requiring all the passwords to be reset though, just in case.
|
|
#
?
Jan 8, 2016 22:31
|
|
|
|
| # ? May 16, 2024 00:37 |
|
|
Zakutambah posted:Ah, that was a fun fact. I thought it was administrator at first glance, it was actually 'abministrator'. The domain administrator account actually was disabled, that's why I thought it odd when I saw a session active with it's name. You mentioned domain administrator. Are you sure the local administrator account was not used? Would not be the first time I've seen that. Although Windows 2003 with RDP open to the Internet? Ouch. Good luck with that network revamp. Sounds like you have your work cut out for you!
|
|
#
?
Jan 9, 2016 01:10
|
|