|
Internet Explorer posted:You mentioned domain administrator. Are you sure the local administrator account was not used? Would not be the first time I've seen that. I have a nice, new, shiny HP server humming away next to me, just about all ready to replace the 2003 box. If they'd only waited one more day... I'm actually going to give the CEO of this place a lot of props for how the last few months have gone. It's taken a little nudging at times, but he's definitely always been willing to listen on all my concerns. I mean, his attitude when I started was 'we have a server, it's running, why do we need to buy a new one'. But he did let me call a meeting to explain -why- replacing the out-of-support decade old Dell running out-of-support Server 2003 would have us all see a significant boost in performance and security. And things likes this RDP issue; obviously, he was willing to hear me out on the security concerns when I found out about it. The previous admin should really have done the same. I've worked for plenty other places where the boss would've had more the attitude of 'I don't understand why we need it, we're not getting it, why is the network so slow, fix it', so I'm enjoying the 'I don't understand why we need it, explain why we need it, oh that makes sense, hey everything is working better!' change of pace.
|
#
?
Jan 9, 2016 17:57
|
|
|
|
| # ? May 14, 2024 02:48 |
|
|
Happiness Commando posted:If you had to choose between DHCP reservations and static IPs for printers, which would you choose and why? I always do static, because I don't trust any printers not to gently caress up getting an address via DHCP.
|
|
#
?
Jan 9, 2016 19:47
|
|
|
aol keyword party posted:I always do static, because I don't trust any printers not to gently caress up getting an address via DHCP. I can't remember the last time I had a printer fail to get a DHCP address. And I have set up a lot of printers in a lot of different environments. If your printers (or really any devices) are having trouble getting addresses, you have DHCP problems.
|
|
#
?
Jan 9, 2016 20:57
|
|
|
The only time I've seen a printer not get a DHCP address, it was because the DHCP server wasn't available. Because power had failed at the site. We didn't have a time-line from the utility company of when we'd get power back, so we powered down the servers (because we only had ~2 hours of UPS time), and went home for the day. Power was back up the next day, and the big MFPs had automatically powered back up. Even when the DC was back up, they didn't immediately grab their reserved address. Unplugging/replugging the network cable was enough to reset them, of course. Of course, since printers have otherwise shown they couldn't be trusted not to float off into space if gravity wasn't a distributed service that they weren't responsible for, aol keyword party's position is understandable.
|
|
#
?
Jan 9, 2016 23:13
|
|
|
Zakutambah posted:Come in this morning to file server issues: slow, remote access crapping out, general weirdness. Nothing too unusual with the old box though, usually just a bit over-taxed, have a look... that's a lot of accounts logged in running odd processes... why is the administrator account logged in... aw poo poo... Haha, I had almost the exact same thing happen with our TS server. Account logged in as "administrator" but with a machine labelled in Russian characters, MSP just said blast it with MBAM and call it a day... except the scan wouldn't even start. I disabled the local admin account and called it a day, its a bare metal server 2008 install set up from something like two MSP's ago before I even joined the company. Business continuity is going to be a hot topic soon, and this is going to be one of them.
|
|
#
?
Jan 10, 2016 00:53
|
|
|
Zakutambah posted:Come in this morning to file server issues: slow, remote access crapping out, general weirdness. Nothing too unusual with the old box though, usually just a bit over-taxed, have a look... that's a lot of accounts logged in running odd processes... why is the administrator account logged in... aw poo poo... I believe this is called a "resume generating event" but sounds like not for you! btw https://www.rdpguard.com I think someone recommended this to me a few pages ago
|
|
#
?
Jan 10, 2016 23:56
|
|
|
Internet Explorer posted:I can't remember the last time I had a printer fail to get a DHCP address. Just from years past, printers/servers and whatnot get static. One of these days I'll switch to reservations.
|
|
#
?
Jan 11, 2016 16:42
|
|
|
Need more advice! Our contract T2/T3 guy is leaving, so now I need to get up to speed on GPOs and then later Server 2012. The boss will pay for training and picked out an 11 hour group policy fundamentals course on pluralsight. Does anyone have experience with it or other resources?
|
|
#
?
Jan 11, 2016 20:04
|
|
|
Happiness Commando posted:Need more advice! How big/complex are your GPOs?
|
|
#
?
Jan 11, 2016 20:07
|
|
|
The short answer is not very 10-30 users per domain, mostly on SBS 2008, all in one OU. We push printer queues currently and have 1 client set up with a vbscript logon script that iterates through the drive share security groups and maps network drives for all shares that they have membership for. I'd like to be able to do that, which is more of a vbscript / powershell question, I think. Basically I need to streamline our ~20 clients and work smarter (as opposed to having 20 workstations with inconsistently hand mapped server shares) I can handle pushing a printer queue and setting up a WMI filter, but since we are super small business, clients don't have test environments for me to play with. I'm going to have to set one up on my own in order to have a safe non-production space for learning.
|
|
#
?
Jan 11, 2016 20:23
|
|
|
I really think a training class for learning how to use GPOs is overkill, but that is just me.
|
|
#
?
Jan 11, 2016 20:35
|
|
|
Happiness Commando posted:The short answer is not very You can probably just look at it and figure it out honestly. GPO is really easy. While you are in there, ditch the vb script and do exactly the same thing with GPO targeting.
|
|
#
?
Jan 11, 2016 20:41
|
|
|
Gerdalti posted:You can probably just look at it and figure it out honestly. GPO is really easy. This exactly. The hardest part about working with GPOs is finding out where the setting is that you want to change. Just make sure to test any GPO properly before applying it to a huge target OU.
|
|
#
?
Jan 11, 2016 20:47
|
|
|
BaseballPCHiker posted:This exactly. The hardest part about working with GPOs is finding out where the setting is that you want to change. Just make sure to test any GPO properly before applying it to a huge target OU. And finding out "where" the setting is usually just takes a quick Google search. i.e. https://www.google.com/#q=GPO+Map+Drives
|
|
#
?
Jan 11, 2016 20:59
|
|
|
Gerdalti posted:And finding out "where" the setting is usually just takes a quick Google search. I'm a fan of this site for helping you get pointed in the right direction: http://gpsearch.azurewebsites.net/
|
|
#
?
Jan 11, 2016 21:12
|
|
|
Yeah like everyone said you don't need a class. Your situation is similar to mine. Pick your nicest client to be your test environment. As long as you bind the GPO to a specific OU (and then only put your test AD accounts into that OU) then you won't really break anything. Everything will be google.
|
|
#
?
Jan 11, 2016 21:34
|
|
|
NevergirlsOFFICIAL posted:Yeah like everyone said you don't need a class. Your situation is similar to mine. Pick your nicest client to be your test environment. As long as you bind the GPO to a specific OU (and then only put your test AD accounts into that OU) then you won't really break anything. Test on your own computer first, then pick a department or even a single user to test it on You can also get fancy and make your GPOs at the top level and use Security Filtering to link it to a group instead of the OU structure. You should be doing both, but mapping drives is much less of a headache at the top level since random people will be "Sally in accounting needs access to shipping because she used to work there and..." You can also just removed authorized and put Billie on there who is having the issue you are trying to resolve with a GPO. (say disable hibernate because it's set for 1hour in the master image) VB is nice for some things, but you really should be switching over to powershell for anything that can't be done with a GPO. Today I switched all our static printers with the computers manually setup to the IP to DHCP reservations and deployed by a GPO, printers are another thing that work great from a group perspective, especially a big color printer that you have 2 print queues one mono for the entire building and a restricted color queue. Just make a group "Color Printer Authorized" and security filter it at the top, or as high as it would make sense. If you have multiple buildings you probably don't want that. I've had to move people around enough, and found security filtering superior for printers and mapped drives (the bulk of GPOs that are going to be targeted and not company wide already).I've seen horrible messes like this: Accounting Accounting With Y accounting with G accounting with Y and G That just looks horrible and is confusing. Then you get other departments that need access and it's just better to map it out and worry about NTFS not letting them into the wrong folders. Remember you can also view the links for a GPO after linking it and delete the old one, so if you go this GPO is for the shipping mapped drive you can always put it on the shipping OU and move it later (don't forget to change the filter first). edit: Name your GPOs something sane I like Function - description Drive - S: Sales Drive - P: Production Printer - HP mono LaserJet1020 Shipping I'm not sure if there is an industry standard but someone can look at my GPOs and know exactly what is happening, but much like computer names you probably want to be consistent so if a ton exist you might want to follow their format instead. pixaal fucked around with this message at 22:09 on Jan 11, 2016 |
|
#
?
Jan 11, 2016 22:05
|
|
|
pixaal posted:edit: Name your GPOs something sane I like Function - description This 1000 times. Have single GPOs produce a single planned outcome, don't shove everything into the default domain policy. I name my printers: Department - Location Model Example would be: Engineering - Reception HP LJ P3015dn
|
|
#
?
Jan 11, 2016 22:32
|
|
|
To counterpoint the half-dozen people above me, I did a "GPO Deep Dive" class a few years back, and it was pretty helpful. It went in-depth on security filtering, item-level targeting, inheritance, and common gotchas. After, I could speak authoritatively about the subject to my boss; both because I know what I was talking about, and I Had Been To A Class. If your company is paying for it, go for it. If you're expected to pay out of pocket, skip it.
|
|
#
?
Jan 11, 2016 23:11
|
|
|
Wizard of the Deep posted:
This is always the rule BUT if your company has a set  budget for your professional development I'd pick something other than gpo.
|
|
#
?
Jan 12, 2016 17:54
|
|
|
I'm having an issue where my Sonic Wall requires a reboot every few weeks. This wasn't really a problem I'd do it every Friday right before leaving. This was working until this weekend when on Saturday is locked up and required a power cycle after being on for under 16 hours. I was hoping to get something that I could remotely reset the power, or it could ping a server and power cycle if the internet goes out. I saw this but not sure that is a quality device. I'd love to replace the Sonic Wall but it's not really a viable option, it was setup before I took the job and is doing way too much (Wireless, AV, web filter, Firewall and I think a few other bells and whistles that Dell loves to not fully support). Sonic Wall support is great with refusing to support it without the newest firmware, which causes the wireless to not work as far and that is a problem. I'm pretty sure the system is just overloaded, I'd love an automated system, I know a timer is cheaper and probably doable if set to 2AM or something. I'd really like remote control since the phone system is on a separate network because when you combine them the Sonic Wall locks up because it's too much traffic. If the ISP is up I can remote in to the phone system and get this device to reboot the sonic wall bringing the other network back online. The one I linked is apparently hard coded to ping the companies servers is Taiwan, which is not very useful. If they go under I have a worthless device, or if one of the dozens of hops has a problem. I'd like a cheap but workable solution, anyone else dealt with something similar? Small shops always cut corners and end up spending more then doing it right the first time. Full replacement isn't an option due to sunk cost fallacy of the C-levels. We have everything service activated on it for 4 out of the 5 years still.
|
|
#
?
Jan 18, 2016 14:36
|
|
|
Get real APs and stop using wireless on Sonicwalls
|
|
#
?
Jan 18, 2016 16:52
|
|
|
pixaal posted:... Sonicwall problems.... Is it possible to disable the various systems one at a time and figure out which one is causing the issue? Check the CPU usage.. if the CPU usage is near maxed all the time, you WILL have issues. My first thought would be wireless... Sonciwall's wireless has always been pretty awful in general. I have a huge fleet of Sonicwall devices and never have any issues with them. I utilize Gateway/Cloud AV, content filter, firewall, etc... but I don't use the wireless. stevewm fucked around with this message at 17:36 on Jan 18, 2016 |
|
#
?
Jan 18, 2016 17:33
|
|
|
go3 posted:Get real APs and stop using wireless on Sonicwalls The wireless on it completely predates me. I would have purchased actual hardware if I had been the one buying them. The problem with testing the wireless is the only person that really uses the sonicwall wireless is the CEO, his office is out of range when the firmware is upgraded. He only uses it for his iPhone which he does all business from. He hasn't logged into his computer in a month according to AD. We have 2 Unifi APs elsewhere in the building that I have never had to touch. I'll see if I can get one of the same model, and move it closer then the server room to the CEOs office. Just as a sanity check, extending the unifi network isn't going to bite me in the rear end is it? Any gotchas with them? I've heard mostly good things about them and had a good experience but like most low end enterprise stuff there is always something lacking compares to the big names.
|
|
#
?
Jan 18, 2016 18:12
|
|
|
Adding an AP to your UniFi setup should be cake a long as you can access the software that controls then.
|
|
#
?
Jan 18, 2016 18:19
|
|
|
First of all, Sonicwall is bullshit. Second of all, I know APC UPSes with management NICs will let you remotely bounce an outlet group. An SMT-750 + NMC is going to run you close to $600, which is a decent fraction of the way towards a not-Sonicwall. Maybe you can find a cheaper UPS that will do the same?
|
|
#
?
Jan 18, 2016 19:01
|
|
|
Just replace the hardware and fix the actual problem, God drat. You should not be rebooting your firewall once a week.
|
|
#
?
Jan 18, 2016 19:19
|
|
|
Internet Explorer posted:Just replace the hardware and fix the actual problem, God drat. You should not be rebooting your firewall once a week. Doesn't Cisco still support this in IOS? Regular reboots to fix memory leaks and other features.
|
|
#
?
Jan 18, 2016 19:22
|
|
|
Internet Explorer posted:Just replace the hardware and fix the actual problem, God drat. You should not be rebooting your firewall once a week. Yes it is bullshit, and I'd love to replace the hardware that is giving me problems. I'm not going to get the funds to do it though. I will get told to just make it work, or that predecessor never had this problem (he did one of the few documents he left was reboot Sonicwall every Friday. Don't upgrade firmware breaks wireless). This is an issue only a small shop would run into, a large company would cut their losses.
|
|
#
?
Jan 18, 2016 19:33
|
|
|
I have worked with plenty of small shops and that is bullshit. If you can't get a few hundred dollars to replace a vital piece of infrastructure, find a new job. Buy 2 of these. One to put in production, one to keep on the shelf - http://www.amazon.com/Ubiquiti-Edge...ds=edgerouter+x Buy a handful of these, whatever you need for coverage, since only 1 user uses the wifi - http://www.amazon.com/Ubiquiti-Networks-Enterprise-System-UAP-AC-LITE/dp/B015PR20GY If you have to, buy these instead - http://www.amazon.com/Ubiquiti-Networks-Enterprise-Unifi-UAP/dp/B00HXT8R2O If all of that is too expensive, get the gently caress out.
|
|
#
?
Jan 18, 2016 19:53
|
|
|
Sonicwalls are loving trash and even if replacing it doesn't fix your problems, at least you don't have a Sonicwall any more.
|
|
#
?
Jan 18, 2016 20:06
|
|
|
Just don't reboot it Friday, and come Monday say it's dead. Instant budget. Go with the suggestions above, and have good working equipment. If they freak out over a couple hundred bucks, update your resume.
|
|
#
?
Jan 18, 2016 20:37
|
|
|
Is anybody aware of any alternatives to ExtremeZ-IP/Acronis Access Connect? I am completely fed up with companies that do all they can do hide access to support phone numbers that lead to a real person. When an entire companies fileserver is down and your loving poo poo rear end of a gently caress up company hides support behind public forums, free indian web help, and a website that refuses to register our product so we can actually GET the support we loving paid for, I'm done. gently caress you Acronis. gently caress you in your dildo filled, piece of poo poo rear end. Edit: Also, the only other document management alternative that I'd readily familiar with for Mac is Docmoto. If you've never heard of them, do yourself a favor and bust out your Gucci watch and hop in your Ferrari to your date with Paris Hilton, because at the prices they're asking, you're the type of person that can afford it (30k a year for 50 users, billed yearly.  )
McDeth fucked around with this message at 17:04 on Jan 19, 2016 |
|
#
?
Jan 19, 2016 16:09
|
|
|
McDeth posted:Is anybody aware of any alternatives to ExtremeZ-IP/Acronis Access Connect? Acronis the backup company? One would imagine an endless amount of crazy shouting people trying to reach them demanding support for restores. I wonder how many times they are threatened with law suits? The alternative to that product appears to be OS X 10.9 or newer and SMB 2/3. That product only appears to fix SMB 1 being rear end, you can still get missing files with AFP and the performance is worse than SMB for a long time. Implemented a Spotlight server is pretty cool though, all the OS vendors don't put much effort into improving network searching: I think Microsoft added it with Windows Search 4, Gnome people did have it with Beagle but then dropped it and concentrates on local-only domain. I guess people just waive their hand and say use a DMS. MrMoo fucked around with this message at 19:00 on Jan 19, 2016 |
|
#
?
Jan 19, 2016 18:47
|
|
|
pixaal posted:I'm having an issue where my Sonic Wall requires a reboot every few weeks. This wasn't really a problem I'd do it every Friday right before leaving. This was working until this weekend when on Saturday is locked up and required a power cycle after being on for under 16 hours. I was hoping to get something that I could remotely reset the power, or it could ping a server and power cycle if the internet goes out. I saw this but not sure that is a quality device. Ah yes I know all about the sonicwall-new-firmware-makes-wifi-suck-even-more problem. Sonicwall itself is fine but the wifi is garbage. What you must do is upgrade sonicwall to latest firmware and then throw the sonicpoints in the trash where they belong and get other AP. You can keep your sonicwall sonicpoint VLANs and just plug the AP switch into whatever X port.
|
|
#
?
Jan 19, 2016 19:32
|
|
|
In the interest of common sense and stopping meltdowns, I'm thinking of starting up a knowledge base of sorts for both IT related topics and also departmental topics. It's kind of brought about by the "Sole person hit by a bus" scenario and to also devolve workloads, as knowledge is pretty much retained by a few people and gets lost easy or Chinese whispers happens (How do we do X? I don't know Y always does it for us). How would you go about it? Roll your own local wiki? Butt cloud products? Some months ago marketing one day decided to create an "Intranet" which is a public website you need to make an account and login with, pretty much nobody uses it because its one more set of login credentials on the pile everyone already has.
|
|
#
?
Jan 19, 2016 20:31
|
|
|
on Confluence
|
|
#
?
Jan 19, 2016 20:54
|
|
|
Thanks Ants posted:
Doing this now for my environment. Totally worth the money. $10 lifetime for up to 10 users I think if self hosted. If you scale past that ten their pricing gets insane. Really loving it so far but it does suffer from that "everything can look so nice and cool" effect where I tend to let perfect get in the way of good.
|
|
#
?
Jan 19, 2016 21:20
|
|
|
Thanks Ants posted:
This is valid, also if you have O365 I supposed you could use a shared OneNote book if it's not too much data.
|
|
#
?
Jan 19, 2016 21:26
|
|
|
|
| # ? May 14, 2024 02:48 |
|
|
Plone or MediaWiki. SharePoint if you are a masochist.
|
|
#
?
Jan 19, 2016 22:39
|
|
