|
Docjowles posted:I think he's saying the EQL is out of support. The MPIO driver is behind a paywall. That's what I get for replying to posts before I wake up.  But ah, yeah, don't do that. Don't run your entire company off a single device that has no support.
|
#
?
Sep 8, 2016 14:46
|
|
|
|
| # ? May 14, 2024 00:58 |
|
|
Anyone using any kind of IT process automation software? Curious as to what anyone else might be using.
|
|
#
?
Sep 8, 2016 16:32
|
|
|
SCCM  Pros: You could make a career out of SCCM alone right now. Cons: There's so loving much to learn, you could make a career out of SCCM alone right now 
|
|
#
?
Sep 8, 2016 16:53
|
|
|
TPotato Salad posted:SCCM Think you mean SCOrch  
|
|
#
?
Sep 8, 2016 17:03
|
|
|
The entire system centre suite is such an enormously complex and useful piece of software but it makes me want to leave IT
|
|
#
?
Sep 8, 2016 17:05
|
|
|
Yeah, I'm talking more along the lines of SCOrch and it's ilk. Right now messing around with NetIQ Aegis, seems powerful enough if you know what you're doing (and I don't). I wish I could push for SCOrch, at least the documentation is better and there's a lot more folks blogging about it.
skipdogg fucked around with this message at 17:45 on Sep 8, 2016 |
|
#
?
Sep 8, 2016 17:37
|
|
|
SCOrch has shitloads of potential, but it just feels neglected.
|
|
#
?
Sep 8, 2016 18:47
|
|
|
SCORCH (Orchestrator) is awful and I hate it. Hate hate hate it. It doesn't have the builtin ability to really do anything, so you're just passing around Powershell scripts and it's really painful to use. Maybe System Center 2016 will totally revolutionize it but man it's bad right now.
|
|
#
?
Sep 8, 2016 18:50
|
|
|
Looking for a SaaS service for file transfer for external customers. Ideally I would like end users to be able to simply provision accounts to external users, then the external users can take the information, login and upload the files. Would be great if the accounts auto-delete after X amount of time. Any recommendations? Not looking to break the bank. Probably hoping to share a generic account among a lot of users.
|
|
#
?
Sep 8, 2016 21:39
|
|
|
If you haven't taken a look at ShareFile, I would start there. You can have a pretty granular setup with something like that, including the ability to send users an "Upload File Link" that uploads the files to the user who sent its "Inbox" and can be moved from there. Really, the only time you'd need to provision accounts is to have things in a shared, consistent folder.
|
|
#
?
Sep 8, 2016 21:46
|
|
|
tadashi posted:tl;dr: gently caress local clustering with Hyper-V. 1) Migrate all the VMs (including storage) to a single Hyper-V host (Host A) 2) Destroy second SAN volume 3) Create new SAN Volume for quorum (i think 2GB is the minimum size here, i usually just throw 10 at it as a nice round number) 4) Create a new SAN Volume with the rest of the space from the original VM volume 5) Rebuild Host B and build it as a single node cluster with the new SAN Volume (as a Cluster shared volume) and Quorum Disk 6) Migrate all VMs (including storage) to the new Hyper-V Cluster 7) Rebuild Host A and add to Hyper-V Cluster (make sure to make all of the disks available to both hosts) 8) Re-present original VM Host A SAN Volume to both hosts 9) Re-Balance storage usage of VMs Yes, Doing it on new hardware is WAY easier than trying to juggle things around like this. as for guest clustering, you can use Shared VHDs on the CSVs or present SAN disks directly via ISCSI
|
|
#
?
Sep 9, 2016 02:17
|
|
|
skipdogg posted:Yeah, I'm talking more along the lines of SCOrch and it's ilk. Right now messing around with NetIQ Aegis, seems powerful enough if you know what you're doing (and I don't). I wish I could push for SCOrch, at least the documentation is better and there's a lot more folks blogging about it. Jeoh posted:SCOrch has shitloads of potential, but it just feels neglected. SCORCH is dead, long live SMA Also System Center is my life. System Center is why I drink.
|
|
#
?
Sep 9, 2016 02:19
|
|
|
orange sky posted:You can't even do a dism /online /import-defaultappassociations anymore, because the online change doesn't work! This definitely works but you need to know how it is supposed to work or it will look like it didn't work. The default associations are only applied to the default user account and will be set for any new user when they log in for the first time. If you're running that command and expecting it to change the associations for the current user, then yeah, it doesn't do that.
|
|
#
?
Sep 9, 2016 14:37
|
|
|
Caf posted:This definitely works but you need to know how it is supposed to work or it will look like it didn't work. Oh no trust me I know. It doesn't work in the 1607 version, there's a bug. It actually throws an error. I use the commands in the answer here: https://social.technet.microsoft.co...win10itprosetup E:Unless I'm missing something. Have you tried it in the 1607 version and can you confirm it works? I'm using copyprofile so I should notice if it works when I create a new user but I tested it and it didn't as far as I can remember. orange sky fucked around with this message at 14:44 on Sep 9, 2016 |
|
#
?
Sep 9, 2016 14:38
|
|
|
In that case, thanks for the heads up. We're halfway through our deployment with 1511 and I haven't done anything with 1607 yet.
|
|
#
?
Sep 9, 2016 15:14
|
|
|
In the process of finally revoking local admin from all of our users, we're looking into beyondtrust/powerbroker/beyondinsight to manage elevated permissions for installs instead of SCCM. Has anyone worked with it? I've only had contact with the sales guy so far and it seems to cover all of our needs, but I'm still in the process of getting my head around implementation, installation, and exactly what parts we need. Thank god we recently set up a sandbox test domain.
|
|
#
?
Sep 9, 2016 16:36
|
|
|
Boogalo posted:In the process of finally revoking local admin from all of our users, we're looking into beyondtrust/powerbroker/beyondinsight to manage elevated permissions for installs instead of SCCM. Has anyone worked with it? I've only had contact with the sales guy so far and it seems to cover all of our needs, but I'm still in the process of getting my head around implementation, installation, and exactly what parts we need. Doesn't SCCM run installs as SYSTEM and not the user running it?
|
|
#
?
Sep 9, 2016 17:10
|
|
|
orange sky posted:Doesn't SCCM run installs as SYSTEM and not the user running it? Yeah but we're a two person (jr and sr) sysadmin team with 150 virtual and physical servers, onprem exchange, no SAN, and 2000 users. We have rudimentary SCOM and SCCM but it was set up (not very well) by a consultant ages ago and it's on the to do list to learn, but it's a monster and we don't have enough time to learn, test, implement before the security auditors come around and ding us on the report again. This is HigherED, it's an odd place and the budget folks don't mind throwing down for the 3rd party solution.
|
|
#
?
Sep 9, 2016 17:19
|
|
|
Azure West Europe 
|
|
#
?
Sep 9, 2016 17:36
|
|
|
Boogalo posted:In the process of finally revoking local admin from all of our users, we're looking into beyondtrust/powerbroker/beyondinsight to manage elevated permissions for installs instead of SCCM. Has anyone worked with it? I've only had contact with the sales guy so far and it seems to cover all of our needs, but I'm still in the process of getting my head around implementation, installation, and exactly what parts we need. Haven't worked with it, but I have worked with similar products. Whatever you do, do a full blow PoC test and make sure it does everything you want it to do perfectly. We do use their Linux to AD stuff and it does the job. I'm really down on "enterprise software" right now, every solution has gotchas and bullshit that no one ever talks about until the check is written and your 80% into the deployment and it can't do X or Y the way you thought it could.
|
|
#
?
Sep 9, 2016 18:02
|
|
|
The gently caress is with all these companies I'm running into using RDS servers for remote logins so people can access IIS apps? Or this one company that's got all these weird problems on an RDS with one single instance of Dynamics that people are accessing from home using rdp sessions to an externally routable subdomain of their main website? Is this poo poo not the height of bad practice? I'm asking legit questions cause I've honestly never seen this before. Distribute your loving app and don't provide an easy-to-get-to doorway right into your loving datacenter by having an RDS server face forward like that. If it's a web app just have people access a drat website rather than use RDS.
|
|
|
#
?
Sep 10, 2016 18:25
|
|
|
Internet Explorer posted:That's what I get for replying to posts before I wake up. Agreed. What I am going to do is basically what was recommended. Just move the machines to a single volume and then setup the necessary extra volumes for the cluster. It's not that big of a project but it just felt that way at 3 am.
|
|
#
?
Sep 12, 2016 20:33
|
|
|
https://technet.microsoft.com/library/security/ms16-sep 7 criticals 
|
|
#
?
Sep 13, 2016 19:31
|
|
|
loving Microsoft. I have 2 and half years of working with Microsoft products and seriously, I'm thinking about leaning towards Linux and steering completely away from Microsoft. At the rate things are going poo poo's gonna go down on enterprise environments. If they are as careless with their Datacenter's security as they are with their OS's everyone's hosed.
|
|
#
?
Sep 13, 2016 22:24
|
|
|
Those aren't all server issues. Half of those that are server can be mitigated with server core, or removing the GUI 2012+. Hell, even one is patching oracle libraries used in exchange. Could be worse, could still see patches going live for GHOST exploits years later.
|
|
#
?
Sep 13, 2016 23:36
|
|
|
orange sky posted:loving Microsoft. I have 2 and half years of working with Microsoft products and seriously, I'm thinking about leaning towards Linux and steering completely away from Microsoft. At the rate things are going poo poo's gonna go down on enterprise environments. If they are as careless with their Datacenter's security as they are with their OS's everyone's hosed. lol I see someone didn't live through Code Red or slammer or blaster or basically the 2000s in general. poo poo today is so much better than it used to be. Maneki Neko fucked around with this message at 00:25 on Sep 14, 2016 |
|
#
?
Sep 14, 2016 00:22
|
|
|
also lol if you think other OSes and products aren't just as bad with vulnerabilities and updates
|
|
#
?
Sep 14, 2016 00:28
|
|
|
CLAM DOWN posted:also lol if you think other OSes and products aren't just as bad with vulnerabilities and updates
|
|
#
?
Sep 14, 2016 00:39
|
|
|
I'm not gonna lie, Windows 10 Servicing has me a little scared. They're making so many bad decisions with regards to Windows 10 Enterprise...
|
|
#
?
Sep 14, 2016 00:42
|
|
|
anthonypants posted:Actually, Linux on the desktop doesn't get viruses. Heartbleed and Shellshock? No, those don't count, because they weren't viruses, and they only affected servers. I didn't say anything about viruses, I said vulnerabilities and updates. Did you not read what you quoted?
|
|
#
?
Sep 14, 2016 00:45
|
|
|
CLAM DOWN posted:I didn't say anything about viruses, I said vulnerabilities and updates. Did you not read what you quoted?
|
|
#
?
Sep 14, 2016 00:46
|
|
|
anthonypants posted:That post wasn't to be taken seriously. Oh. It's hard to tell sometimes, especially when people genuinely think what you posted. Sorry.
|
|
#
?
Sep 14, 2016 00:48
|
|
|
What's a good step-by-step guide that can explain to me how to set up 2FA in my Windows environment? I have googled, read some old blog posts, and still don't feel like I have a good understanding. My requirements: 1. Require 2FA when user is not physically on the LAN - this means when they are connecting to SSLVPN or RDS 2. Require 2FA when accessing sharepoint via webdav or https (from the WAN) For #1 I have a 2FA built in to my existing SSLVPN solution (sonicwall sra). RDS I was looking at Duo but Duo doesn't plug in easily to sharepoint per my understanding. I get there's something I can do with ADFS that would involve extending my domain to Azure. But I have no idea what that looks like for the user.
|
|
#
?
Sep 14, 2016 14:39
|
|
|
CLAM DOWN posted:Oh. It's hard to tell sometimes, especially when people genuinely think what you posted. Sorry. 
|
|
#
?
Sep 14, 2016 16:36
|
|
|
NevergirlsOFFICIAL posted:What's a good step-by-step guide that can explain to me how to set up 2FA in my Windows environment? I have googled, read some old blog posts, and still don't feel like I have a good understanding. We just rolled AuthAnvil 2FA for RDS, it was only a minor pain in my rear end, but we've only been fully turned on for a week or two, so I'm not sure if things are going to explode after a month or two. Unsure about sharepoint capability, but it's very affordable; will require at least 1 VM dedicated, possibly 2 I forget, but you'd want 2 anyway for redundancy, does hook into AD easily as well. We previously used safeword, I loved safeword, I'm not sure how well it hooks into sharepoint though, or if they're still around, once we switched from 2003 to 2012 we decided to change to authanvil. Unsure about sharepoint capability, hooks into AD easily, does require 2 VMs minimum for redundancy, and I'm not sure regarding pricing. RSA is also good, my client uses it for VPN, it's loving expensive as hell though. All of these SHOULD have plenty of documentation to get you well on your way to getting stuff working. MF_James fucked around with this message at 18:02 on Sep 14, 2016 |
|
#
?
Sep 14, 2016 17:48
|
|
|
MF_James posted:We just rolled AuthAnvil 2FA for RDS, it was only a minor pain in my rear end, but we've only been fully turned on for a week or two, so I'm not sure if things are going to explode after a month or two. Unsure about sharepoint capability, but it's very affordable; will require at least 1 VM dedicated, possibly 2 I forget, but you'd want 2 anyway for redundancy, does hook into AD easily as well. Thanks. AuthAnvil would be nice as our CRM supports that out of the box (currently we're using google authenticator for that). Will look at AuthAnvil.
|
|
#
?
Sep 14, 2016 19:00
|
|
|
I used AuthAnvil a bit and didn't have any complaints. Just be careful you don't end up locking yourself out if the poo poo hits the fan.
|
|
#
?
Sep 14, 2016 19:31
|
|
|
Internet Explorer posted:I used AuthAnvil a bit and didn't have any complaints. Just be careful you don't end up locking yourself out if the poo poo hits the fan. Why did you stop using it? Just different job or did you switch to something else?
|
|
#
?
Sep 14, 2016 19:58
|
|
|
NevergirlsOFFICIAL posted:Why did you stop using it? Just different job or did you switch to something else? Different job. We used it at an MSP. Part of the reason was that you could log into the same administrator account with a different token, so it could at least show who logged into an account and when, without having to make an account for each tech for every customer. Whether that is a good security practice or not is a different story.
|
|
#
?
Sep 14, 2016 20:02
|
|
|
|
| # ? May 14, 2024 00:58 |
|
|
Internet Explorer posted:Different job. We used it at an MSP. Part of the reason was that you could log into the same administrator account with a different token, so it could at least show who logged into an account and when, without having to make an account for each tech for every customer. Whether that is a good security practice or not is a different story. Just out of curiosity were you reselling this solution to customers as well or just using internally?
|
|
#
?
Sep 14, 2016 20:10
|
|