|
At the time we were using it internally, but the goal was to eventually offer it as a service to customers. 2FA was less popular back then (3-4 years ago) and was not in-demand by customers.
|
# ? Sep 14, 2016 20:30 |
|
|
# ? May 30, 2024 08:07 |
|
Has anyone actually worked at a place where a disaster recovery\fault tolerance plan actually fucken worked properly? It's always neglected and on the bottom of the priority list until poo poo hits the fan.
|
# ? Sep 14, 2016 21:26 |
No. I view them as more of a useful framework for understanding how hosed I am if anything goes wrong.
|
|
# ? Sep 14, 2016 21:30 |
|
If you're not doing an active DR test once a quarter or so and actively running on your DR environment with production being "offline", it is never going to work right. There's a reason why big boys like Netflix actively test their DR on a daily basis - http://arstechnica.com/information-technology/2012/07/netflix-attacks-own-network-with-chaos-monkey-and-now-you-can-too/
|
# ? Sep 14, 2016 21:32 |
That's great assuming you can resource something like that. A lot of places probably can't even run through DR scenarios without destroying their janky environment completely. Netflix is awesome, but technology is their business. Even big businesses with lots of money won't prioritize DR planning like they should, let alone actually see if the plan works. milk milk lemonade fucked around with this message at 21:41 on Sep 14, 2016 |
|
# ? Sep 14, 2016 21:35 |
|
Internet Explorer posted:If you're not doing an active DR test once a quarter or so and actively running on your DR environment with production being "offline", it is never going to work right. There's a reason why big boys like Netflix actively test their DR on a daily basis - http://arstechnica.com/information-technology/2012/07/netflix-attacks-own-network-with-chaos-monkey-and-now-you-can-too/ Yupppp, we're so hosed on DR. We've never done a full failover test and never will at this rate. No one wants to slash everyone is sure it will destroy everything.
|
# ? Sep 14, 2016 21:37 |
|
Yup. Testing a DR plan is seen as a guaranteed way to create extra work, so it doesn't get done.
|
# ? Sep 14, 2016 21:40 |
|
Fudge posted:That's great assuming you can resource something like that. A lot of places probably can't even run through DR scenarios without destroying their janky environment completely. Right. If you can't roll over your business to DR and have it run for a day, then the current setup is not sufficient. Management buy-in is super important for that. The understanding needs to be, if you do not provide us the resources and allow us to test regularly, a "DR setup" is more like of a guideline at best. But, I realized I didn't answer your question. No, I have never worked in a place that could get through DR without causing a mess. I have implemented proper DR as a consultant. Sorry to hammer it home, but it's just like backups. It doesn't count if you're not actively testing it.
|
# ? Sep 14, 2016 21:41 |
|
At a previous job, we had to do a full annual test (per client requirements), so we actually got to see what worked and where our bottlenecks were. At current place, it will be a poo poo show....
|
# ? Sep 14, 2016 22:08 |
|
Imagine my surprise when I see all the Server 2016 features on demand show up in the windows 10 group
incoherent fucked around with this message at 22:35 on Sep 14, 2016 |
# ? Sep 14, 2016 22:26 |
|
I don't know if there's a better SQL thread, sorry if there is. I'm not a SQL guy. I got asked to troubleshoot some blocked processes on a server. It triggered an alarm when it reported 30 blocked processes a week ago. For the most part, it's usually zero with occasionally 2-3. For the last day it's been zero. My understanding is that blocking is just a normal consequence of locking. I get the impression that blocks aren't a problem unless they increase wait times. Is there a way to check logs or set up a trigger to create a log entry when there's a block? I'm mostly looking for a way to say "Hey, since this parameter wasn't affected, this is just a thing that happens sometimes, don't worry about it." Or, if it's actually a problem, fix it.
|
# ? Sep 15, 2016 22:34 |
|
Did you introduce some poor quality offshore developers into production recently? That's how my locks appeared. Seriously though, I had to bring in a fixer to handle my issues. mainly track down the five W's and break some fingers. If you have zero budget though sp_who2 (in a new SQL query window) will tell you what's going on as well.
|
# ? Sep 15, 2016 22:45 |
|
Try this thread - http://forums.somethingawful.com/showthread.php?threadid=2672629
|
# ? Sep 15, 2016 22:49 |
|
incoherent posted:Did you introduce some poor quality offshore developers into production recently? That's how my locks appeared. There are so many offshore people that it's probably more accurate to say that I'm the one who is truly offshore from the rest of the company. I did find sp_who2, but it doesn't really tell me anything until I get a block. Is 30 a high number if it is infrequent, lasts a few minutes, and may have occurred during a backup?
|
# ? Sep 15, 2016 22:51 |
|
Internet Explorer posted:Try this thread - http://forums.somethingawful.com/showthread.php?threadid=2672629 Doh, that's in CoC, right? I didnt even think of SQL as being coding.
|
# ? Sep 15, 2016 22:53 |
|
Dr. Arbitrary posted:There are so many offshore people that it's probably more accurate to say that I'm the one who is truly offshore from the rest of the company. if you already have it narrowed down to the backup window it's very likely that the backup is the problem.
|
# ? Sep 16, 2016 01:38 |
|
Zaepho posted:if you already have it narrowed down to the backup window it's very likely that the backup is the problem. I finally figured out how to read the logs from the backup jobs, and they don't actually intersect with the issue.
|
# ? Sep 16, 2016 03:11 |
|
Dr. Arbitrary posted:I finally figured out how to read the logs from the backup jobs, and they don't actually intersect with the issue. Doh! If you have a monitoring solution that can react to the number of blocked processes, it migth make sense to have it execute sp_who2 and log the results at the time of the blocking. This should give you a way to look at what the problem processes are, which would then identify the rabbit hold to delve down deep into.
|
# ? Sep 16, 2016 15:14 |
|
RE: 2FA chat, we put in Duo at my current job and its been a breeze. Cheap too, the option we're using is $3/user/month. We use it for our VPN, OWA, and RD Gateway.
|
# ? Sep 16, 2016 15:47 |
|
Spring Heeled Jack posted:RE: 2FA chat, we put in Duo at my current job and its been a breeze. Cheap too, the option we're using is $3/user/month. We use it for our VPN, OWA, and RD Gateway. A bunch of our clients have been implementing Duo for 2fa, and it integrates very well with netscalers. It's comparatively easy to set up on them as well.
|
# ? Sep 16, 2016 17:05 |
|
Internet Explorer posted:At the time we were using it internally, but the goal was to eventually offer it as a service to customers. 2FA was less popular back then (3-4 years ago) and was not in-demand by customers. thanks
|
# ? Sep 16, 2016 21:46 |
|
Dr. Arbitrary posted:Doh, that's in CoC, right? I didnt even think of SQL as being coding. In a just world, SQL/DBA threads would go in FYAD where they belong. But here we are.
|
# ? Sep 17, 2016 02:53 |
|
I have MS SQL Server in a AOAG setup. I added SSRS report server database to the AOAG setup and configured a SSRS scale out deployment. Everything is working as expected with the exception of accessing the SSRS URL through the SQL listener DNS name. (http://sql-listener/reportserver instead of using http://sql1/reportserver and http://sql2/reportserver) I assume this probably isn't supported but any sort of workarounds or recommendation? Cross posted to the SQL thread as well.
|
# ? Sep 18, 2016 22:53 |
|
Does anyone know how to programmatically change a file type association in Windows 10? Under Windows 7 it was a simple case of exporting/importing a reg file. But if you try the same thing in Windows 10, then after the next reboot you get a system tray popup "There was a problem with a file type association" and it gets reverted to the default setting. Two things I've tried so far are: - Only importing the "HKEY_CLASSES_ROOT\filetype" key (not the "HKEY_CLASSES_ROOT\.ext" one) then using the command line application "assoc .ext=filetype" to set the default setting. This seems to work at first. If you run the "assoc .ext" command the correct application is displayed. But if you doubleclick a file, the new application is only offered as a choice and there is no checkbox to remember your setting so it opens once with the new application, and then resets to the default again. - Using the "Dism /Get-DefaultAppAssociations" and "Dism.exe /Import-DefaultAppAssociations" commands. Here, the problem is that you cannot import single app settings, you can only overwrite the entire set of default apps. So if you run this on a computer with nonstandard apps installed, you are basically guaranteed to gently caress up things by deleting file type associations. The reason I have to do this is that we have ancient .tiff files that only open in some lovely image viewer from the 90s.
|
# ? Sep 19, 2016 10:36 |
|
Is Group Policy an option? Because if so, I vote for using Group Policy.
|
# ? Sep 19, 2016 13:56 |
|
Anyone that has tried disabling the Windows key in Windows 10? Did it work for any of you? We're trying to disable just the Win+L and tried a blanket solution for everything Windows Key related but nothing works. Policies, registry hacks, nothing works. Has anyone been able to do it? Basically all we want is to not allow users to lock a workstation through any means.
|
# ? Sep 19, 2016 14:06 |
|
orange sky posted:Anyone that has tried disabling the Windows key in Windows 10? Did it work for any of you? We're trying to disable just the Win+L and tried a blanket solution for everything Windows Key related but nothing works. Policies, registry hacks, nothing works. If this doesn't work you are SOL https://support.microsoft.com/en-us/kb/216893
|
# ? Sep 19, 2016 14:07 |
|
Riso posted:If this doesn't work you are SOL https://support.microsoft.com/en-us/kb/216893 That didn't work but this did: http://www.howtogeek.com/howto/windows-vista/disableenable-lock-workstation-functionality-windows-l/ It's actually the first result on Google but I must have searched for some lovely terms before and it didn't show up.
|
# ? Sep 19, 2016 14:13 |
|
orange sky posted:Anyone that has tried disabling the Windows key in Windows 10? Did it work for any of you? We're trying to disable just the Win+L and tried a blanket solution for everything Windows Key related but nothing works. Policies, registry hacks, nothing works. WinKey Killer? Else...
|
# ? Sep 19, 2016 14:19 |
|
orange sky posted:Has anyone been able to do it? Basically all we want is to not allow users to lock a workstation through any means. Can I ask why? I have been trying to train our end users for years to lock their drat computers.
|
# ? Sep 19, 2016 15:20 |
|
peak debt posted:Does anyone know how to programmatically change a file type association in Windows 10? There is a Group Policy Preference item for doing just this..
|
# ? Sep 19, 2016 15:41 |
|
peak debt posted:Does anyone know how to programmatically change a file type association in Windows 10? Look for default associations.xml, you can't manually modify a bunch of stuff in the registry anymore, the registry is hashed and it will revert the next time it loads. https://www.loginvsi.com/blog/login-vsi/518-fixing-default-file-type-associations-in-windows-10 This worked in server 2012/windows 8, and i believe still works in windows 10
|
# ? Sep 19, 2016 15:52 |
|
Moey posted:Can I ask why? I have been trying to train our end users for years to lock their drat computers. It's a library kiosk with an auto-logon for a user and Unified Write Filter enabled. It's setup so it restarts once a day but that's all, no log offs or restarts during the day.
|
# ? Sep 19, 2016 16:27 |
|
orange sky posted:It's a library kiosk with an auto-logon for a user and Unified Write Filter enabled. It's setup so it restarts once a day but that's all, no log offs or restarts during the day. Ah yes, figured it was a special use case. How do you like UWF? We are currently using DeepFreeze for public library PCs.
|
# ? Sep 19, 2016 16:29 |
|
Moey posted:Ah yes, figured it was a special use case. We enabled the feature before the image capture but weren't able to enable it during the Task Sequence through any means (running a cmd or powershell) so we deploy the OS, run a script manually to configure UWF and restart it so it starts working. I recommend configuring it to use deferred write to disk, not memory, or your computer's memory will run out quite fast. Also, plan your exceptions. I haven't tested the servicing mode yet, so I don't know if it works well.
|
# ? Sep 19, 2016 16:38 |
|
lol internet. posted:I have MS SQL Server in a AOAG setup. I added SSRS report server database to the AOAG setup and configured a SSRS scale out deployment. Did you make sure to delegate kerbros authentication to the cluster?
|
# ? Sep 19, 2016 16:38 |
|
Heads up for anyone who manages images. If you install the latest cumulative update for WIndows 10 1511 (https://support.microsoft.com/en-us/kb/3185614) then any new user profile on that system will be unable to search for Windows settings items (check for updates, notifications, about my pc, etc.) in the start menu. They never get indexed. Found this issue as part of a private hotfix we received over the summer and reported it in July so of course it's still in the public release two months later.
|
# ? Sep 19, 2016 19:51 |
|
I'm trying to issue a certificate from a Windows DC/CA (Windows 2008 Standard, SP2) that's valid for both client and server use. So, I cloned one of the existing certificate templates (I think the webserver one) and changed the usage policy, then published it. Everyone is allowed to read/enroll for the template. "certutil -catemplates" shows the template and doesn't indicate any errors. However, when we actually try to sign a request with the template (using Certsrv or command line), we get the error "Denied by Policy Module 0x80094800, The request was for a certificate template that is not supported by the Active Directory Certificate Services policy: <template name>" I can issue certificates with some of the builtin templates (User/Webserver/etc.), so the thing isn't completely hosed. It seems to just puke on any custom template. I think all the ones that work have Windows 2000 as the minimum supported CA and have a version like 3.1 or 4.1 in the Certificate Templates MMC snap-in. Any template I copy has 'Windows Server 2003, Enterprise Edition' as minimum supported CA and a version like 100.5 or something. This seems to correspond somehow to v2 or v3 certificates, and there was a bunch of stuff about how Standard Edition couldn't issue certificates based on these templates, but I've also read that Server 2008 fixed that limitation. I'm pretty naive about this kind of stuff, so I'm not sure what else to include here. I've googled a lot, and tried all sorts of things, but can't get past this point. Does anyone know what might be the problem, or what other information I can provide to help troubleshoot it?
|
# ? Sep 19, 2016 20:36 |
|
v2 and v3 are only available in enterprise, not standard. You should be issuing at least 2003 level certs, not 2000. Spin up some VMs, create a fake domain, and step-by-step the cert process. https://technet.microsoft.com/en-us/library/cc772393(v=ws.10).aspx e: it may sound like i'm being a dick, i'm not. Took me a few tries to get PKI to work in a test environment properly, it's kinda convoluted/somewhat complicated throwing versions of WinServer into the mix. incoherent fucked around with this message at 00:15 on Sep 20, 2016 |
# ? Sep 20, 2016 00:11 |
|
|
# ? May 30, 2024 08:07 |
|
orange sky posted:It's a library kiosk with an auto-logon for a user and Unified Write Filter enabled. It's setup so it restarts once a day but that's all, no log offs or restarts during the day. If you're using UWF, you must be using Win10 Enterprise LTSB? LTSB 2016 has the keyboard filter that was missing in 2015 added back in - that's what we're using for a similar autologon kiosk project. It's up on MSDN already, but not released via VLSC until October 1st, we've been told.
|
# ? Sep 20, 2016 12:45 |