|
What's Citrix Cloud like now? Edit: 25 user minimum. Boo. Thanks Ants fucked around with this message at 12:09 on Mar 10, 2017 |
#
?
Mar 10, 2017 12:03
|
|
|
|
| # ? May 30, 2024 12:56 |
|
|
lol internet. posted:RDS alone doesn't require sql does it? I don't recall using it on a 2012r2 RDS. Correct, my fault, but you will need access to a domain controller. So you're still stuck with devoting 2 machines to this. Well, I'm assuming, since you asked about DCs to begin with...
|
|
#
?
Mar 10, 2017 16:03
|
|
|
Just do remoteapp. Or if they are that anal about security then vpn is the only answer.
|
|
#
?
Mar 10, 2017 22:47
|
|
|
A couple of questions regarding SharePoint Online.. 1) Is there a way to edit PDFs on SharePoint? Like that way multiple users can work on MSWord or Excel files--straight from the document library. 2) Is there a way to get MSWord's "Line and Paragraph Spacing" tools into SharePoint? Some users are having trouble editing their pages. They're looking for something more than Enter and Shift+Enter for formatting. I've been researching both these issues but not finding much help. Editing PDFs seems unlikely since it's a Microsoft vs. Adobe case. Thank you, thread. My non-profit employer has shifted people's roles and I've been handling more SharePoint work. Previously my experience with SP was limited, so I'm still learning the borders of its capabilities.
|
|
#
?
Mar 11, 2017 18:58
|
|
|
ProperCoochie posted:A couple of questions regarding SharePoint Online.. None that I'm aware of. quote:2) Is there a way to get MSWord's "Line and Paragraph Spacing" tools into SharePoint? Some users are having trouble editing their pages. They're looking for something more than Enter and Shift+Enter for formatting. In what context? Entering a form? Editing a site page? Modern page? There are some rich text editing tools in some places.
|
|
#
?
Mar 11, 2017 19:20
|
|
|
The Fool posted:
Editing a site page. For users comfortable with Word but now thrust into the world of SharePoint.
|
|
#
?
Mar 11, 2017 21:17
|
|
|
ProperCoochie posted:Editing a site page. For users comfortable with Word but now thrust into the world of SharePoint. Turn on modern pages and just embed a document. https://wonderlaura.com/2016/10/17/new-modern-web-parts-full-list/
|
|
#
?
Mar 11, 2017 22:32
|
|
|
Best practices for new domain. Root domain - ad.company.com For the "netbios" name, I assume it should be "company" from ad."company".com correct?
|
|
#
?
Mar 13, 2017 00:22
|
|
|
lol internet. posted:Best practices for new domain. Why is your root domain not "company.com" Are you actually setting up multiple domains in a forest? The Fool fucked around with this message at 02:55 on Mar 13, 2017 |
|
#
?
Mar 13, 2017 02:49
|
|
|
The Fool posted:Why is your root domain not "company.com" Because it's annoying as hell if "company.com" is actually your public presence. For AD to work at all, all of the DNS A records for company.com (internally) need to point to your domain controllers. This now means that "company.com" won't load in your web browser from inside the office unless you think it's cool to run your company website on your domain controllers (it is not). You can certainly hack around this if you are determined to do so. Remind everyone that they have to type WWW.company.com and respond to the nonstop "website is down!!!" tickets that come in when people forget the www. Or you could just put AD in its own dang subdomain and not have to worry about it in the first place. Or register company.net or something to use instead. Docjowles fucked around with this message at 03:45 on Mar 13, 2017 |
|
#
?
Mar 13, 2017 03:37
|
|
|
Docjowles posted:Because it's annoying as hell if "company.com" is actually your public presence. For AD to work at all, all of the DNS A records for company.com (internally) need to point to your domain controllers. This now means that "company.com" won't load in your web browser from inside the office unless you think it's cool to run your company website on your domain controllers (it is not). We have a client with this exact thing, and they keep calling every few months about their website not working because https://www. is too hard.
|
|
#
?
Mar 13, 2017 08:58
|
|
|
Yeah don't use your root domain. ad.company.com / lan.company.com / companylan.net whatever - just make sure you own the domain.
|
|
#
?
Mar 13, 2017 10:13
|
|
|
And for gently caress sake don't be cute and make a contoso.local domain in 2017.
|
|
#
?
Mar 13, 2017 14:36
|
|
|
SEKCobra posted:We have a client with this exact thing, and they keep calling every few months about their website not working because https://www. is too hard. We have a client who took this a step further and made their https://www.companyname.com redirect to companyname.com. Their web people somehow could never understand what we were telling them, so they went a couple of years where they just couldn't get to their own web site. Fortunately they decided to rebrand a few years ago so no one cares about companyname.com anymore. If I'm not mistaken the current best practice order of preference is: 1. Real domain you own, separate from any public-facing services. (companyname.net) 2. Subdomain of real domain you own, shared with public-facing services (ad.companyname.com) 3. Made up domain in non-public TLD that's not .local (companyname.internal) with #3 being a very distant third place because using a made up domain will prevent you from ever getting a real SSL certificate for any systems within that domain. That is likely a non-issue for a lot of organizations, but if you ever find yourself needing it you're in for a fun time.
|
|
#
?
Mar 13, 2017 21:11
|
|
|
Our domain was created 15 years ago as a companyname.local (as was common at the time). Hell at that point we didn't even have a domain name registered, and still used yahoo for email. We do use some self signed internal certs with companyname.local, but it is pushed to all machines via GPO so they trust it. We don't use Apple products, we don't use Bonjour, etc.. So far it has just not been an issue. If I was to start over today, I obviously wouldn't do it again this way, but what we have works fine.
|
|
#
?
Mar 13, 2017 21:25
|
|
|
I have renamed a domain once because a company rebranded and our sales guys couldn't say "you don't really see your AD domain anywhere, how about we just set up a new UPN suffix?". Never doing that again.
|
|
#
?
Mar 13, 2017 21:43
|
|
|
.local still works fine, it's just slightly extra work, but nothing horrible, we have 2 clients with .locals. I would NEVER EVER go through renaming their domains at this point.
|
|
#
?
Mar 13, 2017 22:08
|
|
|
MF_James posted:.local still works fine, it's just slightly extra work, but nothing horrible, we have 2 clients with .locals. I would NEVER EVER go through renaming their domains at this point. .local is only excusable if it's a forever private and cut-off network/domain
|
|
#
?
Mar 13, 2017 22:22
|
|
|
CLAM DOWN posted:.local is only excusable if it's a forever private and cut-off network/domain Have you tried to rename a domain before?
|
|
#
?
Mar 13, 2017 22:35
|
|
|
MF_James posted:Have you tried to rename a domain before? Yup, it's a terrible idea, doesn't mean .local is good though!
|
|
#
?
Mar 13, 2017 22:55
|
|
|
CLAM DOWN posted:Yup, it's a terrible idea, doesn't mean .local is good though! I don't think anyone was advocating creating a domain with .local, but I'm not going to go through the awful that is renaming a domain (especially because MSP land so billable work and all that)
|
|
#
?
Mar 13, 2017 23:06
|
|
|
Back to RDS Remote App - What the gently caress, if you publish applications through remote app, users can still use RDP directly to the terminal service. I get that it's leveraging RDP to publish the app but did MS really never think people strictly want to restrict RDP access and have Remote App access only? With that being said, what would the security concerns be with RDS not being locked down through GPO if internal users don't have local admin access on the box anyways?
|
|
#
?
Mar 14, 2017 06:26
|
|
|
Anyone using Azure AD Premium with password writeback and self service password reset? Customer is looking to implement, docs seems fairly straightforward. Any gotchas or caveats? Also would be curious if anyone has used it for setting up MFA for their end-users with Azure MFA - particularly just interested in MFA for Outlook Web Access on O365.
|
|
#
?
Mar 14, 2017 13:32
|
|
|
It's pretty straight forward and if stuff doesn't work you'll see various errors in Event Viewer. And make sure your Service Account Passwords don't get reset.
|
|
#
?
Mar 14, 2017 21:35
|
|
|
I didn't see a Citrix thread so i'm asking in here. I need help understanding what can go wrong when i upgrade our XenApp 6.0 -farms to 7.x. I've inherited 20 Citrix servers in six separate farms and they're all running 6.0 even though it was EOL in august last year. (i was not aware of this) We have a 1000 user "XenApp Base for Service Providers" license that expires on the 30:th, the current licensemodel we've used is "concurrent" but in mid February Citrix dropped that model and uses user/device instead. Using user/device would be fine for us but the problem is that the generated licensefiles only states XenDesktop and i cannot get this to work with our 6.0 XenApp since apparently it's only XenApp 6.5 or higher that considers itself both XenApp and XenDesktop by just changing a registry value. At my old job we used XenApp 6.5 and i kept hearing them say how much problems they had when they upgraded from 6.0 to 6.5 (or if it was 5.5 to 6.0), but this is what i'm not really understanding what caused problems. Was it that they upgraded the server os at the same time? If i just upgrade the Server 2008r2 servers from XenApp 6.0 to 7.13, all i'm really doing is changing Citrix and at current job there are not a lot of Citrix policys so i can basically recreate those manually, everything else on the server should for the user remain just the same, should it not? I've done a test upgrade on the smallest of our farms, a two server farm with three users, but i never made the upgrade live so all i did to test it was to logon with a couple of different users and from that test everything seems like it did before. The rds/citrix policys are all GPOs so that's what determins what the users see when they logon. The entire environment was setup by two guys who did not document anything, i have 150 virtual servers where i and my colleague who started around the same time as me have to basically guess what theyre used for. The last citrix-farm was setup by the last of the two previous guys at the end of November last year, which is why i had no idea that 6.0 was EOL. I have a email-chain going with Citrix about extending our current 6.0 version to give me six more months time to do a proper planned and tested upgrade, but unfortunately they promised me licenses last thursday, on friday they said "later today" and now it's sunday and i still have no license.
|
|
#
?
Mar 19, 2017 14:14
|
|
|
Are you talking to a Citrix rep or a VAR? Because concurrent is still valid, they just took it away from XenDesktop. XenApp will still do concurrent, they just like to push user/device because it makes them more money. They should just be able to just renew your license, you put it in your license server, and that's it. The license doesn't care what version of Citrix you're using, XenApp/Desktop will but only in that you meet the minimum software assurance date for that version. I do Citrix buildouts and upgrades for a living, and every time it comes to a major version upgrade we (as in, the entire VAR I work for) always build a new farm beside the old farm and migrate everything over. I highly suggest you do the same, as it gives you a chance to document the buildout, and you're not bringing something nasty forward in to the new environment.
|
|
#
?
Mar 19, 2017 18:51
|
|
|
I'm trying to P2V a 2008 R2 server and it's being a PAIN Convert the D:\ and \\?\Volume to a VHDX and since it's formatted as GPT, it won't work on Hyper-V Use AOMEI to convert it to MBR and it goes and says "it's currently in use" and just formats the VHDX?? Any ideas? Trying again now.
|
|
#
?
Mar 21, 2017 15:37
|
|
|
Clonezilla/whatever and then use a Windows recovery image to fix the bootloader?
|
|
#
?
Mar 21, 2017 16:16
|
|
|
My colleagues computer can convert it just fine for some odd reason. Had him convert it for me. Then while deleting partitions the disk became unreadable or some crap When will it end. Finally got it sorted, had to merge all the partitions after deleting and then do bootrec commands. What a pain in the rear end Pruney fucked around with this message at 17:02 on Mar 21, 2017 |
|
#
?
Mar 21, 2017 16:34
|
|
|
hihifellow posted:Are you talking to a Citrix rep or a VAR? Because concurrent is still valid, they just took it away from XenDesktop. XenApp will still do concurrent, they just like to push user/device because it makes them more money. They should just be able to just renew your license, you put it in your license server, and that's it. The license doesn't care what version of Citrix you're using, XenApp/Desktop will but only in that you meet the minimum software assurance date for that version. Citrix rep, they're currently just waiting for the license to be issued. "Stocking SKU - Citrix Base for Service Providers Legacy (6.0 and earlier)" Hopefully they're done later today or by tomorrow evening. My adventures into 7.13 is also proceeding, i've managed to setup a working site next to the current 6.0 site and it's looking ok, as for "not bringing something nasty forward in to the new environment" the latest farm the colleague who left setup had the servers initially installed in 2010. They've all been cloned from domain to domain, i think i counted three different ones. I guess that explains why HKEY_USERS contains five times more entries than this farm has actual users.
|
|
#
?
Mar 21, 2017 17:18
|
|
|
This is more of a consulting question, so apologies but I'm looking for a second opinion. I might've posted it elsewhere but basically we're looking to enable people to work from home, staff would pretty much work off a CRM and our file server along using a softphone. We've got an aging Server 2008r2 box running RDS on bare metal which used to serve a satellite office once upon a time, it's slow and cruddy but it just about gets by. Now my idea was to get a brand new server host to run hyper-v and setup the relevant RDS VMs on Server 2012 or 2016, and then give home workers thin clients to remote in on. Now I brought in our MSP for consulting and their idea was to instead move everyone to o365 and setup Sharepoint and Skype. We have our own exchange 2013 server so yes 365 would be great but that's not quite what I'm looking for at the moment, I've never actually used Sharepoint and document management would be handy at some point but anyone facing customers basically cannot function without access to our file server, I think Skype was born out enabling instant messaging and there's no chance we can use their voice service so soon. Am I missing something? RDS would basically replicate current office working from a user point of view, aside from making sure VOIP traffic gets adequate priority and making sure our poo poo doesn't get knocked offline.
|
|
#
?
Mar 23, 2017 09:55
|
|
|
Anytime a consultant hears "file share" they immediately get a Sharepoint boner because they get paid big bucks to set it up poorly and you get left with a system that's way more complex to maintain than file shares
|
|
#
?
Mar 23, 2017 15:50
|
|
|
Sounds like your MSP has a pretty well-oiled process for selling and deploying Office 365 and would rather pitch that than actually listening to your requirements.
|
|
#
?
Mar 23, 2017 16:08
|
|
|
Thanks Ants posted:Sounds like your MSP has a pretty well-oiled process for selling and deploying Office 365 and would rather pitch that than actually listening to your requirements. This is exactly it. RDS is fine, just make sure you use RDS Web Access instead of opening up RDP to the internet or using a VPN. It's a much better solution and any consultants worth their salt should be able to set you up. Moving to "the cloud" with Software-as-a-Service requires a look at your business processes and changing what software you use and how you use it, which is not something I would trust an MSP to properly handle.
|
|
#
?
Mar 23, 2017 20:15
|
|
|
Internet Explorer posted:This is exactly it. I am living this hell right now due to old sins by my boss. First, he made the unforgivable sin of making service accounts with simple names. Fax was the username that ran the fax software services. He then also had web facing servers with open RDP access. Of course this means that these boxes have had brute force attempts for years and the guessable account names get constantly locked out. I am in the process of unfucking these issues right now because we have some friends in russia it appears that is dead loving set on brute forcing these systems after constant blacklisting of their ip's. Bonus, it appears some of our oldest system have his own loving user account running them as a service. It appears he was resetting his password every 90 days x times (x being the amount he needed to change it back to his old password) to keep services running but was too embarrassed to tell me.
|
|
#
?
Mar 23, 2017 20:28
|
|
|
Sickening posted:I am living this hell right now due to old sins by my boss. First, he made the unforgivable sin of making service accounts with simple names. Fax was the username that ran the fax software services. He then also had web facing servers with open RDP access. Of course this means that these boxes have had brute force attempts for years and the guessable account names get constantly locked out. gently caress lovely old bosses. Also the password thing is why "minimum password age" exists. The amount of fuckery we have to do to limit the damage idiots can do is insane.
|
|
#
?
Mar 23, 2017 20:32
|
|
|
Internet Explorer posted:gently caress lovely old bosses. He only fessed up when he started getting the zero days old error when trying to change his password after I had caught the minimum password age issue for his and older accounts.
|
|
#
?
Mar 23, 2017 20:35
|
|
|
I follow this guy on twitter, nifty RDP exploit https://medium.com/@networksecurity...a5f6#.qmo2x7sgq
|
|
#
?
Mar 23, 2017 21:17
|
|
|
Internet Explorer posted:This is exactly it. You mean RD Gateway. RD Web Access just provides a neat portal.
|
|
#
?
Mar 23, 2017 21:23
|
|
|
|
| # ? May 30, 2024 12:56 |
|
|
Jeoh posted:You mean RD Gateway. RD Web Access just provides a neat portal. Thanks for the correction. I'm a Citrix guy, so the terminology is unfamiliar to me.
|
|
#
?
Mar 23, 2017 21:34
|
|