|
Sickening posted:I am living this hell right now due to old sins by my boss. First, he made the unforgivable sin of making service accounts with simple names. Fax was the username that ran the fax software services. He then also had web facing servers with open RDP access. Of course this means that these boxes have had brute force attempts for years and the guessable account names get constantly locked out. If you don't see any reason why legitimate traffic would come into your network from Russia, China etc. then is blocking it all at your firewall an option?
|
#
?
Mar 23, 2017 21:39
|
|
|
|
| # ? May 15, 2024 05:06 |
|
|
wyoak posted:Anytime a consultant hears "file share" they immediately get a Sharepoint boner So yeah, perspective.
|
|
#
?
Mar 25, 2017 00:15
|
|
|
Super Slash posted:As a little litmus test on the day I asked some people "So a little question, say... what would it be like if you could no longer use the file server? or a better question is how would you describe it?", they pretty much instantly went wide eyed in an panic and I had to quickly allay them saying it's only hypothetical. You trying to justify a budget increase?
|
|
#
?
Mar 25, 2017 02:48
|
|
|
I'm forever fishing for a budget, this however was more fishing for requirements. The two girls I asked already sit opposite from me and are completely unrelated to this project, however they do work in customer facing roles so they still apply. It was a good thing their manager was sat nearby as well since their genuine reaction was more explanation ever needed, I just looked at him and said "So... uh, what do you think of that proposal now?" I think beforehand besides RDS I also asked about Citrix, but that was a no-go since they're a Microsoft shop only.
|
|
#
?
Mar 25, 2017 23:12
|
|
|
Thanks Ants posted:If you don't see any reason why legitimate traffic would come into your network from Russia, China etc. then is blocking it all at your firewall an option? We block pretty much all countries outside the US on our inbound firewall rules for most of our customers. It's the easiest route to go, though none of them have legitimate business need for inbound connections from outside the US, so that makes it easy.
|
|
#
?
Mar 26, 2017 00:13
|
|
|
Last year my company migrated to a new domain. The user registry GUID in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList now has two SIDs, one for the old domain and one for the new domain, both are pointing to the same user profile folder. This hasn't caused too many problems, until now. We are in the process of rolling out Windows 10 in place upgrades to corporate HQ where I work, only for beta users that opt in. The problem I've been running into is that the upgrade is now duplicating the user profile folder and adding .000 to the end of it. I believe this is because of the migration that happened last year. Windows is seeing the old domain GUID first and attaching the profile folder to it, then it is seeing the new domain GUID with the same path as the old domain and creating a new user profile folder with .000 appended to the end. This is now causing issues with any program that uses the user profile folder as those programs are still pointing at the non .000 user profile folder. My googlefu is failing me in finding any situations like this but I'm sure others have run into this? Is there a way to script the removal of the old profile GUID, or maybe put something in the task sequence that ignores the old GUID and only users the new one?
|
|
#
?
Mar 26, 2017 03:25
|
|
|
I am stumped. I have a fresh install of Server 2016 Essentials. I have set up AD, and checked prerequisites for installing Exchange 2016. I go to install Exchange, and the prerequisites check hangs up on an error starting MSDTC - I believe an access or permissions error. I have tried to troubleshoot the MSDTC service not starting - checked permissions on windows\sys32\msdtc to include all NT AUTHORITY\Network Service accounts, changed ownership of that directory - basically the service just tries to start and immediately stops. Not sure why this would happen on a fresh install. Anyone have any troubleshooting tips? I can't seem to figure out where MSDTC events are being logged, which I'm sure would be a start...
|
|
#
?
Mar 31, 2017 06:53
|
|
|
Did you look under Event Viewer -> Application Logs -> Microsoft ? Microsoft has lately started putting all their stuff there instead of the old Windows Logs. If you still can't see anything, try the menu View -> Show Analytic Logs
|
|
#
?
Apr 2, 2017 09:09
|
|
|
dude get on aim 12:29 AM - ╚╔╩╦╠ mindphlux: goddamnit 12:30 AM - ╚╔╩╦╠ mindphlux: I spent like 7-8 hours on this 12:30 AM - ╚╔╩╦╠ mindphlux: https://blogs.msdn.microsoft.com/distributedservices/2015/03/08/the-dtc-service-cannot-start/#comment-8555 12:30 AM - ╚╔╩╦╠ mindphlux: gently caress msdtc 12:30 AM - ╚╔╩╦╠ mindphlux: people kept telling me it had to do with a permissions issue or I needed to reinstall windows components or some poo poo 12:31 AM - ╚╔╩╦╠ mindphlux: just one stupid registry key keeping msdtc service from starting because it thought SYSPREP IN PROGRESS BWEEP ALERT DANGER
|
|
#
?
Apr 4, 2017 07:41
|
|
|
Does anyone have a good resource on figuring out the basics of NuGet, OneGet, Chocolatey, etc.? I'm supposed to get something sorta like apt-get set up for windows at work, and I'm not sure I understand which one does what.
|
|
#
?
Apr 6, 2017 03:16
|
|
|
Dr. Arbitrary posted:Does anyone have a good resource on figuring out the basics of NuGet, OneGet, Chocolatey, etc.? Chocolatey is supposed to be more of a fully-featured package manager but it's pretty bad and I wouldn't recommend using it. OneGet is like Chocolatey, but for package managers or repositories. So you install OneGet, and then you install OneGet's repo for Chocolatey or PECL or Ruby gems or whatever. What does your end goal look like?
|
|
#
?
Apr 6, 2017 03:23
|
|
|
anthonypants posted:NuGet is mostly geared towards developers using Visual Studio, and it's maintained by Microsoft. End goal is that we've got a central repository of trusted software at versions that we like, and there's an effective tool for getting that software onto servers when requested, or updated when puppet or some other tool notices that some server has an ancient version of putty installed.
|
|
#
?
Apr 6, 2017 03:44
|
|
|
Dr. Arbitrary posted:End goal is that we've got a central repository of trusted software at versions that we like, and there's an effective tool for getting that software onto servers when requested, or updated when puppet or some other tool notices that some server has an ancient version of putty installed. What about using something like S3, or your own webserver, to host a repo of MSIs and having puppet pull those down.
|
|
#
?
Apr 6, 2017 03:59
|
|
|
This is why I think "devops" and "infrastructure as code" is dumb and stupid, at least on the windows side. There isn't even a standard way to install software? It's hopeless.
|
|
#
?
Apr 6, 2017 16:46
|
|
|
I've used SCCM at the last few places I've been. When properly configured, users can either have software silently pushed based on custom queries or they can open a menu and select it.
|
|
#
?
Apr 6, 2017 16:56
|
|
|
"properly configured"
|
|
#
?
Apr 6, 2017 16:56
|
|
|
Yeah, "properly configured" isn't usually the state in which I find it, not to make it sound impossible to set up. It's just that many admins try to use it like an old version of altiris and manually feed it computer names for software targeting, not aware how flexible it can be.
|
|
#
?
Apr 6, 2017 17:07
|
|
|
Oh God, Altiris/Symantec Management Platform. I had the displeasure a while back of standing up a brand new SMP 7.1 install to replace an old DS 6.x, that was painful. Without any vendor help, just the basic one week administration class.
|
|
#
?
Apr 6, 2017 17:31
|
|
|
I was playing around with the Win10 Creators Update this morning, and I noticed the dialog box for copying profiles now has a "Mandatory Profile" checkbox. Checking this box when creating a mandatory profile causes the start menu and Win10 apps to not work when signed in with a roaming profile, and if you leave it blank everything works fine.  Now to wait and see if Microsoft ever releases documentation explaining what that checkbox is supposed to do.
|
|
#
?
Apr 6, 2017 19:25
|
|
|
Posting this here too, cause yay this is new with the creators update as well. Anyone know how to remove this error? It's obnoxious:  Also shows up in the system tray like this. 
|
|
#
?
Apr 6, 2017 19:30
|
|
|
What have you set your Windows Firewall to permit inbound?
|
|
#
?
Apr 6, 2017 19:36
|
|
|
CLAM DOWN posted:What have you set your Windows Firewall to permit inbound?  ...everything, of course.
|
|
#
?
Apr 6, 2017 19:36
|
|
|
Whatever CDN Microsoft use now is better than the one they were using at the time Windows 10 launched. The manual download of the Creator's Update is maxing out our 100Mbps pipe quite happily.
|
|
#
?
Apr 6, 2017 19:43
|
|
|
I'm not sure the new Security Centre is all hooked up correctly - I most definitely have Windows Firewall off, but it continues to report it as 'Firewall is on'..
|
|
#
?
Apr 6, 2017 19:46
|
|
|
Flummoxed posted:I'm not sure the new Security Centre is all hooked up correctly - I most definitely have Windows Firewall off, but it continues to report it as 'Firewall is on'.. Yeah mine shows Firewall is off, but it's definitely on. Hopefully the new admx files are out soon that has some settings to turn off the warnings for this.
|
|
#
?
Apr 6, 2017 19:48
|
|
|
Hungry Computer posted:I was playing around with the Win10 Creators Update this morning, and I noticed the dialog box for copying profiles now has a "Mandatory Profile" checkbox. Checking this box when creating a mandatory profile causes the start menu and Win10 apps to not work when signed in with a roaming profile, and if you leave it blank everything works fine.
|
|
#
?
Apr 6, 2017 20:40
|
|
|
Is there a way to change the server that Azure AD Connect tries to write settings back to (it got renamed because it wasn't documented that AAD Connect was on it), or is my best bet going to be to bring Azure AD Connect up on another box in staging mode and then bin the existing instance once I'm sure the sync filtering is configured correctly?
|
|
#
?
Apr 6, 2017 22:27
|
|
|
anthonypants posted:https://technet.microsoft.com/en-us/itpro/windows/manage/mandatory-user-profile ?????????  I'm not sure what you're trying to say, that page doesn't mention the thing I'm talking about. If I check that box the resulting mandatory profiles are broken similar to how they were in 1511, but the fixes I used for 1511 don't work. If I leave it blank the mandatory profile works the same as they do in 1607.
|
|
#
?
Apr 6, 2017 22:30
|
|
|
I'm looking for a product that can do file replication between servers in different forests with no trust, I'm hoping to duplicate DFS-R functionality as closely as possible (obvs except for namespaces, etc). Any suggestions?
|
|
#
?
Apr 10, 2017 22:10
|
|
|
CLAM DOWN posted:I'm looking for a product that can do file replication between servers in different forests with no trust, I'm hoping to duplicate DFS-R functionality as closely as possible (obvs except for namespaces, etc). Any suggestions? Uhhh, Dropbox?
|
|
#
?
Apr 10, 2017 22:17
|
|
|
GreenNight posted:Uhhh, Dropbox? Should specify that this must be on-prem with no internet or cloud anything.
|
|
#
?
Apr 10, 2017 22:20
|
|
|
Do you need real-time two-way sync?
|
|
#
?
Apr 10, 2017 22:22
|
|
|
Thanks Ants posted:Do you need real-time two-way sync? Optimally being able to decide that per share would be nice, like have some as two-way some as one-way, but yeah real-time a la DFS-R is required.
|
|
#
?
Apr 10, 2017 22:24
|
|
|
CLAM DOWN posted:I'm looking for a product that can do file replication between servers in different forests with no trust, I'm hoping to duplicate DFS-R functionality as closely as possible (obvs except for namespaces, etc). Any suggestions? I haven't tried it across forests (although it seems to support that use case from the bullet points) but have you looked at peerlink? We have one client that uses it and it's a solid ok: http://www.peersoftware.com/products/file-collaboration/peerlink.html
|
|
#
?
Apr 11, 2017 03:32
|
|
|
Feel free to ignore me if I'm an idiot, but you can use DFS-R without a domain. Couldn't you use it across forests? DFS-N is definitely a no-go, but it seems like DFS-R should work?
|
|
#
?
Apr 11, 2017 04:48
|
|
|
Maneki Neko posted:I haven't tried it across forests (although it seems to support that use case from the bullet points) but have you looked at peerlink? We have one client that uses it and it's a solid ok: I'll check it out, thanks! Internet Explorer posted:Feel free to ignore me if I'm an idiot, but you can use DFS-R without a domain. Couldn't you use it across forests? DFS-N is definitely a no-go, but it seems like DFS-R should work? AFAIK even just DFS-R has to be able to store replication info in a domain. You might be thinking of the old school FRS
|
|
#
?
Apr 11, 2017 04:52
|
|
|
DFS-R has AD DS as a hard requirement.
|
|
#
?
Apr 11, 2017 20:22
|
|
|
Yeah, you guys are right. I was confusing the purpose of DFS Standalone namespaces, which, as the name implies, is related to DFS-N, but does not require a domain. Does your storage do file sharing? I know EMC had a pretty good sync, but it's been a while. I think NetApp does too. If those are options, that's where I would look. Have you looked into PeerLink?
|
|
#
?
Apr 11, 2017 20:50
|
|
|
Thanks for the input everyone, yeah I had no illusion that any form of DFS could work here. I will check out PeerLink, thanks for that tip! I also found this one https://www.goodsync.com/ which looks like it could fill the need perfectly. We do have EMC stuff available but this is a really specific use case and purpose and it just won't work here, already checked into that. Unfortunate, but I gotta figure out how to fit a solution into these constraints. I'm hopeful that either of those two above software solutions will work!
|
|
#
?
Apr 11, 2017 21:12
|
|
|
|
| # ? May 15, 2024 05:06 |
|
|
A quick heads up for anyone with WSUS: you might not be able to sync with Microsoft Update right now if you have the Upgrades classification selected. Turning it off makes syncing function again. It must have something to do with the Creator's Update.
|
|
#
?
Apr 11, 2017 21:17
|
|
