|
I'm in enterprise IT doing Powershell, and our network has it locked down pretty hard. We can't create remote sessions or use Invoke, I have to push a script to the target machine and invoke it with psexec. It makes doing a lot of things much harder than it has to be.
|
#
¿
Jan 18, 2019 22:20
|
|
|
|
| # ¿ May 13, 2024 21:42 |
|
|
skipdogg posted:Yes, allowing psexec is way better Yeah. My favorite part of my job is going online and finding a really elegant bit of code I could steal, except it won't run in our environment because Our Swiss Overlords have very definite ideas about security..
|
|
#
¿
Jan 22, 2019 08:21
|
|
|
Wicaeed posted:Another suggestion from the same person that proposed completely disabling PowerShell in our environment. Some people just want to watch the world burn, other people seem to want to be set on fire. Are they trolling your management ?
|
|
#
¿
Jan 23, 2019 03:58
|
|
|
-d is the correct switch to delete an SPN record, I had to do that several times last week for a cranky SQL Server. Oh hey, guess who just got handed a list of about 1000 client machines that need to be migrated from SCCM 2007 to 2012 ? I pray they aren't in a hurry, I have a LOT of reading to do.
|
|
#
¿
Apr 26, 2019 18:01
|
|
|
Sheesh. Look at all these admins in luxury jobs where you can just create a GPO when you need one. We're about 15% of the global organization and we have to put in a request ticket for every GPO we need. We have the GPO Author role, we just can't create, just edit. We also have a root-cause investigation open in to how a batch of SPF records were deleted from DNS, sending tens of thousands of emails to partners directly to spam. It turns out the vendor for the third-party app involved see this so often, their phone support agents can troubleshoot SPF records. There's a lot I don't miss about being the only person who can (or should) touch infrastructure in a job, but not having a team on another continent able to approve, deny, or break all my poo poo isn't one of them.
|
|
#
¿
Jul 20, 2019 23:48
|
|
|
We might have to chip in on that, we'll have easily 1000 Win7 machines on the network in January.
|
|
#
¿
Sep 19, 2019 02:31
|
|
|
Nitr0 posted:Solarwinds SAM Solarwinds exists only as a service where you give them the contact info of someone you don't like and they make your enemy's life miserable.
|
|
#
¿
Oct 26, 2019 03:44
|
|
|
skipdogg posted:Quest software is pissing me off ever since Dell sold them to Private equity. Really ? Uh oh, we just deployed about 1300 KACE clients. Using PowerShell scripts I wrote :-)
|
|
#
¿
Oct 26, 2019 03:47
|
|
|
charity rereg posted:Thanks, we haven't gotten ours yet. That'll be fairly easy to deploy then. I may end up managing a thousand or so extended support machines. Hurrah !
|
|
#
¿
Jan 9, 2020 15:07
|
|
|
ItBreathes posted:Just curious, for the extended support people, are these machines running programs that require Windows 7, or are these a bunch of office machines for which there's not the organizational inertia to upgrade? Both ! I have systems running $2 million dollar MRI machines that are on 7 or even XP. We don't have an upgrade path for the software, and replacing the $2 million dollar instrument would also involve demoing part of the ground floor to get the goddamn things out. Extended support is a rounding error in that equation.
|
|
#
¿
Jan 14, 2020 09:20
|
|
|
charity rereg posted:Like I still think this is the difference between "really really big office" and "enterprise" - the costs for even 3 years of support on a lot of this stuff are rounding errors to us. Yeah. I multiplied the $20 cost for extended Win 7 support by the number of Win 7 machines connected to instruments and... we have workstations that cost more than that[1]. We'd spend more than that in Change Control meetings[2] to plan the implementation of me deploying the .exe that registers a machine for extended support by pushing acouple of buttons in KACE[3] [1] Computational Biology has some compute nodes with 2 TB RAM. [2] We spend a lot on catering. [3] It also involves some copy & paste in the generic "deploy an executable" script. I only have to touch two variables defined at the top of the script.[4] [4] I should make the command-line switches a variable.
|
|
#
¿
Jan 19, 2020 12:40
|
|
|
AlternateAccount posted:Does the native Files app not do this in a satisfactory way? Does files do that on a modern iPad ? 'cause that'd be super handy for a thing at work.
|
|
#
¿
Feb 10, 2020 17:58
|
|
|
Internet Explorer posted:You know what they say, it takes a village. And the idiot is in charge of developing licensing schemes for Microsoft.
|
|
#
¿
Feb 21, 2020 15:10
|
|
|
klosterdev posted:We've had good experience with Sophos, at least compared to moving away from the disaster that is SEP I'd be a broken man if the team that manages SEP for us wasn't super helpful and responsive.And if at least some of our instrument vendors weren't providing detailed breakdowns of what exclusions they need.
|
|
#
¿
Feb 21, 2020 18:59
|
|
|
Dirt Road Junglist posted:explain how to tie a shoe to someone who doesn’t think they need to understand shoes, knots, or feet. I'm pretty good at step-by-step documentation for the lay public, but even in those I'll provide summaries at the top of each section. "Now we're going to set the network adapter to DHCP, with manual DNS servers xxx.xxx.xxx.xxx and xxx.yyy.xxx.xxx, now here's every click to accomplish this. That lets someone who knows what they're doing skim through and get the specifics they need, and gives some overview for the novice who needs their hand held throughout. And for documentation meant for other techs ? Set these two parameters in control panels, then open up gpedit.msc and enable these three policies.
|
|
#
¿
Apr 12, 2020 20:49
|
|
|
Matt Zerella posted:But the Startup folder in the users app data/roaming/blahblah is missing. If I add a task to create it will windows just pick it up automatically? C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup might exist.
|
|
#
¿
Aug 24, 2020 17:17
|
|
|
If you give one of the affected machines a static IP, can it ping the DNS and/or DHCP servers its supposed to be talking to ?
|
|
#
¿
Feb 27, 2021 14:01
|
|
|
We just went to 15-character minimum, no special character, 1-year expiration on generic accounts. Like all the labs use on the instrument stations. I foresee a steady increase in sticky note and label printer usage over the next few years. And yes, we have been featured in a photo essay at DEFCON.
|
|
#
¿
Jun 23, 2021 02:44
|
|
|
FISHMANPET posted:You don't want to install LTSC branches on desktops, the official word is that Windows 10 LTSC is for, like, aircraft control computers. I think there are some technical limitations why certain apps won't work on LTSC, but also I think it's a ploy by Microsoft (that I happen to agree with) to make LTSC as painful to use as possible, otherwise every enterprise would just install LTSC and do big fleet-wide upgrades every 5 years like they did with XP/Vista/7/8/ etc instead of sticking with the rolling releases. I manage ~1500 LTSC systems. Instrument control machines, mass spectrometers, MRIs, plate reader robots, liquid chromatographs (we've got someone who figured out how to do 2D liquid chromatography). And that number is going up as the Win7 systems get migrated. All pets, no cattle.
|
|
#
¿
Oct 24, 2021 05:48
|
|
|
wolrah posted:If your use case can not tolerate automatic updates, it shouldn't be running Windows 10 desktop edition and probably shouldn't be running Windows at all. Ask me about vendor Linux systems. I was hands on with a Fedora 10 system earlier this month.
|
|
#
¿
Oct 26, 2021 16:53
|
|
|
Hint: It's not the number of logins for each generic account. I've got 12-22 uses per generic account in some of the labs I support. We only get a handful of machines a year out of 1500-1600 falling off the domain without being offline for 3+ months. Of course, AD at enterprise scale is in perpetual closed beta since MS just can't, simply cannot, do regression testing for AD code in test environments that look anything like our production environments. So poo poo happens, it just hasn't for me in your situation.
|
|
#
¿
Feb 1, 2023 06:52
|
|
|
I live in Google Meet for much of the week. You can share a window, your whole screen or just a Chrome tab. I would recommend using Chrome for Google Meet so you can take advantage of that. Google Apps is pretty well integrated with Meet these days, if you're in a meeting you can present the spreadsheet from the tab with the spreadsheet open in it, instead of trying to find it in the list of open tabs. Protip: if you select the tab and then switch back to the Meet tab, the Apps tab you were just on will at the top of the list. I would kill for the option to do remote control sessions in Meet. People in the labs could finally shut up about TeamViewer. It's about the only full feature it's missing.
|
|
#
¿
Feb 5, 2023 09:20
|
|
|
Lucky me, there's a good chance I'll get some training and hands on experience with Intune before layoffs knock me out. For stuff I'm actually super excited about, my Nexthink for Lab Systems PoC has 15 systems and has already picked out two systems that need an upgrade; one platter to SSD and one machine where loving oracle.exe is trying to use 14GB of RAM on a machine with 16GB physical RAM. They're both problems that my team can fix with other people's money, but people selling us instruments costing six or seven figures will bundle appallingly underspecced computers with the instruments.
|
|
#
¿
Sep 27, 2023 08:08
|
|
|
incoherent posted:intune is a full rear end job if you're spinning iOS, MacOS, Windows, and Android plates. Once you dial it in the only challenge is keeping your packages up to date. One of my current projects is evaluating InTune for the lab environment and comparing it to KACE, which we currently use for proactive support, reporting, and security patching. The proactive stuff is taking advantage of a KACE feature called Custom Inventory Objects. Those run any single command line command, batch or PowerShell, and store it as a field in the database. I can do things like have every machine run 'wmic diskdrive get status' at every check-in and alert if the phrase "fail" shows up. You can stretch "one command line statement" out a lot if you're willing to get liberal with semicolons in PowerShell. I think I have 5 in a check on the size of a specific folder I wanted to report on. We're gonna spend a couple of quarters on this and I'm gonna and up reporting that they complement each other, but there's no compelling reason to ditch our on-prem AD until Global wants to move the whole company. LOL, that can wait until I retire.
|
|
#
¿
Oct 19, 2023 06:44
|
|
|
I've been out of the BOFH game for a while myself, but isn't RAID 10 vastly preferred to RAID5 nowadays?
|
|
#
¿
Dec 24, 2023 00:32
|
|
|
|
| # ¿ May 13, 2024 21:42 |
|
|
Spyderizer posted:This customer has been on Intune for a while, so there's a shitload of policies and I can't see anything in there that looks like it might set that. Is there anything I can query that can tell me what MDfCA has seen in Intune that's generated the recommendation? I've tried advanced hunting and azure monitor but I might be either too dumb for this or the necessary log passthrough might not be enabled. Quasi-related question from someone still in an onpremAD environment... Is there a gpresults equivalent for Microsoft's cloud GPO thingy? Any way to get a report of what policies an endpoint is getting from InTune et al?
|
|
#
¿
Feb 28, 2024 04:36
|
|