|
Caged posted:I just got a Premier account activated today, so... Nice... looks like we're going HP.
|
# ¿ May 21, 2014 23:27 |
|
|
# ¿ May 13, 2024 22:59 |
|
Speaking of Dell, here is an email I got this morning from our Dell rep.quote:Hello kiwid, I sent that new quote request two business days ago and this is the first reply and I still don't have a quote. gently caress. edit: oh also, this Dell rep was just assigned to us on Tuesday, he didn't even last 3 days with us.
|
# ¿ May 23, 2014 14:19 |
|
What is the preferred way to setup a file server, do you guys share out the root folder and control all sub folders via NTFS permissions or do you share out each folder as a separate share? For example: pre:Data --> Accounting --> Brokerage --> Executive --> Human Resources --> IT --> Operations --> President --> Production --> Public --> Shipping kiwid fucked around with this message at 01:54 on Jul 28, 2014 |
# ¿ Jul 28, 2014 01:47 |
|
We currently have an old as gently caress AD domain, started way back with Windows 2000. We want to create a new domain and migrate people over to it rather than upgrade the current one. Reasons for this is a lot of ghost DCs, manual ADSI edits, and other general security concerns. Anyway, our current domain is corp.example.com. I guess I can't really reuse the "corp" domain, so I was wondering what other short but to the point domains you guys use? I was thinking of maybe using internal.example.com, but that's a whole 4 extra characters to type every time I need to use the domain\username login convention.
|
# ¿ Jun 16, 2015 14:08 |
|
skipdogg posted:ad.company.com works just fine, ds.company.com pretty much whatever. When you bring up the new domain you can choose an appropriate Netbios short name for the domain which is usually the COMPANY\username part you see. Be careful though, you can't use the same Netbios name for the domain if you want to setup a trust and migrate things over. Cool, thanks for the article.
|
# ¿ Jun 16, 2015 18:05 |
|
I've gone through every GPO I can possibly see and do not see anything managing Internet Explorer anymore, yet after a gpupdate, everything is still greyed out in internet explorer and it still says "some things are manged by your system administrator". Why the gently caress?
|
# ¿ Dec 9, 2015 16:03 |
|
Walked posted:Local policy? Is this one machine, or many? Many. Edit: nevermind, I think I found the rogue GPO causing issues. kiwid fucked around with this message at 16:18 on Dec 9, 2015 |
# ¿ Dec 9, 2015 16:09 |
|
My HR dept decided to go take everyone's picture and are now wanting us to upload these pictures to Active Directory. I have a file share with ~300 user pictures and we use Office 365. Where do I start with this and can I prevent people from changing their profile picture in Office 365 once we upload it in AD?
|
# ¿ May 31, 2017 01:08 |
|
anthonypants posted:Set-UserPhoto is the cmdlet you want. So do I just set the picture on the user in our on-prem AD and let dirsync do its thing to sync up to o365?
|
# ¿ May 31, 2017 01:22 |
|
anthonypants posted:No, Set-UserPhoto is an Exchange cmdlet, you would connect to Exchange Online and pass Set-UserPhoto a user and a photo. Here, I googled the words for you and found a link which you can click on: https://technet.microsoft.com/en-us/library/jj218694.aspx So is there any point in adding the picture to AD?
|
# ¿ May 31, 2017 02:54 |
|
Regarding the employee photo uploads again, I wrote this script to run through all the photos but it fails on users who have a last name with an apostrophe, for example: "O'Neal" or "O'Reilly". Anyone who is better than me at PowerShell know what's up? https://pastebin.com/qZBpHE5i
|
# ¿ Jun 5, 2017 16:09 |
|
anthonypants posted:Post the script It's in the pastebin link. Anyway, I only had two users so I just did them manually. I don't have anyone else I can test with now so gently caress it.
|
# ¿ Jun 5, 2017 20:59 |
|
I'm trying to analyze an Office 365 mail trace. I'm assuming that a ##Receive, Send; means it was sent and a ##Receive, Fail; means it failed to send. But what does just a ##Receive; mean?
|
# ¿ Jul 5, 2017 14:11 |
|
Do people still use dumpsec for file permission reports or is there something better out there now? PowerShell?
|
# ¿ Oct 12, 2017 14:58 |
|
Is there a way to get a detailed report of what computers in the organization are missing updates without having something like WSUS installed?
|
# ¿ Feb 21, 2018 20:34 |
|
Anyone know how the gently caress do I get Microsoft Edge to work with internal DNS intranet sites? I've been googling and it appears to be the app container security or some loopback thing? I made a GPO to run a script that does: code:
Source: https://www.ibm.com/support/knowledgecenter/en/SSPH29_9.0.3/com.ibm.help.common.infocenter.aps/r_LoopbackForEdge.html
|
# ¿ Jun 7, 2018 16:08 |
|
Not a DNS issue. Chrome/Firefox work fine. nslookup resolves correct IP. Niether http://internalname or http://internalname.corp.domain.com work either. edit: I might be on to something here: https://social.technet.microsoft.co...itpronetworking kiwid fucked around with this message at 16:52 on Jun 7, 2018 |
# ¿ Jun 7, 2018 16:35 |
|
BangersInMyKnickers posted:Does Edge do fallback to IE 6/7/8 rendering modes for intranet sites like IE does by default? I had to push a GPO to turn that off for a site that only support IE 10/11 and rendering it in IE6 mode broke the hell out of it. No I do not believe it's even capable of running the older compatibility modes. Probably why they still include IE with Windows 10.
|
# ¿ Jun 7, 2018 18:12 |
|
Does HP have a driver/BIOS update tool similar to Dell Command | Update?
|
# ¿ Jun 7, 2018 19:22 |
|
I'm having issues resolving one specific domain name from our site. We have two Windows 2016 DCs/DNS servers using our ISPs DNS servers as forwarders. I can't seem to resolve the "linode.com" domain. If I manually set my DNS servers to my ISPs then it works. If I use Google's DNS servers, it works. But when I set my DNS servers to our domain controllers, it doesn't resolve. Again, it seems to be only this one specific domain and it's been like this for about 4 days now. I also can't resolve from the domain controller itself so it's not my machine or anything. Does anyone have any ideas?
|
# ¿ Dec 10, 2018 14:50 |
|
Turned out to be our SonicWalls doing some funky rear end poo poo. Weird cause this only started last week. what a waste of my loving life. I hate this profession.
|
# ¿ Dec 11, 2018 21:24 |
|
snackcakes posted:Was it dpi-ssl? Nah we're not licensed for that. wolrah posted:This is such a recurring theme with my customers who have SonicWalls that I've never been able to understand how they're so popular. They're half the price of the next guy. Get what you pay for I suppose. We paid ~$45,000 for SonicWall + Analyser. Barracuda came in at ~$75,000 and Fortigate was like ~$95,000. We didn't even bother pricing Palo Alto. My biggest gripe with SonicWalls is that they don't seem to log everything. I've tried loving around with the logging config but they just don't seem to log everything even in debug mode. Also, their Analyser virtual appliance sucks too. kiwid fucked around with this message at 17:36 on Dec 12, 2018 |
# ¿ Dec 12, 2018 17:31 |
|
I've been tasked to allow an external company access to our file server. We don't have SharePoint or any of that poo poo so my thoughts were to just create them AD accounts and provide VPN access for them. Is this the best solution or is there something better out there?
|
# ¿ May 9, 2019 16:39 |
|
We currently have a security expert doing an audit of our network and he's emailed me asking what we use for patch management for Windows and I responded with WSUS. He followed up with:quote:After WSUS applies the patches, how do you apply the registry entries to enable those patches? A lot of the patches aren’t finished until the registries are applied. Can someone tell me what he's referring to? I basically just set up WSUS with auto-approve all essentially and forgot about it.
|
# ¿ Jul 16, 2019 16:12 |
|
Sickening posted:The only thing that could possibly make sense is if some updates are waiting on reboots or not. That's what I responded with. I asked him to clarify since it was my understanding a reboot would typically do this and he responded with this: He's using Nessus to scan our network.
|
# ¿ Jul 16, 2019 16:22 |
|
Sirotan posted:Yeah I remember that dumb print thing, and I swear there was a Wannacry/Bluekeep/some big name vuln for a few years back that you needed to install the patch and also enable two registry keys to actually be compliant. Hopefully you are deploying these via GPO and you can just send a screenshot of them over. No, I wasn't deploying these via GPO. To be honest, I wasn't even aware of it. I'm setting up a GPO to do this now.
|
# ¿ Jul 16, 2019 16:33 |
|
We don't have the budget for cool things like SCCM or Nessus licensing so I guess I'll just set up a free Metaploit server because otherwise, I'm not sure how I'm going to know some random Windows KB needs a manual registry update to enable it in the future.
|
# ¿ Jul 16, 2019 18:42 |
|
Does anybody else's boss hate OSS? I mean, I get it, open-source software can often be trash, but when my boss asked me to find software to automate an FTP transfer but didn't want me to script it in a bash script because "other sysadmins need to be able to administer it too" therefore requiring a GUI, I suggested WinSCP. My boss asked "how much is it", and I said "free". "But why is it free?" I was asked. I replied, "because it's open-source?". Denied. "Find something corporate" I was told. What the gently caress? So anyway, anyone know a corporate approved piece of software that has a GUI that can automate FTP transfers? kiwid fucked around with this message at 18:59 on Sep 3, 2019 |
# ¿ Sep 3, 2019 18:29 |
|
Methanar posted:also It's funny because all the GUI does is generate the script for you. It's still code in the end. Shhh.
|
# ¿ Sep 3, 2019 18:45 |
|
Welp, I've been ordered to email our parent company's security team to get suggestions. I miss working for SMB.
|
# ¿ Sep 3, 2019 18:54 |
|
Anyone have experience with cleaning up AD? Our AD was created in Server 2000 and upgraded all these years leaving junk accounts, groups, OUs, etc. Also, we used to run our own exchange so I definitely remember editing random ADSIedit things. I was thinking of maybe cleaning this up. Any tools out there to help with this?
|
# ¿ Sep 6, 2019 14:02 |
|
Wizard of the Deep posted:I'm only half-kidding. It may actually make more sense to start fresh, especially if/when you're making a big upgrade push. If we ever did decide to start on a fresh AD, is there any way to avoid creating new local profiles on users machines and let them continue using the one they have? Wizard of the Deep posted:Another easy target is users and computer objects that haven't authenticated in over a year. Those are good targets for disabling and moving to a morgue OU. Ooo I like that.
|
# ¿ Sep 10, 2019 18:34 |
|
Is there a way to enforce a GPP? I created a power plan I want computers to use and I've set it to always apply and to make it the active plan, but users can still change the plan until the GPO updates again which changes it back. Is there a way to disable them from changing the plan? I've looked under the system > power policies and I can set the active plan there which works but the plan is not updated with the settings I've set in GPP, it seems to be the default settings of the plan.
|
# ¿ Sep 13, 2019 17:23 |
|
Wizard of the Deep posted:Let's step back: What are you trying to accomplish with this power plan? And why do users feel the need to change it? It's because our Nessus scanner is picking up computers that are not doing Windows updates with what I assume is because they aren't rebooting their machines to apply them. Since the WSUS settings in GPO are so limited we decided just to send a reboot signal through our PDQ Deploy software to all machines at midnight. The problem is that computers might go to sleep. So my options are either gently caress around with wake on lan bullshit and hope all the nics support it, or just prevent them from sleeping through a GPP. edit: I don't know why or even if users are changing it, I just thought if there was an easy way to prevent them I'd set that. I'm good with just allowing the GPP to reapply. BangersInMyKnickers posted:The best you could probably do in this situation is to figure out what registry keys are getting modified when the power plan is changed and make a script that modified acls to remove users ability to modify. But GPP's re-apply so frequently that I doubt any override they do will stay in place for long, probably not worth the hassle Yeah it's not really a problem since the GPP just reapplies so I guess I'll just leave it as is. Thanks.
|
# ¿ Sep 13, 2019 18:43 |
|
We just sold half our company to another company. What's the best way to migrate mailboxes from our Office 365 to their Exchange 2013? Am I to export the mailboxes to PST files? Please tell me there is a more elegant way?
|
# ¿ Sep 24, 2019 21:46 |
|
Thanks Ants posted:https://help.bittitan.com/hc/en-us/articles/115008107267-Office-365-to-On-Premises-Exchange-version-2007-and-later-Migration-Guide ooo I didn't look very closely. I thought migrationwiz just went the one direction. Thanks.
|
# ¿ Sep 24, 2019 21:49 |
|
Yea we decided to use BitTitan. Just hoping the recipient company accepts this method. Unrelated though, does anyone still use Server 2016? If so, why does it take like 8 loving hours to do the initial Windows updates?
|
# ¿ Sep 25, 2019 19:19 |
|
GreenNight posted:Server 2016 is the absolutely worst with updates. It takes loving forever. 2019 is way way way better in my experience. Yeah I'm regretting not renewing our SA now.
|
# ¿ Sep 25, 2019 19:51 |
|
Sickening posted:Wouldn't you just get 2019 licenses when you update your SA? What do you mean? I'm installing a new 2016 server because I don't have 2019 licenses
|
# ¿ Sep 25, 2019 21:25 |
|
|
# ¿ May 13, 2024 22:59 |
|
Lol so the other company doesn't want to use MigrationWiz (even if we're paying) so PST files it is.quote:I’m thinking we could get an external drive and load it up with PST files and then upload it Ugh.
|
# ¿ Sep 26, 2019 17:28 |