|
Tab8715 posted:Is Schema, at least with-in the context of Active Directory analogous to a blueprint? Essentially. Another way to think of it is an OOP class. The fundamental unit of data in AD is the object, and schema define the vocabulary of those objects. IE, it is schema that declare that user objects have first names, last names, email addresses, etc.
|
# ¿ Dec 10, 2014 23:21 |
|
|
# ¿ May 3, 2024 12:05 |
|
incoherent posted:Buy the cals and charge them to the security team for compliance, force a GPO out to every computer to use remote desktop gateway to access remote desktops. Charge the security team for compliance? How do you even approach something like that? I get the sense that, if I tried that at a big company, the reply might be something along the lines of, "Heh, we just enforce the policy -- it's up to YOU to be compliant."
|
# ¿ Dec 18, 2014 03:32 |
|
Gyshall posted:People posting ITT not knowing about [url=http://technet.microsoft.com/en-us/library/dd772681%28v=ws.10%29.aspx]Access Based Enumeration[/spoiler] So, I know what I'm setting up the second I walk in the office tomorrow. Thanks for that nugget.
|
# ¿ Jan 22, 2015 04:37 |
|
Gyshall posted:People posting ITT not knowing about Access Based Enumeration Aaaaaaaaaaaaaaaand it's up! The test group of users is already giving positive feedback to the "I don't have to scroll through thirty folders to find my poo poo" feature.
|
# ¿ Jan 27, 2015 01:52 |
|
Swink posted:How can I work ABE into my org when I want to hide folders that are not relevant to the user, but still give them the option to acess them if necessary? Are you talking about hiding folders from view for security reasons or convenience reasons? As written, this is coming off as a bit of a weird use case for you to mediate as "Access as Necessary" is a situation subjective to the user. If this is about convenience, the preference has to be available to the user. Favorites in the file explorer, for example, would help Bob in Sales, who has access to forty folders for the purposes of collaboration but uses only three of them 99% of the time. If this is about security -- like, keeping people from poking around in folders that they technically have access to but don't have any business dicking around in on a day-to-day basis -- the solution is in re-arranging your folder structure and user groups. Example: Sue in Sales, like Bob, only uses ~3 folders day-to-day. Every once in a while, though, someone in accounting fucks up and members of both teams have to do some digging to find out what happened. Sue thus needs to be able to access the Accounting share every once in a while, but you, Swink, are nervous about her spending time there regularly, snooping on the day-to-day business of Accounting. Solution: messier. When you say "not relevant to the user" is that from a convenience or security / confidence standpoint? What precisely is "necessary?"
|
# ¿ Jan 28, 2015 04:21 |
|
incoherent posted:Also: Microsoft Pushes windows server to 2016. That, and I was not looking forward to being the guy who had to explain to management why we chose to upgrade Win2003 systems to the then-already-replaced 2012r2. No new Server2015/2016 makes the choice a hell of a lot simpler. Yes, there are Win2003 boxes in our environment
|
# ¿ Feb 1, 2015 20:46 |
|
TWBalls posted:I'm sure this is pretty common. We have quite a few in ours. It's like pulling teeth to get some of these vendors to move even to Server 2008 (non-R2). My understanding about Server 2008 non-R2 is that you do not use 2008 non-R2 . Or am I confused with 2012 non-R2? If it isn't obvious, I've only just jumped on the Windows administration wagon.
|
# ¿ Feb 2, 2015 02:33 |
|
TWBalls posted:I'm sure this is pretty common. We have quite a few in ours. It's like pulling teeth to get some of these vendors to move even to Server 2008 (non-R2). Yeah, but boxes. As in we lose support if we virtualize them. Not because there's a good reason for them to loose support when on a virtual platform; just because.
|
# ¿ Feb 3, 2015 23:19 |
|
incoherent posted:....just how much of SCCM do you have deployed? If is business critical, have them get a SCCM consultant to handle it till a proper handoff can happen. They'll do a better job of communicating it then you could. To give Emory credit, they had the entire campus back up in three days.
|
# ¿ Feb 5, 2015 00:17 |
|
5er posted:I ran the OEM vendor's (only) process for restoring from a failed OS situation, which is supposed to only re-install the OS on its small partition and leave any other allocated space completely alone. Two cents: I think this got derailed at the "Raid for recovery" bit. Hardware redundancy really only performs well from a design aspect for the purpose of preventing downtime during hardware failure. Raid is not a backup solution for higher levels of architecture -- namely, the recovery of accidentally damaged or misconfigured software. For that, you really need regular system backups of some kind on a separate device. I know Raid can really easily look like a backup solution. I've been there. Without the capacity to easily do software-level backups, however, its application in your recovery plan are very limited. Edit: In a sentence, you are going to be far more safe if you don't rely RAID for software recovery.
|
# ¿ Feb 6, 2015 02:00 |
|
NevergirlsOFFICIAL posted:Anyone here work in an environment where the traditional file server environment was replaced with something like box, dropbox, google drive etc? What does it look like if you have like a 500gb shared drive that is moved to dropbox - do all your users keep that entire 500gb folder locally and sync back and forth (like how my personal dropbox does)? Do they just go via web interface and download on demand? This is configurable to what you want to see. Generally speaking, using OneDrive or Dropbox leaves a local copy for user access when not connected to the internet. OneDrive is snazzy in that you can configure that web interface (a la sharepoint) to suit your needs -- particularly useful for securing out-of-org collaboration. The question seems kind of simple and I wonder if I'm missing something -- are you basically asking if a shared storage location on OneDrive / Dropbox behaves like your personal Onedrive/dropbox? By default, yes.
|
# ¿ Mar 1, 2015 04:33 |
|
NevergirlsOFFICIAL posted:1. Everyone would get LOCAL COPIES on their desktop/laptop of everything they have permission to <--BY DEFAULT - THIS CAN BE CONFIGURED IF YOU WANT SOMETHING ELSE Yes. This is a good example of the kind of granular control you will have. You can pay for something like Onelogin or Otka for Dropbox SSO, but do look into Active Directory Federation Services / AD Sync with OneDrive as well. Note that, depending on how your volume licensing for Office works, the combination of Office licenses and cloud storage [edit: with O365] may end up saving you in the long run. Are you by any chance looking at encryption / data control as well?
|
# ¿ Mar 3, 2015 01:12 |
|
Sorry for double post, but do look at WatchDox -- it may be worth your time. https://www.watchdox.com/en/
|
# ¿ Mar 3, 2015 01:14 |
|
NevergirlsOFFICIAL posted:thanks dude. the answers you gave were specifically for dropbox? Yes, generally. Before you do stuff, consider calling https://www.dropbox.com/business/contact . My rep has been helpful in the past, even if we didn't end up buying Dropbox enterprise from her. Free trial = very important to make sure things behave as you want.
|
# ¿ Mar 3, 2015 04:24 |
|
Serfer posted:I have a weird issue, and I have no idea how many people might be setup like this, but here goes. UEFI is often completely hosed. I have yet to see one good reason for it to exist. You miss nothing by merely bypassing the nonsense that is UEFI.
|
# ¿ Mar 8, 2015 14:49 |
|
I spent four hours today trying to get PHP 5.6.0 running on IIS 8 / Win2012r2. I'm sitting here troubleshooting FastCGI, different .NET frameworks, etc. Total exercise in frustration -- though I did learn quite a few some nuances on the side. I finally come across a guy who points out PHP on Windows is still 32 bit. OOooooooooh. Five minutes after installing a .NET x86 stack, everything is working. Grrrrrr. Web Platform Installer couldn't install the necessary 32bit .NET stack itself?
|
# ¿ Mar 31, 2015 19:21 |
|
Gyshall posted:Real life applications (seeing environments and how they're set up and not set up well) Labs, trial & error in those labs, books, whitepapers, labs, a few conferences, certifications. Don't forget "seeing something interesting and reading about it on the toilet."
|
# ¿ Apr 2, 2015 04:11 |
|
Gyshall posted:Also helps a ton with HIPPA if you go strictly thinclient, FWTIW I am quite literally doing this as I sit here now -- not for HIPPA, but NIST standards. My boss only looked at me funny when he walked by to find me running Crystal Disk and three youtube videos simultaneously on our demo Wyse client. The VM (vsphere 5.5) performs gorgeously even without graphics acceleration on two virtual cores provided on a 2.4Ghz Ivy Bridge host. Color me impressed.
|
# ¿ Apr 4, 2015 00:05 |
|
As part of the migration, are you building the new domain next to the old domain and establishing forest trust with the old domain?
|
# ¿ Apr 13, 2015 01:53 |
|
FISHMANPET posted:We've got a 2012 R2 server running Commvault, and Commvault managing it's "database." Which for us is a 90Gb pile of 20k files, a few of them enormous, most of them tiny. I guess in operation CommVault does a standard OS level file copy of these files within the same drive. In our case from J: to J:. (I'm not the backup guy so this is all secondhand). If I do a drag and drop in the GUI of these same files it's pretty fast for the big files, and then when it gets to all the tiny files the speed nosedives. This has been on a Fibre Channel SAN, a local 10k SAS disk, and a FusionIO card. Basically, whatever each device is capable of, we're seeing much less than that. I have to do all transfers / backups of thousands of small files at a block level as opposed to filesystem level. An ancient database of ours used to backup with zip files, which would take 8+ hours to be created as the limitation was the filesystem's capacity to churn through millions of file handles. You need a product that will do the backups on a block level. The limitation is not your storage or storage network, but the limitations of doing this at the NFS / CIFS / other filesystem-level layer of abstraction.
|
# ¿ Apr 14, 2015 02:37 |
|
I'll state it another way. Each of those tiny files represents an action. That action includes the system identifying each file, copying each file, verifying the copy with the destination agent, and any resultant network connections therewithin. Without getting into the nitty-gritty of exactly what happens in MS when you touch a file / copy a file, that's a lot of overhead. Your storage destination and storage network are most likely idle for the majority of this time. Eliminate the filesystem bottleneck altogether by using a product that just copies the disk. If you are properly segregating the system disk and the any disks for your applications -- and with your data on a J: letter, it sounds like the case -- your backup guy just needs to do a copy of the whole disk without regard for the contents. If this is a virtual server, that could mean just doing a copy of the vdisk. If it's physical, use an agent-based backup product or a partition copy tool.
|
# ¿ Apr 14, 2015 02:46 |
|
FISHMANPET posted:The files in question are not the files being backed up, they're the database that CommVault uses to manage the files it is backing up (I don't know exactly how much, but probably tens or hundreds of terabytes). The way CommVault manages its database is that it just does a "standard buffered Windows copy" (according to the vendor) of its database files. The reason this has landed in my lap is that according to the vendor performance is far below what it should be. So, which component precisely is being slow, the J: to J: copy of CommVault's DB files? Or is CommVault itself not backing other things up as it should? Edit: also, what's the underlying hardware as far as the Win2012 box is concerned? Potato Salad fucked around with this message at 05:07 on Apr 14, 2015 |
# ¿ Apr 14, 2015 05:04 |
|
" I guess in operation CommVault does a standard OS level file copy of these files within the same drive. In our case from J: to J:. (I'm not the backup guy so this is all secondhand). If I do a drag and drop in the GUI of these same files it's pretty fast for the big files, and then when it gets to all the tiny files the speed nosedives. " This is the critical part of your original email. It sounds like CommVault is doing its own backup of its database before running. 90gb comprised of thousands of thousands of files....... Ask Commvault if they can do a DB consolidation (many files --> fewer files). I'm trying to make sense of their whitepapers; at an absolutely topical level, it looks like they use a proprietary application database. If the DB is fragmented into a bajillion little files, perhaps they have a re-consolidation tool? It may be worth asking. Edit: If CommVault is citing stats related to "90gb of data across a small handful of files," that would be a far cry from "90gb of data with thousands of files." It comes back to the filesystem being asked to do the copying of thousands of files. That's monstrously inefficient, and it is the bottleneck. Potato Salad fucked around with this message at 05:25 on Apr 14, 2015 |
# ¿ Apr 14, 2015 05:18 |
|
Skype for Business is out. This "intuitive design" that is "familiar to existing Skype users" is a glorified reskin of Lync done as bad as possible. Tabs don't clearly separate themselves. Elements of the UI flash huge color changes at you on brief hover-over (not subtle -- like hovering over elements in Office 2013), and absolutely none of the windowing, icons, grouping, lists, etc etc from Skype are carried over. Mind, I have no stake in it. It's just a illustriously-awful result for something lauded to merge the look and feel of Skype and Lync.
|
# ¿ Apr 15, 2015 19:59 |
|
We're able to do #3 in our environment, but only as a black-magic hack somehow running alongside ADFS.
|
# ¿ Apr 16, 2015 02:28 |
|
For better or worse, MS has long ago decided to name their Skype products by platform. There's Skype for Android, Skype for iPhone, Skype for Desktop, Skype for Business.... If you're on 8.1 or later, you'll notice that the non-RT/metro version of Skype was named "Skype for Desktop" from the outset. Even in Windows 7 Enterprise, updates for the Skype desktop client are named as, "Update for Skype for Desktop."
|
# ¿ Apr 16, 2015 02:49 |
|
Tab8715 posted:Good god that just seems redundant. Openfire is great. Slack is loving fantastic. https://slack.com/is/team-communication
|
# ¿ Apr 16, 2015 05:06 |
|
hihifellow posted:So this is pretty great. It lacks the audit trail of a 3rd party appliance/service but I'm leveraging it to finally get us away from using the same local admin password on all of our servers. That.....that is insanely cool. Not a week ago, we had an entire department freaking out because their new IT manager started randomizing local admin passwords on systems (and writing them down, of course). This department had everything cryptowalled last year and has a long history of terrible practices, mind you. This may prove useful for those bitching about inconvenience.
|
# ¿ May 6, 2015 04:25 |
|
Tony Montana posted:Why do you do this? Others have answered: Death to Java and Flash! We've tested building out in-house applications that flatly require Java that we won't be able to eliminate from our business process as VMware ThinApps. It was shocking to see a system on Java 6u45 that we always have immense trouble tweaking to work on desktops run for the first time in a little packaged mini-vm. poo poo's expensive though -- on the order of $100 per year per seat
|
# ¿ Jul 20, 2015 17:30 |
|
devmd01 posted:
What's the nature of the cloud ban, anything federal? Department of State / Energy? Upcoming revisions in ITAR / EAR provisions are going to make a "cloud email exception."
|
# ¿ Jul 29, 2015 21:49 |
|
With this thread covering enterprise topics, is it the de-facto destination for SCCM discussion? Everything I'm reading about application vs package deployment points to application catalog deployments lacking the ability to start installation upon winlogon -- as is possible in gpo or sccm package deployment. Being somewhat new to the sccm 2012 scene, I'm left scratching my head a little regarding precisely why.
|
# ¿ Aug 6, 2015 17:35 |
|
mewse posted:Fuuuuck me. I had to flatten a laptop running Win 7 home premium but it has office 2013. I was able to connect the hard drive to a different machine and run produkey on it OEM license? Zaepho posted:The application deployment evaluation cycle is what triggers application deployments and it runs on a different schedule without tying into winlogon (that doesn't answer the why part...Microsoft?). Unless you absolutely have to have it run at Winlogon, use an app. For your own sanity's sake and all that is frigging sacred.. USE APPS!! Unless you have a VERY compelling reason (reason.. not excuse) not to. I get the eval cycle logic -- "Should I install/uninstall this package? Is this the user's primary device?" What I've been reading is that, with application deployment lacking the capacity to restrict initiation of installation to an environment guaranteeing no browsers are open for, say, a Flash deployment, we're left to our own devices on managing communication of change management with the users. The same small (to continue the example, Flash) package install that we could get away with sneaking under a user's nose unobtrusively upon login with an sms / sccm'07 package is going to require us to pop a window up asking that the user close browsers, defer x number of times, yadda yadda. That's fine and dandy for the big rare updates like going from Office 2010 to 2013, but for more frequent and small updates like Reader or Flash, it might get old. Along the lines of interacting with the user (close browsers or applications, defer installation, etc), PowerShell App Deployment Toolkit is looking really, really cool. http://psappdeploytoolkit.com/ Potato Salad fucked around with this message at 17:57 on Aug 6, 2015 |
# ¿ Aug 6, 2015 17:43 |
|
mewse posted:I'm not sure, you can get pro plus as OEM? Herp. License gal says no.
|
# ¿ Aug 6, 2015 18:02 |
|
It looks like phone activation is an option when the old machine running proplus dies and you can't recover the key. https://social.technet.microsoft.com/Forums/en-US/25e780d5-720f-462f-8387-218d1f17d85c/how-to-transfer-office-2013-license-information Edit: Same licensing coworker is under the strong impression that ProPlus is available only under volume licensing. What's going on in your case specifically? If it is indeed proplus, the volume license key ought to work -- unless the customer didn't keep a copy on hand. Potato Salad fucked around with this message at 18:09 on Aug 6, 2015 |
# ¿ Aug 6, 2015 18:05 |
|
FISHMANPET posted:There's a bug in R2 that causes applications to fail frequently in an OSD, which was fixed in one of the CUs. We weren't able to install the CU because ~reasons~ so for all the software that goes on every computer (browsers, java, flash, adobe, etc) the packager had to make both a package and application for each version. Modern osd + software deployment is secretly my endgame for getting everything up to date. Goal is for Win10 to be our first deployment in a year or two.
|
# ¿ Aug 6, 2015 18:41 |
|
We've had a somewhat similar thing with Dropbox, and Dropbox is offering to simply subsume existing accounts @ourorganization and re-direct control to us. Will MS do something similar?
|
# ¿ Aug 30, 2015 22:23 |
|
devmd01 posted:The eventual goal is to consolidate all resources to DomainA, but this is going to be a multi-year process. Step One: easy half of migration Step Two: Ask for raise
|
# ¿ Oct 21, 2015 01:17 |
|
One day, MS will come up with something as straightforward as a package manager. Some day.
|
# ¿ Oct 22, 2015 15:44 |
|
Are you loving kidding me. Good thing our loving department that manages SCCM stays on top of vetting patches before distribution. Oh wait, they don't
|
# ¿ Nov 13, 2015 03:27 |
|
|
# ¿ May 3, 2024 12:05 |
|
Is there a reason even imaging or cloning is not an option? Long has Plesk been automated at essentially level with the right tools.
|
# ¿ Dec 3, 2015 01:36 |