|
Don't do Enterprise level stuff, but we run a WDS server to load customer machines. WDS has a PXE boot image to "capture" the load of windows on whatever system you boot it with. We maintain a separate VM for every configuration we need and just update them and then run the capture image about once a month (patch Tuesday, hooray). We run VM's for Windows XP Pro/Home, Vista Basic, Home Premium, and Business, 7 Home Premium, and business. And x64 versions of 7 Business and 7 Ultimate. Our shop manager spends 4-5 hours a month maintaining those images. Don't know how SCCM handles the imaging process, but if you have a handful of configurations you need to support, it's hard to beat VMware Workstation or similar.
|
# ¿ Jul 13, 2010 04:48 |
|
|
# ¿ May 7, 2024 16:12 |
|
anthonypants posted:PDQDeploy seems to be well-loved, but I've never used it. Its sister product, PDQInventory, is good. I just got licenses for both on the new year. Either works great as standalone products, but having both together is pretty loving cool.
|
# ¿ Jan 17, 2017 01:57 |
|
MF_James posted:Has anyone really used LAPS yet? (https://technet.microsoft.com/en-us/library/security/3062591.aspx) I have LAPS about 50% deployed right now, should have 100% coverage in a couple months. LAPS is enforced by GPO and AD ACL's. The extended attributes do store the password in plain text, but if you follow the instructions for setting permissions, you should have a reasonable expectation of security. Passwords only update when the computer boots up and processes group policy. The password reset works be setting the expiration date to the current date-time. The GUI is terrible, but the powershell module is great. wyoak posted:I use it and have never had an issue with it - it doesn't have to manage the built-in admin account, if you wanted to keep using the separate admin account. This is the way I do it as well, and afaik is the recommended best practice, since the built-in admin sid is a known constant.
|
# ¿ Jan 26, 2017 21:04 |
|
incoherent posted:painpoints from what i've read over at /r/sysadmin 1. Don't delete computer objects unless the hardware is being decommissioned. 2. If the computer is still a member of AD, the password will update.
|
# ¿ Jan 27, 2017 02:03 |
|
incoherent posted:re #2: It falls under those "lost trust with the domain" situations. I agree with not deleting the object. There has to be a hard reason to delete it (or reuse object names). In that situation I'd prefer to re-image the computer fresh, then extract any data I need from the backup image separately. If that's not an option you're already in a special shitflake situation and there are a bunch of tools out there for wiping local passwords.
|
# ¿ Jan 27, 2017 02:27 |
|
wolrah posted:That was my first thought, but their web site strongly implies that Azure AD only works with Windows 10 and this is a 7 shop. That doesn't really make sense so I'm sure it's wrong, but it wasn't worth putting time in to researching since it's such a small environment. He wasn't suggesting Azure AD, but actually spinning up a server VM in Azure running regular AD.
|
# ¿ Feb 16, 2017 21:48 |
|
wolrah posted:Ahh, that makes sense. I'll have to look in to that just in general tomorrow, I have a few customers like this one with a single server (that often also like this one was configured somewhat idiotically) so a remote spare DC would be nice. I wish Samba4 was usable so I could run secondary DCs without licensing concerns, but AFAIK its still missing enough to matter and I've been burned by that idea once before (ran a NT4 domain on Samba 3 for a few years, gently caress that). If you're running Windows Server in Azure, the licensing is covered in the per-minute cost of the VM. edit: Reference: https://azure.microsoft.com/en-us/pricing/licensing-faq/
|
# ¿ Feb 17, 2017 01:49 |
|
Sickening posted:If that was your concern you probably should have said so. Powershell is basically the best option for doing it all at once. LAPS is the tool they made to do what you are wanting to do but I personally dislike it. I like laps, but the available management tools leave something to be desired.
|
# ¿ Feb 21, 2017 20:03 |
|
Yeah, I don't get the problem. You can specify how often the passwords refresh, and if you ever need local admin access, you just look up the password for the computer you need.
|
# ¿ Feb 27, 2017 19:33 |
|
Thanks Ants posted:Why don't you get one of those computers that can be moved around? http://oldcomputers.net/pics/compaqI.JPG
|
# ¿ Feb 27, 2017 19:46 |
|
What's wrong with just setting the browser home page via GPO. Why does this have to be done within outlook?
|
# ¿ Mar 2, 2017 18:13 |
|
stevewm posted:We did both and it turned out successful. Employees were constantly complaining that store management did not communicate changes/news to them and it was difficult to find forms/documentation/etc. So I put together a Intranet site built on a wiki platform (Tiki Wiki) hosted on a small Ubuntu Server VM. And then using a GPO for Chrome, it is locked as the homepage on all the branch computers. The main page is a constantly updated internal news feed. We do this, only with Sharepoint. The main intranet page has a news carousel, links to the payroll and timekeeping self service sites, corporate calendar, and a few other things. Then we push it as the mandatory home page for all three major browsers. (Firefox is a giant pain, have to push a lovely config file instead of using GPO) Since this is on Sharepoint Online, we pushed a specially formed url for the sharepoint site so their browser session starts logged in automatically, and if they're using domain joined computers they never see a login prompt for 365.
|
# ¿ Mar 3, 2017 18:10 |
|
You should just be letting mdt inject the appropriate drivers during imaging. I'm in the middle of a 10 upgrade, and have had zero issues coming from a mix of 7 and 8.1 All of my hardware is hp pro or elite though, so that helps.
|
# ¿ Mar 7, 2017 04:51 |
|
It may have since changed, but I was under the impression Windows 10 driver updates ignored GPO/WSUS settings.
|
# ¿ Mar 7, 2017 17:25 |
|
ProperCoochie posted:A couple of questions regarding SharePoint Online.. None that I'm aware of. quote:2) Is there a way to get MSWord's "Line and Paragraph Spacing" tools into SharePoint? Some users are having trouble editing their pages. They're looking for something more than Enter and Shift+Enter for formatting. In what context? Entering a form? Editing a site page? Modern page? There are some rich text editing tools in some places.
|
# ¿ Mar 11, 2017 19:20 |
|
ProperCoochie posted:Editing a site page. For users comfortable with Word but now thrust into the world of SharePoint. Turn on modern pages and just embed a document. https://wonderlaura.com/2016/10/17/new-modern-web-parts-full-list/
|
# ¿ Mar 11, 2017 22:32 |
|
lol internet. posted:Best practices for new domain. Why is your root domain not "company.com" Are you actually setting up multiple domains in a forest? The Fool fucked around with this message at 02:55 on Mar 13, 2017 |
# ¿ Mar 13, 2017 02:49 |
|
https://azure.microsoft.com/en-us/offers/ms-azr-0044p/ Azure offers a 1-month $200 credit. If you stop your instances when you're not using them you can do a lot with that.
|
# ¿ May 10, 2017 21:05 |
|
psydude posted:Question about licensing: if I purchase a 2016 license for 16 cores and 2 processors, does that mean I can deploy 16 one-core VMs of 2016? No, the license is for physical cores. Data center allows for unlimited vm's, standard allows for 2 vm's
|
# ¿ May 18, 2017 21:49 |
|
Zero VGS posted:You can also use multiple standard licenses on a single machine, for instance 3 copies of standard to run 6 vms. I think with pricing the breakoff point was somewhere around six last time I checked. Yes, but for each set of 2 VM's you need to pay for all of your physical cores again.
|
# ¿ May 19, 2017 00:56 |
|
psydude posted:So if I have 3x UCS blades with 2 processors and 6 cores each running in my cluster, how would I license that? Would it be one license per blade, or just one license for 6 processors and 36 cores? Would I need to purchase multiple licenses for 6 processors and 36 cores? Or is it only on the actual number of cores that I plan on using? Each node needs to be licensed separately, and needs to be licensed for all vm's in the cluster "In case all but one node fails"
|
# ¿ May 19, 2017 16:31 |
|
It means that maybe you should expand that column and you might get more context.
|
# ¿ Jul 5, 2017 16:13 |
|
CLAM DOWN posted:Lol if you store all your poo poo in a data center managed by a top tier technology company just lol Because that is what you sound like. edit: Zero VGS posted:For 3 years now I've been setting up Onedrive for Business for each user and just dragging their Desktop/Documents/Downloads/Pictures etc folders in there for new PCs, which redirects them. The nextgen sync client has definitely improved a lot over the last 6 months, but they are only just now rolling out support for long260-400 file paths and for special characters% and # OneDrive for business is a sharepoint document library on the back end, but the NGSC was missing folder syncing until 2-3 months ago so if you wanted to use that feature you ended up running 2 different copies of OneDrive. 3 if you used one drive personal. The Fool fucked around with this message at 17:31 on Jul 7, 2017 |
# ¿ Jul 7, 2017 17:24 |
|
I've used nlite in the past to make custom desktop images, it says it supports Server 2016.
|
# ¿ Jul 11, 2017 17:14 |
|
Internet Explorer posted:I don't know about the mechanism behind it but I do know that upgrades from Win 7/8 to 10 kept behind the old OS files for 30 days and then removed them. Maybe looking at what handles that process could help you? Anniversary updates follow the same schedule.
|
# ¿ Jul 12, 2017 16:25 |
|
Microsoft cloud products are half baked?
|
# ¿ Sep 2, 2017 21:08 |
|
Mr. Clark2 posted:I have been tasked with creating some kind of 'Document approval workflow' in Sharepoint. I know nothing about Sharepoint. Exactly how screwed am I? This product has been a lifesaver: https://www.infowisesolutions.com/ufapp.aspx
|
# ¿ Sep 13, 2017 23:02 |
|
Azure compute pricing includes all os and cal licensing for windows vm's. Also, if you really needed sql express, you would install it as an application in your vm. Edit: Unless there is a specific reason you need SQL Express, you should just provision the SQL PaaS from either provider. It'll be cheaper per month and easier to manage. The Fool fucked around with this message at 21:33 on Sep 29, 2017 |
# ¿ Sep 29, 2017 21:20 |
|
Zero VGS posted:It says AWS does not require Windows CALs either if you spin up a Windows Server AMI: Azure pricing calculator, if it helps.
|
# ¿ Sep 29, 2017 23:02 |
|
Sacred Cow posted:Understanding the basic concepts of how to work and automate in THE CLOUD is more important then the specific language (at least in my opinion). Yeah. The core concepts, infrastructure as code, automation, containerization, micro-services, CI/CD, etc. apply to all of the platforms, and if you understand those you shouldn't have a problem adapting to whatever platform you need. quote:My only gripe with Azure is they don't make it easy to lab it out on your own without paying out of pocket. Azure recently modified their trial to be one-year long, and include 750 hours of compute per month. Which puts it on par with AWS. edit: Methanar's devops post is a++ content, The Fool fucked around with this message at 17:29 on Oct 31, 2017 |
# ¿ Oct 31, 2017 17:26 |
|
Not everyone can specialize in moving things around.
|
# ¿ Nov 1, 2017 06:26 |
|
Collateral Damage posted:Also learn how Git and version control in general works. To this end, I just started playing with VSTS. Within a couple hours I had cloned my previously local only git repository, and setup build automation so that whenever the master branch is checked in it automatically updates the “production” file share
|
# ¿ Nov 1, 2017 16:31 |
|
Major release
|
# ¿ Nov 22, 2017 19:52 |
|
Zero VGS posted:Something I never knew about PDQ Deploy / Inventory, you don't actually need to renew every year, they told me themselves the licenses are actually in perpetuity and renewing is for upgrades / support. They're already a very good deal but that makes it even easier to sell when you're on a limited budget. It also includes updates to the software library, which is necessary for auto deployments.
|
# ¿ Feb 21, 2018 22:34 |
|
You can use “net use” to redirect a network printer to lpt1, then a windows printer queue set up pointing to lpt1, then you application points to that queue. This would only work if the printers are all the same. I used to do this a lot for printing from old dos applications
|
# ¿ Feb 28, 2018 16:49 |
|
incoherent posted:I really don't know which thread to drop this in, but firefox is finally getting GPO support this year. I'm banking on more windows admins wanting a heads up than regular firefox users. I can’t wait to see what way his is horribly broken
|
# ¿ Mar 8, 2018 06:41 |
|
This is why ADFS exists. You can create custom multi-factor middleware if you so choose. https://blogs.technet.microsoft.com...2012-r2-part-1/ It is not for the faint of heart and I wouldn't recommend rolling your own solution unless it is for some reason absolutely necessary. e: I may have misunderstood your request. ADFS doesn't work for workstation logins.
|
# ¿ Apr 10, 2018 23:34 |
|
KillHour posted:Yes, this is for logging into a workstation. Every on-prem MFA solution I've ever looked at requires installing an agent on every workstation you are going to protect. In Windows 10, you're probably looking at a custom credential provider: https://msdn.microsoft.com/en-us/library/windows/desktop/mt158211(v=vs.85).aspx In other versions of Windows, a custom GINA dll: https://msdn.microsoft.com/en-us/library/windows/desktop/aa375457(v=vs.85).aspx
|
# ¿ Apr 10, 2018 23:59 |
|
KillHour posted:I just checked and the customer does use 2FA. Person B borrowed person A's hard token, logged into person A's workstation on a day person A called in sick and processed a fraudulent check for $Texas that went to some shell LLC in the Caymans. The solution is an accounting control that requires multiple people to sign off on payments that large. It sounds like they already have the expected technical controls in place.
|
# ¿ Apr 11, 2018 00:37 |
|
|
# ¿ May 7, 2024 16:12 |
|
Thanks Ants posted:Is anybody in the MS Teams Direct Routing preview? No, but if it’s as cool as it sounds I am seriously pushing for this when it hits GA.
|
# ¿ Apr 12, 2018 17:03 |