|
The reporting function is a life saver and really gives you heads up on whos backing up their iTunes to their network drive. (Which is not allowed in our organization to begin with)
|
# ¿ Dec 27, 2011 07:16 |
|
|
# ¿ May 14, 2024 11:33 |
|
Wicaeed posted:Has anyone set up Dell DRAC 5/6 to use AD authentication? Yeah, its kind of loving wonky. There should be a test button to check if it can authenticate. Where does it fail at?
|
# ¿ Mar 30, 2012 06:39 |
|
Has anyone effectively used an Managed Service Account at all? Every time I read about them it seems like they are silver bullet for creating service accounts, but nothing Microsoft makes uses them. Can't use them for SQL, can't use them for AD RMS.
|
# ¿ Sep 5, 2012 08:09 |
|
Wow thanks. My consultant told me that it wasn't in the cards for this version.
|
# ¿ Sep 6, 2012 06:19 |
|
You'd probably want to look at fail over clustering.
|
# ¿ Nov 15, 2012 11:08 |
|
underlig posted:What kind of notification do you get when the wipe occurs? I mean it obviously will not say "phone will be reset y/n?" but will it say "the administrator has initiated a full wipe" or just reboot itself and present the user with her first time configuration? (if it says anything about the administrator it can be hard to just go "huh it reset itself? that's strange") This is why you get an MDM solution. Being able to selectively wipe company data is worth the tedious setup and deployment time (What do you mean you won't buy me an ipad? ) Profile goes on = you get company data. You leave = Pull the profile and everything goes with it. iOS has some neat things to prevent cross pollination of data (say, contacts). incoherent fucked around with this message at 07:19 on Jan 17, 2013 |
# ¿ Jan 17, 2013 07:17 |
|
gbeck posted:I work in healthcare and the main group of people I am targeting are the "Application Admins". They know everything about the clinical side but just enough on the IT side. I don't really expect (or want) them to be running around AD or give them admin rights to servers. Its roll separation and its a core concept of AD. You can install RSAT and not give them the keys to the kingdom. Just enable active directory users and computers, and pair down what the person needs to see or have rights to. You've already given them password reset rights, now craft an MMC that sits on their desks and allow specific OU view of their purview.
|
# ¿ Jan 30, 2013 07:45 |
|
.
incoherent fucked around with this message at 08:48 on Mar 1, 2013 |
# ¿ Mar 1, 2013 08:40 |
|
Morganus_Starr posted:Does anyone have any recommendations for Employee Monitoring software? Something that hooks into AD is fine - basically just going to test the waters with this. Whether it's scripts that monitor logon/logoff events and can output that to .csv or Excel so I can build a chart, or agent-based monitoring, or some other software. The idea is just to get some productivity metrics like which users are logged in at home to the network through VPN and accessing the network, how long the users are logged in to their systems, that sort of thing. Someone in management is following the events of yahoo's new CEO. Event viewer will log these types of things, and you can pull the logon/logoff event number. Your router/firewall should be logging (!!) vpn connections. If you're running vista and later machines, you can log when a terminal server (remote desktop) session is kicked off and when the desktop is unlocked from sleep. The problem is you can't reliably monitor productivity unless its a very measured and repeatable task (like data entry). If the tasks are open ended (like programming) with completion dates, someone could login at the last hour and bang out all their work. You should sit down and ask what the expectations are from such a request. Alternatively, if the manager is really paranoid install teamviewer on company laptops and allow them to remote in and view those people while they work.
|
# ¿ Mar 7, 2013 10:42 |
|
Martytoof posted:Hmm. So even if DNS were available, it looks like perhaps that wouldn't help unless the SYSVOL share were accessible. I don't know where CIFS starts in the boot order. Use client fallback on sysvol and netlogon folders. This should speed things up. http://technet.microsoft.com/en-us/library/ff633445(v=ws.10).aspx E: you're using the BPA scans, correct? incoherent fucked around with this message at 05:24 on Apr 3, 2013 |
# ¿ Apr 3, 2013 05:21 |
|
Powercrazy posted:What is the easiest way, given an excel spreadsheet full of IP addresses, to do an nslookup on all of them? Bonus points if I can easily run a command within Excel to create a column of Hostnames, next to the IPs. Angry IP scanner?
|
# ¿ Apr 17, 2013 08:00 |
|
Are you admining from a workstation with IE10 installed? To expand on dotalchemy you won't see it if you're on a Windows 8 machine or windows 7 with IE 10. Uninstall IE 10 and you'll be ok.
incoherent fucked around with this message at 05:42 on Apr 25, 2013 |
# ¿ Apr 25, 2013 05:40 |
|
GreenNight posted:gently caress, removing IE10 worked perfectly. Thank you so much. And the mind reels WHY they didn't they communicate the depreciation earlier. Its probably in some blurb deep within technet. Thanks microsoft.
|
# ¿ Apr 25, 2013 19:13 |
|
CapMoron posted:Sophos is sounding pretty good. If you need to sell it, it does handle administering mac quite well. Also, you do get to extend a home-license of the AV (Providing you set up your own relay server. But nobody does that, they just have everything call home to sophos). quackquackquack posted:Would AD+GP+WSUS be sufficient for the Windows PCs? WSUS is perhaps the only software microsoft ever got right. For the task it has to tackle, it does it very well. Personally, I've never had luck pushing installs and updates via the core Group Policy that wasn't Microsoft own software. WSUS and GPO are deliberately "ok, but limited in scope" products. This is where SCCM steps in. If you want to keep an entire network up to date on adobe and java, this is what you'll want. incoherent fucked around with this message at 06:07 on May 21, 2013 |
# ¿ May 21, 2013 06:01 |
|
That sounds ugly as gently caress. Are your PS scripts are being kicked off via GPO? Microsoft really, really wants PS scripts to be ran in a specific way at login especially if you're not signing and set to execute-all. Too bad you're not running R2 and using DFS-R for netvol and sysvol, you could speed it all up by enabling client fallback to local sysvol and netvol. incoherent fucked around with this message at 09:29 on Jun 20, 2013 |
# ¿ Jun 20, 2013 09:26 |
|
It looks like A VSS writer has poo poo the bed on my R2 install, and it seems microsoft has no way of fixing it. Symantec has done all they could and pointed me a the direction of microsoft. Basically the issue is outlined here but instead of windows backup, its any backup solution that uses VSS. Kind of at a loss. Everything says "DONT RUN REGSVR32" for R2 machines, and I cant really flat and replace.
|
# ¿ Jun 29, 2013 01:23 |
|
.
incoherent fucked around with this message at 21:11 on Jul 1, 2013 |
# ¿ Jul 1, 2013 21:05 |
|
Are you auditing active directory? Anything unusual in there, for example, kerbrose/time issues?
|
# ¿ Jul 5, 2013 18:21 |
|
I would recommend a new geo-specific domain in your forest if you're moving to another continent. If poo poo gets real bad real fast, that RODC wont be of much use. The admins can work semi-autonomously and would simplify management and reporting quite a bit.
|
# ¿ Aug 2, 2013 05:02 |
|
Cpt.Wacky posted:If you're subject to HIPAA then the Security Rule would prohibit sharing accounts. I'm sure SOX says the same. If you are subject to any kind of outside auditing they'll probably ding you on it too. It's a pretty fundamental best-practice of the entire industry for the last 10? 20? years. Speaking of HIPPA, what is the best book on this for IT?
|
# ¿ Aug 19, 2013 17:30 |
|
The self-paced 70-640 book goes over AD CS in great detail. If you can get a hold of chapter 15 in the book and read+sim the examples, you'll be on your way to deploying CS. Just sim it out before you go in, you could seriously muck up your Domain.
|
# ¿ Aug 20, 2013 02:49 |
|
IS your current SQL data on a SAN or locally on the server? Also, does anyone have any info on how you're supposed to deploy 8.1 to domain users?
|
# ¿ Aug 23, 2013 09:49 |
|
EAT THE EGGS RICOLA posted:In the same domain? msra /offerra will give you Windows Remote Assistance. Yup. we use Remote assistance (advance options for helpdesk) to remote assist users in the domain. Handy, but the app has a tendency to pop under and I have to tell the user to look for the blinking orange icon. We added a Helpdesk security group to a GPO and they're all fasttracked to send a help request.
|
# ¿ Oct 17, 2013 22:09 |
|
The VM thread would help, though many people here mingle in the same threads.
|
# ¿ Nov 20, 2013 19:16 |
|
We got sophos, easy and simple to deploy. Patrols AD for new machines and auto installs. They'll give hell of a deal near end of month so prepare to buy then.
|
# ¿ Dec 3, 2013 17:02 |
|
I would of gotten my boss on the line just to hear me spew out some real nasty venom at microsoft for wasting mine, my bosses, and my organization time.
|
# ¿ Dec 28, 2013 02:46 |
|
Just setup outlook anywhere and use a single namespace (nameofmailserver.yourdomain.com). you're going to hit this roadblock again (2010) and again (2013). Not troubleshooting those AD DNS issues WILL come back and bite you in the rear end.
incoherent fucked around with this message at 09:10 on Jan 13, 2014 |
# ¿ Jan 13, 2014 09:03 |
|
I don't know why you guys are working so hard on deligation, I'm the only enterprise admin
|
# ¿ Jan 24, 2014 05:36 |
|
kiwid posted:We do, and actually this request was made by the CEO so that the Global Address List has this information available. And by addresses, I mean branch address, not personal addresses. If its only 300 peeps, learning scripting will help you accomplish this. But really you're at the 300 people size and you could use a tool like ADmodify.net (http://admodify.codeplex.com/) to mass update everyone.
|
# ¿ Mar 24, 2014 01:30 |
|
Bob Morales posted:Ran into an interesting setup today. Imagine a bunch of folders on a file share: As other stated, its pretty much textbook rights permissions (right out of microsofts own documentation). I know it looks goofy, but it helps. Someone setup the shares correctly on the first time. Take pictures. I doubt you'll see this unicorn again.
|
# ¿ Apr 30, 2014 16:54 |
|
I suspect this data isn't on a SAN and you can't clone the volume to try and scan and/or bring that online while you scan the original volume? 8TB is going to take a loooong time to scan.
|
# ¿ May 1, 2014 07:36 |
|
Question: Setting up managed service accounts for IIS instance with a new website. It appears the app was developed to locate files from mounted network drive. Do I have to create a normal user account with privileges, and login as them?
|
# ¿ May 14, 2014 01:24 |
|
if you feel your intermediate, get the powershell cookbook. You'll get snippets and concepts to start building.
|
# ¿ May 14, 2014 07:29 |
|
This was just announced for those in a linux/window shop.
|
# ¿ May 14, 2014 18:29 |
|
Yaos posted:I just interviewed for a lead tech position, it's in the same organization I'm already in. If I get the job I'll be handling migration to Active Directory (with the help of a tech from another department that has already done this), creating inventory for IT, getting a ticket system running(none exists there!), creating documentation for everything, handling issue resolution, and providing purchase recommendations. I'll be looking for existing inventory, which may not exist. I'll be using Spiceworks for live inventory and tickets, and using an existing manual inventory system to document what we are supposed to have. Unfortunately, the previous IT lead left on bad terms, so I'll have to make sure everybody knows I am there to help. What was the type of identity management did they have on the machines (identity management = some sort of authentication to access resources in the organization)?
|
# ¿ Jun 30, 2014 08:06 |
|
You've got a poo poo ton of work to do. For documentation, get on Confluence. I use it to jot down configuration stuff https://www.atlassian.com/software/confluence For AD/domain configuration. Follow all modern best practices, take away local admin privileges, and audit audit audit.
|
# ¿ Jun 30, 2014 18:25 |
|
Microsoft updated their Group policies for 8.1/2012 R2 today. http://www.grouppolicy.biz/2014/07/windows-8-1-update-windows-server-2012-r2-update-administrative-templates-admxadml-pack/ Drop them in your central store on your "pdc" (shouldn't be a problem on modern DCs with DFSR though) and replicate through your org. Also gives you a chance if you're not in a 8.1 environment to turn off all that bullshit...for future generations.
|
# ¿ Jul 9, 2014 01:22 |
|
Sacred Cow posted:I guess I'll ask this here while I'm at it. My company wants to run an isolated network with RDS and about 6 thin clients. We're looking at some micro-servers and I'm wondering if an i7 with 16GB of RAM would be enough to run a VMWare box with AD DS, DNS, DHCP and RDS. Users would only be running Office products and maybe Adobe Standard. Remember the golden rule about RDS: They're all going to want to watch youtube in HD, simultaneously. You're going to need a lot more ram (you've just budgeted 2.6GB of ram for each user...and that not counting core windows server services!) and I would not put this on a consumer grade machine. You're going to have 6 users hammering on this, and you'll need 32 gigs if you want to do this all. In other words, get a proper server.
|
# ¿ Jul 9, 2014 16:48 |
|
skipdogg posted:You can do it either way, but the generally more accepted 'better practice' is to do 'Full Control' on the Share permission and lock things down with NTFS permissions. Not only is this the "better practice", microsoft conditions admins in their documentation. They phrase it as "IT professionals hate this, and despite designing the software that should do this task far more elegantly, we're telling you you should set it to everyone and configure the NTFS permissions."
|
# ¿ Jul 23, 2014 23:36 |
|
|
# ¿ May 14, 2024 11:33 |
|
https://testconnectivity.microsoft.com/ Test your lync configurations here.
|
# ¿ Jul 24, 2014 00:13 |