|
Someone at microsoft though this was hosed too and wrote a PS script to scan your GPOs. https://blogs.technet.microsoft.com/poshchap/2016/06/16/ms16-072-known-issue-use-powershell-to-check-gpos/ To clarify: I think it's a smart move from a security standpoint, but executed terribly.
|
# ¿ Jun 16, 2016 19:50 |
|
|
# ¿ May 3, 2024 05:38 |
|
LmaoTheKid posted:Anyone have any experience with AirWatch for laptop mobile management? I use heavily use airwatch for all my mobile devices,which are surfaces and iOS devices. The best thing about 8.1 and 10 is their MDM support built into the OS. Strongly consider standardising your platform on windows 10, as there are a lot more features to work with. If you think you're getting away from Active directory, just stop right there. I regret not integrating my MDM with my on prem (I was a really EARLY adopter so the LDAP\AD stuff wasn't as solid as it is now) AD as it a pain managing people from two panes of glass. Eventually to full manage a windows device you'll need a AzureAD account configured as well. Cool things: Backs up the bitlocker key in the console Push out standard configurations seamlessly Bake in the MDM configurations into your Windows images using the new windows imaging toolkit. Lame things: Periodically tries to re-run bitlocker encryption to make sure it's encrypted (I think this is a windows limitation with no way to gracefully ask "r u locked?") You need TWO SEPARATE windows mdm apps (one from the store, one that is a win32 app) as each provide different information back to the MDM console Windows Mail app saying my workstation isn't compliant with regards to activesync security requirements, even though my Apple and 8.1 Windows mail apps work just fine. E: also if you're moving wholesale to AW for your iOS devices take the time and effort to enroll your org into Apples Device Enrollment Program. It took a while to get going but I have my VAR and cellphone providers auto sending the hardware to apple to sync to my MDM, bypassing A TON of manual configurations. incoherent fucked around with this message at 18:47 on Jun 17, 2016 |
# ¿ Jun 17, 2016 18:40 |
|
Sheep posted:Being a not_Windows guy, I'm still confused as to how you're supposed to domain join roaming laptops that may never even be connected to the company network for weeks at a time without splurging for Enterprise. Azure ADDS isn't a mature thing yet so the only option remaining is DirectAccess which is obviously a no go because, again, Enterprise. There is a free, very slim version of AzureAD you can use to do cheap SSO which works to manage the windows store for bussness and link your Active directory to your MDM. From what i'm looking at you NEED a fullstop MDM like Airwatch or Meraki in addition to AzureAD. MDM is going to give you the tools you need like configuring wifi, VPN, AV, and bitlocker. VPN is still going to be your go-to thing and its not going away any time soon. If you let your MDM manage the configuration portion it removes all the complexity from your users. e: and if you're a not_windows guy on a not_windows device (like a mac!) there are tools to manage the device as well. In fact Airwatch is mature on the iOS\mac stuff and emerging on the windows stuff (see my post about rough edges).
|
# ¿ Jun 17, 2016 20:00 |
|
Necronomicon posted:Anybody have any experience with Google Apps for Work lining up with Apache DS? I just did an off the cuff google search for the directory, and google has a contact directory included in google apps? https://support.google.com/a/answer/1628009?hl=en&ref_topic=3056086
|
# ¿ Jul 14, 2016 01:27 |
|
Calidus posted:I am really leaning towards the idea that users are just idiots but here it goes. We use Office 365 for email. I have a system that log into office 365 and emails out invoices as pdfs to customers. All our customers with @att.net email address can't seem to open the pdfs. Train them to send onedrive links?
|
# ¿ Sep 23, 2016 00:57 |
|
ESXi has a really sweet HTML5 gui thrown in.
|
# ¿ Jan 30, 2017 20:40 |
|
Computer Serf posted:I've never dealt with Active Directory before, is it a poo poo storm to deploy and migrate everything over a weekend and not poo poo the bed as soon as everyone tries to do anything Monday morning? CALs are a soft licensing thing for 90% of microsoft licensing (RDP is the exception). Don't let them be a hurdle to doing some 11hr-hour-pull-five-aces-out-your-rear end savior bullshit, but make sure to get them purchased. Remember: you need one for every device that hits your Windows server DHCP service.
|
# ¿ Feb 16, 2017 07:47 |
|
You'll need a mixture of user and device cals, which crowley referenced. Otherwise vlan your printers, VoIP phones, and access points and use a different DHCP solution.
|
# ¿ Feb 16, 2017 17:22 |
|
SamDabbers posted:If you're "required" to take the stipend and want a separate phone, then buy a suitable phone, write it off as an unreimbursed business expense, and use the stipend to pay for pre-paid service for it. i'd love to tell my employer they've burned through their 30 dollars in prepaid support.
|
# ¿ May 26, 2017 07:25 |
|
Thanks Ants posted:Since everything is IT now, does anybody have any recommendations for door entry systems that are IP-based, don't need a local server (clustered or a cloud service is fine), and don't cost a fortune? Something aimed at a company of around 40, and 12 doors. We have this, but through a legit security alarm system. They'll do all the heavy lifting (installing) and will connect you with software vendor who will link it to your active directory (or ldap if you wanna push that boulder up a hill).
|
# ¿ Dec 29, 2017 02:01 |
|
Digital_Jesus posted:Depending on the size of the MSP, a lot of business is referral based, not cold-calls, and firing a client is almost always most expensive long-term unless you're losing cash by the boatload on them. The best way to get rid of those problem clients is continue to raise your rates every 6 months until they leave and write every single CYA email you could ever possibly need on things you warned them about. People who are good with computers who want to be their own boss but horrible social\interpersonal skills.
|
# ¿ Mar 15, 2018 23:24 |
|
ApexSQL has some serious heavy hitting tools. If is a database, it's the bussness heart and must be properly cared for. https://www.apexsql.com/sql_tools_backup.aspx veeam is great for one click if you're in a VM, but not so much as physical (they're getting there!). incoherent fucked around with this message at 02:21 on Apr 3, 2018 |
# ¿ Apr 3, 2018 02:19 |
|
Potato Salad posted:PSA with some poo poo I'm reading in SMBs suddenly woke about GDPR Perhaps this might be the first non-us law implicitly followed in the US?
|
# ¿ Apr 25, 2018 18:47 |
|
Defenestrategy posted:Microsoft AV, Telling my users about links and emails they shouldn't click on, and offhandedly mention that if the boss wanted to he could look at what their surfing on the web. name\post combo incoherent fucked around with this message at 21:19 on Jun 22, 2018 |
# ¿ Jun 21, 2018 19:41 |
|
Happiness Commando posted:I vaguely recall the AWS storage gateway lets you set a local backup target (or maybe it was just giving it a large amount of local cache?) and presents itself to the OS as a virtual iSCSI tape drive that works with Veeam. It's been a while since I played with it, though. Look into it if you haven't. I opted for copy-jobs of backups to storage gateway iscsi target, and daily snapshotting those. There is nobody here who would get recovering from VTL so its best to present them the easiest methods to restore.
|
# ¿ Sep 13, 2018 00:18 |
|
Digital_Jesus posted:Not really. Most of the major vendors have brought their smb to small enterprise lines within competitive price ranges across the board for ngfw models with utm subscriptions. I deployed a full stack meraki (I was given a hog wild budget) and I'm mad I'm stuck with sonicwalls in my HQ for the foreseeable future. The features and usability is night and day and i'm not actually paying that much more.
|
# ¿ Mar 28, 2019 20:53 |
|
Thanks Ants posted:Having worked with both G Suite and Office 365 over the past ~5 years or so I am shocked at how poor the product managers at Google seem to be. Shared Drives launched two years ago and you still can't share a folder with someone. I'm also shocked how stagnate g suite has become. Sure, its cheaper but its 2019 and there are no shared mailboxes?
|
# ¿ Sep 5, 2019 05:55 |
|
Wizard of the Deep posted:You should know that it can be done and how to do it. But if there's no integrated HR backend because you're a tiny organization of dozen people, there's not much to automate. Using the GUI in that instance makes sense, because you're probably not doing it often, and the GUI can expose options you'd otherwise forget about. Next dream project is to link our cloud HR product and o365 for SSO and scripting when a user is terminated or left the org.
|
# ¿ Sep 5, 2019 20:42 |
|
I'd push for a AWS appliance onsite with iSCSI drivers for caching frequently accessed files.
|
# ¿ Sep 13, 2019 00:22 |
|
NevergirlsOFFICIAL posted:With these past couple of months of enforced work-from-home for a lot of my users I'm getting questions about if desk phones need to be considered as part of next phone system upgrade, or if we can have everyone do headsets + softphone. I never used my handset even when I wasn't WFH so to me it's a big fat duh, and the time spent on training/expectation setting is worth the investment. What do you think? Are you in M365? I'm slowly developing in my head a platform to leverage TEAMS phone support with my PBX using one of these teams friendly session border controllers. Talked to my pbx reseller and they went to the PBX company and did their own research and it should work. The reason i'm keeping the pbx in the loop is 1) juuuust bought it 2)phone recordings 3) entrenched voip phones. The added bonus is now I can buy and deploy phones like the CCX 400 that will use teams but can call people on the old phone system.
|
# ¿ May 19, 2020 18:47 |
|
Call recordings are a BIG thing in many industries. I can't do all cloud till they do this (and the time table is "eventually" which means adding more background in teams meeting tech to stay competitive with ZOOM first).
|
# ¿ May 19, 2020 19:50 |
|
The Fool posted:what happened to the tried and true robocopy + cname? Modern windows wig out at cnames. Just add the old servers name as a secondary hostname. And, replace where you can with DFS-N.
|
# ¿ Sep 24, 2020 00:23 |
|
MSP chat: Trying to help out an old boss who left to start his own company by moonlighting as cloud engineer on a VDI deploy. He's trying to take over the account of a clearly overprovisioned MSP and they're kind of being a poo poo to him as they can see the writing on the wall. I'm trying to instill in him tell this potential client "you need to tell them to direct the msp to give you XXX access to proceed". Anyone here tried to take over another MSPs job gracefully or otherwise?
|
# ¿ Aug 6, 2021 20:37 |
|
dexter6 posted:Thank you! Glad to know I’m barking up the right trees here! If you don't know about it already techsoup is your go-to place for NGO software.
|
# ¿ Dec 3, 2021 21:01 |
|
I wouldn't take away SMS for users unless we had solid alternatives, such as a yubikey and app total proficiency. SMS, for better or worse, is the trough that the horses will drink from.
|
# ¿ Dec 6, 2021 23:48 |
|
No. 1 Juicy Boi posted:Yeah, that's the situation we're in. But we also need the 14-day grace period of Security Defaults (which doesn't allow for SMS). 14 days of constant all hands emails and global-teams messages
|
# ¿ Dec 7, 2021 20:26 |
|
Internet Explorer posted:Keep in mind that plain ol' Azure AD cannot do Kerberos authentication. Joining a computer to Azure AD in the non-Hybrid way will not join it to a domain. If you only use modern apps that use SAML or equivalents, then you're good, no more domain needed for you. But if you have legacy apps that need Kerberos, then you need to look at Autopilot with Azure AD Hybrid Join. If you want to be galaxy brained, you could always put your onprem web-apps behind Azure web proxy.
|
# ¿ Dec 13, 2021 21:59 |
|
Gotta push meraki as it was a fuckin dream if you go full stack (switch, firewall\router,wifi) and never have to worry about being in person again (unless you gotta change modem hardware)
|
# ¿ Jan 6, 2022 21:31 |
|
No. 1 Juicy Boi posted:Has anyone had luck moving a print server or other infrastructure related server (badge swipe, etc.) to a colocation over dedicated VPN? Is that a supremely dumb idea? Go with a security\alarm service for your door\badges that is cloud based. They'll usually do landline\4G or dual 4G cell services to keep them highly available. Nothing wrong with deploying a ESXI box with an domain controller, print server, VM on like a R240 wall mount in this , but if you do over vpn always make sure you got a primarty and secondary on lock.
|
# ¿ Jan 10, 2022 02:23 |
|
Maneki Neko posted:For what it is https://www.activtrak.com/ was pretty boring and painless to implement. And in shocking news the same people who asked for it never seemed to ever log in and check it. seconding this (and the people who never login to look ). It's a wonderfully detailed metrics bound system that gives so MUCH useful data it sort of short-circuits the brains of managers. They check and see how long they're in SHITTY_INTERNAL_LEGACY_APP_THAT_DRIVES_REVENUE and click around a bit. Then, they end up giving up after their "feelings" aren't validated. I would, however, fight loving tooth and nail to not do screenshots.
|
# ¿ Mar 21, 2022 23:45 |
|
activtrak ran on some pretty slow hardware, regrettably.
|
# ¿ Mar 21, 2022 23:50 |
|
G workspace admins: Is there away to make gdrive sync known folders like onedrive out the box? I've looked all over and in switch operators and registry to try and make it do this. Trying not to touch every single computer as its dead simple to implement silently on onedrive through GPO.
|
# ¿ Apr 1, 2022 19:08 |
|
MustardFacial posted:This DevOps thing is killing me. What are you dev-op'in that's killing you? there are good jobs out there and it's a buyers market. dexter6 posted:I need to do a gut check here on laptop manufacturers. Are you buying all this through dell or a VAR, like greennight? incoherent fucked around with this message at 07:54 on Apr 28, 2022 |
# ¿ Apr 28, 2022 07:52 |
|
Nobody really addressed the useless jr dev op?
|
# ¿ Apr 29, 2022 00:27 |
|
MustardFacial posted:"I don't even know what TLS is or why it's important" There needs to be a bobby tables equivalent for this
|
# ¿ May 8, 2022 01:00 |
|
At work: meticulous cable management in the rack. Hyper detailed networking diagram. wifi site survey done for exact AP placement. At home: wifi router on the floor, under some clothes. 100ft premade ethernet cable for 25 ft straight line across the room. Switches frequency range to whatever streams netflixs consistently on the toilet.
|
# ¿ Aug 12, 2022 22:20 |
|
Rick posted:I talked to a sales person yesterday about Ring Central and she said it was "powered by Zoom" so I'm guessing it's still Zoom. Still might sit through a pitch though because the staff at my company chose zoom and only zoom which is a pain in the rear end (speaking of account sharing) and Ring Central at least seems to have more adaptable plans. Those sales reps are being untruthful: ringcentral is ending their zoom partnership. Hell they even went to court over it. They don't even let you download the dedicated app for meetings anymore. We've kicked everyone to the dedicated zoom app and their own logins.
|
# ¿ Aug 17, 2022 19:41 |
|
I'm a bit confused at what your looking at? Are you looking for STATIC VPN services for your infrastructure? for Microsoft Teams? What kind of infrastructure do you have right now? a business comcast line (1-5 static ip addresses) and a sonicwall will give you all the unlimited VPN service you need. incoherent fucked around with this message at 07:29 on Sep 9, 2022 |
# ¿ Sep 9, 2022 07:22 |
|
Thanks Ants posted:I’d be tempted to deploy something like Azure Virtual Desktop and a NAT gateway for this, rather than messing around with VPN. After reading the back and forth on what OP is trying to accomplish I agree fully to just get everyone into remote desktops. It looks like you need an infrastructure without an infrastructure. you can still do the VPN bullshit requirement on top of it!
|
# ¿ Sep 9, 2022 20:22 |
|
|
# ¿ May 3, 2024 05:38 |
|
Guy Axlerod posted:I'm pretty sure op is dealing with Sony playstation devkits so they probably can't virtualize this. My friend is a solo dev and complained about the static IP requirement. Then, you deffo don't want to work with split tunneling and should move the work PC\Laptop and said "proprietary hardware with hard network rules" behind something like the meraki.
|
# ¿ Sep 11, 2022 01:38 |