|
BaseballPCHiker posted:Some people have had good luck with FileMaker Pro databases which is nice and lightweight but that wont integrate with AD. FileMaker will definitely integrate with AD for user authentication, although for a small IT shop your best bang for the buck for a Help Desk solution is going to be something like SpiceWorks or Web Help Desk. It's way easier than building your own Help Desk in FileMaker (Hint: ask me how I know).
|
#
¿
Jul 11, 2015 03:49
|
|
|
|
| # ¿ May 2, 2024 23:25 |
|
|
Guy Axlerod posted:Also, we're 90% OSX, am I wrong in thinking that AD doesn't make sense for us? We're 100% Mac OS X desktops and an entire Windows backend with Active Directory. In my opinion, Mac OS X Server stopped being viable the day that Apple decided to drop an honest to god server to host it on. That, coupled with their joke of a support infrastructure for businesses, means that any day of the week I'd much rather rely on Dells running Windows server than even go near a Mac running OS X Server if I can help it. The latest Macs play perfectly well with Active Directory and there are 3rd party apps out there that unlock a lot of the extended functionality of Managed OS X computers hosted on OD.
|
|
#
¿
Jul 28, 2015 20:52
|
|
|
wwb posted:^^^ any specific products to bridge the gap? We've tried a few things and nothing has quite got the job done. Currently using Centrify to allow macs to bind to AD and then use GP's to manage computer and user-specific settings. Other than a pretty cryptic product descriptions, it works pretty well. Since it requires AD to function correctly you might want to invest in a correctly configuring AD forest first though. If you have all the time in the world, you could try Puppet Sheep posted:Just got done upgrading our HQ network to an all-Meraki setup. A word of warning about Meraki. I was testing a couple of their AP's and had everything set up all hunky dory. One day I wonder into a satellite office with my laptop to take some notes using Asana and noticed an unsucured, open wi-fi network with our SSID. Turns out that Merakis will occasionally reset themselves to factory default but not retain any of the security settings that you set up, therefore turning themselves into unsecured wireless AP's plugged directly into your LAN. Fun times. This was a couple of months ago so not sure if that's been fixed yet...
|
|
#
¿
Jul 29, 2015 05:48
|
|
|
Sheep posted:We already started deploying Meraki APs last year in some of our other locations and haven't had any issues whatsoever with them yet. Dunno what happened in your case - did you contact support about that? Yup, to be fair it was a defective unit that was for whatever reason unable to pull the proper config without rebooting, but it still was a pretty big wtf moment to somebody in charge of securing a network with sensitive medical data on it.
|
|
#
¿
Jul 29, 2015 07:00
|
|
|
wwb posted:While I'm at it, does anyone have a preferred method of making sure macs get patches -- ours are still on the honor system. AFAIK you're pretty much limited to using OS X server in some capacity to manage patches/releases for Mac OS X.
|
|
#
¿
Jul 29, 2015 07:02
|
|
|
Yes, unfortunately jamfs pricing puts it way out of range for a lot of smbs. For 50 machine deployment they wanted something like 15k for the license and configuration. Os x server is what, 100 bucks?
|
|
#
¿
Jul 29, 2015 10:01
|
|
|
Thanks Ants posted:That's a free virtual appliance. Intteerrrrrrresting
|
|
#
¿
Jul 29, 2015 19:13
|
|
|
NevergirlsOFFICIAL posted:Speaking of Macs when I join macs to the domain (just vanilla no centrify or admitmac) boots go heeeeellllla slow. When I was troubleshooting this it was talking about the workstations looking for domain controllers that no longer exist but even when I tried to specify a one specific very-physically-close domain controller, no help. I ended up having the Macs not on domain and making the users authenticate when they want to connect to network share. What version of Mac OS? We've run into a ton of problems with the loading bar taking forreeeevvveerrrrr (if at all, most of the time the computer freezes) to get to the password screen. Apparently that was a known bug in 10.10.1-3 that's sense been fixed. Although it wasn't a bug that reared its head a ton, the only solution was to reboot the machine, reset PRAM until it decided to get to the loading screen. Although to be honest a problem with slow loading only when bound to AD is likely a DNS issue... NevergirlsOFFICIAL posted:Second question, "we" now want to back up all the workstations in addition to the servers. For Windows we do folder redirs so that takes care of that, but I know Mac home folders are just trash when it comes to Windows. I don't want to get into using something like mozy/crashplan/carbonite but maybe that's the best for desktop... We use CrashPlan ProE for all of our servers & desktops. It's honestly probably not the best solution for servers because of the lack of bare metals recovery, but for desktops it is bad rear end.
|
|
#
¿
Jul 29, 2015 19:17
|
|
|
NevergirlsOFFICIAL posted:Do you find crashplan causes some undesired behavior with users (as in they just save everything on the desktop because "it's backed up")? I'm not sure why that would be considered undesired behavior, what the hell do I care where people store files on their personal computer? My users barely even know what the internet is, let alone what Crashplan ProE is. Crashplan is HIGHLY customizable in what kind of files you can tell it to back up, avoid backing up, file paths to back up, file paths to omit, backup frequency, REGEX patterns, etc. It doesn't matter where the users store their files, I can back it up if I want to or I can omit it backing up. The only thing that I avoid is the Microsoft User Data folder since all of our emails are stored on a central server anyway.
|
|
#
¿
Jul 29, 2015 22:54
|
|
|
evol262 posted:You can root through the plists to find this out. Hostname resolution early is common, but discoveryd sucks, which is probably the issue FYI upgrading to 10.10.4 removes discoveryd entirely.
|
|
#
¿
Jul 30, 2015 05:36
|
|
|
Swink posted:What I'm reading is that ADConnect is how you sync accounts, and ADFS is an optional addition that can provide SSO. Is that right? My manager is also concerned about our passwords being stored with Microsoft. (The one security issue he is hung up on) What? Those passwords are sure as poo poo not stored as plain-text and more than likely stored as irreversible one-way hashed values, so unless he's manually uploading a spreadsheet with users passwords into OneDrive then he sounds like he knows nothing about how a cloud-based service functions.
|
|
#
¿
Jul 31, 2015 00:57
|
|
|
adorai posted:Vdi only, that way the laptop is useless to steal company data. VDI's only an option with relatively robust remote internet connectivity...not saying that's the case here, but if he's working with people that are in the field (literally) VDI may not be an option.
|
|
#
¿
Aug 8, 2015 22:45
|
|
|
Can we post inane, rage-inducing jabbers here? http://imgur.com/OZeeUwG This is from somebody who uses a Mac literally 100% for their job, 5 days a week. I just can't...
|
|
#
¿
Aug 13, 2015 22:04
|
|
|
unruly posted:I can almost see this if the person isn't a power user or in IT. It's sad how few people know about Spotlight or the Applications folder in general. They just mash the buttons until it works, and I guess that works for them With the amount of Keychain issues that we have (Login Keychain and Local Items Keychain passwords becoming unsync'd (gently caress you with a cactus, Apple), opening Keychain Access should be second nature.
|
|
#
¿
Aug 13, 2015 23:39
|
|
|
unruly posted:Is there a way to resync them (if they're joined to AD, that is)? I've seen and had this issue before, but I never bothered to look for a solution. The only reliable way that I've found to re-sync them basically resets the entire keychain
|
|
#
¿
Aug 14, 2015 16:47
|
|
|
I want to find the loving Engineer in charge of programming keychain and throw him/her off a god drat cliff. In a shop that enforces password rotation, it is all but impossible to keep the login and local items keychains in sync and a guaranteed loving pain in the rear end when they get out of sync. I swear to god I have seen KeyChain assign a random loving password to the Local Items keychain before.
|
|
#
¿
Aug 24, 2015 16:53
|
|
|
Rhymenoserous posted:I simplify by just not letting people use macs. If someone insisted on a mac as a work computer I'd just sip my coffee and say "Nope." But you're supposed to empower users, not handicap them!
|
|
#
¿
Aug 24, 2015 19:38
|
|
|
I really don't get the Mac hate here. Well, I mean I understand it, but what kills me is that we're supposed to be helping end users directly here and because this is the SMALL SHOP ADMIN THREAD, that usually means having to do stuff that you wouldn't otherwise have to deal with if you had a job at a >100 person company's IT Department. For example, I loving loath Apple. I hated dealing with their smarmy, uppity piece of poo poo sales & support people and hated when their overly complicated, under-ventilated over-priced iMacs ALWAYS had a part die to heat exhaustion. I hated having to call in to their stupid, loving bullshit corporate stores and make stupid loving appointments 3 days out just so that one of their genius retards could diagnose an obviously bad hard drive and tell me it would take 3 days to fix. But then I grew a pair, went on-line, looked at how loving easier their products are to disassemble, and literally made a 4 day turnaround job a 20 minute fix. So unless you're dealing with something you literally can't repair, saying that you provide ZERO hardware support to your users in a SMALL SHOP is basically telling your end users to go gently caress themselves. /rant McDeth fucked around with this message at 17:16 on Sep 3, 2015 |
|
#
¿
Sep 3, 2015 17:09
|
|
|
SneakyFrog posted:Normally I think its because in a small shop, you actually most of the time know all of your users or at least have a good idea which ones are the utter cunts that insist that a macbook pro loaded up with boot camp running a windows application is somehow "better" than a purpose built workstation. Ah, well gently caress him/her with a pointy cactus then. I guess I'm 'fortunate' in that the company I work for is 100% Mac and therefore purchases equipment and software with the caveat that it is 100% mac compatible.
|
|
#
¿
Sep 3, 2015 17:21
|
|
|
Ah, this make much more sense now. I didn't mean to call you out specifically, but as somebody who is in the unfortunate situation of HAVING to use Macs and nothing BUT Macs for my end users, I was having PTSD remembering back to my times of having to deal directly with Apple support. I envy you because it sounds as if you have a reasonable IT Policy. Our CEO has such a hard on for Steve Jobs and all things Apple that I literally have to vet any non-Apple purchase through him to make sure that it meets with Apple's "aesthetic look and feel." The only time I convinced him not to buy Apple was after we purchased 10x 27-Inch Apple Cinema displays and within 2 years 8 of them had bricked themselves. I guess being burned to the tune of $8,000 changes the way you feel about your idol. I went out and researched monitors and came back with the Dell Ultrasharp line of monitors. They are way cheaper than Apple, have a real warranty and are generally loving awesome. The purchase was denied. Why? Because they are Dell and Dell is cheap (his opinion). What he doesn't know is that our entire back end is built on Dell servers that have been 100% loving awesome and we've never had an issue with. If that doesn't exemplify working in a small shop then I don't know what does. #ITPTSD
|
|
#
¿
Sep 3, 2015 18:40
|
|
|
SneakyFrog posted:Holy loving poo poo. It's actually really easy; I just buy Apple for literally everything. Our IT "budget" has to be at least double that of an equivalent business as a result. Fortunately we're still pretty small (<50 employees) so I don't have to spend much time dealing with Apples bullshit. McDeth fucked around with this message at 18:58 on Sep 3, 2015 |
|
#
¿
Sep 3, 2015 18:54
|
|
|
SneakyFrog posted:if you don't dress up like an apple tech support guy, start every sentence with "well.... Actually..." and wear outlandishly hip spectacles I will be very dissapointed. I would punch my own face
|
|
#
¿
Sep 3, 2015 19:25
|
|
|
LOL didn't notice the thread name change. Awesome.
|
|
#
¿
Sep 4, 2015 23:57
|
|
|
Is it a one-off case? If so, then I'd say you have the ideal solution. There's no reason to go out and spend abhorrent amounts of money on some virtualized solution or equipment for this one guy to be able to use Indesign from home. Unless you're expecting to scale out I honestly wouldn't worry about it. If so, the only real answer is GRID/Shield (somewhat joking here). On another note, the 'Mac Only' shop has invested in their first PC Laptop! Yay! Say what you will about MacBook's and Mac OS X, the crapware is non-existent, which unfortunately, cannot be said about this loving HP EliteBook. It's honestly a joke; I'm sitting here on a brand new account having done nothing other than turn the loving thing on and log in and it's using 50% CPU. What's the verdict on HP-installed bloatware? Nuke it from orbit or is it worth keeping?
|
|
#
¿
Sep 10, 2015 22:19
|
|
|
Judging from the reactions, it's time to nuke it from orbit. loving PC manufacturers....
|
|
#
¿
Sep 11, 2015 00:02
|
|
|
gently caress Keychain Access with the power of a thousand suns. How the gently caress do you just UNSYNC from Local Items randomly? No password change, no user updates, nothing has been done to this computer and yet KEYCHAIN decides that it just want to stop working so that it can loving RUIN MY GOD drat loving MORNING. If I ever find the PM in charge of Keychain I will have a hard time restraining myself from killing them.
|
|
#
¿
Sep 14, 2015 18:44
|
|
|
Swink posted:Thanks for the link. Now if you'll excuse me I'm going to "punch my own face". 
|
|
#
¿
Sep 29, 2015 00:48
|
|
|
So what is everybody's email and spam appliance/software of choice? Currently we're using Kerio Connect for email since we're an all Mac shop (no dirty MS Exchange here, lolz) and utilizing the built-in spam blocker. We're also using the built-in anti-spam and anti-malware capabilities of our Watchguard XTM505 to block incoming spam & deal with threats. Recently the amount of spam that has been making it past the mail server & firewall have reached epic proportions, especially to a couple of our c-level users who have had their email accounts for more than 15 years. I was looking at a Watchguard spam blocker appliance but apparently they are going EOL with no intention of selling a replacement product, so that leaves me up poop creek without a paddle. Bonus points of it does PGP Email encryption.
|
|
#
¿
Oct 7, 2015 19:42
|
|
|
I use Watchguard (XTM505, XTM503, and XTM25) and manage 3 remote site's with interconnected with BOVPNs as well as remote users using SSL VPN's and utilizing 2-factor authentication. Their SSL VPN product has all the major OS's covered and is a breeze to manage. If you're managing a single site, then the web-based configuration is probably your best best. It's pretty easy to set up and manage a Watchguard device and all of the additional services that they offer with UTM. If you're managing multiple sites, then their Watchguard System Manager product (centralized server management) is free and extremely powerful. It can be kind of a pain to get configured correctly but once everything is set up, managing remote tunnels is a breeze and making configuration changes is SUPER easy. I will say that their product has seen many improvements since we started using them about 5 years ago, and it was honestly sometimes a struggle to get where we are now. They had a LOT of undocumented bugs that did all kinds of weird poo poo, but with their latest release they've come a long way in squashing those bugs & add badly needed features (DHCP server with no options? What is this, amateur hour? They only just recently added this...). One aspect of WatchGuard I don't often hear mentioned is their Dimensions server. Again, I believe that this is a free download (I could be wrong, I know we're below the user count required to have a license for WSM) but this is their user-management and centralized logging service. You can set up an SSO agent on all of your clients and have full web-based reporting on a user-by-user basis, full access controls for web content filtering, etc. It's really powerful if you configure it correctly. Their website is chalk full of tech docs and How-To's that are pretty well written. As far as WatchGuard support, my biggest complaint is that you're stuck behind Tier 0 ticket takers if you call in and the web portal is a little cumbersome to fill out all of the details that are required. All in all it's not a bad service, and generally I'm on the phone with an honest to god tech within a few hours for non-critical emergencies and within an hour for 'poo poo has hit the fan' emergencies. They do offer a higher level of support than what we subscribe to if you're really worried about that sort of thing. Having come from a Cisco IOS device and a SonicWall before that, I'd choose WatchGuard any day of the week. Edit: loving hell Network Solutions website is poo poo. Why I have to hit commit 20 times to get DNS changes to actually stick is beyond me. McDeth fucked around with this message at 21:37 on Oct 12, 2015 |
|
#
¿
Oct 12, 2015 19:15
|
|
|
Eikre posted:I wanna get my windows domain, special snowflake macs (which are picking up a deeper user share with every hiring cycle), and my e-mailboxes all under the same account directory. One username for it all, and just one password, with a mandated change every X months. Right now it's bedlam, I have to keep a local admin account on half these machines, and show up in person with a tablet running SSH or a Ctr/Alt/Del session so that the user can manually change their passwords for email or the file servers. We run entirely windows server backend and all Macs for users. Active Directory + Centrify Suite for user management is a god send if you need to have GPO's to control what users do and don't have access to on their laptops/desktops. That being said, it still doesn't really offer 'true' MDM in the sense that you can entirely segregate a users profile to their own little special snowflake island, but it's a good compromise between flexibility and allowing Mac OS X users to have admin access without granting them FULL access to every aspect of hardware. If you're stuck in a BYOD environment I pity you because I have yet to run across a SaaS that's tolerable. It's worth noting I haven't really looked for one for a few years, so YMMV. Also, it doesn't do much to solve the horrendous keychain issues and password sync problems that Apple refuses to fix (at this point I find it hard to believe it's not a capability issue). Basically when a user changes their login password in Mac OS X, your best best is to just entirely reset the keychain back to defaults. If you're using custom SSL certs or anything like that  JBark posted:You only need to do it once, it's just not displayed because of the way their DNS page queries your records. I think the changes are saved to some sort of staging server, so if you reload the DNS setup page right after making a change, it will query the actual servers and not show the changes. Just have to give it a couple minutes and it should show up then. Originally I thought that, but completely logging out and logging back into the DNS page still shows no changes. I think it's just their poo poo software. So going back to the whole SaaS Spam blocking post I made a while back. I'm currently 3 days into a trial with AppRiver and holy jesus, the amount of spam we're getting now has to be easily reduced by 95%. Unfortunately it appears that the 5% of spammers are actually bypassing our MX Records and delivering spam directly to the mailserver. AppRiver says that the only way to counter this is to completely block all traffic to the mailserver and put specific exceptions into our firewall to allow only AppRiver mail delivery services to connect. Unfortunately they must never have heard of mobile users. :/ McDeth fucked around with this message at 19:01 on Oct 14, 2015 |
|
#
¿
Oct 14, 2015 18:56
|
|
|
So apparently the newest version of Mac OS X El Crapitan completely breaks Cord, the only decent VNC/RDC app that I've seen for Mac OS X. (If you think that Remote Desktop that comes with Office 2011 or whatever is decent then plz kill yourself immediately.) I have been looking at alternatives to Cord but unfortunately I cannot find any decent free alternatives, so I have started to entertain using Remote Desktop Connection Manager on a VM running Windows 8. I'm completely unfamiliar with RDCM, so I'm hoping that somebody here can point me in the right direction. I can set up servers and connect to them if I manually specify the IP address and username of an admin account with access to RDC, but I assume that there is a way to auto-discover computers allowing connections to RDC? How would I do that?
|
|
#
¿
Oct 28, 2015 18:49
|
|
|
NevergirlsOFFICIAL posted:Why not use the Microsoft Remote Desktop app for Mac (not the one that comes with 2011 but the one with the red box)? Works fine. For VNC I just use the built-in VNC in Finder but I never use VNC so. Actually, I take it back. I guess I haven't used Remote Desktop Connection for a while and so far the only thing I dislike about it is that there's no 'dashboard' view to let you see all of the remote desktops you've connected to.
|
|
#
¿
Oct 28, 2015 22:28
|
|
|
In non-face punching news, we signed up for AppRiver today after a successful month-long trial. See if you can spot where our MX records were successfully transitioned. In related, completely loving believable news, the CEO (a Tech-allergic individual if I've ever seen one) has congratulated me on singlehandedly stopping the Spam menace after finally getting off my lazy rear end. Sure, just ignore the fact that I've actively been working on this for 6 months using firewall and RBL rules you gently caress. Note: Somebody has already done it better and for significantly cheaper & less manpower. Stop trying to re-invent the wheel.
|
|
#
¿
Nov 9, 2015 22:56
|
|
|
Thanks Ants posted:Yes, small company director, the servers and network equipment do have to live somewhere where the temperature and humidity can be maintained at a vaguely constant level. And for maintenance reasons it's probably easier to put them in the sorts of cabinets designed for the task rather than just stacking it all up in a corner. I can beat this. During a growth phase our company purchased and built out a brand new office for the tune of about $150,000. Part of the buildout included a nice server room for a growing company. Unfortunately for him, the CEO saw all the extra space in the server room and decided that he would halve the size of the server room and instead install wine racks to store his personal wine collection. Of course I immediately told him how lovely of an idea this was. But, being a CEO, listening to the IT person was not high on his list of priorities. A year and a half later the AC died in the server room and he lost about $100,000 of his own personal wine collection because it decided to die on a Saturday morning when I was out of town without cell reception. I still titter about that incident to this day.
|
|
#
¿
Nov 20, 2015 10:29
|
|
|
When we decided to shutter one of our offices in Denver, TW Telecom (Now Level3 Communications) worked with us to roll the ETF (Early Termination Fee's) of the contract into the MRC of our other existing offices. We signed the new contract and I didn't really think too much of it. Fast forward a year and a half and for some reason I actually open one of their bills. I quickly see that they are still charging us the MRC for the office we shut down, and looking back through the last year and a half of bills it looks like they never actually stopped charging us. 3 unreturned phone calls to our rep and I escalated it to their internal billing team. That was a month and a half ago and we still haven't resolved it. The nice part is that we likely have 20G's coming our way in the form of a fat check. See Rule #1 of IT: The Telco is trying to gently caress you
|
|
#
¿
Dec 7, 2015 20:46
|
|
|
stevewm posted:Comcast did exactly this to us... The building did not have an existing cable, however the line already ran down the road in front of the building and was on the correct side. After we signed the contract, they suddenly said it would take much longer to get it installed. No reason was given, they grumbled something about permits possibly being an issue, but where not sure why. Exactly what permit they would need to string a line from a pole already on our property to the building only 400ft away I have no idea... You don't live in Fresno by any chance, do you? Because this is exactly what happened to one of our tenants, lol. And I mean that literally...
|
|
#
¿
Dec 7, 2015 23:12
|
|
|
My retirement plan is set guys
|
|
#
¿
Dec 8, 2015 23:03
|
|
|
Is anybody aware of any alternatives to ExtremeZ-IP/Acronis Access Connect? I am completely fed up with companies that do all they can do hide access to support phone numbers that lead to a real person. When an entire companies fileserver is down and your loving poo poo rear end of a gently caress up company hides support behind public forums, free indian web help, and a website that refuses to register our product so we can actually GET the support we loving paid for, I'm done. gently caress you Acronis. gently caress you in your dildo filled, piece of poo poo rear end. Edit: Also, the only other document management alternative that I'd readily familiar with for Mac is Docmoto. If you've never heard of them, do yourself a favor and bust out your Gucci watch and hop in your Ferrari to your date with Paris Hilton, because at the prices they're asking, you're the type of person that can afford it (30k a year for 50 users, billed yearly.  )
McDeth fucked around with this message at 17:04 on Jan 19, 2016 |
|
#
¿
Jan 19, 2016 16:09
|
|
|
MrMoo posted:Acronis the backup company? One would imagine an endless amount of crazy shouting people trying to reach them demanding support for restores. I wonder how many times they are threatened with law suits? The one and the same. Unfortunately the company that actually coded ExtremeZ-IP was bought out by Acronis about 2 or 3 years ago. What was then a pretty good product with really good support has gradually gone down to the point that the only person you can actually reach is an condescending Indian person that tells you because you have Access Connect you need to call a different phone number that just so happens to only accept voicemails. Going on 8 hours and no call back to that voicemail :notsuprisedatall: gently caress Acronis with a sharp AIDS filled knife. MrMoo posted:The alternative to that product appears to be OS X 10.9 or newer and SMB 2/3. That product only appears to fix SMB 1 being rear end, you can still get missing files with AFP and the performance is worse than SMB for a long time. Implemented a Spotlight server is pretty cool though, all the OS vendors don't put much effort into improving network searching: I think Microsoft added it with Windows Search 4, Gnome people did have it with Beagle but then dropped it and concentrates on local-only domain. I guess people just waive their hand and say use a DMS. The problem with OS X Filesharing (at least the last time I used it), was that while their spotlight search worked loving great, their resource forking was horribly, HORRIBLY broken.
|
|
#
¿
Jan 19, 2016 23:14
|
|
|
|
| # ¿ May 2, 2024 23:25 |
|
|
Segmentation Fault posted:lmao acronis We use CrashPlan ProE set up in a hybrid environment. Works AWESOME for desktop backups, continuous server, and offsite server backups, but the DL speed makes me fearful of that day when we have to perform a disaster recovery from the Cloud. Unfortunately it doesn't support bare metal recovery so it's likely not the best alternative to image-based recovery. The pricing is really convenience too. One license per user. They have no problem if you cram all your devices into a single 'Administrator' user.
|
|
#
¿
Jan 19, 2016 23:44
|
|