Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
 
  • Post
  • Reply
skipdogg
Nov 29, 2004
Resident SRT-4 Expert

We have a Teamviewer license that is good for 3 concurrent users, which is enough for us. It's bought out of the UK, I think it runs 1700 pounds a year. I like it, but we rarely use it tbh.

Adbot
ADBOT LOVES YOU

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

We will use it quite a bit. I don't really want to switch, I'd be happy with just having leverage to get LogMeIn to either lower their price or give us say, 150 users (we won't go near that really)

Zero VGS
Aug 16, 2002
ASK ME ABOUT HOW HUMAN LIVES THAT MADE VIDEO GAME CONTROLLERS ARE WORTH MORE
Lipstick Apathy

Bob Morales posted:

Can we talk about remote assist apps again?

We're using LogMeIn which is great, it let's us not only do remote control but some scripting and stuff, open command prompts remotely and such.

But they are loving us on pricing. They want to license it per user so for 100 users it's over $3,200 a year.

I'm getting a demo of Teamviewer this week, I've used it a bit before and they offer unlimited users for like $2,800. Also have a demo of GoToAssist coming.

We're almost all Windows with 2 Macs, and we have 3 admin users (2 of which will actually use it)

Do you only need to log in to your own computers? You could buy 256 seats of LogMeIn Hamachi for $119 a year to have a zero-config VPN set up on all those PCs. Then you can install something free like TightVNC onto every PC or use Remote Desktop Connection.

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

Zero VGS posted:

Do you only need to log in to your own computers? You could buy 256 seats of LogMeIn Hamachi for $119 a year to have a zero-config VPN set up on all those PCs. Then you can install something free like TightVNC onto every PC or use Remote Desktop Connection.

75 or so machines on our LAN, 5 at another location (connected full time by VPN), and handful of laptops who are who knows where.

Erwin
Feb 17, 2006

Bob Morales posted:

75 or so machines on our LAN, 5 at another location (connected full time by VPN), and handful of laptops who are who knows where.

Why not use msra.exe? The built-in tool with the worst file name. Won't help with the laptops though, unless they're connected via VPN.

stubblyhead
Sep 13, 2007

That is treason, Johnny!

Fun Shoe
What's wrong with join.me? I've only used it a few times, but it seemed OK to me.

Gucci Loafers
May 20, 2006

Ask yourself, do you really want to talk to pair of really nice gaudy shoes?


I love join.me, so utterly simple... but I still have Microsoft Easy Assist Nightmares :smith:

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

stubblyhead posted:

What's wrong with join.me? I've only used it a few times, but it seemed OK to me.

Because I don't want to have to walk through getting on the website and have someone read me a meeting ID. And then it locks you down pretty well when you try to go to a website to download a driver or whatever.

I want a big list of computers just like we have where I can get on any of them in one click.

GreenNight
Feb 19, 2006
Turning the light on the darkest places, you and I know we got to face this now. We got to face this now.

Bob Morales posted:

I want a big list of computers just like we have where I can get on any of them in one click.

Teamviewer does that.

Super Slash
Feb 20, 2006

You rang ?
I'm not sure how its set up in a business environment; but having Teamviewer running in the background on my PC's and my families at the other end of the country are all just a double click away from complete control, there's even a mobile app.

Now back to Monday and investigating mystery bloated outlook profiles, I asked our support for advice about infrastructure expansion to cope when poo poo gets overloaded like this as well as general expansion; they gave a Recommendation for additional server hardware. Awwww yeah shiny new expensive tech, can't wait to drop that on management :madmax:

adorai
Nov 2, 2002

10/27/04 Never forget
Grimey Drawer
Ever tried dameware? I have found it to be between sccm and vnc in terms of usefulness.

GreenNight
Feb 19, 2006
Turning the light on the darkest places, you and I know we got to face this now. We got to face this now.

adorai posted:

Ever tried dameware? I have found it to be between sccm and vnc in terms of usefulness.

I think Dameware is internal only, so basically worthless for outside workers unless they are connected to VPN.

Thanks Ants
May 21, 2004

#essereFerrari


TeamViewer with its per-concurrent-helper licensing seems to be what you want here. We use it and have very little to complain about.

SEKCobra
Feb 28, 2011

Hi
:saddowns: Don't look at my site :saddowns:
I love the fact that remote desktop had to be changed here so someone has to approve connections, but office IT who manage the primary rdp software just changed it for their accounts. They are basically violating the agreement several hundred times a day.
Our department still has to get user approval if connecting through it.

adorai
Nov 2, 2002

10/27/04 Never forget
Grimey Drawer

GreenNight posted:

I think Dameware is internal only, so basically worthless for outside workers unless they are connected to VPN.
He said he only has a handful of those laptops, it would be much cheaper to get an alternative software just for those devices with say, one concurrent license, and use something much less expensive for the bulk of the PCs connected to his LAN.

BaseballPCHiker
Jan 16, 2006

I have been fighting getting some form of ms updates rolled out on a regular basis at this place. Currently WSUS is turned off completely. No computers receive updates unless they get a virus or something and are brought in for a re-image at which point the help desk team installs all of the latest updates. So using SCCM I create a nice overly cautious (in my opinion) update schedule in which we wait two weeks then get any new updates which are applied to a test group of pc's in the IT dept. If those are fine they get rolled out to another test group of volunteers representing a person in each department. The idea being if that group after an additional two weeks of testing is fine they get rolled out company wide. This has been shot down and delayed again and again. Our ERP team is afraid of any updates breaking their lovely software. Never mind the fact that I'm not touching any of their servers and some pc's are getting updated anyway. I understand being cautious but this just seems asinine.

skipdogg
Nov 29, 2004
Resident SRT-4 Expert

You need buy in from someone higher up the org. A project we did last year got some departmental push back, but when they found out it was coming from the C-Level folks, it died down completely. That way if folks push back, you direct them to super important scary person and they leave you alone.

DrAlexanderTobacco
Jun 11, 2012

Help me find my true dharma
To build on that, do you have any example tickets that caused a lot of moaning within the company?

It could be something as small as Outlook 2010 not loading additional mailboxes correctly (requiring a service pack for Office). The alternative was to disable automapping for each mailbox (Specific to the user, too); when you add up the time it could take to do that, and offset it against how simple it is to roll out updates, the beancounters might get behind you as well.

Docjowles
Apr 9, 2009

Or even just "what would the business implications be if our executives all got trojans on their PC's and all of their communications, credentials and documents were transmitted to a competitor/some random Russian/a foreign government/etc". If you can't make even that case to them then it's probably time to YOTJ because you're working for complete morons.

It also sounds like you're in a fairly large org. Are you subject to any regulations or compliance requirements? Having a bunch of unpatched machines connecting to the Internet should have you failing audits within 0.0001 seconds.

Che Delilas
Nov 23, 2009
FREE TIBET WEED
"Updates help prevent things like Shellshock."

Judging by some of the panic reactions of executives that some people in here wrote about, that might be all you have to say.

lampey
Mar 27, 2012

We use Bomgar for workstations. We have two appliances in different time zones for redundancy. The extra tools and overall performance are better than any of the alternatives for things like getting system info or transferring files. Things like rebooting into safe mode work great without disconnecting the client. It has automatic recording of all the remote sessions so you can bring one up to review. The support is great too. On the two occasions I had a problem with it they were quick to respond and knowledgeable. I think we pay for up to 16 concurrent users, two appliances. Also it supports Windows, Mac, IOS(view only) Android, (view only) and Samsung Android fully. We have 'jump' points and pinned sessions setup on some computers where we need unattended access like pos terminals.

Nable is used for servers and Meraki for managing software on most of the iPads. Nable's direct connect for workstations is ok, but its much slower and requires some extra browser plugins that can be difficult if you are working remotely.

How is the android support on the other tools?

EoRaptor
Sep 13, 2003



Bob Morales posted:

Because I don't want to have to walk through getting on the website and have someone read me a meeting ID. And then it locks you down pretty well when you try to go to a website to download a driver or whatever.

I want a big list of computers just like we have where I can get on any of them in one click.

Logmein Central does that, supports unlimited computers, and is only $250 U.S. per year per operator (last time I checked).

You don't get all the client side niceties (whiteboards, for instance) on the free client, but it works, and lets you do privilege elevation for installs and stuff.

LMI produces pre-packaged MSI's that self-configure, you just need to get them installed on your own, they don't offer any push ability.

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

EoRaptor posted:

Logmein Central does that, supports unlimited computers, and is only $250 U.S. per year per operator (last time I checked).
101-250 users is $499

We use LogMeIn now. But we have everyone configured as a Pro host which costs extra, we do some special things with the rest of them.

EoRaptor
Sep 13, 2003



Bob Morales posted:

101-250 users is $499

We use LogMeIn now. But we have everyone configured as a Pro host which costs extra, we do some special things with the rest of them.

You don't need the pro, which is where all your money is going. I only have 5 pro licenses for some of my really remote users, but free works for my other ~60 users.

I was also sure the free client was unlimited for LMI Central, but I only have about 60 machines, so maybe there is another tier they don't talk about until you get there.

Bob Morales
Aug 18, 2006


Just wear the fucking mask, Bob

I don't care how many people I probably infected with COVID-19 while refusing to wear a mask, my comfort is far more important than the health and safety of everyone around me!

EoRaptor posted:

You don't need the pro, which is where all your money is going. I only have 5 pro licenses for some of my really remote users, but free works for my other ~60 users.
I said twice that we are doing scripting and other stuff with LogMeIn, which is why we have Pro.

Vulture Culture
Jul 14, 2003

I was never enjoying it. I only eat it for the nutrients.

Che Delilas posted:

"Updates help prevent things like Shellshock."

Judging by some of the panic reactions of executives that some people in here wrote about, that might be all you have to say.
Cryptolocker.

Lil Miss Clackamas
Jan 25, 2013

ich habe aids
Does anyone have any tips + tricks and best practices for implementing automated patch management (WSUS)? Right now we do patches manually after hours, which means RDP'ing into each machine and running Windows update. This can take, with two people doing the work, 3-4 hours on patch nights. We had some layoffs in our department and this means I'll be the sole person doing the patching, and I'd rather be at home smoking weed than screwing around with patches.

I'm reading Microsoft's official documentation on it, so I'm looking for experiential protips/warnings if anyone has some to spare.

KennyTheFish
Jan 13, 2004

Chalets the Baka posted:

Does anyone have any tips + tricks and best practices for implementing automated patch management (WSUS)? Right now we do patches manually after hours, which means RDP'ing into each machine and running Windows update. This can take, with two people doing the work, 3-4 hours on patch nights. We had some layoffs in our department and this means I'll be the sole person doing the patching, and I'd rather be at home smoking weed than screwing around with patches.

I'm reading Microsoft's official documentation on it, so I'm looking for experiential protips/warnings if anyone has some to spare.

It is very very simple. install WSUS, set GPO so machines talk to Wsus. approve patches. Smoke weed.

adorai
Nov 2, 2002

10/27/04 Never forget
Grimey Drawer

KennyTheFish posted:

It is very very simple. install WSUS, set GPO so machines talk to Wsus. approve patches. Smoke weed.
Pretty much this. We have 200+ servers and 1000+ desktops and we just check wsus every few months for machines that need manual intervention, which we do during normal business hours. No reason to interrupt your weed smoking time.

Lil Miss Clackamas
Jan 25, 2013

ich habe aids
Thank God. My boss was saying we wouldn't have enough team members/time to implement it, but I figured there was no way it could be that involved. I'm gonna get this done ASAP and hopefully make everyone happy in the process.

RadicalR
Jan 20, 2008

"Businessmen are the symbol of a free society
---
the symbol of America."
We had someone get CryptoWall 2.0 today. I don't think I've ever pulled a laptop off the network faster than I did today. I couldn't remember if that was the one that spread through networks or not, but I wasn't about to take any chances.

Alerted the security team and so far, so good.

Edit: Dammmmn. They've really gotten nasty now.

RadicalR fucked around with this message at 00:44 on Oct 16, 2014

along the way
Jan 18, 2009
WSUS is dead easy to implement. Might want to setup a small test group too so you can roll out the updates to them first before approving them for the whole office. Not fun coming into work realizing an overnight update caused every other client PC to not boot/do weird poo poo.

Maneki Neko
Oct 27, 2000

RadicalR posted:

We had someone get CryptoWall 2.0 today. I don't think I've ever pulled a laptop off the network faster than I did today. I couldn't remember if that was the one that spread through networks or not, but I wasn't about to take any chances.

Alerted the security team and so far, so good.

Edit: Dammmmn. They've really gotten nasty now.

Yeah, we've had a few prospective clients gets hit by some of the newer variants. FUN TIMES>

Bloodborne
Sep 24, 2008

KennyTheFish posted:

It is very very simple. install WSUS, set GPO so machines talk to Wsus. approve patches. Smoke weed.

Dark Helmut
Jul 24, 2004

All growns up

Every day?!

Gucci Loafers
May 20, 2006

Ask yourself, do you really want to talk to pair of really nice gaudy shoes?


Dark Helmut posted:

Every day?!

420.

Alfajor
Jun 10, 2005

The delicious snack cake.
Pretty much.

supersteve
Jan 16, 2007

Atari Bigby - UNIVERSITY OF JAH RASTAFARI
Has to be pretty common in IT, right?

Swink
Apr 18, 2006
Left Side <--- Many Whelps

Chalets the Baka posted:

Right now we do patches manually after hours, which means RDP'ing into each machine and running Windows update.

Lol holy god.

Set up wsus and keep logging the extra hours.

Adbot
ADBOT LOVES YOU

Gucci Loafers
May 20, 2006

Ask yourself, do you really want to talk to pair of really nice gaudy shoes?


For organizations that don't deploy windows updates to desktops immediately after release, how do you keep the latest security threat out?

  • 1
  • 2
  • 3
  • 4
  • 5
  • Post
  • Reply