|
orange sky posted:Would you guys like me to create an Azure megathread? As far as I can see there's none and it's really going up on demand from what I can see, all our clients are asking about it. I'm not sure if an Azure specific thread would live very long, but a general cloud thread that covers services like Azure, AWS, vCloud Air, or any other IaaS service could be interesting. We're looking at moving a few things up to vCloud Air or Azure. Azure will probably win out. Our engineering team loves using AWS for build and load testing for one of our software offerings. They can throw up 40 or 50 servers, do their testing for a couple hours, and turn them off, and it's a lot cheaper than buying a rack of servers that gets used a few hours a week.
|
#
?
Oct 30, 2014 16:53
|
|
|
|
| # ? Apr 25, 2024 13:44 |
|
|
Thanks Ants posted:That's a lot more poo poo than "a DC in Azure as DR". I'm not surprised it's costing you a more. For reference the DC that I have running has transferred 150MB in, 75MB out over the past 3 weeks. We ran the DC 24/7 for 2 months to make sure we weren't going to have any surprises. It was clocking in at just over $100/month each month. I haven't looked recently but I know that it's worth the up-time on ADFS to have it in Azure so we're paying for it to be there while the rest of our Infrastructure is in our office (no literally.. a rack IN the office). That consists of a couple physical servers, a couple shelves of ISCSI storage and 115 VMs running on 5 physical hyper-v hosts. It works for us but its certainly not ideal.
|
|
#
?
Oct 30, 2014 17:46
|
|
|
Tab8715 posted:It depends, I believe you, it's just weird that the price would scale so badly. There's no reason I can't build the DC on Azure during the one month trial, and if it winds up being too expensive in a few months, migrate it to a local Hyper-V box and buy the right 2012 Server license, right?
|
|
#
?
Oct 30, 2014 19:26
|
|
|
Zero VGS posted:I believe you, it's just weird that the price would scale so badly. Welcome the
|
|
#
?
Oct 30, 2014 20:48
|
|
|
The cloud is great but there's always going to be a crossover point where you're better off doing it on-premise, everything else being equal. If you're buying hardware, paying for infrastructure, building work, electrical work, and then keeping it all at least in a hardware warranty then the crossover is probably quite a long way out.
|
|
#
?
Oct 30, 2014 20:57
|
|
|
I would be interested in an enterprise cloud thread. I've always been curious about the cost benefits and whatnot when comparing in-house to cloud within a small business environment. Being in healthcare, in-house solutions are the primary go-to solution. There are certain products and vendors who utilize the cloud and proclaim HIPAA compliance, but those are just applications and not actual server solutions for the most part.
|
|
#
?
Oct 31, 2014 03:12
|
|
|
Well its happening, I'm probably going to be deploying win Win 8.1 machines. I have pretty much ignored everything to do with 8 as far as management goes. Can anyone provide guidance on how they deal with the app store, and the microsoft account thats required? The MS marketing blurb mentions "syncronising domain settings with your PC at home". What does that mean exactly? Are the users supposed to create thier own MS accounts? Should I just block access to the app store all together? Cloudchat: Azure just rolled out in Australia. I am not averse to running some services from it, especially as our staff are working more and more out of the office.
|
|
#
?
Oct 31, 2014 05:02
|
|
|
Swink posted:I'm probably going to be deploying win Win 8.1 machines. Can you not convince your management to hold off until Windows 10?
|
|
#
?
Oct 31, 2014 05:04
|
|
|
Do any real enterprise applications run, offically supported and not look out of place on Windows 8.1?
|
|
#
?
Oct 31, 2014 05:07
|
|
|
It's going to be a bunch of surface tablets. It's happening so all I can do is accept it. Win8 takes virtually the same GPO settings as 7. I just don't know how to handle the whole Microsoft account stuff.
|
|
#
?
Oct 31, 2014 05:16
|
|
|
If they're domain joined then the MS account thing won't be an issue. I have a few I've deployed lately and they ask for domain credentials just like any other version of Windows.
|
|
#
?
Oct 31, 2014 06:48
|
|
|
Number19 posted:If they're domain joined then the MS account thing won't be an issue. I have a few I've deployed lately and they ask for domain credentials just like any other version of Windows. As soon as I install an app from the store I get this prompt: http://blogs.technet.com/resized-im...Mail_2D00_1.JPG Should I just leave it to my users to just figure this out? I'm leaning toward just disabling access to the store.
|
|
#
?
Oct 31, 2014 07:19
|
|
|
Swink posted:I'm leaning toward just disabling access to the store. Do that. Leave app store access until Windows 10.
|
|
#
?
Oct 31, 2014 10:12
|
|
|
Thanks Ants posted:Do that. Leave app store access until Windows 10. Answer right here. Removes any need for a Microsoft account and you probably don't want your users to be able to install apps from it anyway. Feel free to leave it on for yourself, I love me some Pyramid.
|
|
#
?
Oct 31, 2014 12:37
|
|
|
I've been doing IT for nearly a decade and just noticed today that the Windows 7 Firewall disables ICMP by default, why? I totally get that it's a potential security risk but your workstations aren't going to be accessible from the WAN not to mention you've probably got a security appliance in the mix - why? As an administrator, not being able to ping a potential endpoint is job essential.
|
|
#
?
Oct 31, 2014 19:48
|
|
|
Tab8715 posted:I've been doing IT for nearly a decade and just noticed today that the Windows 7 Firewall disables ICMP by default, why? Threats will come from the inside too, it's safer just to leave disabled. There are other ways to check if a workstation is responsive.
|
|
#
?
Oct 31, 2014 19:50
|
|
|
Setup a GPO to either turn off the firewall, or allow the services you want.
|
|
#
?
Oct 31, 2014 20:26
|
|
|
Tab8715 posted:I've been doing IT for nearly a decade and just noticed today that the Windows 7 Firewall disables ICMP by default, why? Because Windows admins make for terrible network admins and the people behind this decision got owned by the ping of death.
|
|
#
?
Oct 31, 2014 20:32
|
|
|
PUBLIC TOILET posted:I would be interested in an enterprise cloud thread. I've always been curious about the cost benefits and whatnot when comparing in-house to cloud within a small business environment. Being in healthcare, in-house solutions are the primary go-to solution. There are certain products and vendors who utilize the cloud and proclaim HIPAA compliance, but those are just applications and not actual server solutions for the most part. I'm on the general cloud thread bandwagon, too. Restricting it to just Azure (or any one vendor) would probably be too niche and lead to the thread dying off. Like how once a year a new Puppet thread pops up and then immediately gets archived after 5 posts. I don't have time to effortpost an OP but I could contribute some ask/tell info on running KVM-on-OpenStack in production.
|
|
#
?
Oct 31, 2014 21:15
|
|
|
Its been that way since XP SP2. There is a GPO setting for ICMP to make it easy to turn back on.
|
|
#
?
Oct 31, 2014 23:28
|
|
|
re: Cloudchat, I don't think it is necessary for a new thread - cloudstuff is Enterprise now more often than not, and this is A Good Enterprise thread. gently caress Symantec ya'll.
|
|
#
?
Oct 31, 2014 23:46
|
|
|
Gyshall posted:gently caress Symantec ya'll. Agreed in every area. I will say that I prefer Management Platform to SCCM though, way more flexible and powerful...also harder to use as a result.
|
|
#
?
Nov 1, 2014 01:31
|
|
|
Yeah I did get pretty good support with them after a few hours on the phone today for a 2012 backup exec install. Had to complain to be escalated to someone who was competent enough to not just restart services, etc. I need a good solution for shared task lists that are accessible in Outlook. I need a team of 3-4 managers to be able to assign tasks, and for a team of 8-10 people to be able to edit and update the tasks. All members (managers and team members) need to be able to view all tasks (progress, etc.) Is sharepoint what I want for this?
|
|
#
?
Nov 1, 2014 01:41
|
|
|
Gyshall posted:re: Cloudchat, I don't think it is necessary for a new thread - cloudstuff is Enterprise now more often than not, and this is A Good Enterprise thread. Breaking news: ~~the cloud~~ is used outside of Enterprises and often has absolutely nothing to do with Windows. And probably most Enterprise Windows admins couldn't care less about about Amazon or Google Compute Engine or OpenStack. There's overlap but it seems weird to discuss the vagaries of AWS API's or configuring Neutron networking or whatever in the Enterprise Windows Megathread. I guess it comes down to whether the thread is about "hey should I use the cloud for stuff" or "give me the nuts and bolts of how to make my cloud work". The former could certainly be discussed here. However, we can ALL come together on the topic of loving Symantec forever 
|
|
#
?
Nov 1, 2014 04:09
|
|
|
Like a few days before I showed up to this job, my boss bought a few hundred seats of the Symantec cloud antivirus. I'm like holy poo poo is it too late to return it? I guess it's okay because as of this writing everyone has local admin privs so I get reports when they try to self-install poo poo, but once I put everything on a domain, I feel like Windows Defender and a software whitelist would be more than plenty and I could live without the centralized reporting. Or is Windows Defender in a legal grey area to use at the enterprise level? I remember the EULA for Security Essentials said you could use it for small businesses of like ten or less or something and you'd need Forefront for more people, but Windows Defender is already installed in stock Windows Pro and isn't a separate download so common sense would imply I can leave it on all the laptops. Or is this going to be another case of Microsoft logic?
|
|
#
?
Nov 1, 2014 20:47
|
|
|
If everyone has local admin then what antivirus you are using is the least of the major things that need to be fixed.
|
|
#
?
Nov 1, 2014 21:34
|
|
|
Shrug, everyone at my job has local admin as well. We just have a good web filter and spam appliance. Rarely if ever get infected and it's typically easily cleaned.
|
|
#
?
Nov 1, 2014 21:36
|
|
|
Zero VGS posted:Like a few days before I showed up to this job, my boss bought a few hundred seats of the Symantec cloud antivirus. I'm like holy poo poo is it too late to return it? I guess it's okay because as of this writing everyone has local admin privs so I get reports when they try to self-install poo poo, but once I put everything on a domain, I feel like Windows Defender and a software whitelist would be more than plenty and I could live without the centralized reporting. They rebranded Forefront Endpoint Security to the System Center family. Since Windows Defender is now built into Windows you don't have a limitation on the amount of installs you can have, unlike MSE that was a separate package. System Center Endpoint Security and System Center Configuration Manager are the business/enterprise tools for centralized management of the antivirus.
|
|
#
?
Nov 2, 2014 00:27
|
|
|
GreenNight posted:Shrug, everyone at my job has local admin as well. We just have a good web filter and spam appliance. Rarely if ever get infected and it's typically easily cleaned. I dunno, any dipshit could bring in a thumbdrive (or charge an iPod that mounts with autoplay) and spread conficker across all your network shares, or something equally bad. I had that actually happen at a previous job that insisted we use "CA ETrust", probably the most worthless antivirus program ever. You are running some decent antivirus right? Da Mott Man posted:They rebranded Forefront Endpoint Security to the System Center family. Since Windows Defender is now built into Windows you don't have a limitation on the amount of installs you can have, unlike MSE that was a separate package. System Center Endpoint Security and System Center Configuration Manager are the business/enterprise tools for centralized management of the antivirus. Thanks, that's good to know. I'm surprised there's not more third-party scripts to gather Windows Defender logs from all the PCs on a domain and alert the admins, that'd pretty much render paid antivirus stuff obsolete. Zero VGS fucked around with this message at 00:36 on Nov 2, 2014 |
|
#
?
Nov 2, 2014 00:34
|
|
|
Please tell me at the very least that people are not logged in interactively with admin accounts, and they just use a separate admin account to elevate rights only when required.
|
|
#
?
Nov 2, 2014 00:36
|
|
|
CLAM DOWN posted:Please tell me at the very least that people are not logged in interactively with admin accounts, and they just use a separate admin account to elevate rights only when required.
|
|
#
?
Nov 2, 2014 00:44
|
|
|
CLAM DOWN posted:Threats will come from the inside too, it's safer just to leave disabled. There are other ways to check if a workstation is responsive. I just goggle'd IMCP Risk and it does now make a lot more sense but holy crap this make my job just so much harder. 
|
|
#
?
Nov 2, 2014 00:45
|
|
|
Tab8715 posted:I just goggle'd IMCP Risk and it does now make a lot more sense but holy crap this make my job just so much harder. You are googling the wrong terms, yes the entire ICMP set of messages can be very bad but ping aka ICMP type 0 - echo reply, is harmless and blocking it is security theatre and a good example of the Dunning–Kruger effect. MrMoo fucked around with this message at 01:09 on Nov 2, 2014 |
|
#
?
Nov 2, 2014 01:04
|
|
|
Yeah full local admin rights, and we're using MSE as AV. Yes, people can bring in an infected thumb drive but I don't have much choice in the matter.
|
|
#
?
Nov 2, 2014 01:35
|
|
|
GreenNight posted:Yeah full local admin rights Please don't do this. If you HAVE to give all users local admin rights, please give them a separate admin account that they can use to elevate only when needed. What you're doing is really irresponsible.
|
|
#
?
Nov 2, 2014 01:37
|
|
|
CLAM DOWN posted:Please don't do this. If you HAVE to give all users local admin rights, please give them a separate admin account that they can use to elevate only when needed. What you're doing is really irresponsible. Coming from an environment like that it's very much a culture thing. It took me 2 years to convince my company to remove local admin rights and go with least privileged access. They wouldn't even accept your 2 log in solution because any extra clicks between them and Bejeweled was unacceptable. It's a special level of spoiled and entitled that you don't really think could exist until you see it in person.
|
|
#
?
Nov 2, 2014 02:33
|
|
|
How do you keep all the admin prompts away, especially for legacy programs? How do you granularly give access?
|
|
#
?
Nov 2, 2014 02:37
|
|
|
CLAM DOWN posted:Please don't do this. If you HAVE to give all users local admin rights, please give them a separate admin account that they can use to elevate only when needed. What you're doing is really irresponsible. Specific orders directly from the CEO. I have expressed my opinions on the matter in full in an email which I have copies of. I've been there 12 years now and it's been that way the entire time.
|
|
#
?
Nov 2, 2014 02:41
|
|
|
CLAM DOWN posted:Please don't do this. If you HAVE to give all users local admin rights, please give them a separate admin account that they can use to elevate only when needed. What you're doing is really irresponsible. A few years back I encountered a shop with some odd 500 mostly unpatched Windows XP machines, no DHCP, no Active Directory, no VLANs, all running a local admin user with a blank password. These even handled credit card data. The company saw absolutely no problem with this whatsoever.
|
|
#
?
Nov 2, 2014 03:14
|
|
|
|
| # ? Apr 25, 2024 13:44 |
|
|
GreenNight posted:Specific orders directly from the CEO. I have expressed my opinions on the matter in full in an email which I have copies of. I've been there 12 years now and it's been that way the entire time. I'm glad you're covering yourself at least, for real. Thalagyrt posted:A few years back I encountered a shop with some odd 500 mostly unpatched Windows XP machines, no DHCP, no Active Directory, no VLANs, all running a local admin user with a blank password. These even handled credit card data. The company saw absolutely no problem with this whatsoever. Yikes, does that not violate PCI DSS or something?!
|
|
#
?
Nov 2, 2014 03:15
|
|