|
bizwank posted:I really should install a shower at work for how often I solve problems while in it. A shower and a beer fridge. The best two problem-solving activities combined into one awesome experience. McDeth posted:Is it a one-off case? If so, then I'd say you have the ideal solution. There's no reason to go out and spend abhorrent amounts of money on some virtualized solution or equipment for this one guy to be able to use Indesign from home. Unless you're expecting to scale out I honestly wouldn't worry about it. If so, the only real answer is GRID/Shield (somewhat joking here). Seconding that you have the best solution already. You are never going to be pushing InDesign files across a VPN at any decent sort of speed, and moving to a cloud-sync arrangement leaves potentially sensitive documents on machines you have no control over. Also the guy can work from home and come back in the next morning and all the toolbars etc. are where they were left. Maybe tweak the power policy for that one machine so it isn't on literally all of the time but without going crazy you're unlikely to beat that setup. Thanks Ants fucked around with this message at 23:11 on Sep 10, 2015 |
#
?
Sep 10, 2015 23:08
|
|
|
|
| # ? Apr 27, 2024 07:52 |
|
|
Judging from the reactions, it's time to nuke it from orbit. loving PC manufacturers....
|
|
#
?
Sep 11, 2015 00:02
|
|
|
NevergirlsOFFICIAL posted:
|
|
#
?
Sep 11, 2015 00:33
|
|
|
Put the indesign files on his local machine via Dropbox or work folders or something.
|
|
#
?
Sep 11, 2015 08:21
|
|
|
McDeth posted:Is it a one-off case? If so, then I'd say you have the ideal solution. There's no reason to go out and spend abhorrent amounts of money on some virtualized solution or equipment for this one guy to be able to use Indesign from home. Unless you're expecting to scale out I honestly wouldn't worry about it. If so, the only real answer is GRID/Shield (somewhat joking here). I'm trying to look at this from a policy perspective. Is our policy going to be "users can remote into their machine if they have specialized software"? I don't know if I want to set that precedent. Or someone might just say "oh I save all my stuff on the desktop so why can't I do this too". But I think you're right in this instance I don't really have a way around it. adorai posted:i think adobe lets you install twice per user, once on company equipment and once on their home equipment. Now you just need to get him his files. Yeah with adobe licensing you can have two installs per one concurrent user. Getting the files is the tricky part. Swink posted:Put the indesign files on his local machine via Dropbox or work folders or something. I PERSONALLY love dropbox but again from a policy perspective if I'm adopting this, I need to let everyone use dropbox. Which is honestly probably what I should do anyway, get dropbox business, find some sort of backup solution for it, and let whomever wants to use it use it.
|
|
#
?
Sep 11, 2015 14:02
|
|
|
McDeth posted:On another note, the 'Mac Only' shop has invested in their first PC Laptop! Yay! Say what you will about MacBook's and Mac OS X, the crapware is non-existent, which unfortunately, cannot be said about this loving HP EliteBook. It's honestly a joke; I'm sitting here on a brand new account having done nothing other than turn the loving thing on and log in and it's using 50% CPU. Nuke and build your own image. We use Dells which while not as bad as HP still has a bunch of garbage on it. With that said: do you think "first PC laptop" will turn into "first of many" or "first and only"? If only laptop, you can probably get away with uninstalling the junk and keep the OEM. Would be "good enough". Then install all the software and take an image so you can reimage when needed.
|
|
#
?
Sep 11, 2015 14:07
|
|
|
NevergirlsOFFICIAL posted:I'm trying to look at this from a policy perspective. Is our policy going to be "users can remote into their machine if they have specialized software"? I don't know if I want to set that precedent. Or someone might just say "oh I save all my stuff on the desktop so why can't I do this too". But I think you're right in this instance I don't really have a way around it. Weren't you the one just hemming and hawing that not allowing something isn't good customer service or something? LOL Just let him have full admin rights so he can install TeamViewer / LogMeIn and Dropbox and then he can use his Mac to make his beautiful Adobe files! Practice what you preach!
|
|
#
?
Sep 11, 2015 14:10
|
|
|
Internet Explorer posted:full admin rights... its like someone just walked over my grave...eeerie
|
|
#
?
Sep 11, 2015 14:40
|
|
|
SneakyFrog posted:its like someone just walked over my grave...eeerie I actually just had a software vendor tell me they needed full admin rights in TYOL2015. I almost laughed them out of the building.
|
|
#
?
Sep 11, 2015 14:47
|
|
|
socialsecurity posted:No business should run the bloated OS installs that companies sell you, make a nice prepped clean image. You're living in fantasy land. It seems a lot of businesses under 75-100 users buy OEM machines and manually set them up, especially if they are serviced by an MSP. It's just too much overhead to maintain a unique image for each client, not to mention the fact that clients think buying a volume license of Windows isn't beneficial. What you do in this case is use MDT with a variety of scripts (such as my HP Bloatware removal script) and it automates the entire setup process (Ninite, bloatware removal, updates) as a Post-OS Install Task Sequence. For those of you interested, here is my HP Bloatware Removal Powershell script.
|
|
#
?
Sep 11, 2015 15:28
|
|
|
Internet Explorer posted:Weren't you the one just hemming and hawing that not allowing something isn't good customer service or something? LOL Well this is what I'm trying to say - IS this in fact good customer service? Is this the most effective way to meet user requirements? The user (in this case) doesn't care if they need to VPN+RDP, or use logmein/teamviewer. He just wants to work remote. I want to provide the best method for that.
|
|
#
?
Sep 11, 2015 16:42
|
|
|
NevergirlsOFFICIAL posted:Well this is what I'm trying to say - IS this in fact good customer service? Is this the most effective way to meet user requirements? The user (in this case) doesn't care if they need to VPN+RDP, or use logmein/teamviewer. He just wants to work remote. I want to provide the best method for that. it is good customer service, stellar even. I just personally elect that unless i have a legitimate case where they HAVE to have admin privs, then they dont. people dont read messages they just click "ok" honestly while your initial setup works a little clunkily, its pretty drat safe without giving your user keys to the kingdom.
|
|
#
?
Sep 11, 2015 17:06
|
|
|
SneakyFrog posted:it is good customer service, stellar even. I don't give local admin unless needed (and when needed using LAPS for that which has been amazing and cool). Do you really need local admin to log in to teamviewer/logmein once it's installed?
|
|
#
?
Sep 11, 2015 20:22
|
|
|
dox posted:You're living in fantasy land. It seems a lot of businesses under 75-100 users buy OEM machines and manually set them up, especially if they are serviced by an MSP. It's just too much overhead to maintain a unique image for each client, not to mention the fact that clients think buying a volume license of Windows isn't beneficial. I work for a msp and this is exactly what we do its not that bad at all even for our small clients. You don't even need volume licensing we just use abr to migrate the activations automatically. Mdt or wds don't take long at all to setup and the benefits are worth it.
|
|
#
?
Sep 11, 2015 21:58
|
|
|
dox posted:You're living in fantasy land. It seems a lot of businesses under 75-100 users buy OEM machines and manually set them up, especially if they are serviced by an MSP. It's just too much overhead to maintain a unique image for each client, not to mention the fact that clients think buying a volume license of Windows isn't beneficial. Who the hell said unique image? If you go with a barebones image, you end up with a WIM file. Configure MDT/WDS/GPO/PDQ Deploy as needed at each client to install the rest of everything, and you're done. Living with the OEM image always ends up biting me in the rear end somehow, and I just don't want to take the risk anymore of some weird hosed up driver or other hidden system hook making GBS threads everything up. If you don't know what you're starting with, you can't be certain that some random-rear end problem isn't something caused by the image, as unlikely as it might seem.
|
|
#
?
Sep 11, 2015 22:44
|
|
|
Do any of you guys work from home? I am sole it person and I get the feeling this won't fly since it seems like every day im called around to insert toner carts or show people how to check voicemail.
|
|
#
?
Sep 12, 2015 02:50
|
|
|
Return Of JimmyJars posted:Do any of you guys work from home? I am sole it person and I get the feeling this won't fly since it seems like every day im called around to insert toner carts or show people how to check voicemail. I'm the sole IT infrastructure guy in a dev organization (with a fairly large infrastructure), and we've grown enough that I'm now hiring under me. To answer your question - yes.I work from home Mon/Wed/Fri and have zero issues. Two days a week allows me to sort out the office-critical issues, image workstations, and perform minor office maintenance tasks. It does help that my end users are software developers so the competence level isn't all bad, and I dont really deal with printers, thank gently caress.
|
|
#
?
Sep 12, 2015 03:04
|
|
|
socialsecurity posted:I work for a msp and this is exactly what we do its not that bad at all even for our small clients. You don't even need volume licensing we just use abr to migrate the activations automatically. Mdt or wds don't take long at all to setup and the benefits are worth it. So do you need to go through OOBE on new machines, use abr to backup the license, then image, and apply abr manually? As far as I know, this isn't compliant with Microsoft due to the fact that you need at least one Volume License per edition to acquire "reimaging rights" which seems to be installing anything other than original media... so that's why we haven't done this. Guess it just boils down to whether you care about that (and if they'd ever know). Potato Alley posted:Who the hell said unique image? No, I totally agree... a generic image would work great if all clients purchased volume licensing- I guess it just boils down to that. We're had a few dozen I've both setup MDT for internally or had them purchase one license and use our MDT server, but that's usually for a mass deployments (20+). dox fucked around with this message at 03:32 on Sep 12, 2015 |
|
#
?
Sep 12, 2015 03:23
|
|
|
lol if youre not deploying machines with ssds anyways
|
|
#
?
Sep 12, 2015 03:24
|
|
|
I'm 100% from home, but it definitely has its downside: on the one hand never having to get out of my pajamas is cool but I also start inventing silly excuses just to go outside after the first day or so, plus it does become difficult to separate life from work because the two are by definition really intermingled. My office at home is also full of random boxes and servers and laptops I need to get around to working on and it looks terrible.
Sheep fucked around with this message at 13:37 on Sep 12, 2015 |
|
#
?
Sep 12, 2015 13:34
|
|
|
gently caress Keychain Access with the power of a thousand suns. How the gently caress do you just UNSYNC from Local Items randomly? No password change, no user updates, nothing has been done to this computer and yet KEYCHAIN decides that it just want to stop working so that it can loving RUIN MY GOD drat loving MORNING. If I ever find the PM in charge of Keychain I will have a hard time restraining myself from killing them.
|
|
#
?
Sep 14, 2015 18:44
|
|
|
go3 posted:lol if youre not deploying machines with ssds anyways You'd be surprised how hard it is to convince a company that the long-term savings will beat out the short-term savings with regards to disk failures and downtime. Despite a mountain of research and substantial evidence indicating that SSDs are the way to go they just can't see past the initial bump in price. It doesn't help that Lenovo and other pre-built manufacturers ramp up the price for that stuff.
|
|
#
?
Sep 14, 2015 21:08
|
|
|
M73 Tinys with a 128 GB SSD are incrementally more expensive and have way better profit margins than M73 SFFs with 500 GB rotational drives. Then again I just had a quote for a laptop with a rotational drive returned to me today with clauses on acceptance because it seemed more expensive than the last one. To be fair, it was $100 more expensive cause I sold them the wrong laptops last time.
|
|
#
?
Sep 14, 2015 22:17
|
|
|
Happiness Commando posted:M73 Tinys with a 128 GB SSD are incrementally more expensive and have way better profit margins than M73 SFFs with 500 GB rotational drives. We actually bought a bunch of these for our refresh and opted to install 850 EVOs aftermarket rather than buying what they could potentially be packaged with. Saved a bunch of money that way. I believe the techs are just keeping the platter drives on ice in a box somewhere if they ever need to claim a warranty repair.
|
|
#
?
Sep 15, 2015 14:43
|
|
|
if youre a MSP/VAR you should definitely be buying whatever with rotational and then upselling them the SSD yourself gently caress paying Dell or whoever for that
|
|
#
?
Sep 15, 2015 17:29
|
|
|
go3 posted:if youre a MSP/VAR you should definitely be buying whatever with rotational and then upselling them the SSD yourself gently caress paying Dell or whoever for that Yeah but you're not really paying for the drive so much as the NBD swap out if one breaks. Sure an aftermarket one is cheaper but when you have to mail it in to get a replacement it kind of sucks.
|
|
#
?
Sep 16, 2015 05:23
|
|
|
frogbert posted:Yeah but you're not really paying for the drive so much as the NBD swap out if one breaks. This. SSDs rarely break, but gently caress me if I want to track multiple vendors per PC for an RMA
|
|
#
?
Sep 16, 2015 06:03
|
|
|
Happiness Commando posted:but gently caress me if I want to track multiple vendors per PC for an RMA
|
|
#
?
Sep 16, 2015 12:37
|
|
|
frogbert posted:Yeah but you're not really paying for the drive so much as the NBD swap out if one breaks. if you're even the slightest bit competent you'll have either extra drives or workstations and have the broken machine back up within a few hours
|
|
#
?
Sep 16, 2015 15:04
|
|
|
go3 posted:if you're even the slightest bit competent you'll have either extra drives or workstations and have the broken machine back up within a few hours This. If you elect to buy aftermarket you generally keep a break/fix pool of replacements to accomodate those rare failures. We have maybe 6 SSDs in our break/fix supply and in the past 2-3 years I don't think we've used any of them.
|
|
#
?
Sep 16, 2015 16:42
|
|
|
Buy Dell with ProSupport, make hardware fixing Somebody Else's Problem. I would absolutely buy a laptop with a spinning disk and put an SSD in if it was my own purchase, but gently caress doing that when you have millions of other responsibilities at the same time.
|
|
#
?
Sep 17, 2015 00:21
|
|
|
how thin are msp margins that it makes sense to do that yourself?
|
|
#
?
Sep 17, 2015 03:50
|
|
|
adorai posted:how thin are msp margins that it makes sense to do that yourself? India phone/remote support and the random starting out of people's garage companies are running prices into the ground in many markets. We've had several customers go to those and come back several months later with horror stories.
|
|
#
?
Sep 17, 2015 03:57
|
|
|
socialsecurity posted:India phone/remote support and the random starting out of people's garage companies are running prices into the ground in many markets. We've had several customers go to those and come back several months later with horror stories.
|
|
#
?
Sep 17, 2015 04:13
|
|
|
Thanks Ants posted:Buy Dell with ProSupport, make hardware fixing Somebody Else's Problem. This is sound advice. I've done the same and have had Dell techs go to seaside hotels to swap faulty parts when we had a user on vacation report a broken laptop. It seems expensive when you buy it, but it'll pay you back in less work and C-level goodwill when you order an on-site fix for some hotshot in a foreign country and the tech is there the next day. Fun story from the first time I bought ProSupport from Dell: I had some machine fail and called the usual Dell Hotline, waited a few minutes and got through. When I forked over the Service Tag the tech gave me a stern talking to about how I shouldn't call the usual number because I'd have to wait in line and that was just awful! Instead I should call #New# number instead and go straight to next available tech. Then he apologized for chewing me out, we laughed a little and I got the machine fixed. Crowley fucked around with this message at 09:20 on Sep 17, 2015 |
|
#
?
Sep 17, 2015 09:15
|
|
|
Thought about opening my own thread for this but I'll see if you guys have any advice first. A little background - my company is a MSP for several small businesses. Recently the monitoring for one of our clients started turning up lockout events for the domain administrator. This is on a SBS 2003 system so I didn't have a whole lot of information to go on at first but it doesn't appear these are direct logon attempts. If we check the security log, the only event related to the lockout is the lockout event itself (ID 644) and of course the domain admin can't actually be locked out, but it still triggers the event. If it were direct logon I'd see a bunch of audit failures right before the lockout. So I suspect its something trying to run as the domain admin. Or maybe trying to map a drive as the domain admin. I believe the logon ID indicates its something trying to run as the domain admin. Here's one of the lockouts: Event Type: Success Audit Event Source: Security Event Category: Account Management Event ID: 644 Date: 9/16/2015 Time: 10:41:01 AM User: NT AUTHORITY\SYSTEM Computer: SBS Description: User Account Locked Out: Target Account Name: Administrator Target Account ID: DOMAIN\Administrator Caller Machine Name: Windows7 Caller User Name: SBS$ Caller Domain: DOMAIN Caller Logon ID: (0x0,0x3E7) What concerns me is the lockouts are being generated by a system named "Windows7". None of the client computers are named this. A scan of the network doesn't reveal a system with this hostname. No system with this hostname has registered itself in DNS on SBS. DHCP is currently running on the firewall, which doesn't list hostnames, but I'm planning to move that back to SBS this weekend. Here's what the current audit policy looks like Audit account logon events - Success Audit account management - Success Audit directory service access - No auditing Audit logon events - Success, Failure Audit object access - No auditing Audit policy change - Success Audit privilege use - No auditing Audit process tracking - No auditing Audit system events - Success I wanted to see if anyone had any tips on tracking this down. What changes to the audit policy, if any, would you recommend? Does this look like a third party running a pen test?
|
|
#
?
Sep 19, 2015 15:31
|
|
|
i'd just run a packet capture and see what machines are generating traffic at the time of a lockout. Probably need to do it after hours to minimize the traffic.
|
|
#
?
Sep 19, 2015 16:54
|
|
|
An increase in auditing showed the attack. I realized we had some old remote access rules, including one on the default RDP port, and someone was just trying to (very slowly) brute force the PC on the other end of that. We're going to have them switch to using a VPN and close all those old rules.
|
|
#
?
Sep 22, 2015 12:52
|
|
|
gently caress you for validating the idea that we should reevaluate our firewall rules every quarter.
|
|
#
?
Sep 23, 2015 03:52
|
|
|
|
| # ? Apr 27, 2024 07:52 |
|
|
adorai posted:gently caress you for validating the idea that we should reevaluate our firewall rules every quarter. lol PCI/HIPAA compliance
|
|
#
?
Sep 23, 2015 04:03
|
|
