|
Moey posted:I ended up getting stuck buying 2012 due to budget money that had to be spent, and 2012 R2 not being out yet. At that time, I didn't want to deploy 2008 R2 and made the assumption 2012 wasn't "that bad". Since we're in the Enterprise thread and not the SMB thread, I don't feel as guilty saying it - always keep SA. It removes you having to fight money every upgrade and encourages better engineering, just like having a Datacenter license. If you can show that even if you only buy a new OS every other iteration (6 years or so), SA is basically the same cost. If you can convince someone once you don't have to keep having that argument. Although I'm sure even Windows Server is going subscription sooner rather than later.
|
# ? Jan 8, 2018 22:14 |
|
|
# ? Apr 26, 2024 17:00 |
|
Internet Explorer posted:Since we're in the Enterprise thread and not the SMB thread, I don't feel as guilty saying it - always keep SA. It removes you having to fight money every upgrade and encourages better engineering, just like having a Datacenter license. If you can show that even if you only buy a new OS every other iteration (6 years or so), SA is basically the same cost. If you can convince someone once you don't have to keep having that argument. Although I'm sure even Windows Server is going subscription sooner rather than later. Yeah, it was brought up before I was here and they decided against it. Gonna push that route this time around, I think I'll be fine.
|
# ? Jan 8, 2018 22:22 |
|
"Is our IP valuable?" "....yes?"
|
# ? Jan 8, 2018 23:50 |
|
Moey posted:Awesome. Time to pull money out my rear end for some 2016 Datacenter licenses. I'm glad I'm in a position to just rent the servers from AWS so the license is in the fee and I don't have to gently caress with buying CALS and R2s.
|
# ? Jan 9, 2018 00:02 |
|
Zero VGS posted:I'm glad I'm in a position to just rent the servers from AWS so the license is in the fee and I don't have to gently caress with buying CALS and R2s. Preach
|
# ? Jan 9, 2018 00:20 |
|
SCOM question - Can anyone confirms this is overriding the object for E: actually only overrides on the current server and not ALL servers with a E drive?
|
# ? Jan 9, 2018 05:57 |
|
lol internet. posted:SCOM question - Can anyone confirms this is overriding the object for E: actually only overrides on the current server and not ALL servers with a E drive? Yes, when you do the override from there it is only targeting the specific unique object instance. I.e. E: on that server (really its some crazy GUID in the backend). You see E: because that is the DisplayName of the object. You are safe, override and go with god.
|
# ? Jan 9, 2018 15:57 |
|
https://twitter.com/NZ_BenThomas/status/950271094803480577
|
# ? Jan 9, 2018 20:24 |
|
For those of you running SCCM there's a Compliance Baseline out that will report on vulnerability for Meltdown/Spectre for SCCM Clients. https://blogs.technet.microsoft.com/configmgr_geek_speak/2018/01/09/configmgr-speculation-control-baseline-ftw/
|
# ? Jan 10, 2018 21:46 |
|
On that note, if anyone is running a SEPM platform shoot me a PM and I can export you a monstrosity of a host integrity policy I made to query for meltdown KBs.
|
# ? Jan 10, 2018 21:50 |
|
Does anyone know why Orchestrator 2016 is producing no events on event viewer?
|
# ? Jan 10, 2018 22:24 |
|
SCOM Question again. Looking to monitor networking devices. Really just uptime and mainly switches. I was thinking just a ping monitor to the switch/stack, is there any other reason why I'd want SNMP. I guess SNMP would report CPU usage/load as well? Thanks!
|
# ? Jan 24, 2018 06:33 |
|
SNMP polling will give you CPU, memory, and a bunch of other standard polling stuff but what you should really do it configure SNMP traps and import the MIBs of your devices in to your monitoring service so the device can push alerts at the time of the bad thing happening. These are more detailed than standard polling and will often give you a much clearer picture of a failure and more advanced notice on looming problems than just polling without having to aggregate full logs. It's something you don't really thing you need until someone loops an interface, you hit a bug that causes performance degradation/load spikes, or some other nonsense and then its a godsend.
|
# ? Jan 24, 2018 11:39 |
|
Also great for speccing out future hardware. Nothing justifies hardware like a raw performance database, understanding of your tech stack at a transactional level, and some algebra
|
# ? Jan 26, 2018 01:24 |
|
Reboot all of my domain controllers on a Thursday night because of a Server 2016 2018-01 patch revision, sure why not!
|
# ? Jan 26, 2018 04:24 |
|
It's better than having your server crash by itself I suppose.
|
# ? Jan 26, 2018 04:30 |
|
devmd01 posted:Reboot all of my domain controllers on a Thursday night because of a Server 2016 2018-01 patch revision, sure why not! At least you got a patch!!! Still in the air on getting 2026 this year or riding dirty with 2012 for 12 months.
|
# ? Jan 26, 2018 04:32 |
|
devmd01 posted:Reboot all of my domain controllers on a Thursday night because of a Server 2016 2018-01 patch revision, sure why not! I suppose at least domain controllers are some of the easiest things to reboot as long as they are staggered a bit.
|
# ? Jan 26, 2018 04:36 |
|
Bingo! I took us from 7 DCs, 4 physical all mixed OS across 3 sites down to 4 server 2016 DCs across two datacenters.
|
# ? Jan 26, 2018 04:42 |
|
devmd01 posted:Bingo! I took us from 7 DCs, 4 physical all mixed OS across 3 sites down to 4 server 2016 DCs across two datacenters. For decommissioning the older DCs, I assume all you did was just remove the DC role from the server?
|
# ? Jan 26, 2018 05:46 |
|
You mean you don't decommission DCs by just shutting down the one with the PDC emulator role and putting it on the floor in a corner for two years before throwing it out? That seems to be how everybody I've had to clean up after decided to do it.
|
# ? Jan 26, 2018 08:58 |
|
Win 10 Enterprise 1709 question: So there's this new feature where Windows will remember what programs you last had open on last login and restore/open them automatically, this has made for some funtimes with people leaving their machines on overnight which get force updated and rebooted and when they come in the next day Visual Studio in particular doesn't work properly. Beyond telling people to properly log off before they go home is there a way to switch this off? There is the option to toggle whether to autologin to finish updates but I think that only works for non-domain machines, and the option to shutdown from commandline, but I've not found any alternative.
|
# ? Jan 26, 2018 15:42 |
|
Thanks Ants posted:You mean you don't decommission DCs by just shutting down the one with the PDC emulator role and putting it on the floor in a corner for two years before throwing it out? That seems to be how everybody I've had to clean up after decided to do it. The predecessor at my first IT job keep an "Offline Backup Domain Controller" under his desk which was just a lovely optiplex he dcpromo'd and only turned on once a month. Instead of a real restore procedure, his plan was to shut down the other two DCs and only run that one until it became authoritative instead of, you know, using backups. Idiot forgot it for a month and it got tombstoned and he had no idea so it never would have worked. Also never opened firewall rules to it so client tried to connect to it and hit a 60 second timeout to figure out it was offline because the firewall was dropping the traffic before the router could advertise that the system was down. Login times were atrocious and you'd have other random hangs. Don't let idiots touch AD.
|
# ? Jan 26, 2018 15:43 |
|
Hello Thread, I had a small question about Floating Point IP in Server 2016. We currently have a MySQL database in a Mobile DataCenter that I want to replace with 2 Windows 2016 Servers running mirrored MySQL on Symmetric DS. I would ideally like to assign a floating point IP between these boxes. Is WSFC the only option or does another one exist?
|
# ? Jan 26, 2018 16:40 |
|
BangersInMyKnickers posted:The predecessor at my first IT job keep an "Offline Backup Domain Controller" under his desk which was just a lovely optiplex he dcpromo'd and only turned on once a month. Instead of a real restore procedure, his plan was to shut down the other two DCs and only run that one until it became authoritative instead of, you know, using backups. Idiot forgot it for a month and it got tombstoned and he had no idea so it never would have worked. Also never opened firewall rules to it so client tried to connect to it and hit a 60 second timeout to figure out it was offline because the firewall was dropping the traffic before the router could advertise that the system was down. Login times were atrocious and you'd have other random hangs. What the gently caress
|
# ? Jan 26, 2018 17:30 |
|
Super Slash posted:Win 10 Enterprise 1709 question: I thought there was a way, but I guess not. Best I could find: https://www.ghacks.net/2017/10/25/block-reopening-of-programs-on-windows-10-start/
|
# ? Jan 26, 2018 19:26 |
|
BangersInMyKnickers posted:The predecessor at my first IT job keep an "Offline Backup Domain Controller" under his desk which was just a lovely optiplex he dcpromo'd and only turned on once a month. Instead of a real restore procedure, his plan was to shut down the other two DCs and only run that one until it became authoritative instead of, you know, using backups. Idiot forgot it for a month and it got tombstoned and he had no idea so it never would have worked. Also never opened firewall rules to it so client tried to connect to it and hit a 60 second timeout to figure out it was offline because the firewall was dropping the traffic before the router could advertise that the system was down. Login times were atrocious and you'd have other random hangs. I've posted about it in another thread before but my favorite was the physical DC with two active NICs and a running Hamachi interface. They had no idea why they had replication issues.
|
# ? Jan 27, 2018 02:08 |
|
I might be being dense here, but I am creating some iOS profiles with Intune. If I manually add an Exchange Online account to an iOS device I get taken through the 'modern' login flow - the browser-based OAuth setup as far as I can tell. If a policy is pushed via MDM then there's just a popup prompt requesting a password - I assume as soon as I want to do two-factor with this then I'm going to have a bad time and end up fiddling with per-app passwords. Is this a fixable problem (e.g. starting the modern auth workflow when a deployed profile lands on the device), or is moving to certificate based auth the proper way to deal with this?
|
# ? Feb 7, 2018 19:47 |
|
Trip report: We just installed the Spectre updates on our Citrix servers and servers that used to be able to handle 25 users are now struggling with 18. We're now running with a totally safe spare number of servers of exactly zero. If we actually wanted to give people the same experience as before we'd have to go down to maybe 16-17 users per server. Interestingly it's not even the CPU that is hitting its limits all that badly, the graphics cards are hitting 100%.
|
# ? Feb 7, 2018 21:36 |
|
The GPU shouldn't really be making many syscalls, that sounds like something a subsequent patch could optimize around.
|
# ? Feb 7, 2018 21:44 |
|
What's the best way to teach myself ADFS? I already have a lab, I can crack open a trace with fiddler but I'm looking to understand how the madness works.
|
# ? Feb 8, 2018 03:47 |
|
peak debt posted:Trip report: We just installed the Spectre updates on our Citrix servers and servers that used to be able to handle 25 users are now struggling with 18. We're now running with a totally safe spare number of servers of exactly zero. If we actually wanted to give people the same experience as before we'd have to go down to maybe 16-17 users per server. NVidia has a game ready driver out that should address this, but I don’t know if it’s just for consumer or also supports virtualization. It’s the 390.xx series.
|
# ? Feb 8, 2018 04:34 |
|
Is there a way to block regular users from Azure AD? I see there’s an option to block them from the Azure Portal - Azure AD Blade but what I’m mostly focused on is a user dumping the entire directory information into a *.csv. Granted, it could be done with a script but I’d like to make it difficult.
|
# ? Feb 21, 2018 18:14 |
|
Tab8715 posted:Is there a way to block regular users from Azure AD?
|
# ? Feb 21, 2018 20:09 |
|
Is there a way to get a detailed report of what computers in the organization are missing updates without having something like WSUS installed?
|
# ? Feb 21, 2018 20:34 |
|
Something like PDQ Inventory, but really you should have something like WSUS installed at a bare minimum. Takes an afternoon to set up.
|
# ? Feb 21, 2018 20:37 |
|
Microsoft OMS might also be an option: https://docs.microsoft.com/en-gb/windows/deployment/update/update-compliance-monitor
|
# ? Feb 21, 2018 20:43 |
|
anthonypants posted:What are you actually asking? Durp, my earlier post did not make sense. I want to block regular users from signing into Azure AD Powershell.
|
# ? Feb 21, 2018 20:50 |
|
Internet Explorer posted:Something like PDQ Inventory, but really you should have something like WSUS installed at a bare minimum. Takes an afternoon to set up. Something I never knew about PDQ Deploy / Inventory, you don't actually need to renew every year, they told me themselves the licenses are actually in perpetuity and renewing is for upgrades / support. They're already a very good deal but that makes it even easier to sell when you're on a limited budget.
|
# ? Feb 21, 2018 22:21 |
|
|
# ? Apr 26, 2024 17:00 |
|
Their support is pretty solid though. I found a bug and they sent me a fixed copy the next day.
|
# ? Feb 21, 2018 22:26 |