|
have more cals than people dont virtualize more than license allowance have backup copies of everything, and receipts help -guy who gets audited by MS almost like clockwork every two years
|
# ? Sep 5, 2018 23:43 |
|
|
# ? Mar 29, 2024 06:02 |
|
Internet Explorer posted:Network+ is a good start. If you feel you are interested in more after that work on your CCNA. The A+/Network+ get poo poo on a lot, but as someone whose educational background is in Political Science, studying for them filled in a lot of holes in my knowledge.
|
# ? Sep 6, 2018 00:14 |
|
sneakyfrog posted:have more cals than people Microsoft started a new program a few years ago, specifically targeted at SMBs where they do "soft audits." Some random contractor from Microsoft will reach out every year or so to have you do a self-audit so they can sell you things.
|
# ? Sep 6, 2018 04:24 |
|
We got those people calling for audits and we get all licensing from Softchoice. So we tell the auditors to call them and our sales rep tells em to gently caress off. Works well.
|
# ? Sep 6, 2018 04:29 |
|
sneakyfrog posted:-guy who gets audited by MS almost like clockwork every two years I don't know how I have never had to deal with an audit. I'm sure I have one coming now.
|
# ? Sep 6, 2018 06:26 |
|
Internet Explorer posted:Microsoft started a new program a few years ago, specifically targeted at SMBs where they do "soft audits." Some random contractor from Microsoft will reach out every year or so to have you do a self-audit so they can sell you things. That must be the type of audit I have dealt with in the past. It was a third party in Australia, auditing a company on the east coast in the US. What?
|
# ? Sep 6, 2018 14:53 |
|
I had a phone message where I couldn't understand the person at all for the name code or anything. I called support and they told me to just wait for them to call again, I left a year later and never called back while I was there. Basically they could only verify that someone had the company on an audit list, but they wouldn't give me their contract info without a case number (which was unintelligible). Not like it would have been a problem, all our licences were in the Microsoft portal and to the correct count. The only thing that fucks most people up is CALs, grab user CALs and have 1 for every user account that isn't a service account. You can setup up checks fairly easily, especially if you have service accounts in their own OU. run a PS command to get all active accounts in your user OU and make sure you have at least that many CALs. Everything else will yell at you and not let you use more than you are licenced for. Bonus points if you keep the script updated with your CAL count so you can set it up to email you if you go over and have it run weekly. I'd really like a "user" CAL that wouldn't let you make new users in AD without a CAL unless you check "service account" which removes the ability to log into the GUI. It'd make it drat near impossible to gently caress up. Keep the regular CAL stuff in play for people who want to deal with that, but it's 2018 and this should be automated.
|
# ? Sep 6, 2018 16:40 |
|
There's no justification for CALs when the server license is priced at what it is
|
# ? Sep 6, 2018 17:12 |
|
Thanks Ants posted:There's no justification for CALs when the server license is priced at what it is I assume the original fear behind why CALs exist is if technology keeps progressing people will only need one server for tens of thousands of people. You would need to buy desktop licenses for all of them, but let's step back and say a new rival desktop OS comes out that replaces windows desktop, but doesn't replace windows server. You now get paid for each of the people using Linux or whatever else too. With per-core licensing this is no longer an issue and I'm not sure I'd opt to run Windows Servers in a shop that used a different Desktop OS. It's still around because of inertia at this point, at least they are cheap. They could also just make it each Windows Client counts as a device CAL, hell that might help push Windows phones into business since you'd need a CAL for an iPhone.
|
# ? Sep 6, 2018 18:10 |
|
Microsoft 365 basically rolls all your CALs into a single subscription, if I recall correctly. So that's the "easy" licensing path forward, just pay X dollars per month per head and be done with it.
|
# ? Sep 6, 2018 18:38 |
|
On this topic I have been asked to P to V some old server 2k3 era stuff and this may make windows prompt for activation again. Is all I need to do is extract the key from the current machine and enter it again or am I going to have to go through a whole bunch of hoops? I also need to find a tape drive and backup software as we have some VMs that are not allowed to back up to the cloud. Maybe I am missing something but it seems harder than it should be to get quotes on this stuff.
|
# ? Sep 8, 2018 01:41 |
|
CampingCarl posted:On this topic I have been asked to P to V some old server 2k3 era stuff and this may make windows prompt for activation again. Is all I need to do is extract the key from the current machine and enter it again or am I going to have to go through a whole bunch of hoops? I’ve had to do this exactly one time, but I remember having to run a repair install to get the Windows OS version from OEM to VL or whatever before I could reactivate. It was a pain in the rear end but we have datacenter licensing for all of our hosts so I could give less of a poo poo what key a server has so long as it’s activated and functioning.
|
# ? Sep 8, 2018 02:28 |
|
CampingCarl posted:I also need to find a tape drive and backup software as we have some VMs that are not allowed to back up to the cloud. Maybe I am missing something but it seems harder than it should be to get quotes on this stuff. I vaguely recall the AWS storage gateway lets you set a local backup target (or maybe it was just giving it a large amount of local cache?) and presents itself to the OS as a virtual iSCSI tape drive that works with Veeam. It's been a while since I played with it, though. Look into it if you haven't. Edit: actually just get a local storage target and point Veeam at it, no need to use the storage gateway.
|
# ? Sep 10, 2018 19:46 |
|
Point Veeam at a Synology NAS or similar, have one SMB share for things that can go to the cloud and one share for things that can't.
|
# ? Sep 10, 2018 20:04 |
|
Veeam + *insert remote storage option here* is always the answer.
|
# ? Sep 10, 2018 20:35 |
|
Thanks Ants posted:Point Veeam at a Synology NAS or similar, have one SMB share for things that can go to the cloud and one share for things that can't. You can even thin provision with a Synology so you don't have to declare 20% of it is for non cloud and 80% of it is for cloud. Each partition will just keep growing until the entire array is out of space (you still want to keep an eye on it, but both Synology and Veeam should yell at you if you setup email notifications when you start running low).
|
# ? Sep 10, 2018 21:26 |
|
Just check that full recovery of your environment by Veeam Data Mover Agent would run in an acceptable amount of time, as you won't benefit from storage appliance integration features like instant rollback on prod tier snapshots
|
# ? Sep 11, 2018 22:33 |
|
The Fool posted:Split tunnel VPN doesn't solve the DNS issue. This is the solution. Set up split tunnel on your VPN links and set up dhcp to use the following order: 1. home office DNS server 2. Local satellite dns server [if exists] 3. ISP / Google DNS You’ll have DNS forwarding set up on your dns servers to forward non-local requests out to your isp, and the local DNS is purely in case the link goes down. And a small Atom-based mini desktop plus a license will run you less than a thousand dollars and might be a good sell, though it does increase management time. YMMV.
|
# ? Sep 11, 2018 23:00 |
|
Had a nice moment last night as we migrated some machines from an on-premises VMWare setup to Azure. As we completed a file server move (that happened to also be a domain controller, because it was set up by idiots), vcenter suddenly completely poo poo the bed. Sure enough, resolv.conf turned out to have a single line entry for the file server we'd just moved. Proving once again that it's loving morons all the way down.
|
# ? Sep 12, 2018 16:18 |
|
Happiness Commando posted:I vaguely recall the AWS storage gateway lets you set a local backup target (or maybe it was just giving it a large amount of local cache?) and presents itself to the OS as a virtual iSCSI tape drive that works with Veeam. It's been a while since I played with it, though. Look into it if you haven't. I opted for copy-jobs of backups to storage gateway iscsi target, and daily snapshotting those. There is nobody here who would get recovering from VTL so its best to present them the easiest methods to restore.
|
# ? Sep 13, 2018 00:18 |
|
I have a small client that is all Macs and getting rid of their physical office. They will not need active directory anymore. Any gotchas about simply disabling AD Sync on their O365 envrionment?
|
# ? Oct 2, 2018 19:00 |
|
NevergirlsOFFICIAL posted:I have a small client that is all Macs and getting rid of their physical office. They will not need active directory anymore. Any gotchas about simply disabling AD Sync on their O365 envrionment?
|
# ? Oct 2, 2018 20:20 |
|
Anyone got any tips for making rules using Trend Micro Hosted Email Security ? we have it for our hosted 365 and I would like to create a rule that adds a subject tag to messages sent to an alias of an account, but I can't seem to figure out how to make it trigger. we have support@company that has an alias of info@company. I'd like to tag messages to info@company with [sales crap] as thats the email we give out to cold callers to get them off the phone. Not giving out an email address is beyond my powers currently, so I can't change that. I've tried setting the info@company as the recipient in the rule, but it never matches.
|
# ? Oct 3, 2018 17:08 |
|
spiny posted:Anyone got any tips for making rules using Trend Micro Hosted Email Security ? Setup a separate shared mailbox. Shared mailboxes are free on office 365.
|
# ? Oct 3, 2018 17:15 |
|
pixaal posted:Setup a separate shared mailbox. Shared mailboxes are free on office 365. good plan
|
# ? Oct 3, 2018 17:24 |
|
pixaal posted:Setup a separate shared mailbox. Shared mailboxes are free on office 365. thanks again, got it working
|
# ? Oct 4, 2018 11:55 |
|
We have a bunch of terminals that are only used to remote desktop into a server for data entry and I have been asked to look into using NUCs instead of normal PCs. The idea seems fine but I am not sure what needs to be on the NUC to make that happen. I find lots of info on the hardware but not as much on the thin clients.
|
# ? Oct 5, 2018 12:29 |
|
CampingCarl posted:We have a bunch of terminals that are only used to remote desktop into a server for data entry and I have been asked to look into using NUCs instead of normal PCs. The idea seems fine but I am not sure what needs to be on the NUC to make that happen. I find lots of info on the hardware but not as much on the thin clients. They make pre built thin clients for this exact purpose that won’t require you to buy and build NUCs. You’ll also get the benefit of some central management of the devices.
|
# ? Oct 8, 2018 02:53 |
|
Spring Heeled Jack posted:They make pre built thin clients for this exact purpose that won’t require you to buy and build NUCs. You’ll also get the benefit of some central management of the devices.
|
# ? Oct 8, 2018 12:25 |
|
I've been asked to look into CCTV for a shop that my boss owns the property of. It needs to be sharp enough to recognise faces and I need to be able to store/auto cycle the data without actually being there. I've never done anything like this before, anyone got a good idea of where to start? UK suppliers would be handy if you can help, if not general advice is appreciated.
|
# ? Oct 24, 2018 11:59 |
|
dogstile posted:I've been asked to look into CCTV for a shop that my boss owns the property of. It needs to be sharp enough to recognise faces and I need to be able to store/auto cycle the data without actually being there. I'm also in the UK and looked into this recently. Depending on your budget and use case the Meraki kit is actually pretty good. It stores video on the camera (so theoretically someone can take the camera and you don't have the recording, but you also don't need anything else to make it work, just PoE/internet) and you can do analytics and motion heatmaps and whatever from the cloud interface. It was something like £530/camera and £88/year licensing. Easy to remote manage. If you are on a complete shoestring there are various consumer options which talk to smartphone apps for £cheap but which are more about the realtime feed with maybe motion sensor alerting on the app than storing footage. Otherwise there's the traditional talk to an alarm/camera/lock company approach, where they come out and install cameras which pass the footage back to some weird old software on an old PC (or whatever you like). Varies but in my case (4 cameras) would have been about ~£3k all in with no ongoing (pay per use for maintenance/replacement/whatever).
|
# ? Oct 24, 2018 12:13 |
|
Synology has a line of NAS for storing camera footage. You might want to look at that if you want all your video centrally located and not on cam. Both methods are valid and it's going to be a personal choice there. I haven't used Synology's camera software but every camera system I've seen that was already setup had lovely software so I can't say I recommend anything. You really want to throw this onto a vendor if possible; Cameras seem IT related and you can get them to work just fine, but laying out proper coverage is not a normal IT skill set. Sure you should know how to do wireless (ideally you have a professional place map this properly for you too). You are putting cameras in for a reason, you want them to be optimal. If that adds a few grand to the total so be it. If that's more than what you are attempting to protect is worth, you probably just want a fake camera as a deterrent. It's an option to keep in mind, since I've seen a vendor bill in the $20,000 range to attempt to prevent under $200 in losses a year. It is not your job to do the math, but you should provide the options and the numbers from your end, tell them to fill in the other numbers and see if it's worth doing in the first place. pixaal fucked around with this message at 15:19 on Oct 24, 2018 |
# ? Oct 24, 2018 15:15 |
|
Fantastic. I've had a brief look and given them options, but as I won't physically be on site i've suggested they go with a vendor. I don't want anything to do with it and I don't want to start getting loaned out to all the various businesses my boss lets out his properties too. Well, I mean, he can, but i'd be asking for a significant pay bump. I'll let you know if we go ahead with it. The property tenant might move out of the shop because she's being harassed by local kids anyway. I suggested hiring a dude with a big stick, as a sidenote.
|
# ? Oct 24, 2018 16:07 |
|
dogstile posted:Fantastic. I've had a brief look and given them options, but as I won't physically be on site i've suggested they go with a vendor. I don't want anything to do with it and I don't want to start getting loaned out to all the various businesses my boss lets out his properties too. They should most definitely use a loving vendor. Security cameras are their own pretty specialized field, and managing to get images you can pull faces from involves experience and expertise, not just your IT person Googling some poo poo.
|
# ? Oct 25, 2018 05:51 |
|
Is it a common/accepted practice to run a public guest WiFi off the same firewall as the internal one(s) or should I push our contractor to keep it on a separate box? The ISP provides us multiple public IPs/ethernet ports on the router so it wouldn't be hard to just set up an extra device. Our venue has ~250 devices (peak), 40 Unifi APs, 500 Mbit WAN and the firewall is pfsense on a quadcore machine. This of course all assumes the setup is done by certified professionals. My worry isn't so much about security but about something on the guest lan causing resource problems on the firewall that potentially takes all other internal networks down. The contractor thinks it'll be fine with one box. Any thoughts would be welcome.
|
# ? Oct 30, 2018 20:11 |
|
dogstile posted:I've been asked to look into CCTV for a shop that my boss owns the property of. It needs to be sharp enough to recognise faces and I need to be able to store/auto cycle the data without actually being there. For what it's worth we've talked about this quite a bit in the Inspect your Gadgets Home Automation thread. If you can search it, smart people give me (dumb person) good feedback on the subject. But everyone is right that outsourcing it is the best bet, but unfortunately at my job it's not going to happen.
|
# ? Oct 30, 2018 20:18 |
|
eames posted:Is it a common/accepted practice to run a public guest WiFi off the same firewall as the internal one(s) or should I push our contractor to keep it on a separate box? The ISP provides us multiple public IPs/ethernet ports on the router so it wouldn't be hard to just set up an extra device. I always recommend having public wifi on a seperate internet connection than the business. It's not just about security, but also for service quality and liability.
|
# ? Oct 30, 2018 20:20 |
|
eames posted:Is it a common/accepted practice to run a public guest WiFi off the same firewall as the internal one(s) or should I push our contractor to keep it on a separate box? The ISP provides us multiple public IPs/ethernet ports on the router so it wouldn't be hard to just set up an extra device. I'm with The Fool, it's best to separate guest networks from production in any way possible. If available I recommend getting a separate connection from the local broadband company specifically for that purpose. Since it's guest only it doesn't have to be symmetric or have a SLA. At minimum have guest traffic going out it's own IP, and preferably through its own firewall. The former means that if your guests start loving around it will be less likely to result in problems for your business IPs, the latter makes it so that even configuration errors shouldn't allow guests on to the company LAN.
|
# ? Oct 30, 2018 21:10 |
|
eames posted:Is it a common/accepted practice to run a public guest WiFi off the same firewall as the internal one(s) or should I push our contractor to keep it on a separate box? The ISP provides us multiple public IPs/ethernet ports on the router so it wouldn't be hard to just set up an extra device. Just get a seperate router. Costs what, $100 bux at most?! quote:At minimum have guest traffic going out it's own IP, and preferably through its own firewall. Yeah and what if a guest downloads the latest blockbuster movie torrent on your business IP address. Not good things anyhow. This can easily be done with VLANs as well.
|
# ? Nov 1, 2018 00:23 |
|
|
# ? Mar 29, 2024 06:02 |
|
redeyes posted:Just get a seperate router. Costs what, $100 bux at most?! Their main argument is maintenance overhead and the fact the same WiFI will eventually provide access to the internal LANs via a seperate WPA2 encrypted SSID anyway (which I'm hesitant about due to security concerns ). redeyes posted:Yeah and what if a guest downloads the latest blockbuster movie torrent on your business IP address. Not good things anyhow. It's pretty easy to get pfsense to NAT one interface out through its own external IP (using multiple virtual IPs on one physical WAN interface) but I think you all are right despite the argument of the contractor, for now I'll sleep better knowing that the guest network is on its own box.
|
# ? Nov 1, 2018 12:27 |