|
skipdogg posted:I've never done this, supported it, or been responsible for it, but I'm of the opinion now that for small companies of less than 50 or even 100 people there's really no reason to have a full blown domain anymore. I say this as a guy who makes a living supporting MSFT environments. I agree with this for 50 or fewer people. More than that and I'd roll out an AD server and aadconnect.
|
# ? Sep 12, 2019 17:12 |
|
|
# ? Apr 20, 2024 00:01 |
|
orange sky posted:What are the growth perspectives of that company? I'd rather start with a well organized AD and then have it when needed than going with some provisional solution and then having to domain join 1000 devices. I’ve worked with companies who are planning to rolling out tens of thousands laptops that are Azure AD Joined. The cloud revolution is real. The only reason to keep Domain Controllers is due to technical debt or your company isn’t ready - yet - to completely move to the cloud.
|
# ? Sep 12, 2019 18:24 |
|
Tab8715 posted:The only reason to keep Domain Controllers is due to technical debt or your company isn’t ready - yet - to completely move to the cloud. Seems like a weird thing to say when that covers almost all the companies in existence. "This will be the next step in evolution all except everyone who is currently living"
|
# ? Sep 12, 2019 19:10 |
|
Lol at the thought that we should all be getting rid of our domain controllers while 10 posts up were complaining about Microsoft not getting off their ask so we don't have to have an on prem email server just to manage users.
|
# ? Sep 12, 2019 19:20 |
|
We would move to the cloud.... if we where prepared to pay 4x the price for everything. Because so far that has been how every "cloud" replacement we have looked into prices out. The cloud model just isn't a fit for every business type.
|
# ? Sep 12, 2019 19:22 |
|
NevergirlsOFFICIAL posted:Subject line related. I'm doing a report for a client that currently has a 2 x win2k12r2 server situation, but was migrated from SBS (I know this because I looked at GPOs and the SBS GPOs are there, but not linked to anything). It's a 20-person company with no IT staff. My biggest beef with Azure AD at the moment is it's not at feature parity with on-prem AD, especially from a computer management perspective, and when machines change hands it gets to be a pain in the rear end too. If they don't really need centralized computer management (GPO) Azure AD is acceptable. If there are requirements for centralized computer management, and they don't have another solution, which a company that small I would assume they do not, then you'll still want an on-prem domain but I would recommend forsaking their current one and just starting fresh on a new domain with 2016/2019 standard.
|
# ? Sep 12, 2019 19:26 |
|
Sickening posted:Seems like a weird thing to say when that covers almost all the companies in existence. What? Not all companies have a ton of IT Debt. There are so many terribly written applications that have hard coded DCs or simply don’t support modern authentication protocols. On the other hand there are applications that do support modern authentication but for whatever reason the IT Department hasn’t used that ability but that’s on them. Until a better IT manager shows up lays it down that they need to get with the times or the whole IT Department is outsourced to a partner that knows what they’re doing.
|
# ? Sep 12, 2019 19:32 |
|
stevewm posted:We would move to the cloud.... if we where prepared to pay 4x the price for everything. Because so far that has been how every "cloud" replacement we have looked into prices out. The cloud is not copy-and-paste your existing data center and do everything else the same. That won’t work because that isn’t how it’s designed.
|
# ? Sep 12, 2019 19:35 |
|
I've got an MDT issue I haven't been able to pin down yet. After the last reboot before the task sequence ends (literally all that's left is to display the summary and officially finish the sequence), the task sequence doesn't resume. All prior steps in the sequence appear to have been applied correctly. If I restart the computer myself at that point, the task sequence picks up where it left off and finishes. Anyone seen this behavior before?
|
# ? Sep 12, 2019 19:37 |
|
Tab8715 posted:What? Not all companies have a ton of IT Debt. I have a hard time believing this. In my experience in places I've worked (both good and bad,) and with tons of other customers, everyone has had a ton of technical debt, it's all a matter of how much is that debt hurting you at the moment? Of course it's all relative as well. I've seen companies that have technical debt that is mostly productivity impacting as opposed to security impacting. Many places would say that company doesn't have any debt at all.
|
# ? Sep 12, 2019 19:40 |
|
Tab8715 posted:What? Not all companies have a ton of IT Debt. Sorry, but technical debt is not the only reason to desire on-prem or hybrid environments.
|
# ? Sep 12, 2019 19:41 |
|
Toast Museum posted:I've got an MDT issue I haven't been able to pin down yet. After the last reboot before the task sequence ends (literally all that's left is to display the summary and officially finish the sequence), the task sequence doesn't resume. All prior steps in the sequence appear to have been applied correctly. If I restart the computer myself at that point, the task sequence picks up where it left off and finishes. Anyone seen this behavior before? Was there a password change or domain join? Any other changes to the account that MDT is using to deploy? Is it stopping at a login screen, or does it log in and just sit at the desktop?
|
# ? Sep 12, 2019 19:43 |
|
Sudden Loud Noise posted:I have a hard time believing this. In my experience in places I've worked (both good and bad,) and with tons of other customers, everyone has had a ton of technical debt, it's all a matter of how much is that debt hurting you at the moment? Hey. Right now in the Bay area, there's a five-minute old startup. They only have ten minutes worth of technical debt.
|
# ? Sep 12, 2019 19:49 |
|
Loving this active directory holy war going on.Wizard of the Deep posted:Hey. Right now in the Bay area, there's a five-minute old startup. They only have ten minutes worth of technical debt. Did you guys go with [mature framework] instead of [hot new framework]? Rip all that efficiency you left on the table.
|
# ? Sep 12, 2019 19:52 |
|
Tab8715 posted:What? Not all companies have a ton of IT Debt. I would love to see an "It manager" show up and "lay it down" to the average org to rip out active directory. That would be comedy. I assume you are the partner that "knows better"?
|
# ? Sep 12, 2019 20:04 |
|
The Fool posted:Was there a password change or domain join? Any other changes to the account that MDT is using to deploy? It logs in and sits at the desktop. There's no password change and no domain ().
|
# ? Sep 12, 2019 20:14 |
|
Sickening posted:I would love to see an "It manager" show up and "lay it down" to the average org to rip out active directory. That would be comedy. *sits on chair backwards, turns cap backwards* Listen up guys time for some game theory.
|
# ? Sep 12, 2019 21:02 |
|
Love hearing about how the manufacturing company I work for that has two locations should go all in on cloud.
|
# ? Sep 12, 2019 23:30 |
|
GreenNight posted:Love hearing about how the manufacturing company I work for that has two locations should go all in on cloud. Just integrate your CNC machines with sharepoint online.
|
# ? Sep 12, 2019 23:55 |
|
GreenNight posted:Love hearing about how the manufacturing company I work for that has two locations should go all in on cloud. You better before someone lays it down on you and gives your job to someone who knows better!
|
# ? Sep 13, 2019 01:27 |
|
The Fool posted:Just integrate your CNC machines with sharepoint online. top tier post
|
# ? Sep 13, 2019 13:15 |
|
The Fool posted:Just integrate your CNC machines with sharepoint online. Just need that RS232 to Azure adapter and we'd be good to go!
|
# ? Sep 13, 2019 13:42 |
|
You can move your on prem to the cloud no problem. Not everything has to use azure. Rent your hardware from the local colo and run your VMs offsite! Wallah! The cloud!
|
# ? Sep 13, 2019 16:00 |
|
Just start calling internal resources your "private cloud".
|
# ? Sep 13, 2019 16:12 |
|
I'll give you all the private cloud you can handle.
|
# ? Sep 13, 2019 16:23 |
|
skipdogg posted:Just start calling internal resources your "private cloud". I thought we've been doing this for years and years already?
|
# ? Sep 13, 2019 17:05 |
|
We use Dropbox so I tell people we're partly cloudy.
|
# ? Sep 13, 2019 17:20 |
|
Is there a way to enforce a GPP? I created a power plan I want computers to use and I've set it to always apply and to make it the active plan, but users can still change the plan until the GPO updates again which changes it back. Is there a way to disable them from changing the plan? I've looked under the system > power policies and I can set the active plan there which works but the plan is not updated with the settings I've set in GPP, it seems to be the default settings of the plan.
|
# ? Sep 13, 2019 17:23 |
|
Let's step back: What are you trying to accomplish with this power plan? And why do users feel the need to change it? Or are you just seeing that you can change it, and are concerned folks are going to break things? If you really need to lock in a particular plan, you'll probably have to lock down who can change power settings. That may need even more work if your users are all local admins. I'm not sure of the specifics on how you'd go about that, but that's where I'd start. If you really, really need to actually lock things down.
|
# ? Sep 13, 2019 17:31 |
|
kiwid posted:Is there a way to enforce a GPP? The best you could probably do in this situation is to figure out what registry keys are getting modified when the power plan is changed and make a script that modified acls to remove users ability to modify. But GPP's re-apply so frequently that I doubt any override they do will stay in place for long, probably not worth the hassle
|
# ? Sep 13, 2019 17:40 |
|
Toast Museum posted:I've got an MDT issue I haven't been able to pin down yet. After the last reboot before the task sequence ends (literally all that's left is to display the summary and officially finish the sequence), the task sequence doesn't resume. All prior steps in the sequence appear to have been applied correctly. If I restart the computer myself at that point, the task sequence picks up where it left off and finishes. Anyone seen this behavior before? The Fool posted:Was there a password change or domain join? Any other changes to the account that MDT is using to deploy? Toast Museum posted:It logs in and sits at the desktop. There's no password change and no domain (). Some additional detail: a shortcut to LiteTouch.wsf is placed in the startup folder, but for some reason, on this one reboot, it doesn't run*. If I click the shortcut, the script runs, and the task sequence completes. If I restart the computer, the script runs, and the task sequence completes. So far, I can't figure out why the script doesn't run on startup for this single reboot. I tried adding Windows Defender exclusions for the shortcut in Startup, for c:\MININT, and for wscript.exe, but no dice. These computers aren't domain-joined, but looking at local group policy, there don't appear to be any relevant local policies configured. I haven't yet found anything in the event logs indicating that the script or executable were blocked. * I guess it's also possible that it's running and doing nothing at that point, but I don't have any indication of that.
|
# ? Sep 13, 2019 18:08 |
|
You have a pause in your task sequence somewhere. That is causing the shortcut to be created. The act of rebooting or running the shortcut resumes the task sequence.
|
# ? Sep 13, 2019 18:32 |
|
Wizard of the Deep posted:Let's step back: What are you trying to accomplish with this power plan? And why do users feel the need to change it? It's because our Nessus scanner is picking up computers that are not doing Windows updates with what I assume is because they aren't rebooting their machines to apply them. Since the WSUS settings in GPO are so limited we decided just to send a reboot signal through our PDQ Deploy software to all machines at midnight. The problem is that computers might go to sleep. So my options are either gently caress around with wake on lan bullshit and hope all the nics support it, or just prevent them from sleeping through a GPP. edit: I don't know why or even if users are changing it, I just thought if there was an easy way to prevent them I'd set that. I'm good with just allowing the GPP to reapply. BangersInMyKnickers posted:The best you could probably do in this situation is to figure out what registry keys are getting modified when the power plan is changed and make a script that modified acls to remove users ability to modify. But GPP's re-apply so frequently that I doubt any override they do will stay in place for long, probably not worth the hassle Yeah it's not really a problem since the GPP just reapplies so I guess I'll just leave it as is. Thanks.
|
# ? Sep 13, 2019 18:43 |
|
kiwid posted:Is there a way to enforce a GPP? Which settings did you configure? My (everyone's) ability to change the power options and power plan are greyed out from the GPOs I set.
|
# ? Sep 13, 2019 21:56 |
|
Sickening posted:I would love to see an "It manager" show up and "lay it down" to the average org to rip out active directory. That would be comedy. I don’t mean in a literal sense an IT Manager physical removes a domain controller. I mean one who tells techs they need to stop thinking about what doesn’t work with newer cloud technologies and see what does work. After that, those techs should be signing up for free demo accounts and learning it for themselves to see if they can make a decent proof of concept. Then as a team they should also be going to business and telling them that cloud isn’t just a data center somewhere else. It’s a completely different way of delivering IT. Some things do cost more but there’s - sometimes - more value. And even on top that manager goes to IT Security and tells them he understands they need to be secure but there is a way to do IT in the cloud without tons of multiple accounts, VPNs, etc. that is even more secure than traditional on-premise IT. If you don’t do this it is simply a matter of time until the right salesperson sells the business on the cloud. Then a big partner who knows what they’re doing shows, flips mediocre IT upside down, makes what people thought was impossible possible. After that, Accenture or another big consulting firm shows up, lays off the entire in house IT with their own techs. Gucci Loafers fucked around with this message at 23:20 on Sep 13, 2019 |
# ? Sep 13, 2019 23:14 |
|
quote is not edit
|
# ? Sep 13, 2019 23:28 |
|
Tab8715 posted:uʍop ǝpısdn ⊥I ǝɹɔoıpǝɯ sdıʃɟ
|
# ? Sep 13, 2019 23:28 |
|
The Fool posted:Just integrate your CNC machines with sharepoint online. There will always be exceptions. Always.
|
# ? Sep 14, 2019 01:05 |
|
Tab8715 posted:I don’t mean in a literal sense an IT Manager physical removes a domain controller. I mean one who tells techs they need to stop thinking about what doesn’t work with newer cloud technologies and see what does work. After that, those techs should be signing up for free demo accounts and learning it for themselves to see if they can make a decent proof of concept. How could you type so many words and still manage to make it a generic msp sales pitch?
|
# ? Sep 14, 2019 01:28 |
|
|
# ? Apr 20, 2024 00:01 |
|
Sickening posted:How could you type so many words and still manage to make it a generic msp sales pitch? It’s not just a sales pitch. It’s real. IT for a 100 users, 1000 users or 100000 users is both the same and different. Generic MSP or Enterprise or Government. It’s still a bunch of computers. Go look at the case studies. Hell, didn’t a tech from spirt airlines tell us everything was in Azure a few months ago? Anyhow, I’ve made my argument. That’s where I’m directing my career and yours it is up to you. Gucci Loafers fucked around with this message at 02:27 on Sep 14, 2019 |
# ? Sep 14, 2019 02:20 |