|
The Fool posted:After some quick googling, https://zingtree.com/ advertises itself as integrating with FreshDesk not sure if that carries over to FreshService or if it will really do what you want. Oh poo poo, it bolts onto Salesforce, even? Wonder if it works on legacy orgs...
|
#
?
Feb 17, 2020 23:30
|
|
|
|
| # ? Apr 19, 2024 11:49 |
|
|
I have a slight issue. A few years ago we purchased a bunch of new Windows 10 Pro computers with an OEM license. We wiped them all and installed our own image and used a KMS volume license key to activate them. Since then we've sold half the business and in a few weeks we'll be handing over all the computers. How is licensing going to be affected here since KMS requires constant check in to remain activated? What are my options?
|
|
#
?
Feb 19, 2020 20:40
|
|
|
The new business will need to move it all to their own KMS server, or they can reinstall the OS from the USB installer and let it activate using the key stored in the system firmware.
|
|
#
?
Feb 19, 2020 20:44
|
|
|
Thanks Ants posted:The new business will need to move it all to their own KMS server, or they can reinstall the OS from the USB installer and let it activate using the key stored in the system firmware. Thought so, though that sucks.
|
|
#
?
Feb 19, 2020 20:52
|
|
|
kiwid posted:I have a slight issue. Eh, its their problem now. Don't worry about it.
|
|
#
?
Feb 19, 2020 21:15
|
|
|
Sickening posted:Eh, its their problem now. Don't worry about it. Heh, I wish. I'm afraid this won't be the end of it.
|
|
#
?
Feb 19, 2020 21:39
|
|
|
Use VAMT to switch them all over to MAK.
|
|
#
?
Feb 19, 2020 21:41
|
|
|
E-mail someone letting them know that the licensing is now the other companies responsibility, then Sickening posted:Eh, its their problem now. Don't worry about it.
|
|
#
?
Feb 19, 2020 21:42
|
|
|
I am getting to grips with intune. I migrated the iPad airs across, but because they don't support shared user scenarios, I've only ever used MDM on a device centric way. Intune seems way more user centric. For BYOD windows devices, I'm confused as to how domain joined devices will be affected, as scopes only affect users (I think) I don't want the same policies on BYOD devices as devices onsite. We have SSO with AD connect which has a habit of signing the device into the MDM by adding a work account. Should I really be designing policies in a way that intune is meant for both scenarios, or is there a way to achieve what I want? If I should be using intune for both, not everyone needs a license. On shared computers I don't know what will happen if some users sign in with / without an intune license. Any help is appreciated!
|
|
#
?
Feb 19, 2020 22:35
|
|
|
OEM image every machine on the way out the door?
|
|
#
?
Feb 20, 2020 03:07
|
|
|
gently caress this KMS poo poo is a mess and I'm so confused. I wasn't the one that installed the KMS server and I don't typically deal with Microsoft licensing too much so this is a bit out of my scope. Though looking into this, the problem seems worse than I thought. Originally years ago when we purchased the machines, we bought one volume license key to give us imaging rights. Though instead of using the OEM media, they used the VL media I believe. Not sure if this was the right thing to do or not. I installed VAMT and did a scan and a few computers appear to be licensed with a MAK, most are licensed with a GVLK, a bunch are licensed with RETAIL with a 3V66T key which appears to be computers that were upgraded from Windows 7 or 8 and are digitally licensed I think? What I don't understand though is how the GVLK keys work. When I go on the KMS host and look up the installed product keys with "slmgr.vbs /dvi all" the only key installed is our Windows Server 2016 KMS key. I don't see Windows 10 Pro anywhere, though when I do a "slmgr.vbs /dvi" from one of the GVLK Windows 10 machines it says licenced through our KMS host. I tried to switch one computer from the GVLK key to use our MAK volume key but it came up invalid and wouldn't install. Anyone have any idea what's going on? Moey posted:OEM image every machine on the way out the door? I'd love to but unfortunately we can't. The plan is we're unjoining them from our domain, joining to theirs, and their going to use forensit software to copy the profile and call it a day. I believe because this new company is a one-man IT dept. kiwid fucked around with this message at 17:30 on Feb 20, 2020 |
|
#
?
Feb 20, 2020 17:22
|
|
|
The Server 2016 key on the KMS licenses Windows 10 and below (as well as Server 2016 and below). I don't have access to our volume licensing portal but when i was helping someone else with updating our KMS keys, there was a single key for both desktop and server OS, and you could only have one loaded at a time. So that Server 2016 Key in your KMS is the correct license key to activate Windows 10 in addition to Server 2016. E: If the devices all came with OEM licenses and you want to use those I suspect it's going to be some combination of removing the existing key info (slmgr /upk), installing a Windows 10 "default" key (I don't think this is  but I'm not going to link to one just in case, but they're easy to find online) and then ensure that device can activate.It looks like the OEM key will also be burnt into the BIOS if the device came with Win 10, so you may have to extract that key for each device and install it (instead of a default key). this site has a number of ways to get at that OEM key, but the easiest way is probably the WMI method there. So you'd remove the existing KMS install key, install the devices OEM key, then activate it. Should be pretty easy to script out. FISHMANPET fucked around with this message at 17:41 on Feb 20, 2020 |
|
#
?
Feb 20, 2020 17:30
|
|
|
FISHMANPET posted:The Server 2016 key on the KMS licenses Windows 10 and below (as well as Server 2016 and below). I don't have access to our volume licensing portal but when i was helping someone else with updating our KMS keys, there was a single key for both desktop and server OS, and you could only have one loaded at a time. So if they were to purchase one VL key for Windows 10 and setup a KMS server, would this solve all our issues?
|
|
#
?
Feb 20, 2020 17:34
|
|
|
I don't know enough about what you actually need to purchase to be in compliance (vs what is needed to just make the activation warnings go away...) but the easiest is probably going to be what I added in my edit, to reactivate the devices with their OEM key. Although part of that will be that the edition they're running now has to match what the OEM version was, you won't be able to activate an Enterprise install with the Pro key, but I would imagine if you re imaged with Pro you should be able to activate with the OEM pro key.
|
|
#
?
Feb 20, 2020 17:43
|
|
|
FISHMANPET posted:I don't know enough about what you actually need to purchase to be in compliance (vs what is needed to just make the activation warnings go away...) but the easiest is probably going to be what I added in my edit, to reactivate the devices with their OEM key. I don't know if this is the case anymore, but in Windows 7 there was a difference between OEM, retail, MAK and VL/KMS installs and it wasn't trivial to switch between them.
|
|
#
?
Feb 20, 2020 17:45
|
|
|
Yeah i'd throw in a big caveat of "try it first before you decide it's the plan you're going to implement" because i'm just theorycrafting from my incomplete knowledge of activation.
|
|
#
?
Feb 20, 2020 17:46
|
|
|
Yeah as far as I know from what I've been finding on Google, the OEM and VL media are different and OEM keys can only be activated on the OEM media. Worth a try though. I might just hand these over though and say "You have 180 days to reinstall Windows" since the KMS activation seems to stay activated for 180 days.
|
|
#
?
Feb 20, 2020 18:06
|
|
|
gently caress me, I was using the wrong product key when the MAK activation was failing. I used to right key and was able to activate all these computers with MAK instead of KMS. Problem solved, thanks everyone.
|
|
#
?
Feb 20, 2020 20:19
|
|
|
You know what they say, it takes a village.
|
|
#
?
Feb 21, 2020 02:35
|
|
|
Talk to me about doing SAML for SS with CLOUD APPLICATIONS I see I can pay $2/user for Okta or OneLogin. Looks easy to install. However, x 500 users = $1,000/month which is a big cost for a single application. Is there something I can setup internally that will either be a one-time cost, or free? I remember a million years ago having to use some app that made me go to an internal website and copy/paste a key and it was a PITA to sign in. What is ADFS all about?
|
|
#
?
Feb 21, 2020 14:46
|
|
|
Yeah, you can use ADFS. Do you not use O365/Azure? Because if you do, just use Azure AD. I wouldn't look at this like a one time thing for one application. A good SSO / cloud identity solution will pay dividends later. I wouldn't go with ADFS unless it was a requirement of the project. Managing that yourself these days seems less than ideal.
|
|
#
?
Feb 21, 2020 15:10
|
|
|
Internet Explorer posted:You know what they say, it takes a village. And the idiot is in charge of developing licensing schemes for Microsoft.
|
|
#
?
Feb 21, 2020 15:10
|
|
|
Internet Explorer posted:Yeah, you can use ADFS. Do you not use O365/Azure? Because if you do, just use Azure AD. I wouldn't look at this like a one time thing for one application. A good SSO / cloud identity solution will pay dividends later. I wouldn't go with ADFS unless it was a requirement of the project. Managing that yourself these days seems less than ideal. No O365 or Azure here.
|
|
#
?
Feb 21, 2020 15:47
|
|
|
Bob Morales posted:No O365 or Azure here. Then ADFS is what you want. It’s also easy to federate with AzureAD if you do move that way in the future. Doing ADFS right can take a little bit of planning. The minimal recommended configuration is 2 nodes + lb + wap, but if it’s just this application and only internal facing you might be able to get away with less.
|
|
#
?
Feb 21, 2020 16:23
|
|
|
Cross posting from the small business thread just in case...Gerdalti posted:Anyone have any opinions on cloud managed / serverless antivirus? Symantec being bought by broadcom seems to be a clusterfuck. I can't even get license renewals.
|
|
#
?
Feb 21, 2020 16:42
|
|
|
We've had good experience with Sophos, at least compared to moving away from the disaster that is SEP
|
|
#
?
Feb 21, 2020 16:54
|
|
|
The Fool posted:Then ADFS is what you want. It’s also easy to federate with AzureAD if you do move that way in the future. It's a public website/app (WorxHub) I might start playing around with SimpleSAMLphp
|
|
#
?
Feb 21, 2020 17:00
|
|
|
Okta Cloud Connect is free for one app + AD integration. I set up our Okta instance, user provisioning to AD from our HRIS, and migrated all of our SSO to it so I’d be happy to answer any questions.
devmd01 fucked around with this message at 17:33 on Feb 21, 2020 |
|
#
?
Feb 21, 2020 17:30
|
|
|
devmd01 posted:Okta Cloud Connect is free for one app + AD integration. I set up our Okta instance, user provisioning to AD from our HRIS, and migrated all of our SSO to it so I’d be happy to answer any questions. But that's for your app, not some generic app out on the internet from another company, right? What are the requirements for participating in Okta Cloud Connect? As a cloud app vendor, you need an app integration publicly listed in the Okta Application Network that supports SSO (via SAML) and user provisioning. Not yet integrated with Okta? Get started. Is Okta Cloud Connect really free? Yes! Okta Cloud Connect is free for both you and your customers for an unlimited time period, and for an unlimited number of users.
|
|
#
?
Feb 21, 2020 18:42
|
|
|
klosterdev posted:We've had good experience with Sophos, at least compared to moving away from the disaster that is SEP I'd be a broken man if the team that manages SEP for us wasn't super helpful and responsive.And if at least some of our instrument vendors weren't providing detailed breakdowns of what exclusions they need.
|
|
#
?
Feb 21, 2020 18:59
|
|
|
Bob Morales posted:But that's for your app, not some generic app out on the internet from another company, right? Nope, this is their “first hit is free” strategy to get customers. Install AD connector, import users into Okta, set up your app E: after closer reading of the data sheet it only covers apps that are in the gallery and not a custom SAML app, drat. It uses delegated authentication through the AD agent to AD so it’s not like it’s a separate login. You can also install an IIS plugin on prem to set up integrated windows authentication so people don’t have to enter credentials when on-network. devmd01 fucked around with this message at 19:14 on Feb 21, 2020 |
|
#
?
Feb 21, 2020 19:07
|
|
|
devmd01 posted:Nope, this is their “first hit is free” strategy to get customers. Install AD connector, import users into Okta, set up your app (be it one they have in the gallery or a custom SAML app) and call it a day. Alright, I'll take a look. We checked them out really quick but the $2/user scared us off.
|
|
#
?
Feb 21, 2020 19:11
|
|
|
Bob Morales posted:It's a public website/app (WorxHub) That doesn't matter as much as where your authentication requests are coming from. quote:I might start playing around with SimpleSAMLphp I can't recommend this in any way. devmd01 posted:Nope, this is their “first hit is free” strategy to get customers. Install AD connector, import users into Okta, set up your app (be it one they have in the gallery or a custom SAML app) and call it a day. Obviously you're more familiar with it, but the website seems to imply that in order to use the free solution you need to be using an app that is part of their marketplace. I don't see anything obvious saying you can setup a generic SAML endpoint.
|
|
#
?
Feb 21, 2020 19:12
|
|
|
Hah, beat me to the edit!
|
|
#
?
Feb 21, 2020 19:14
|
|
|
Just start an Office 365 trial to create you an Azure AD instance and then use the Azure portal to add your SAML app. The free tier can do up to 10 SSO apps and you don't get any advanced features but it's a good platform.
|
|
#
?
Feb 21, 2020 20:09
|
|
|
You don't lose access to AzureAD when the O365 trial ends?
|
|
#
?
Feb 21, 2020 20:11
|
|
|
The free tier stays free, I just recommend going the Office 365 trial route so you can log in with a corporate MS account that uses your domain, rather than having to use a personal one and then change permissions later. The worst case scenario would have you adding a single Exchange Online license to a tenant to keep the whole thing alive.
|
|
#
?
Feb 21, 2020 20:46
|
|
|
You are going to have to end up paying some money to some vendor for identity management. Its just going to happen. The only thing you need to worry about is how much you are going to spend. Going the Azure Ad route is probably going to be your cheapest. Its also so common that the things you learn will actually have value.
|
|
#
?
Feb 21, 2020 20:50
|
|
|
quote:SimpleSAMLphp I know it's been said, but I want to reinforce: holy poo poo no
|
|
#
?
Feb 22, 2020 01:44
|
|
|
|
| # ? Apr 19, 2024 11:49 |
|
|
Bob Morales posted:I might start playing around with SimpleSAMLphp
|
|
#
?
Feb 23, 2020 04:19
|
|
