|
The Fool posted:um, just being connected to the VPN doesn't do it? The thing is that there is no VPN. I suppose I'm asking about installing one, whether that is quick and dirty. nielsm posted:You can't sit in the parking lot and reach wifi? That did occur to me, but we've received enough communication on this issue that it seems to not be a full suitable solution. In particular, there are staff members out of town with their computers, who are advised to stay where they are (this all happened during our spring break).
|
# ? Apr 9, 2020 20:26 |
|
|
# ? Apr 27, 2024 01:58 |
|
Newf posted:The thing is that there is no VPN. I suppose I'm asking about installing one, whether that is quick and dirty. That depends a lot on your current infrastructure. If you have an edge appliance that has a built in client vpn, it should be fairly easy. But even then you will have a bunch of other considerations: like how are you going to handle authentication? and how are you going to deploy the client?
|
# ? Apr 9, 2020 20:30 |
|
E:;f;b
|
# ? Apr 9, 2020 21:23 |
|
You've got a bunch of laptops that are now unreachable as far as managing them is concerned, and you need to implement VPN and then get the clients onto end user devices, and your end users all work at a school. Do you have a hefty stock of booze?
|
# ? Apr 9, 2020 23:46 |
|
Thanks Ants posted:Do you have a hefty stock of booze? There's not enough booze for that.
|
# ? Apr 10, 2020 00:05 |
|
Don't have to worry about KMS if your enterprise so behind the curve you still use MAK
|
# ? Apr 10, 2020 00:07 |
|
Thanks Ants posted:You've got a bunch of laptops that are now unreachable as far as managing them is concerned, and you need to implement VPN and then get the clients onto end user devices, and your end users all work at a school. Honestly I'm so happy I managed to A. get my old district fully moved over to MacBook Pros for teachers before I left and B. left right as the shelter-in-places started to kick in You couldn't pay me enough money to be there right now
|
# ? Apr 10, 2020 01:21 |
|
Even then, KMS generally only needs about 2 check-ins per year. Machine key changes are client side driven and won't happen until the next domain connection after the expiration. This just sounds like a very aggressive account purge script and if that's the case, it should be suspended.
|
# ? Apr 11, 2020 05:58 |
|
Thanks Ants posted:You've got a bunch of laptops that are now unreachable as far as managing them is concerned, and you need to implement VPN and then get the clients onto end user devices, and your end users all work at a school. Here's the great part: not actually my problem. I'm a teacher, not a tech, but I was intrigued by the problem and thought I'd ask here. Sounds like consensus is that it's a headache.
|
# ? Apr 11, 2020 09:16 |
|
It's not really that bad. I'm sure the school district's IT staff can push out a VPN client over their OTA configuration/package management system!!
|
# ? Apr 11, 2020 11:58 |
|
.. and his name is Jimmy.
|
# ? Apr 12, 2020 01:01 |
|
My wife is a teacher and they’re in the same boat, no VPN set up or configured. Her IT department’s solution? Send everyone instructions on how to log in to their VMware horizon infrastructure. And then didn’t include any instructions on how to actually do a password change when dropped in to a win10 desktop....not everyone knows about Ctrl-alt-ins/end.
|
# ? Apr 12, 2020 01:10 |
|
Tapedump posted:.. and his name is Jimmy.
|
# ? Apr 12, 2020 07:54 |
|
devmd01 posted:My wife is a teacher and they’re in the same boat, no VPN set up or configured. Her IT department’s solution? Send everyone instructions on how to log in to their VMware horizon infrastructure. Writing instructions for non technical people is a real skill that a lot of us should probably practice more (or go work for a corporation where you can slough that poo poo off on a tech writing team, and then point at them when the docs are bad.) When I used to interview people for the help desk, one of our questions was to ask someone to explain how to tie a shoe to someone who doesn’t understand shoes, knots, or feet.
|
# ? Apr 12, 2020 14:07 |
|
I took the latter option...as hard as I try to simplify, dumb it down, and keep to essential information I literally cannot wrote good tech instructions/communications for the average user. The hazards of knowing the intimate details about how tech poo poo works I guess. Thankfully I do have someone I can work with for that special touch if I have a reason to send something out to the masses.
|
# ? Apr 12, 2020 14:23 |
|
Dirt Road Junglist posted:explain how to tie a shoe to someone who doesn’t think they need to understand shoes, knots, or feet. I'm pretty good at step-by-step documentation for the lay public, but even in those I'll provide summaries at the top of each section. "Now we're going to set the network adapter to DHCP, with manual DNS servers xxx.xxx.xxx.xxx and xxx.yyy.xxx.xxx, now here's every click to accomplish this. That lets someone who knows what they're doing skim through and get the specifics they need, and gives some overview for the novice who needs their hand held throughout. And for documentation meant for other techs ? Set these two parameters in control panels, then open up gpedit.msc and enable these three policies.
|
# ? Apr 12, 2020 20:49 |
|
I write all of the documentation for end users for anything regarding the VPN. There's arrows, pictures, red circles around what they need to do and a numerical step-by-step. Unfortunately, I think maybe only 5% of the users read anything I write as they will call our poor help desk and claim that they never got the e-mail/looked at the VPN section of the intranet.
|
# ? Apr 12, 2020 23:00 |
|
Heartcatch posted:I write all of the documentation for end users for anything regarding the VPN. There's arrows, pictures, red circles around what they need to do and a numerical step-by-step. Unfortunately, I think maybe only 5% of the users read anything I write as they will call our poor help desk and claim that they never got the e-mail/looked at the VPN section of the intranet. Painfully true. (Even the red arrows and circles.)
|
# ? Apr 13, 2020 02:46 |
|
I have an existing O365 setup, and I'd like to bring in a new domain that has an existing on-prem Exchange installation as a hybrid configuration. My issue is that if I add the domain to Azure AD / Office 365, any mail coming from users already on O365 tries to route internally and bounces because those users don't exist within Azure yet - is there a way to add the domain to Azure/O365 without having O365 try to route mail to it? I can't setup AAD sync without adding the domain, but I don't want to bounce mail in the window between adding the domain and getting Hybrid mode going.
|
# ? Apr 22, 2020 20:14 |
|
wyoak posted:I have an existing O365 setup, and I'd like to bring in a new domain that has an existing on-prem Exchange installation as a hybrid configuration. My issue is that if I add the domain to Azure AD / Office 365, any mail coming from users already on O365 tries to route internally and bounces because those users don't exist within Azure yet - is there a way to add the domain to Azure/O365 without having O365 try to route mail to it? I can't setup AAD sync without adding the domain, but I don't want to bounce mail in the window between adding the domain and getting Hybrid mode going. You're looking for instructions like this... https://docs.microsoft.com/en-us/exchange/mailbox-migration/mailbox-migration Also, to more directly answer your question, you add the domain, add the verification records to DNS, and have Azure verify it. That will not start routing email to O365 until you change the MX records. Office 365 might complain that the MX, SRV, etc records aren't correct. But that won't stop you from using the domain to do AAD sync. As long as you only add the TXT records for verification, you shouldn't break your email routing.
|
# ? Apr 22, 2020 20:27 |
|
Beefstorm posted:You're looking for instructions like this...
|
# ? Apr 23, 2020 05:12 |
|
Add a transport rule that routes that domain to your on prem smtp.
|
# ? Apr 23, 2020 11:54 |
|
wyoak posted:Issue isn't with external domains routing, it's that mail originating from my O365 tenant doesn't make it to my on-prem mail server once I add the domain to Azure (and no DNS changes) - I've tested it with a dummy domain. Mail gets bounced by O365 saying the user doesn't exist. As soon as you get AD Connect up and synced that won't be an issue as O365 will see that they exist in the On-Prem Exchange and will route them properly. There will be a short mail flow outage to get everything complete but if you get your DNS TTLs nice and short and carefully go through each step it should be pretty quick. The longest thing to deal with will be the ADConnect full sync time.
|
# ? Apr 23, 2020 15:58 |
|
Zaepho posted:As soon as you get AD Connect up and synced that won't be an issue as O365 will see that they exist in the On-Prem Exchange and will route them properly. There will be a short mail flow outage to get everything complete but if you get your DNS TTLs nice and short and carefully go through each step it should be pretty quick. The longest thing to deal with will be the ADConnect full sync time. Just enabling Azure AD Connect isn't enough to get mail flowing between the environments. You also need to setup the connectors between on-prem exchange and O365. You can use the Exchange Hybrid Configuration Wizard to set that up. https://docs.microsoft.com/en-us/exchange/hybrid-configuration-wizard
|
# ? Apr 23, 2020 17:23 |
|
I'm thinking add domain and immediately setup hybrid, that way email will continue to flow, then do AAD sync Maybe add an internal relay before even adding the domain to Azure? Back to the lab I go
|
# ? Apr 23, 2020 18:00 |
|
wyoak posted:I'm thinking add domain and immediately setup hybrid, that way email will continue to flow, then do AAD sync You can add the domain before setting up hybrid. The mail just wont flow correctly until you setup the hybrid Exchange environment. But, it is the right thing to do it in that order. You want to have your domain setup and able to authenticate properly before you start setting up Exchange Online.
|
# ? Apr 23, 2020 18:12 |
|
Buy a random domain and add that to your existing on-premises environment and run through the entire process with that domain, making notes as you go and resolving any outstanding prerequisites, then go again with the domain that matters.
|
# ? Apr 23, 2020 18:37 |
|
Beefstorm posted:Just enabling Azure AD Connect isn't enough to get mail flowing between the environments. You also need to setup the connectors between on-prem exchange and O365. You can use the Exchange Hybrid Configuration Wizard to set that up. You're absolutely right. Skipped over that step in my head for whatever reason.
|
# ? Apr 23, 2020 18:57 |
|
Is this the place that I would ask stupid basic questions as I fumble my way through the Deployment Lab for SCCM that MS offers? I’m getting started on setting up the Azure subscription so I can work through those labs and wanted to verify that I can make any ole domain choice because I’m just testing anyway. So, I could put whatever.onmicrosoft.com and be OK as long as no one else thought of it.
|
# ? Apr 30, 2020 20:53 |
|
Probably, but if you want the really right place for stupid questions (and answers!) it's r/sysadmin
|
# ? May 1, 2020 00:30 |
|
What is the modern way to build VPN profiles? I can manually create a VPN connection that works in the wifi\network GUI pop up but CMAK installed profiles bring up that horrendous vpn window.
|
# ? Jun 3, 2020 20:16 |
|
Boywhiz88 posted:Is this the place that I would ask stupid basic questions as I fumble my way through the Deployment Lab for SCCM that MS offers? I’m getting started on setting up the Azure subscription so I can work through those labs and wanted to verify that I can make any ole domain choice because I’m just testing anyway. If you're going to use it with your own domain it doesn't matter, except for OneDrive links which will still show the the onmicrosoft thing.
|
# ? Jun 4, 2020 01:04 |
|
I've got a Dell R640 with 2x Xeon 4214R running Server 2019 with Hyper-V and there seems to be an issue where the logical processors aren't being utilized. Has anyone seen this before? I've tried Googling and can only find a bunch of discussions on whether hyperthreading should be enabled or not, nothing to do with whether the cores are actually being used. https://imgur.com/a/vsWEB7Y
|
# ? Jun 10, 2020 03:01 |
|
I have a home drive file server. Domain admin has full access to it on the permissions. If I login to the file server and try to access that folder by going to D:\Blah\Homedrive. It literally adds my single account onto every folder. Why is this?
|
# ? Jun 19, 2020 11:50 |
|
Are you talking about when you grant yourself access to a folder? Folders are set to inherit permissions from the folders parent. (unless you've explicitly disabled inheritance on a particular folder)
|
# ? Jun 19, 2020 14:56 |
|
klosterdev posted:Are you talking about when you grant yourself access to a folder? Folders are set to inherit permissions from the folders parent. (unless you've explicitly disabled inheritance on a particular folder) I think he means that, he has user folders, domain admins have full access as does the user, but when he goes to access that folder as the domain admin "SeymourButtes" it explicitly adds SeymourButtes to the NTFS permissions list, despite SeymourButtes already having access due to domain admins being given full control.
|
# ? Jun 19, 2020 15:13 |
|
Don’t use domain admin for file security. Make a separate “File Admin” group
|
# ? Jun 19, 2020 15:19 |
|
lol internet. posted:I have a home drive file server. Domain admin has full access to it on the permissions. Domain Admin group gets dropped from your token by UAC after you log in because it's a well known high security group. Therefore, when you try to access the files and don't have rights, it gives you the option to elevate and add yourself to the structure. The Fool posted:Dont use domain admin for file security. Make a separate File Admin group
|
# ? Jun 19, 2020 15:38 |
|
Thanks. Will do.
|
# ? Jun 20, 2020 06:50 |
|
|
# ? Apr 27, 2024 01:58 |
|
Anyone have edge chrome deployed in the enterprise? Trying to configure setting\bookmark sync with O365 account via GPO automatically. Anyone have any luck? We're in a hybrid deployment, computers are not hybrid joined or azure AD joined. No Intune. It looks like the computers are "Azure AD Registered" and I believe it's from when I have users signing into the Microsoft app store. There's a prompt which says Allow your company to manage/sync settings of device.
|
# ? Jul 28, 2020 07:03 |