|
I am currently ripping out SCCM that was the wrong solution because "guy with SCCM experience suggested it" and you really should be speaking up that it's the wrong solution. There is very close to 0 reason not to do Intune instead at this time. If you are the "desktop support guy" your opinion of how desktops get managed absolutely matters. Also, that's a hell of a red text title.
|
# ? Sep 19, 2020 22:00 |
|
|
# ? Apr 19, 2024 20:42 |
|
While I'm SCCM and Intune illiterate but knowing Microsoft... I would hate to spend time setting up Intune only to run into something that doesn't work and have to go all the way back to setting up SCCM.
|
# ? Sep 20, 2020 00:19 |
|
Gabriel S. posted:While I'm SCCM and Intune illiterate but knowing Microsoft... I would hate to spend time setting up Intune only to run into something that doesn't work and have to go all the way back to setting up SCCM. Two years ago this was a valid concern, but these days as long as you’re running Windows 10 you’re going to be fine.
|
# ? Sep 20, 2020 00:25 |
|
The Fool posted:Two years ago this was a valid concern, but these days as long as you’re running Windows 10 you’re going to be fine. On a one to ten scale, how well is this documented? Does this apply to Windows Server 2012?
|
# ? Sep 20, 2020 01:47 |
|
Gabriel S. posted:On a one to ten scale, how well is this documented? Does this apply to Windows Server 2012? It doesn't. Server OSes aren't supported in Intune. I imagine the use of SCCM for servers was very small, otherwise we'd probably be seeing it implemented. Not really sure why you'd need it, tbqh.
|
# ? Sep 20, 2020 02:55 |
|
Thanatosian posted:Yeah, from my perspective, it's less "last job," and more "last employer." I want to go somewhere where my future career moves will be internal. Ideally, somewhere where I also get rewarded for loyalty (i.e. something like a public pension, and significantly increasing PTO with seniority). I think I've found that place. I've got a sweet gig for now, good money, disgusting benefits, and good opportunities to move up and around so I'll never be bored between now and retirement. God willing and the creeks don't rise. regulargonzalez posted:Right now we're using Kace which seems pretty basic so anything should be an upgrade. KACE is pretty slick in my opinion. We've got security policies that fight against some its best deployment tricks, but I can run an .msi or .ps1 against any machine or set of machines we've got it on. The reporting and inventory stuff is great, you can throw SQL at it. I got a list of all our subnets by building, so I made a smart label to identify machines by area on campus. That turned out to be aseries of about 30 "OR (IF machine.IP like....)" statements, so I wrote a PowerShell script to take a list of subnets and return a complete SQL statement. But maybe I'm biased, before KACE we were managing a couple thousand lab machine with PowerShell scripts I'd written myself. Security theater of the month award: we have Remote Registry and PowerShell Remoting turned off by GPO. But "sc.exe \\<target machine> start <service>" works. So does psexec.exe for starting arbitrary processes on remote machines. You just need to run either of those in a user context that has admin on the remote system(s).
|
# ? Sep 20, 2020 05:19 |
|
Internet Explorer posted:It doesn't. Server OSes aren't supported in Intune. I imagine the use of SCCM for servers was very small, otherwise we'd probably be seeing it implemented. Not really sure why you'd need it, tbqh. They need it because they treat servers like workstations and that is kind of the issue. That or they rely on SCCM for windows patch management , which is loving dreadful.
|
# ? Sep 20, 2020 05:23 |
|
We had SCCM on servers for AV but that got removed when we migrated to AMP.
|
# ? Sep 20, 2020 05:25 |
|
mllaneza posted:I think I've found that place. I've got a sweet gig for now, good money, disgusting benefits, and good opportunities to move up and around so I'll never be bored between now and retirement. God willing and the creeks don't rise. Well that is brilliant. Are your infosec people like 70 years old? Are they still trying to physically remove all the USB ports?
|
# ? Sep 20, 2020 05:28 |
|
We’re still using SCCM for server patching. Someone give me an alternative for 4,000 servers or so across 110 physical sites across the globe and I’ll check it out.
|
# ? Sep 20, 2020 22:06 |
|
https://github.com/alievk/avatarify I set this up over the weekend. It's a neat gimmick
|
# ? Sep 20, 2020 23:10 |
|
skipdogg posted:We’re still using SCCM for server patching. Someone give me an alternative for 4,000 servers or so across 110 physical sites across the globe and I’ll check it out. https://docs.microsoft.com/en-us/azure/automation/update-management/update-mgmt-overview
|
# ? Sep 20, 2020 23:47 |
|
skipdogg posted:We’re still using SCCM for server patching. Someone give me an alternative for 4,000 servers or so across 110 physical sites across the globe and I’ll check it out. Comedy option: Powershell Desired State Configuration. Patching is for losers, all the cool kids tear down and spin up new servers every month don’t ya know?
|
# ? Sep 21, 2020 00:38 |
|
DSC isn't for patching.
|
# ? Sep 21, 2020 00:59 |
|
The Fool posted:https://docs.microsoft.com/en-us/azure/automation/update-management/update-mgmt-overview This. We still have some stuff on solar winds patch management that somehow is cheaper and less awful than sccm, which doesn't seem possible. Even its going away as soon as our current agreement is up. We are also making massive shift from windows servers. Far too often I hear things like "we have 4000 windows servers" and I think, wtf why? Far too often these windows servers are just landing zone for individual apps and the windows server was the laziest way the app owner could implement them. It costs much less to go back and do it right in a lot of cases.
|
# ? Sep 21, 2020 01:13 |
|
CLAM DOWN posted:DSC isn't for patching. Exactly. Was meant to be a cheap dig at devops cattle v pets, didn’t land. meh, it’s a Sunday and I’m smoking away these terrible months we have left before glorious nuclear annihilation The Iron Rose fucked around with this message at 01:29 on Sep 21, 2020 |
# ? Sep 21, 2020 01:26 |
|
The Fool posted:https://docs.microsoft.com/en-us/azure/automation/update-management/update-mgmt-overview Yup, this is Microsoft's recommendation right now. Our environment is smaller, so I'm moving from WSUS for the servers to Azure Update Management. SCCM just for Microsoft updates seems really expensive. If you're deploying 3rd party packages and stuff too, I guess I'd understand. We're going to be using Chocolatey with Intune and hopefully for any of the few 3rd party packages I can just do PowerShell + Chocolatey. Microsoft has a package manager coming out but it's not ready yet.
|
# ? Sep 21, 2020 01:36 |
|
Internet Explorer posted:
Ironically I don't remember the guy's name off the top of my head but you probably should credit him with creating their package manager since they pretended they were going to hire him, interviewed him to learn all about his package manager, then kicked him out and "developed" their own. Least we can do is credit him for his work.
|
# ? Sep 21, 2020 03:00 |
|
AppGet, the guy's name was Keivan Beigi.
Sheep fucked around with this message at 04:01 on Sep 21, 2020 |
# ? Sep 21, 2020 03:55 |
|
The Iron Rose posted:Exactly. Was meant to be a cheap dig at devops cattle v pets, didn’t land. meh, it’s a Sunday and I’m smoking away these terrible months we have left before glorious nuclear annihilation Fair. I don't usually get most jokes anyways. I'm old. CLAM DOWN fucked around with this message at 04:26 on Sep 21, 2020 |
# ? Sep 21, 2020 04:05 |
|
CLAM DOWN posted:Fair. I don't usually get most homes anyways. I'm old. Yeah homes are for the young people.
|
# ? Sep 21, 2020 04:23 |
|
Super Soaker Party! posted:Yeah homes are for the young people. Omfg I can't type on my phone anymore either, take me out back, I'm done
|
# ? Sep 21, 2020 04:26 |
|
CLAM DOWN posted:Omfg I can't type on my phone anymore either, take me out back, I'm done It's OK, grandpa. Turns out we DO have a home for you, and they'll take real good care of you.
|
# ? Sep 21, 2020 04:27 |
|
Re: job with Submitted my take home exercise Thursday morning, got home from camping to a request for a follow up interview on Tuesday
|
# ? Sep 21, 2020 04:32 |
|
The Fool posted:Re: job with Good luck friend.
|
# ? Sep 21, 2020 04:38 |
|
Yeah. Super loving lovely.
|
# ? Sep 21, 2020 06:12 |
|
The Fool posted:https://docs.microsoft.com/en-us/azure/automation/update-management/update-mgmt-overview Am I correct in thinking this is the solution for servers in a modern Microsoft environment, and Intune/Update for Business is for clients? I ask cause my company is looking to move off of LANdesk soon and I want to make sure all our machines are covered. Would we need both?
|
# ? Sep 21, 2020 08:35 |
|
If you're doing modern desktop then you will want EM+S to benefit from conditional access policies and the SSO options that come with Azure AD Premium plans, Intune is part of that bundle and can manage your client endpoints including mobile devices. You'll want to handle settings management, application deployment etc. and that isn't part of the Update Manager feature set.
|
# ? Sep 21, 2020 11:43 |
|
The Fool posted:https://docs.microsoft.com/en-us/azure/automation/update-management/update-mgmt-overview Does this allow for a central update repository to share from? Thats one of the reasons my company wants to use SCCM is so they can knock off another connection to the outside world and just pull from a distribution site and save bandwidth.
|
# ? Sep 21, 2020 14:31 |
|
quote:Third-party updates on Windows
|
# ? Sep 21, 2020 15:17 |
|
Yay. Almost 2021 and still have to deal with WSUS
|
# ? Sep 21, 2020 15:39 |
|
skipdogg posted:Yay. Almost 2021 and still have to deal with WSUS I've been pushing for intune for a while. The only in that I had was that we need MDM since abandoning Airwatch. Unfortunately I know this just means we will have Intune for phones, while using SCCM for one network and WSUS for another.
|
# ? Sep 21, 2020 15:46 |
|
In the spirit of PowerShell, shouldn't that be Get-App ?
|
# ? Sep 21, 2020 15:48 |
|
Can somebody please define DevOps for me for like the millionth time? I still just don't understand what exactly it's supposed to be. And also, why is DevOps and Kubernetes things you always see in the insane big money jobs?
|
# ? Sep 21, 2020 15:49 |
|
Vargatron posted:Can somebody please define DevOps for me for like the millionth time? I still just don't understand what exactly it's supposed to be. And also, why is DevOps and Kubernetes things you always see in the insane big money jobs? You answered your own question.
|
# ? Sep 21, 2020 15:56 |
|
It's using python to manage your servers instead of powershell
|
# ? Sep 21, 2020 15:59 |
|
Vargatron posted:Can somebody please define DevOps for me for like the millionth time? I still just don't understand what exactly it's supposed to be. And also, why is DevOps and Kubernetes things you always see in the insane big money jobs? There's an "in theory" and an "in practice" answer to this question, but the term is so diluted in 2020 as to be almost meaningless. In theory, it is a set of principles based around removing organizational boundaries between software development groups and infrastructure operations groups. If you do this well you can eliminate the incredible amount of manual toil involved with writing software, which will reduce the time it takes for a product feature to go from conception to market, which is a competitive advantage and is one that investors really like to hear about. In practice, DevOps tend to either be a software developer specialization where you know how DNS works, or it is a sysadmin position where you know what a message queue is for. In either case, there's a lot of manual toil involved with putting programs on computers, and your job is usually to be the steward for that toil and reduce it where you can. You often see DevOps and Kubernetes in the same job posting because Kubernetes can't really be managed traditionally. You have to have some experience with toolsets that you would likely pick up while working in a DevOps adjacent role in order to use it effectively. The placement of DevOps near Kubernetes tends to be a recruiting strategy in my experience. The insane big money is a combination of a lot of factors but the generous answer is that these skillsets don't come into existence in a vacuum and can't really be taught in school, so the hiring pool is very small. The industries in need of "a person who can manage a 5 digit number of servers by themselves" also tend to also be the same industries that are being pumped full of money by the public market or by economic policy, which creates this pile-on effect of more and more competitors with more and more money interested in the same hiring pool.
|
# ? Sep 21, 2020 16:29 |
|
Vargatron posted:Can somebody please define DevOps for me for like the millionth time? I still just don't understand what exactly it's supposed to be. And also, why is DevOps and Kubernetes things you always see in the insane big money jobs? I'll bite because most of the answers you'll get will be sarcastic as the term has been co-opted by consultants trying to make a quick buck by "rubbing some devops on it" or companies trying to make their hiring more attractive. DevOps is a cultural shift characterized by increased investment in a shared responsibility model between development and operations where the process is no longer "dev throws it over the wall to ops" but instead is a collaborative effort where ops provides the tools and expertise to allow dev to deploy, run, manage, and monitor their code in production. As far as technical pieces, it emphasizes CI/CD, operational tooling (such as immutable builds, infrastructure as code, infra automation, etc.), and monitoring and alerting among others. The reason you see the term attached to big money jobs is because the operational component is specialized and requires a balance between deep expertise in infra and writing code as well as a broad skill-set across the stack that the company is using. It's hard to hire for the skills, let alone the aptitude and the strength to drive team and company culture change.
|
# ? Sep 21, 2020 16:33 |
|
Thanks for the responses. I guess my trouble is based on my last job where software development was already handled by Sysadmins. I thought that was just standard practice rather than a special tag like DevOps. Also, ask me about wearing way too many hats as a SysAdmin with no formal training!!
|
# ? Sep 21, 2020 16:40 |
|
|
# ? Apr 19, 2024 20:42 |
|
mllaneza posted:In the spirit of PowerShell, shouldn't that be Get-App ? hey now, don't let little thing like standards get in the way of marketing
|
# ? Sep 21, 2020 16:53 |