|
The fact that account name even matters and shouldn't be updated is loving dumb. Use GUIDs for important identification stuff and move on. gently caress legacy stuff that can't cope.
|
# ¿ May 28, 2015 06:47 |
|
|
# ¿ Apr 23, 2024 18:36 |
|
Tony Montana posted:I just disabled 2.5k active users via VBScript. That's enterprise as gently caress and feels awesome VBScript is enterprise as gently caress?
|
# ¿ Jul 22, 2015 02:43 |
|
I still don't understand why you need login scripts using VBS. The whole world has moved passed login scripts. And the reporting you are doing can easily be done with Powershell, but in my opinion the correct way would be using SSRS. Honestly, you seem to continuously bring up the fact that you work for HP. I'm not sure that is worth bragging about. In my mind working for HP is the same as working IT for IBM, Cisco, or the government. It's a mark against, not a mark in your favor. And I'm fairly sure everyone here knows how Tier 1 / 2 / 3 work.
|
# ¿ Jul 23, 2015 03:05 |
|
Yes, working for HP is a mark against you. Sorry.
|
# ¿ Jul 23, 2015 03:29 |
|
It is a Cisco issue. I've been dealing with it as well. Don't remember the details but on Windows 7 it manifests as an IP conflict with an internal IP and then gets a real IP.
|
# ¿ Jul 28, 2015 03:36 |
|
Phone posting but this is what I've run into - http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1028373 https://social.technet.microsoft.co...winserverhyperv Also I didn't mean to ignore the comments from a few pages ago. Been swamped with a project.
|
# ¿ Jul 28, 2015 19:32 |
|
#notenterpriseproblems
|
# ¿ Aug 6, 2015 02:41 |
|
Roargasm posted:The licensing really isn't that bad except for the "activations" you get that make a lot of people think they hit some weird licensing jackpot. They're much easier to find than your actual license specs, so easy that it's almost like audit-inducing low hanging fruit. Yes, that's correct. It's licensed per proc and sold in a pair, so one Datacenter license will allow you to spin up unlimited Windows servers on your normal 2 processor box. One thing I see most companies trip over is the fact that you have to license for "temporary moves" of less than 90 days. If a piece of hardware dies and you're moving the license over for a period of longer than 90 days you're fine. Less than 90 and it doesn't count as a license move. This comes into play with vmotion / HA.
|
# ¿ Sep 12, 2015 19:17 |
|
As long as it's not PST files or Access databases or something like that, I don't see why it wouldn't work. Again, it really depends on your rate of change and I suppose if you are sharing Internet, the bandwidth usage on that. Also not knowing how many users you have on those 25 Mb/s pipes, it is hard to make a recommendation. For me, I would spring for a DFS copy in each location, or at least in each location that the data is accessed. Storage is so cheap these days, 10 TB is nothing. Maybe each branch does not need the same data, only the branch and the HQ. I would also look at why you have to have internet traffic coming back to the main office. If it's for web filtering I would find another solution. If it is because those are dedicated point-to-point connections I would question the reason for not having them be internet connections and doing a VPN back.
|
# ¿ Oct 7, 2015 04:26 |
|
Methanar posted:What? Sounds like he has point to point WAN connections, not VPNs.
|
# ¿ Oct 7, 2015 05:11 |
|
Orcs and Ostriches posted:Most K-12 schools / hospitals / libraries, etc. in Alberta are connected together with a fibre network run by the government. Each site has a VPN connection back to our office connected to the same network. Outside of a few government hosted services, no outside network access is provided through it. It's also all funded by the government at the level of service we have, and free is good when working in education and our perpetually slashing budgets. Then like I said, for data only needed at a branch do just that branch and the HQ. Maneki Neko posted:Are people still generally using folder redirection & roaming profiles? We're starting to bump across more and more apps that having issues with redirected app data folders (despite the fact that we've been doing it forever and as far as I was aware it was a pretty common thing). I never redirect appdata either, too many problems with apps and that folder is normally more talkative than most, so a roam lightens that a bit. It really depends on your situation, but assuming you were redirecting appdata and are moving to roaming, you shouldn't have too many problems. Are you using non-persistent desktops? If so, then it will download each time and I would do a quick inventory to make sure no one has huge appdata folders. If not then it's just the first time they log into a machine and shouldn't be too bad unless users move around frequently.
|
# ¿ Oct 7, 2015 19:40 |
|
What do you have against Roaming Profiles in TYOOL2015?
|
# ¿ Oct 8, 2015 14:34 |
|
Tony Montana posted:Give me an example of your implementation of roaming profiles. I've never seen it work right, and I've seen a lot of troubleshooting lost on it. I'm going to put about as much effort in as a Wikipedia link (seriously a Wikipedia link for pros/cons of an IT technology?). Roaming Profiles work just fine. It's not the year 2000 anymore. Once the world figured out that you need to use Folder Redirection with your Roaming Profiles things got a lot better. Add v2 profiles and it works just fine and is better than the alternative. If you have needs for something more than that you have options like AppSense Environment Manager, Citrix Profile Management, or Microsoft User Experience Virtualization. The second paragraph about the power of Web2.0 confuses me and I'll just pass on that. Your third paragraph is just lazy IT. "we just don't give a poo poo about what's on someone's desktop... it's part of their [user's] job to keep their work in a safe place." Yeah, welcome to the year 2000, please store all files in your Home Drive. Zero VGS posted:As everyone said, AppData can gently caress up a lot of things, it was redirected at one of my previous places and it would do all sorts of crazy poo poo, such as if someone was logged into two computers at once, Firefox would refuse to open on the second computer because it was "already in use", among other anomalies. This is just about the worst loving idea I've ever heard. Ignoring everything terrible about it, you seriously went to 500+ users and dragged all the "Desktop, Documents, Pictures, Videos, etc" into OneDrive? Are you kidding me? And what happens when that breaks for all 500+ users at once because of some dumb Windows or OneDrive patch? Some of you people are the IT guys I want to murder.
|
# ¿ Oct 9, 2015 04:14 |
|
Tony Montana posted:Hang on.. Roaming Profiles.. I bet you're the guy.. Yeah, I am definitely that guy and you further prove my point with such gems as a Wikipedia link of "drawbacks" in a technical discussion and "who cares about user files, let God sort it out." Don't exert yourself with all that effort.
|
# ¿ Oct 9, 2015 14:04 |
|
Honestly I'm just still laughing at your cloud apps and Roaming Profiles = "users should out things in the right places!" responses. Both show you have no idea what you're talking about. And you totally missed the low hanging fruit about Microsoft UEV, no one uses that poo poo. It's garbage.
|
# ¿ Oct 9, 2015 14:32 |
|
What are you using to host VMs? Pretty much any of them will have built-in templating. And honestly, what's the name of your company? So I can stay far, far away.
|
# ¿ Dec 3, 2015 01:58 |
|
No, but that sounds like something that should have been reimaged as soon as you said MSE was not working. Also unless something changed recently MSE is not licensed for business use over (25?) PCs.
|
# ¿ Dec 9, 2015 15:54 |
|
Everyone keeps telling you that you are doing sketchy as hell things with licensing. Are you really surprised that you ran into problems? Why are you taking an image of an OEM machine? What exactly did "purchasing cloning rights" entail?
|
# ¿ Jan 14, 2016 02:14 |
|
Zero VGS posted:I ran all of this by actual 1st party Microsoft licensing specialists and they said go for it. But anyway, we only use one model of laptop across the whole organization (Elitebook 840), so we set up the configuration and Clonezilla it to further laptops, then change the PC name and set the PC to it's own motherboard product key. The "cloning rights" was them telling me that as long as I bought a single copy of Windows 10 Pro through volume licensing, I would reimaging rights to make a master image using any 3rd party tool I wanted, and I could do this to any laptop as long as it initially had a valid Windows 7/8 OEM key, which they all do; HP and my vendor ships every laptop of this model with a key. Sounds like you should be asking that Microsoft licensing specialist then. I've heard of this loophole before and I'm pretty sure you should be using your volume license key. As long as your OS version matches what's on the OEM sticker you should be "good." Just keep in mind this loophole contradicts the concept that a volume license only exists as an upgrade to an OEM copy of Windows. GreenNight posted:You have to understand Zero VGS has one hosed up network and everything is build on string and spit. Sorry, I don't really buy this excuse. If you can't afford the software, don't use it. Plus he's mentioned that his company is a direct competitor with VMware. I don't really buy the excuse that the money isn't there. He comes off as every other cheap IT guy I've run into in my career. "If I save them money, they'll give the money to me instead!"
|
# ¿ Jan 14, 2016 15:04 |
|
I uae DFS-N for any share I make, even when not using DFS-R.
|
# ¿ Feb 5, 2016 06:52 |
|
Yeah, I mean as long as you're not putting user profiles or folder replication without doing manual fail over or have super large files I don't really see the problem.
|
# ¿ Feb 5, 2016 07:03 |
|
Network Detective is great. I don't think a non-domain admin account, or at the very least an account granted local admin on everything, can get all that Network Detective queries. Have you reached out to their support? They are usually pretty good.
|
# ¿ Feb 22, 2016 21:11 |
|
BaseballPCHiker posted:Special snowflake user has beaten me in inter-office politics and now gets their way in regards to their PC locking after 15 minutes of inactivity. I must suffer through this until our next audit when inevitably they will flag this and demand I change it back. (Yes I have the special demand in writing stating my objections). OU-level policies are applied last and will overwrite policies applied at higher levels. Just put the PC in a security group, apply the policy to disable the setting to that group, then apply the GPO to same OU as the other computers, then set the "disabled" policy to the lowest number in the Link Order of the OU in GP. https://technet.microsoft.com/en-us/library/cc785665(v=ws.10).aspx "At the level of each organizational unit in the Active Directory hierarchy, one, many, or no GPOs can be linked. If several GPOs are linked to an organizational unit, their processing is in the order that is specified by the administrator, on the Linked Group Policy Objects tab for the organizational unit in GPMC. The GPO with the lowest link order is processed last, and therefore has the highest precedence. This order means that the local GPO is processed first, and GPOs that are linked to the organizational unit of which the computer or user is a direct member are processed last, which overwrites settings in the earlier GPOs if there are conflicts. (If there are no conflicts, then the earlier and later settings are merely aggregated.)" [Edit: gently caress me, how did I think that was the last post in the thread? Oh well, leaving it because there is a link.]
|
# ¿ Feb 23, 2016 01:47 |
|
Yeah, that went from unreasonable to ridiculous.
|
# ¿ Feb 23, 2016 19:55 |
|
Abel Wingnut posted:any sql server dbas in this thread? not sure where to post a pretty advanced question. well, advanced for me, the db dev. Check this thread - http://forums.somethingawful.com/showthread.php?threadid=2672629
|
# ¿ Feb 27, 2016 01:36 |
|
But I am Zero VGS and it is my job to pinch every penny while putting my company in a poor position. Help me Enterprise thread!
|
# ¿ Mar 3, 2016 21:08 |
|
Things cost money. Running a business costs money. One of my biggest pet peeves are those IT guys who feel obligated to save as much money for the company as possible, as if they are going to give you a big fat bonus because of it. Then someone who is actually competent at their job has to come in and say "the previous IT guy was a loving moron and did poo poo with shoestring and bubblegum. You now owe a zillion dollars in technical debt. Sorry." Spend the money where you have to. Do McGuyver poo poo only when you absolutely have to.
|
# ¿ Mar 3, 2016 21:32 |
|
GreenNight posted:Yeah but also you gotta put your foot down when employees want the loving world. No we're not buying you an i7 with 32 gigs of RAM and a Quadro card for your lovely accounting software. Obviously you have to put your foot down somewhere. But someone who is in a role that involves project management wanting MS Project...? Not exactly unheard of, or outrageous. skipdogg posted:Why not? If the budget owner signs off I could give a poo poo. In my company business unit managers are responsible for their BU's budget, including hardware purchases. If they sign off on some 4,000 dollar workstation for their employee, that's on their budget. I think you just answered your own rhetorical question. Not all companies bill back IT spending to their respective departments.
|
# ¿ Mar 3, 2016 22:50 |
|
devmd01 posted:You can rename the account in AD as long as the user is logged out, but you can't (easily) rename the user profile folder. There's a tool that can do it fairly well. gently caress if I can remember the name of it, someone will probably chime in. Personally, I would put all this stuff in a GPO in AD. My team knows not to do trusted sites, compatibility, java security, etc. on a local machine. If it is worth changing for one person, it is worth changing for everyone just to save yourself and your users the hassle.
|
# ¿ Mar 12, 2016 01:46 |
|
Jeoh posted:ProfWiz That's it, thank you sir. On Windows 10, it's just that not all vendors are there yet.
|
# ¿ Mar 12, 2016 17:40 |
|
I'm pretty sure FileZilla Server can do SFTP.
|
# ¿ Mar 29, 2016 17:37 |
|
Maneki Neko posted:Sadly filezilla server can NOT do SFTP, although the client supports it just fine. My bad! I misremembered using FileZilla Server for FTPS.
|
# ¿ Mar 29, 2016 21:26 |
|
Walked posted:Agreed. Bit of a wet fart on this one relative to the hype; it requires attention but I'm not going to lost my lunch or need liquor to get me through the week because of this specifically Wait until you apply the patch and find all the nice Microsoft bugs that come with rushed patches! I'm still wrapping my head around it but it sounds like unless you have SMB/Samba exposed to a compromised network, you should be relatively okay?
|
# ¿ Apr 12, 2016 18:19 |
|
CLAM DOWN posted:Welp, I got drunk before noon for nothing! Do we really need a legit reason? I'm not familiar with SAMR or LSAD, but at least it doesn't seem like SAML is affected?
|
# ¿ Apr 12, 2016 18:44 |
|
CLAM DOWN posted:SAML is claims-based authentication for things like AD FS right? I don't think it's affected. Yeah, AD FS. It doesn't seem like it, but that's really the only way I could see this being earth-shattering. People don't generally expose SMB/Samba to the Internet, so I'm not sure why there was so much hype. I liked one of the Twitter responses on #BadLock. "This is just normal patch Tuesday stuff." [Edit: I guess if you have RDP opened to the Internet you should update ASAP? And probably kill yourself.] Internet Explorer fucked around with this message at 18:58 on Apr 12, 2016 |
# ¿ Apr 12, 2016 18:55 |
|
|
# ¿ Apr 15, 2016 22:08 |
|
The best practice these days is subdomain.domain.com, not domain.local or an equivalent. So internal.wiggleyssprockets.com as opposed to wiggleyssprockets.local. It makes hybrid cloud and SSO easier in the long run. On naming... It's a bit like server names. If you put any truly accurate description in the name it can always be a liability, but if you don't, what's the point of a name? Obviously if you're dealing with cattle and not pets this argument goes away, but for the rest of us it's a bit of a balance. I say include the company name in some fashion. If you are getting bought out changing that type of stuff (or setting up a domain trust) is going to happen either way. I wouldn't put a physical address in a server name... But company name in your AD domain seems appropriate. Internet Explorer fucked around with this message at 17:01 on Apr 24, 2016 |
# ¿ Apr 24, 2016 15:35 |
|
|
# ¿ Apr 26, 2016 05:44 |
|
Tab8715 posted:A vulnerability in Microsoft Office 365 SAML Service Provider implementation allowed for cross domain authentication bypass affecting all federated domains. Wow, that's pretty bad.
|
# ¿ May 7, 2016 18:55 |
|
|
# ¿ Apr 23, 2024 18:36 |
|
Or run GP modeling / GP results in Group Policy Management. Or gpresult /h on the server you are troubleshooting.
|
# ¿ Jun 9, 2016 20:20 |