|
CLAM DOWN posted:It is exhausting having to read your worthless posts. it hurts my feelings when you say things like that
|
#
?
Nov 24, 2020 08:45
|
|
|
|
| # ? Apr 18, 2024 22:19 |
|
|
Clam down can claim to be a security expert but I’ve had ssh keys to his back door
|
|
#
?
Nov 24, 2020 08:48
|
|
|
Btw. The new MacBook m1 is loving legit
|
|
#
?
Nov 24, 2020 08:49
|
|
|
The Fool posted:Pay for enterprise and take control of any accounts made with your domain Can't afford enterprise, we're a startup. We've been a startup for like 8 years now. We know what we're doing and doing it well but we just can't hit critical mass; we've been the same size and scope forever. We're like the Electric Six of tech.
|
|
#
?
Nov 24, 2020 09:29
|
|
|
jaegerx posted:Btw. The new MacBook m1 is loving legit How are you dealing with not running docker on it, just use a VM?
|
|
#
?
Nov 24, 2020 10:21
|
|
|
Zero VGS posted:Can't afford enterprise, we're a startup. We've been a startup for like 8 years now. We know what we're doing and doing it well but we just can't hit critical mass; we've been the same size and scope forever. We're like the Electric Six of tech. You're not a startup, you're a small business. e: although it is bullshit that that feature and SSO is gated behind the enterprise plan e2: obligitory: https://sso.tax re: AD domains and DMZ's All of our DMZ servers are off the domain and we have 3 domains. One is my main production domain, one is my test/lab domain, and the third is maintained by our government contracting group. They maintain a totally separate network infrastructure and it is a giant pain in the rear end. The Fool fucked around with this message at 17:02 on Nov 24, 2020 |
|
#
?
Nov 24, 2020 16:58
|
|
|
LochNessMonster posted:How are you dealing with not running docker on it, just use a VM? same as it ever was
|
|
#
?
Nov 24, 2020 17:08
|
|
|
Generating thousands of invoices/documents but too cheap to spend the money to actually solve the problem: the VGS story. Why don’t you go to fiverr and pay somebody to do it 10 at a time? It’s a terrible idea but you love those.
|
|
#
?
Nov 24, 2020 17:13
|
|
|
PCjr sidecar posted:Generating thousands of invoices/documents but too cheap to spend the money to actually solve the problem: the VGS story. Lol
|
|
#
?
Nov 24, 2020 17:41
|
|
|
PCjr sidecar posted:Generating thousands of invoices/documents but too cheap to spend the money to actually solve the problem: the VGS story. Thanks for the advice, Docusign Defender
|
|
#
?
Nov 24, 2020 18:03
|
|
|
Sorry team, laptop refresh is now a core 2 solo with reactos because big docusign is at it again!!!
|
|
#
?
Nov 24, 2020 18:09
|
|
|
PCjr sidecar stop he's already dead!!!
|
|
|
#
?
Nov 24, 2020 18:13
|
|
|
PCjr sidecar posted:Sorry team, laptop refresh is now a core 2 solo with reactos because big docusign is at it again!!! That's not even the cheapest thing I've done!
|
|
#
?
Nov 24, 2020 18:38
|
|
|
Zero VGS posted:That's not even the cheapest thing I've done! is your sidegig of refurbing hardware still profitable. I liked that story
|
|
#
?
Nov 24, 2020 18:55
|
|
|
Methanar posted:is your sidegig of refurbing hardware still profitable. It is, here I'll give you another one for free. I had to add a new branch to a Fortune 500 hospital, so I went on Alibaba and bought 300 thin clients for $20 each. Similar to this one: https://www.aliexpress.com/item/32854008123.html They ran Windows CE just long enough to boot up into Remote Desktop and auto login to a Windows 2003 server. I stacked Black Friday coupons on NewEgg to buy all the CALs. I laminated all the CALs to a binder and chained it next to the AC in the server room, so that anyone who came to audit us would have to freeze to death to review them (last part was boss's idea, nice touch). That worked perfectly for 5 years and even the end users remarked how much faster it was than the Dells at the main building. CFO was worried about 600k for a hardware refresh and I got it done in 6k
|
|
#
?
Nov 24, 2020 19:05
|
|
|
Zero VGS posted:It is, here I'll give you another one for free. Please tell me you told him it would be 100k and you pocketed the rest.
|
|
#
?
Nov 24, 2020 19:07
|
|
|
GreenNight posted:Please tell me you told him it would be 600k and you pocketed the 594k
|
|
#
?
Nov 24, 2020 19:09
|
|
|
Zero VGS posted:It is, here I'll give you another one for free. Can N people be RDP'd into windows server at once without conflict? Was it one big server 2003 for everybody?
|
|
#
?
Nov 24, 2020 19:09
|
|
|
Methanar posted:Can N people be RDP'd into windows server at once without conflict? Was it one big server 2003 for everybody? If you install the Remote Services role, yes.
|
|
#
?
Nov 24, 2020 19:11
|
|
|
Methanar posted:Can N people be RDP'd into windows server at once without conflict? If licensed properly and the terminal services/remote desktop server role is installed. quote:Was it one big server 2003 for everybody? god I hope so
|
|
#
?
Nov 24, 2020 19:12
|
|
|
The "Microsoft Way" is to get confused about RDP and licensing and then put a registry hack into your Server 2012 (not R2!) Essentials machine that ignores the two concurrent RDP limit
|
|
|
#
?
Nov 24, 2020 19:14
|
|
|
You bet it was just one giant server. Good old Proliant. Mercifully all the nurses only had to run one single medical records program which was just text so it ran like a dream.
|
|
#
?
Nov 24, 2020 19:15
|
|
|
Zero VGS posted:You bet it was just one giant server. Good old Proliant. Mercifully all the nurses only had to run one single medical records program which was just text so it ran like a dream. this owns lmao
|
|
#
?
Nov 24, 2020 19:28
|
|
|
Not sure if this is the right thread. Does anyone have experience moving from an on-site server running AD to doing everything in Azure Active Directory? Is this feasible for most small businesses?
|
|
#
?
Nov 24, 2020 20:10
|
|
|
There's really only one question. Does that business have any real dependencies on on-premises Active Directory? If the answer is no, it's easy to get off of on-prem AD. If the answer is yes, then you can AD Sync your stuff and use Azure AD for everything except that which depends on AD. There are a lot of things you need to understand about the licensing and the model for stuff like endpoint management is different enough. Especially going from any kind of GPOs to InTune. Generally speaking SMBs will have a higher chance of being able to migrate to an all Azure environment because they don't have a bunch of terrible decisions tied up in what they're using AD for. But I also had a conversation with a company that gave everyone a Windows XP device and a Windows 10 device because they insisted on continuing to run their LOB application off of Server 2000 (this was 2-3 years ago lmao) so that is not a hard and fast rule.
|
|
|
#
?
Nov 24, 2020 20:17
|
|
|
i am a moron posted:There's really only one question. Does that business have any real dependencies on on-premises Active Directory? If the answer is no, it's easy to get off of on-prem AD. If the answer is yes, then you can AD Sync your stuff and use Azure AD for everything except that which depends on AD. There are a lot of things you need to understand about the licensing and the model for stuff like endpoint management is different enough. Especially going from any kind of GPOs to InTune. Most of my clients are just using the server for data storage, user management with AD, and MAYBE printer management. They also tend to host Quickbooks on a local server. From what I've seen, QB online doesn't cut it though. I'm getting the feeling we should just stick with a local server for now.
|
|
#
?
Nov 24, 2020 20:20
|
|
|
Data storage you can do on SharePoint Online, user management you can do in O365 admin portal, printing would likely be your biggest problem, you might need to figure out some cloud print solution. Honestly, go Hybrid while you migrate everything off on-prem, and there's nothing stopping you from adding new laptops directly to Azure AD instead of through a sync, although if you go down that route you'll also need to figure out how to mimic any GPOs, registry hacks, and anything else you've been doing via Group Policy. Plus iirc you'll want to pay for Azure AD Premium or you won't get anywhere near as much control as you'd like. It is really handy though having the users able to authenticate against the directory on any internet connection, without a VPN.
|
|
#
?
Nov 24, 2020 21:41
|
|
|
klosterdev posted:Data storage you can do on SharePoint Online, user management you can do in O365 admin portal, printing would likely be your biggest problem, you might need to figure out some cloud print solution. Is it easy enough to have Azure sync up with our current Domain Controller then? If so, this sounds pretty appealing.
|
|
#
?
Nov 24, 2020 21:44
|
|
|
Yeah, I've never actually set it up myself, but look up Azure AD Connect, I remember reading about the process a while back and seems relatively straightforward Edit: This probs a good place to start https://docs.microsoft.com/en-us/mi...ant%20of%20your klosterdev fucked around with this message at 21:50 on Nov 24, 2020 |
|
#
?
Nov 24, 2020 21:48
|
|
|
punishedkissinger posted:Is it easy enough to have Azure sync up with our current Domain Controller then? If so, this sounds pretty appealing. yeah do this: klosterdev posted:Yeah, I've never actually set it up myself, but look up Azure AD Connect, I remember reading about the process a while back and seems relatively straightforward with password-hash-sync
|
|
#
?
Nov 24, 2020 21:50
|
|
|
punishedkissinger posted:Is it easy enough to have Azure sync up with our current Domain Controller then? If so, this sounds pretty appealing. Just know that this isn't the same as running Azure AD only. Azure AD hybrid is a very different beast and if you are managing devices that you also want on a domain, you will need to use Azure AD Hybrid Join. You're adding a lot of complexity.
|
|
#
?
Nov 24, 2020 21:51
|
|
|
Internet Explorer posted:Just know that this isn't the same as running Azure AD only. Azure AD hybrid is a very different beast and if you are managing devices that you also want on a domain, you will need to use Azure AD Hybrid Join. You're adding a lot of complexity. This is also true, and why we're still having our users authenticate against on-prem AD for the time being despite the advantages and increased necessity in remote work. Once I'm done rebuilding our permissions though I want to take a look at the feasibility of moving to pure Azure AD
|
|
#
?
Nov 24, 2020 21:55
|
|
|
I'll look onto this Hybrid deal. I jist want to simplify having people remote all the time. Having to do anything domain related over a VPN is a pain right now.
|
|
#
?
Nov 24, 2020 21:57
|
|
|
Hybrid doesn’t help with that. You want to go full Azure AD otherwise you’re up against the same limitations and requirements as you are with on prem AD because you still 100% need on prem AD in that scenario.
|
|
|
#
?
Nov 24, 2020 22:03
|
|
|
Moving our users to SharePoint Online has basically eliminated the need for our non-IT to need VPN even with on-prem AD. If you can cloud whatever you using Quickbooks for, and are willing to accept the risk of a GPO delaying updates by X days then pulling from MS, you should be golden. Our print management is done on-prem, but that's okay too because users have to go to the offices anyway to get to the printers.
|
|
#
?
Nov 24, 2020 22:04
|
|
|
Does anyone use Azure Microsoft Backup Server (MABS?) and if so, why do you hate yourself this much?
|
|
#
?
Nov 24, 2020 22:06
|
|
So you’re using cached AD creds and letting the machine passwords get jacked up and the computers falling off the domains?Internet Explorer posted:Does anyone use Azure Microsoft Backup Server (MABS?) and if so, why do you hate yourself this much? What’s so weird is just using a recovery vault and installing an agent works 1000x better than whatever the gently caress MS was trying to do with this
|
|
|
#
?
Nov 24, 2020 22:07
|
|
|
i am a moron posted:So you’re using cached AD creds and letting the machine passwords get jacked up and the computers falling off the domains? If you don't keep track of your computers this is absolutely a problem you can encounter, yes. It's done a good job getting us through the pandemic when our infrastructure basically burned to the ground the week lockdown started, and for most practical purposes the laptop is really just a somewhat-easier method for the user to access resources available on office.com. Even though we can't say, lock users out of their computers immediately, being able to lock them out of where their all their data is is getting us by, but in the long run I want to move away from on-prem AD entirely to give us more immediate control over the physical systems themselves. E: without relying on a VPN klosterdev fucked around with this message at 22:17 on Nov 24, 2020 |
|
#
?
Nov 24, 2020 22:14
|
|
|
Internet Explorer posted:Does anyone use Azure Microsoft Backup Server (MABS?) and if so, why do you hate yourself this much? I dream about Microsoft buying Veeam. Just do it.
|
|
#
?
Nov 24, 2020 22:20
|
|
|
|
| # ? Apr 18, 2024 22:19 |
|
|
punishedkissinger posted:Not sure if this is the right thread. Does anyone have experience moving from an on-site server running AD to doing everything in Azure Active Directory? Is this feasible for most small businesses? We have been Azure AD only since like the day it come out. Upgraded everyone in the company to Windows 10 the week they announced it with the free Win 7 Pro upgrade program then they got joined to it straight away. The laptops were all previously on the default workgroup, no domain, so to implement group policy I set it all up on one PC, copied the Group Policy folder, and pushed it to all the other laptops with PDQ Deploy. Actually works perfectly fine... somehow it replicates more reliably than a DC ever did. Azure AD also has something called Azure Active Directory Domain Services, which counter-intuitively would not allow public-facing DC services or LDAP for years and years. They actually expected you to make a site-to-site VPN which wouldn't have worked for us and all the work-from-home people (and no we're not paying for Win 10 Enterprise). But very recently they improved it to allow a public IP that can have domain services and Secure LDAP. Check it out here: https://azure.microsoft.com/en-us/services/active-directory-ds/#overview One other thing that Azure AD does correctly that if a user is joined to it before you enable Bitlocker, it saves their Bitlocker key in the online portal. Before that we had to keep an encrypted spreadsheet. Zero VGS fucked around with this message at 01:05 on Nov 25, 2020 |
|
#
?
Nov 25, 2020 00:56
|
|