The image size limit has been raised to 1mb! Anything larger than that should be linked to. This is a HARD limit, please do not abuse it.
Our new Indie Games subforum is now open for business in G&T. Go and check it out, you might land a code for a free game. If you're developing an indie game and want to post about it, follow these directions. If you don't, he'll break your legs! Hahaha! Seriously though.
Our rules have been updated and given their own forum. Go and look at them! They are nice, and there may be new ones that you didn't know about! Hooray for rules! Hooray for The System! Hooray for Conforming!

[SYSTEMS ADMINS & IT MONKEYS] ...maybe they should have hired a professional

1959698100101104

Posts

  • DjeetDjeet Registered User regular
    wut

    boweniTunesIsEvil
  • MyiagrosMyiagros Registered User regular
    I need some advice on using WSUS. I tried using it but we had XP, Vista 32/64b, 7 32/64b, and 2003 so there was just a huge amount of files in the list to sort through and I lost patience with it. My remote office requested it and they only have about 15 computer instead of my 150 and they are all Windows 7 64b. I'm going through the installation now but it's the selecting of the updates that I find a bit confusing.

    How do I go about choosing which updates to approve and reject? I'm planning on only doing the Windows ones, no drivers or anything. The last time I played around with WSUS I had something like 35,000 updates listed and it never got smaller as I rejected or approved.

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • jaziekjaziek Registered User regular
    bowen wrote: »
    I gotta say, installing SSL certs was a lot easier than I thought it was going to be. Other than being absurdly expensive, I'm impressed.

    Teach me :P . We've got an cert issue at work that I've been trying to fix on and off for the better part of 2 weeks.

    Steam ||| SC2 - Jaziek.377 on EU & NA. ||| Twitch Stream
  • bowenbowen How you doin'? Registered User regular
    http://www.digicert.com/ssl-certificate-installation-apache.htm

    Did that, then changed the virtual host for port 80 to use rewrite and force people to https

    Ladies.
  • StraygatsbyStraygatsby Registered User regular
    States...traversed.
    Job..get

    Turns out this helpdesk position is more like a generalized IT support on a small team, so instead of just mindlessly cycling tickets, I get to mess up servers and stick my fingers in sockets and break exchange!

    Pig...In...Shit

    MichaelLCMyiagrosTofystedethchrishallett83bowenCogAiserouTL DRMuppetmanBigityLe_Goat
  • MyiagrosMyiagros Registered User regular
    I went from my first job as the IT person for 15 people and about 20 computers where I sat around most days and documented things to someone who creates tickets while testing software for network equipment to my current job which is basically the first job +160 employees and I'm way more busy.

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • CogCog Registered User regular
    States...traversed.
    Job..get

    Turns out this helpdesk position is more like a generalized IT support on a small team, so instead of just mindlessly cycling tickets, I get to mess up servers and stick my fingers in sockets and break exchange!

    Pig...In...Shit

    These are the BEST jobs, seriously.

    steam_sig.png
    Bigity
  • CogCog Registered User regular
    Myiagros wrote: »
    I need some advice on using WSUS. I tried using it but we had XP, Vista 32/64b, 7 32/64b, and 2003 so there was just a huge amount of files in the list to sort through and I lost patience with it. My remote office requested it and they only have about 15 computer instead of my 150 and they are all Windows 7 64b. I'm going through the installation now but it's the selecting of the updates that I find a bit confusing.

    How do I go about choosing which updates to approve and reject? I'm planning on only doing the Windows ones, no drivers or anything. The last time I played around with WSUS I had something like 35,000 updates listed and it never got smaller as I rejected or approved.

    If this is your driving question, there is little in the way of hard, fast rules about approvals. Stick to only the OS's you have in play, and only Windows/Office and maybe ubiquitous software like Silverlight that most users are going to either install themselves or bitch about the fact that they can't.

    If you're talking just workstations, auto-approvals are your friend. Go to Options in the left hand pane of the MCC and then Auotmatic Approvals should be about 5th down the list in the right hand pane. For workstations only, auto-approve all critical and security updates.

    Don't auto approve a goddamn thing for a server. Don't approve any major OS/Application Update Rollups or Service packs. You want to be installing those by hand for the most part.

    At the outset, yes there is going to be an utterly obscene amount of updates. Even windows 7 is 3 years old already.

    steam_sig.png
  • MyiagrosMyiagros Registered User regular
    edited September 2013
    I'm not even bothering including the server in WSUS so I'm not worried about that part. I've set auto approve for the workstations that I have separated in AD with a GPO set for updates. I also set WSUS to use GPO to group the computers, only problem I see so far is that the Update Services is not separating them like they are in AD.

    edit: Figured it out, forgot to set the group membership in the GPO, should be seeing my groups once the policies update.

    Myiagros on
    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • halkunhalkun Registered User regular
    edited September 2013
    Is this were we tell stories about the wacky stuff our users pull? Oh goodie!

    I do field support for "agents" of my company who are located all around the U.S. in their small work-from-home offices. Even though these computers are bought by the agents, they are locked down systems that are encrypted and have extra policy management software running in the background. They are intimately attached to the systems here at Home Office. One such agent thought she would hire her 16 year old son to be her "IT person" her computer. The idea was the son would get "hands on" experience working with mom's company computer, and she would no longer have to call us for support. He told me she wanted me to get her son "up to speed" on how our systems worked, and handed the phone to him.

    "Hey there", I said.
    "Hi", the kid said... waaay to enthusiastically.
    "You you want to be the 'IT Guy'"
    "Yup!" he answered, "So let's start at the top. What the administrator password?"

    I was so surprised by the question I laughed out loud on the headset.
    Like, I didn't mean to guffaw over the phone, but it was one of those hearty belly-laughs reserved only for Santa.

    "I was being serious" He said sheepishly.
    "So was I!" I answered back. "First of all, you are not going to get an administrator password because there's no administrator account on the system."
    "I noticed, so under my mom's login, I made a local account, but I couldn't even find the 'Administrators group' to add myself to."
    "That's because we remove it from all the field machines."
    "So I'm stuck with just a limited account?"
    "Actually no", I corrected. "When you reboot the computer is going to delete your local account. They are only allowed if they can authenticate against our Active Directory and have cached credentials"
    The kid sounded heartbroken... "So how do I log in?"
    "You don't"

    He was kind of quiet for a while. "So what can I do?" he asked.
    "Well, you can help your mom hook up a printer, or maybe troubleshoot the internet going in. You are not getting access to the computer, and in fact you are not authorized to use it."
    He thanked me and hung up. I kind of felt bad for him. He was about to get fired from his first "IT job" he ever had.

    halkun on
    wVo0Rgr.png
    gavindel
  • jaziekjaziek Registered User regular
    halkun wrote: »
    Is this were we tell stories about the wacky stuff our users pull? Oh goodie!

    I do field support for "agents" of my company who are located all around the U.S. in their small work-from home offices. Even though these computers are bought by the agents, they are locked down systems that are encrypted and have extra policy management software running in the background. They are intimately attached to the systems here at Home Office. One such agent thought she would hire her 16 year old son to be her "IT person" her computer. The idea was the son would get "hands on" experience working with mom's company computer, and she would no longer have to call us for support. He told me she wanted me to get her son "up to speed" on how our systems worked, and handed the phone to him.

    "Hey there", I said.
    "Hi", the kid said... waaay to enthusiastically.
    "You you want to be the 'IT Guy'"
    "Yup!" he answered, "So let's start at the top. What the administrator password?"

    I was so surprised by the question I laughed out loud on the headset.
    Like, I didn't mean to guffaw over the phone, but it was one of those hearty belly-laughs reserved only for Santa.

    "I was being serious" He said sheepishly.
    "So was I!" I answered back. "First of all, you are not going to get an administrator password because there's no administrator account on the system."
    "I noticed, so under my mom's login, I made a local account, but I couldn't even find the 'Administrators group' to add myself to."
    "That's because we remove it from all the field machines."
    "So I'm stuck with just a limited account?"
    "Actually no", I corrected. "When you reboot the computer is going to delete your local account. They are only allowed if they can authenticate against our Active Directory and have cached credentials"
    The kid sounded heartbroken... "So how do I log in?"
    "You don't"

    He was kind of quiet for a while. "So what can I do?" he asked.
    "Well, you can help your mom hook up a printer, or maybe troubleshoot the internet going in. You are not getting access to the computer, and in fact you are not authorized to use it."
    He thanked me and hung up. I kind of felt bad for him. He was about to get fired from his first "IT job" he ever had.

    Thats so sad.

    Steam ||| SC2 - Jaziek.377 on EU & NA. ||| Twitch Stream
    TofystedethVegemyteJaysonFourTL DR
  • halkunhalkun Registered User regular
    edited September 2013
    jaziek wrote: »

    Thats so sad.

    I mean, I know his heart was in the right place, but lots of of agents don't realize how locked down the systems are. Between the transparent encryption and Single Sign On, it behaves almost like a home system (by design). However, the agents will always trip across something that causes them to realize that we control the horizontal. One such story was when we discovered that an Office update that we pushed wound up corrupting windows if they had Publisher installed. (Our Office suite does not come with Publisher, and we strongly discourage installing office products for this very reason.) When this issue was discovered, we decided use one of our software management programs to scan of all the field systems to see who had Publisher installed. When we found one, we sent the user an email saying they needed to uninstall Publisher so that our office patch could go though. Failure to do so would result in the system being locked down until support could go in and uninstall it so we could update office manually.

    Oh boy we got some irritated agents not liking the idea that we scanned their systems and then telling them they can't run their expensive software they just bought. They will always try and pull the "I bought this computer" argument when they think we are being too intrusive. I have to let them know that if they want to use the system as a personal computer, they are more then welcome to use the computer branded system recovery disk and turn it into a home system. However, when they do that they will lose all their data, and will only have a recycle bin and internet explorer. (No more Office!). *and* they will no longer be able to connect to Corp.

    I kind of wish the field systems were configured like the ones here, but I have to go through 7 logins (one with an authenticator) to start my work day and, admittingly, it's kind of a pain in the ass.

    halkun on
    wVo0Rgr.png
  • bowenbowen How you doin'? Registered User regular
    Man even I'm not that much of a dick when it comes to my systems.

    What the fuck.

    Ladies.
  • CogCog Registered User regular
    Well.

    I bet they don't have to worry about fucking weatherbug.

    So, they've got that going for them.

    steam_sig.png
    AiouaLe_Goat
  • TofystedethTofystedeth veni, veneri, vamoosi Registered User regular
    Or Ask/Coupon/MyWebSearch/Productivity toolbar.

    steam_sig.png
  • MyiagrosMyiagros Registered User regular
    Heard this over the PA system just now "Will so and so please pick up a call on some number" and I think to myself.... that guy doesn't work here anymore. I call up the reception desk and tell him he's been gone for a month, "Well that was embarrassing".

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
    bowen
  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    smokmnky wrote: »
    What if you're locked in a cube and have no direct access to a window so you don't know what the weather is outside? I mean come on at least allow a for a little human decency
    It's called using your browser to go to www.weather.com if you want to know what it's like outside your cell.

    Sorry for the delayed post; I was out of commission for the last 2 weeks and am getting caught up.

    While I agree that being insensitive is an issue, so is being oversensitive.
  • bowenbowen How you doin'? Registered User regular
    Le_Goat wrote: »
    smokmnky wrote: »
    What if you're locked in a cube and have no direct access to a window so you don't know what the weather is outside? I mean come on at least allow a for a little human decency
    It's called using your browser to go to www.weather.com if you want to know what it's like outside your cell.

    Sorry for the delayed post; I was out of commission for the last 2 weeks and am getting caught up.

    Blocked 'outside life' related.

    Ladies.
  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    Myiagros wrote: »
    I'm not even bothering including the server in WSUS so I'm not worried about that part. I've set auto approve for the workstations that I have separated in AD with a GPO set for updates. I also set WSUS to use GPO to group the computers, only problem I see so far is that the Update Services is not separating them like they are in AD.

    edit: Figured it out, forgot to set the group membership in the GPO, should be seeing my groups once the policies update.
    I'd be a little weary about using auto-approve. There were issues in the past where an update was auto-approved and it turned out to be a crap patch. While yeah you can later set the update to be declined and then approved for uninstall, it's still a pain in the ass.

    While I agree that being insensitive is an issue, so is being oversensitive.
  • bowenbowen How you doin'? Registered User regular
    Somewhere here posted, maybe, a month or so back about a replacement for the cisco ASA firewall/router devices. Does anyone have that link? I stupidly forgot to bookmark it like a dumbie.

    Ladies.
  • bowenbowen How you doin'? Registered User regular
    It was cloud based if I remember correctly.

    Ladies.
  • AbracadanielAbracadaniel Registered User regular
    Anyone have any experience with dameware's Remote Support http://www.dameware.com/

    I don't need a ton of bells and whistles, and the price is pretty good since I'd only need maybe 1 or 2 licenses.

  • AiserouAiserou Registered User regular
    @bowen Are these what you were looking for? http://meraki.cisco.com/products/appliances

    bowen
  • bowenbowen How you doin'? Registered User regular
    Aiserou wrote: »
    @bowen Are these what you were looking for? http://meraki.cisco.com/products/appliances

    That's exactly it, thanks.

    Ladies.
  • bowenbowen How you doin'? Registered User regular
    @aiserou do you know how that license fee works? Do you need that fee for the hardware or is that if you want to use their cloud based setup/deploy stuff?

    Ladies.
  • halkunhalkun Registered User regular
    bowen wrote: »
    Man even I'm not that much of a dick when it comes to my systems.

    What the fuck.

    #1 System Login
    #2 VPN Login (with authenticor)
    #3 Virtual Machine Login
    #4 Ticket System Login
    #5 CRM login
    #6 Time Tracker login
    #7 Remote desktop login

    Yea, it's kind of annoying.

    Unless you are talking about the agents. They have it easy :)

    wVo0Rgr.png
  • bowenbowen How you doin'? Registered User regular
    Who uses systems without AD integration?!

    That plays a HUGE role into whatever I decide to buy or support/install.

    Ladies.
  • AiserouAiserou Registered User regular
    I don't have one myself. I saw them brought up in the same conversation you did and have been trying to justify the costs since. As far as I can tell though, yea, you need to have a license for it to work at all.

  • TofystedethTofystedeth veni, veneri, vamoosi Registered User regular
    Okay, well those are just separate systems. It's not like one continuous chain of logins.
    I've got 7 or 8 that I need to get into by default on any given day plus about 30 more that crop up. Fortunately a lot of them use built in AD authentication or are covered by our SSO app.

    steam_sig.png
  • AbracadanielAbracadaniel Registered User regular
    edited September 2013
    I really need to look into setting up Google's AD integration tool with GApps for Business. Too many projects, not enough me.

    Abracadaniel on
  • Mei HikariMei Hikari Registered User regular
    bowen wrote: »
    @aiserou do you know how that license fee works? Do you need that fee for the hardware or is that if you want to use their cloud based setup/deploy stuff?
    You do need it. The device is useless without it.

    https://docs.meraki.com/display/kb/Meraki+Licensing+FAQ

    bowen
  • CogCog Registered User regular
    Anyone have any experience with dameware's Remote Support http://www.dameware.com/

    I don't need a ton of bells and whistles, and the price is pretty good since I'd only need maybe 1 or 2 licenses.

    My wife uses it. I've never heard her say much wildly positive or negative about it. It pretty much provides vanilla remote support, from all I've seen or heard. Not the best or worst.

    steam_sig.png
  • jaziekjaziek Registered User regular
    edited September 2013
    Okay, well those are just separate systems. It's not like one continuous chain of logins.
    I've got 7 or 8 that I need to get into by default on any given day plus about 30 more that crop up. Fortunately a lot of them use built in AD authentication or are covered by our SSO app.

    Since starting this job a month and a bit ago, the amount of passwords I'm having to memorise is getting silly already. (VPN password + 10-15 different server passwords + firewall passwords) x 10 or so clients that I'm working on. Plus passwords to get on machines that you have to use to connect to said VPNS, plus passwords to the VMs running on the machines you have to remote onto to get onto the VPNs, plus passwords for test servers. I am running out of head space for actual things.

    Do we have a central store for all these? Hell no. Find it in a randomly named text file in the labyrinthine setup of file servers. Maybe.

    jaziek on
    Steam ||| SC2 - Jaziek.377 on EU & NA. ||| Twitch Stream
  • halkunhalkun Registered User regular
    Corp systems don't use SSO becuse I can change roles and require differnt identites at differnt times. They all auth against the same AD, for the most part.

    wVo0Rgr.png
  • bowenbowen How you doin'? Registered User regular
    Why not just tie to AD group? That way your roles would migrate based off your group.

    Ladies.
  • Mei HikariMei Hikari Registered User regular
    jaziek wrote: »
    Okay, well those are just separate systems. It's not like one continuous chain of logins.
    I've got 7 or 8 that I need to get into by default on any given day plus about 30 more that crop up. Fortunately a lot of them use built in AD authentication or are covered by our SSO app.

    Since starting this job a month and a bit ago, the amount of passwords I'm having to memorise is getting silly already. (VPN password + 10-15 different server passwords + firewall passwords) x 10 or so clients that I'm working on. Plus passwords to get on machines that you have to use to connect to said VPNS, plus passwords to the VMs running on the machines you have to remote onto to get onto the VPNs, plus passwords for test servers. I am running out of head space for actual things.

    Do we have a central store for all these? Hell no. Find it in a randomly named text file in the labyrinthine setup of file servers. Maybe.

    Sounds like you need this: http://remotedesktopmanager.com/

  • jaziekjaziek Registered User regular
    edited September 2013
    Mei Hikari wrote: »
    jaziek wrote: »
    Okay, well those are just separate systems. It's not like one continuous chain of logins.
    I've got 7 or 8 that I need to get into by default on any given day plus about 30 more that crop up. Fortunately a lot of them use built in AD authentication or are covered by our SSO app.

    Since starting this job a month and a bit ago, the amount of passwords I'm having to memorise is getting silly already. (VPN password + 10-15 different server passwords + firewall passwords) x 10 or so clients that I'm working on. Plus passwords to get on machines that you have to use to connect to said VPNS, plus passwords to the VMs running on the machines you have to remote onto to get onto the VPNs, plus passwords for test servers. I am running out of head space for actual things.

    Do we have a central store for all these? Hell no. Find it in a randomly named text file in the labyrinthine setup of file servers. Maybe.

    Sounds like you need this: http://remotedesktopmanager.com/

    That does look pretty slick, but the lack of NetOp support is a dealbreaker, and how well does it handle remote sessions within remote sessions? Like, VNC into a machine -> Open up a VM -> Connect that VM to a VPN -> NetOP Into the system that I actually want to do something on.

    jaziek on
    Steam ||| SC2 - Jaziek.377 on EU & NA. ||| Twitch Stream
  • Mei HikariMei Hikari Registered User regular
    jaziek wrote: »
    Mei Hikari wrote: »
    jaziek wrote: »
    Okay, well those are just separate systems. It's not like one continuous chain of logins.
    I've got 7 or 8 that I need to get into by default on any given day plus about 30 more that crop up. Fortunately a lot of them use built in AD authentication or are covered by our SSO app.

    Since starting this job a month and a bit ago, the amount of passwords I'm having to memorise is getting silly already. (VPN password + 10-15 different server passwords + firewall passwords) x 10 or so clients that I'm working on. Plus passwords to get on machines that you have to use to connect to said VPNS, plus passwords to the VMs running on the machines you have to remote onto to get onto the VPNs, plus passwords for test servers. I am running out of head space for actual things.

    Do we have a central store for all these? Hell no. Find it in a randomly named text file in the labyrinthine setup of file servers. Maybe.

    Sounds like you need this: http://remotedesktopmanager.com/

    That does look pretty slick, but the lack of NetOp support is a dealbreaker, and how well does it handle remote sessions within remote sessions? Like, VNC into a machine -> Open up a VM -> Connect that VM to a VPN -> NetOP Into the system that I actually want to do something on.

    I see NetOp support here: http://remotedesktopmanager.com/Home/AddOn

    And I'm not sure I get your question? Whatever you can do in VNC, it can do to since it's launching VNC in the background.

  • mightyjongyomightyjongyo Registered User regular
    Has anyone here ever done AD with mixed windows and Linux systems? Engineering is on Linux and rest of company is on Windows, and IT is slowly making the move to cut off everything that isn't tied to AD (and refusing to help us, which is not necessarily surprising or unwarranted but still frustrating nonetheless).

    So far I see Likewise Open (or whatever it's called now) as the best free option without needing to do too much voodoo magic, but if anyone else has any recommendations...

  • CogCog Registered User regular
    edited September 2013
    Mei Hikari wrote: »
    jaziek wrote: »
    Okay, well those are just separate systems. It's not like one continuous chain of logins.
    I've got 7 or 8 that I need to get into by default on any given day plus about 30 more that crop up. Fortunately a lot of them use built in AD authentication or are covered by our SSO app.

    Since starting this job a month and a bit ago, the amount of passwords I'm having to memorise is getting silly already. (VPN password + 10-15 different server passwords + firewall passwords) x 10 or so clients that I'm working on. Plus passwords to get on machines that you have to use to connect to said VPNS, plus passwords to the VMs running on the machines you have to remote onto to get onto the VPNs, plus passwords for test servers. I am running out of head space for actual things.

    Do we have a central store for all these? Hell no. Find it in a randomly named text file in the labyrinthine setup of file servers. Maybe.

    Sounds like you need this: http://remotedesktopmanager.com/

    I kinda prefer Terminals, which is like Remote Desktop Manager on steroids, with native support for VNC, SSH, screen cap auto export to flickr, built in ping, trace, dns lookup, whois, Terminal Services admin console, can wake on lan other machines. It can connect to your damn vcenter server and do VM console sessions too. It's pretty fucking awesome.

    Also if you just need to remember a lot of passwords, look into KeePass. Not only does it store them in an encrypted, centralized, searchable database with a nice gui and room for notes, you can actually train it to auto-type usernames and passwords into the appropriate windows for you, and copy/paste the passwords without ever seeing them in clear text.

    Cog on
    steam_sig.png
This discussion has been closed.