As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/

The [sysadmins] Thread: Quick, hide your user friendly policies, Bowen is coming back!

134689100

Posts

  • bowenbowen How you doin'? Registered User regular
    Needs two safe words. One indicates all clear, the other indicates Jason Bourne is with him.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • iTunesIsEviliTunesIsEvil Cornfield? Cornfield.Registered User regular
    bowen wrote: »
    My personal favorite is the crutch everything and their mother uses in the registry.

    Listen, no, no one should need to write to the registry at all, ever. I'm not even sure why it's writable to begin with, stop it.

    Your program should be self contained. If it can't be moved between machines with a cut and paste, you're a bad software developer. I didn't say it necessarily needs to run without reauthing the PC, just that that's how it should work.

    IE, how OSX does it.

    Oh god that operating system is amazing.

    Do Mac applications not use ~/Library/ anymore? I mean, OSX does'nt really seem a whole lot better with regard to moving an app from machine to machine. You'll still probably want the settings file(s) that were in %APPDATA% or ~/Library/, and I really don't see having to dump a registry key out of HKCU as much different than having to back up "~/Library/Application Support/<whatevs>/".

    Now, apps that think they should be able to write into HKLM all day long? Newp.

    ...

    Also, Mac's can't/couldn't handle HTTPS? Wat?

  • bowenbowen How you doin'? Registered User regular
    Most apps self contain themselves in packages ITIE. I haven't really run across much but the apple ones that start writing every fucking where.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    Feral wrote: »
    Le_Goat wrote: »
    bowen wrote: »
    If I could make everyone use mac minis, I would be so happy.
    I thought Macs can't join a domain. They also can't handle HTTPS very well... like at all

    They can do both.
    Odd. Is it maybe just with iPads that can't handle HTTPS very well? I know I've run into that problem with company iPads.

    I admit: I don't have a lot of experience with Macs in the corporate world.

    While I agree that being insensitive is an issue, so is being oversensitive.
  • bowenbowen How you doin'? Registered User regular
    Shouldn't? Safari in general doesn't play nice with some HTML standards IIRC, that may be what you're noticing.

    And that's why I use chrome. iOS chrome uses safari's engine though, doesn't it?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • lwt1973lwt1973 King of Thieves SyndicationRegistered User regular
    I get a call on Saturday from a weekend worker off-site that can't get into their computer remotely. I really don't want to drive the 25 minutes in to see if the computer is powered-down so I ask if another weekend worker who is10 minutes away can drive in to check. She tells me the other worker had a power outage so is so busy with her work and can't drive in.

    The other worker lives 10 minutes away and instead of driving into the generator powered office, sits around at home and complains about being so far behind in her work because of the outage.

    I'm forced to then drive the 25 minutes in to check on the remote computer as I'm a good little employee. Needless to say, I talk to her boss about it on Monday and he is not so thrilled with her.

    "He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
  • halkunhalkun Registered User regular
    Aioua wrote: »
    bowen wrote: »
    Removing the administrator account and group seems problematic at its face.

    Halkun's job is wacky. I've always imagined it's some kind of work from home scam. At least Halk's on the right end of it.

    It's not a work at home scam, but they would probably lock down the systems the same way :)

  • bowenbowen How you doin'? Registered User regular
    edited October 2013
    I'm having an extraordinarily difficult time opening MySQL to accept connections from anywhere.

    the bind-address field does nothing, it still denies remotely, firewall is disabled for testing purposes (has a rule to only allow my company's IP to access it).

    Using Ubuntu 13.04

    Anyone have any ideas?

    bowen on
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • iTunesIsEviliTunesIsEvil Cornfield? Cornfield.Registered User regular
    edited October 2013
    bowen wrote: »
    Most apps self contain themselves in packages ITIE. I haven't really run across much but the apple ones that start writing every fucking where.

    Looking at my ~/Library/Application Support/ directory right now on a fairly non-cluttered system (ignoring Apple stuff [dunno why]):
    Adobe
    Alfred 2
    Cyberduck
    ExpanDrive
    Google
    MplayerX
    Microsoft
    Spotify
    Steam
    Sublime Text 2
    Transmission
    Vmware Fusion
    org.videolan.VLC

    Hell, ~/Library/Preferences/ is even more cluttered with settings files for 3rd party and Apple apps. Point being: I'm not sure that OSX apps are as nice and self-contained as you think they are. Heck, if I'm thinking correctly, they shouldn't even be able to write into their own packages, as those are in /Applications/ which is not a user-owned directory.

    Besides, (99.99% sure you're already aware) those "packages" are just directories. OSX just treats "*.app" specially.

    [ed] I have NEVER run into an issue with HTTPS on iOS or OS X. Was this maybe an issue with a specific cert? I'm a bit curious now. :P

    iTunesIsEvil on
  • bowenbowen How you doin'? Registered User regular
    Oh well, I am mistaken. Still way better than registry.

    Stuff on a drive doesn't impact anything that much.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    edited October 2013
    Also, Mac's can't/couldn't handle HTTPS? Wat?
    I've just noticed that when dealing with HTTPS on an iPad, it freaks out and acts like it can't handle it, prompting for proxy authentication like it's going out of style... I guess I should have mentioned that it's behind a proxy

    Le_Goat on
    While I agree that being insensitive is an issue, so is being oversensitive.
  • bowenbowen How you doin'? Registered User regular
    Oh well. Proxies and HTTPS are basically crazy, that's not surprising.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    Le_Goat wrote: »
    Also, Mac's can't/couldn't handle HTTPS? Wat?
    I've just noticed that when dealing with HTTPS on an iPad, it freaks out and acts like it can't handle it, prompting for proxy authentication like it's going out of style... I guess I should have mentioned that it's behind a proxy
    Sounds like it's proxies they don't handle well, rather than HTTPS. Or at least HTTPS over a proxy.
    Is your proxy set manually or automatically? Because auto detecting proxies has always been a bit iffy, no matter the OS or browser IME.
    Could be the proxy server itself that's the problem too; more than one I've seen is set to redirect secure connections straight to the server rather than proxy it at all, but then try an capture any unsecured parts of the same page, causing weirdness.

    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    edited October 2013
    Mr_Rose wrote: »
    Le_Goat wrote: »
    Also, Mac's can't/couldn't handle HTTPS? Wat?
    I've just noticed that when dealing with HTTPS on an iPad, it freaks out and acts like it can't handle it, prompting for proxy authentication like it's going out of style... I guess I should have mentioned that it's behind a proxy
    Sounds like it's proxies they don't handle well, rather than HTTPS. Or at least HTTPS over a proxy.
    Is your proxy set manually or automatically? Because auto detecting proxies has always been a bit iffy, no matter the OS or browser IME.
    Could be the proxy server itself that's the problem too; more than one I've seen is set to redirect secure connections straight to the server rather than proxy it at all, but then try an capture any unsecured parts of the same page, causing weirdness.
    Proxy is set to be automatic, and it's based off of AD authentication so things usually just flow if you're logged in. Since the iPads can't join the domain (that I am aware of), you have to manually set the proxy information in the settings of the iPad. Normal surfing is okay, but as soon as you get to HTTPS, it kind of craps out.

    Edit: When connected to normal WiFi, there really aren't any problems. Connected internally, there are issue with iPads and HTTPS. I could have sworn that I read somewhere that iOS has issues with HTTPS requests... I could be bat shit crazy. Not like I haven't been terribly wrong before.

    Le_Goat on
    While I agree that being insensitive is an issue, so is being oversensitive.
  • electricitylikesmeelectricitylikesme Registered User regular
    edited October 2013
    bowen wrote: »
    I'm having an extraordinarily difficult time opening MySQL to accept connections from anywhere.

    the bind-address field does nothing, it still denies remotely, firewall is disabled for testing purposes (has a rule to only allow my company's IP to access it).

    Using Ubuntu 13.04

    Anyone have any ideas?

    You need to user permissions to allow remote access in the master mysql users table, inside the database itself.

    EDIT: Ok more detail since I just found the password to my servers mysql instance -

    You need to GRANT permissions on a whole bunch of stuff for anything to work. MySQL permissions handling is, if I recall correctly, just weird - but the punchline s you need to grant access from all hosts % using the user want to access with, and for an admin account give them permission to do everything.

    The command is something like:
    mysql> use mysql;
    mysql> grant usage on *.* to root@'%';
    mysql> flush privileges;
    

    That'll give root, from anywhere, access to anything. Of course as I recall it's weirder then that, but I'm currently digging through my database to find the right commands.

    electricitylikesme on
  • bowenbowen How you doin'? Registered User regular
    I do have the user with '%' chilling out. And I have the appropriate user set up in the DB. Works fine with the command line on the box. It doesn't look like mysql actually launched a socket (nmap localhost doesn't show it, but netstat does). And skip-networking isn't even in the new config. root still fails to connect after that, as well.

    @electricitylikesme

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • electricitylikesmeelectricitylikesme Registered User regular
    bowen wrote: »
    I do have the user with '%' chilling out. And I have the appropriate user set up in the DB. Works fine with the command line on the box. It doesn't look like mysql actually launched a socket (nmap localhost doesn't show it, but netstat does). And skip-networking isn't even in the new config. root still fails to connect after that, as well.

    @electricitylikesme

    What is your bind-address set to? MySQL will literally only bind to exactly 1 address (or all of them) - if you've put an IP in there, then it won't be listening on localhost anymore.

  • bowenbowen How you doin'? Registered User regular
    bowen wrote: »
    I do have the user with '%' chilling out. And I have the appropriate user set up in the DB. Works fine with the command line on the box. It doesn't look like mysql actually launched a socket (nmap localhost doesn't show it, but netstat does). And skip-networking isn't even in the new config. root still fails to connect after that, as well.

    @electricitylikesme

    What is your bind-address set to? MySQL will literally only bind to exactly 1 address (or all of them) - if you've put an IP in there, then it won't be listening on localhost anymore.

    I've got the public IP there. Though that's annoying. If I comment it out it should bind to all?

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • electricitylikesmeelectricitylikesme Registered User regular
    bowen wrote: »
    bowen wrote: »
    I do have the user with '%' chilling out. And I have the appropriate user set up in the DB. Works fine with the command line on the box. It doesn't look like mysql actually launched a socket (nmap localhost doesn't show it, but netstat does). And skip-networking isn't even in the new config. root still fails to connect after that, as well.

    @electricitylikesme

    What is your bind-address set to? MySQL will literally only bind to exactly 1 address (or all of them) - if you've put an IP in there, then it won't be listening on localhost anymore.

    I've got the public IP there. Though that's annoying. If I comment it out it should bind to all?

    That should be the default behavior - it's why Debian hard code it to 127.0.0.1, since otherwise you have to use skip-networking. The explicit command is to set it 0.0.0.0

  • bowenbowen How you doin'? Registered User regular
    Ah I got it now, thanks ELM, that helped immensely.

    Wasting 4 hours of my time because the google was unhelpful there!

    Plus I forgot to open the port locally, whoops!

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • electricitylikesmeelectricitylikesme Registered User regular
    Hooray I'm helping!
    hqdefault.jpg

  • Mr_RoseMr_Rose 83 Blue Ridge Protects the Holy Registered User regular
    Something I've always wondered; what does SQL do of you use a ‰ instead? 8->

    ...because dragons are AWESOME! That's why.
    Nintendo Network ID: AzraelRose
    DropBox invite link - get 500MB extra free.
  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    TL DR wrote: »
    First day on new job. Lunch with boss, then going to be dropped off at a client who needs their workstation imaging system overhauled

    I have no experience with such systems. Should be fun! :rotate:

    So the existing system is a PHP site accessing a MySQL database that was all cobbled together by Ex Employee and is now maintained by Quitting Employee. I'm scheduled here through the end of the week and my primary task is to update things such that they no longer hand out recovery DVDs with their systems but instead have restore partitions. My game plan is "I think I remember Dell did something with a batch script maybe back in the day and also Kaseya may have a solution?"

    WhompCrabFab.jpg

  • bowenbowen How you doin'? Registered User regular
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    Thanks, I will look at that. Someone else also mentioned Clonezilla.

    Right now this database is tied into their sales/invoicing and inventory system as well as tracking the workstation specs coming and going, and it's referenced to determine which image the system pushes.

    The owner's minimum requirement is to just have everything documented so when his current guy leaves, we'll be able to help train his successor, but even having no experience with an imaging setup like this I'm seeing plenty of room for general improvement (backups are woefully inadequate, images are manually copied to three separate imaging servers, etc).

  • Apothe0sisApothe0sis Have you ever questioned the nature of your reality? Registered User regular
    bowen wrote: »
    I'm having an extraordinarily difficult time opening MySQL to accept connections from anywhere.

    the bind-address field does nothing, it still denies remotely, firewall is disabled for testing purposes (has a rule to only allow my company's IP to access it).

    Using Ubuntu 13.04

    Anyone have any ideas?

    MySQL is downright bizarre in its behaviour. It does not behave like you would expect, ever.

  • AbracadanielAbracadaniel Registered User regular
    Aioua wrote: »
    bowen wrote: »
    If I could make everyone use mac minis thin clients and VMs rebuilt from a master image each night, I would be so happy.

    Hoping to go this route with our next big hardware refresh/when we move to our new building.

    It will be a thing of beauty. Hell, maybe by then our ERP system's web client will actually be useful.

  • MyiagrosMyiagros Registered User regular
    TL DR wrote: »
    Thanks, I will look at that. Someone else also mentioned Clonezilla.

    Right now this database is tied into their sales/invoicing and inventory system as well as tracking the workstation specs coming and going, and it's referenced to determine which image the system pushes.

    The owner's minimum requirement is to just have everything documented so when his current guy leaves, we'll be able to help train his successor, but even having no experience with an imaging setup like this I'm seeing plenty of room for general improvement (backups are woefully inadequate, images are manually copied to three separate imaging servers, etc).

    If I'm reading this right it sounds like they just want you to have a restore like function in place for users? If they have a file server that can be used to store the image then Clonezilla is a good option as you can set up a computer with Windows + all software needed and then create an image on the network share that the users can then later restore. They will need some good documentation though as it can be a bit of a pain to use if you don't know what you are doing. Here is a decent reference to use: http://www.forwestmedia.com/resources/how-to-guides/using-clonezilla-to-create-and-restore-disk-images/

    After restoring the image they will need to change any product keys that may be different between installs(mainly Windows).

    Another thing that I use, mainly because all of my installs tend to differ, is a customized Windows install. http://www.rt7lite.com/ can be used to set one up, or it can be done from the Microsoft System Image Manager which is part of the Windows AIK. I think in both cases you will need a base Windows install disk. With the Image Manager there doesn't seem to be an option for other software installs besides Windows, RT7 can do it but I haven't been successful with it(didn't spend much time on it though). With both you can have the installer only prompt you for what you need, mainly your CD Key. You can also cut out all the crap software you don't need to streamline the install. For example I have a DVD set with the installer and a USB with an answer file. When the install starts it checks the USB and gets all of the information it needs for the install(timezone, user, password, etc.) and starts on it's own. It only stops and asks for the cd key and then continues until it is booted into the new install.

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    Actually they're a refurbisher; they get loads of PCs out of lease, fix them up, image them, and then sell them. They just need some form of restore ability for the end user to be able to satisfy Microsoft's licensing requirements.

  • Mei HikariMei Hikari Registered User regular
    edited October 2013
    I would use the Windows built-in tools to do a recovery partition, then sysprep a wim file and copy it to the restore partition.

    Here's a quick video on creating a bootable windows partition:
    http://www.youtube.com/watch?v=MSycEzLn__8

    Mei Hikari on
  • CogCog What'd you expect? Registered User regular
    edited October 2013
    Anybody have any thoughts why IE10 doesn't show up on my WSUS server? I have update rollups checked in classifications, and I don't see a specific entry for it anywhere on the product tree. I see some language pack and security updates, and i see IE8, but IE10 is nowhere to be found.

    EDIT: Searching "Internet Explorer 10" in the Microsoft Update Catalog gives me tons of language packs and security/critical updates for IE10, but the actual IE10 install itself is not there.

    Cog on
  • CogCog What'd you expect? Registered User regular
    Hrm.. It's looking more and more like IE10 was either pulled back or not yet actually released to WSUS/Update Catalog.

  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    edited October 2013
    Mei Hikari wrote: »
    I would use the Windows built-in tools to do a recovery partition, then sysprep a wim file and copy it to the restore partition.

    Here's a quick video on creating a bootable windows partition:
    http://www.youtube.com/watch?v=MSycEzLn__8

    Thanks, I'll check out the video over lunch. Are you saying to create the recovery partition from the individual workstation? Currently, the process is:
    1. Hardware diagnostics
    2. Net boot, image selected and loaded automatically
    3. Automatic driver install
    4. QA, sysprep for OOBE, ship

    So during step 4, the tech could run the wizard (or possibly a script?) within Windows to create a recovery image on the second partition?

    TL DR on
  • bowenbowen How you doin'? Registered User regular
    It'd be easier to deploy over the network and tie it to the mac address of the PC.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    bowen wrote: »
    It'd be easier to deploy over the network and tie it to the mac address of the PC.

    If we already have the WIMs available, is that something that can be booted from on a recovery partition?

  • bowenbowen How you doin'? Registered User regular
    Maybe? Seems more difficult to prep the machine's hard drive for that. What happens if the hard drive fails?

    It's easier to just use PXE and load the image that way.

    I never did like recovery partitions.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    The issue is that these guys are MS certified refurbishers, and MS no longer allows install discs; only recovery partitions. So if we could PXE install the image and just leave another copy of the image on another partition (they already have scripted partitioning in place to format incoming drives before they have diagnostics run).

    If the drive fails, that's unfortunate but ultimately the repair/warranty department's problem.

  • bowenbowen How you doin'? Registered User regular
    What a ridiculous idea with ridiculous levels of bureaucracy.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • CogCog What'd you expect? Registered User regular
    God SUS here is such a fucking mess. Going back over their entire SUS inventory to make sure everything has been approved properly. Lets hear it for manually verifying/approving seven fucking thousand patches line by agonizing line.

  • Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    Cog wrote: »
    God SUS here is such a fucking mess. Going back over their entire SUS inventory to make sure everything has been approved properly. Lets hear it for manually verifying/approving seven fucking thousand patches line by agonizing line.
    I've had to deal with that before. What I did was sort by installed, then approve that way. If it's installed on 20% of the machines, then it was approved previously.

    While I agree that being insensitive is an issue, so is being oversensitive.
This discussion has been closed.