Options

The [sysadmins] Thread: Quick, hide your user friendly policies, Bowen is coming back!

16791112100

Posts

  • Options
    Donovan PuppyfuckerDonovan Puppyfucker A dagger in the dark is worth a thousand swords in the morningRegistered User regular
    Hourly backups? Surely once per night is good enough? Or if they absolutely have to, a few per day, timed to coincide with break times?

  • Options
    IncindiumIncindium Registered User regular
    We do transaction log backups every 15 mins with SQL Server so hourly isn't crazy at all...

    steam_sig.png
    Nintendo ID: Incindium
    PSN: IncindiumX
  • Options
    Mei HikariMei Hikari Registered User regular
    Yea hourly is not crazy at all.

    If you know your way around SQL, this is the golden standard: http://ola.hallengren.com/
    If you don't know your way around SQL, get an image-based backup like storagecraft.

  • Options
    bowenbowen How you doin'? Registered User regular
    I do hourly for our data, but it's medical, and losing a days worth of work for a doctor is... expensive. And we have 8+ providers.

    If you wanted to do a backup, you could just use mysqldump and cron it every hour.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Options
    bowenbowen How you doin'? Registered User regular
    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Options
    Mei HikariMei Hikari Registered User regular
    Oops, somehow missed this was a mySQL thing.

  • Options
    bowenbowen How you doin'? Registered User regular
    I prefer MySQL to all the other db systems anyways. SQL Server and Oracle have insane license requirements, and Postgre is well... postgre.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Options
    iTunesIsEviliTunesIsEvil Cornfield? Cornfield.Registered User regular
    Postgres is awesome. Shaddup, you.

  • Options
    bowenbowen How you doin'? Registered User regular
    Awesomely bad!

    It's community is kind of lackluster compared to MySQL, is the only thing. You google some insane issue you're having, there's almost always a SO link for MySQL. Postgres... not so much.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Options
    TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    Thanks, fellas

  • Options
    chamberlainchamberlain Registered User regular
    Chamberlain - Time for a new server! Let's go out to the Microsoft Partners Website and get a 2008 R2 key. Wait, 2008 R2 is gone. Perhaps I will ask Microsoft for help.

    Microsoft "help" - Part of your partners agreement is to always be on the most recent releases therefore 2008 is no longer offered. However the 2012 keys should be backwards compatible.

    Chamberlain - Well that was easy. I'll just type in the new key manually.

    "N"

    Server - N is not a valid character. Ha Ha and fuck you, silly user.

    I have been trolled by Microsoft.

  • Options
    TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    So does anyone know about creating an OEM-style recovery partition? I'm finding a lot of stuff about ImageX and BCDedit but not a lot about how the recovery partition process actually works. I have it set up so that 'recovery' is in the OS choices menu and it's booting to the correct partition, but it errors out on boot. Normally it would look for c:\windows\system32\winload.exe but documentation seems to indicate that the recovery partition should be able to boot from a .wim file?

  • Options
    Mei HikariMei Hikari Registered User regular
    It sounds like you haven't run one of the pre-requisite commands: Is this what you're following? http://technet.microsoft.com/en-us/library/dd744280(v=ws.10).aspx

    Have you done all the steps?

  • Options
    lwt1973lwt1973 King of Thieves SyndicationRegistered User regular
    So Virus girl did a sob story to my boss and I was told to unlock her internet.

    "He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
  • Options
    bowenbowen How you doin'? Registered User regular
    lwt1973 wrote: »
    So Virus girl did a sob story to my boss and I was told to unlock her internet.

    This is the time where you set up a squid proxy and forward just her IP address through it. Free virus checking and blocking of inappropriate material.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Options
    MyiagrosMyiagros Registered User regular
    Had a couple users off in Italy for the last week or so. They were using the Wireless provided by the customer and they both came back with IE hijacked and I can't figure out how to remove the home page that it keeps redirecting to. I've manually set the home page and even reset IE settings, I told them to use Chrome.

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • Options
    Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    edited October 2013
    In case any of you haven't heard yet, IE11 is set to automatically push out to Windows 7 sometime soon; on Windows 8, the date is October 18. If you're using WSUS or System Center 2012, you have nothing to fear. If you don't, then MS released a toolkit to block the automatic install of IE7

    Considering previous similar toolkits and the IE release dates, we could be looking at IE11 getting released with the next set of updates on November 12. What joy!!! (notice sarcasm)

    Le_Goat on
    While I agree that being insensitive is an issue, so is being oversensitive.
  • Options
    Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    edited October 2013
    Myiagros wrote: »
    Had a couple users off in Italy for the last week or so. They were using the Wireless provided by the customer and they both came back with IE hijacked and I can't figure out how to remove the home page that it keeps redirecting to. I've manually set the home page and even reset IE settings, I told them to use Chrome.
    I've had to search through the registry for the URL and fix it through there; royal pain in the ass to deal with. It could also be malware disguised as a program. Which site is it directing to?

    Le_Goat on
    While I agree that being insensitive is an issue, so is being oversensitive.
  • Options
    lwt1973lwt1973 King of Thieves SyndicationRegistered User regular
    Le_Goat wrote: »
    In case any of you haven't heard yet, IE11 is set to automatically push out to Windows 7 sometime soon; on Windows 8, the date is October 18. If you're using WSUS or System Center 2012, you have nothing to fear. If you don't, then MS released a toolkit to block the automatic install of IE7

    Considering previous similar toolkits and the IE release dates, we could be looking at IE11 getting released with the next set of updates on November 12. What joy!!! (notice sarcasm)

    IE 8 over here because one of our customer's portal doesn't support anything above that after their "upgrade" to a new portal.

    "He's sulking in his tent like Achilles! It's the Iliad?...from Homer?! READ A BOOK!!" -Handy
  • Options
    Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    Received an email from one of our users which said:
    "I received this email that I think may have a virus. I didn't open it, but I'm forwarding it to you"

    ...*sigh*

    While I agree that being insensitive is an issue, so is being oversensitive.
  • Options
    iTunesIsEviliTunesIsEvil Cornfield? Cornfield.Registered User regular
    Meh. User probably thinks they're "reporting it to IT" by forwarding it to you. One assumes the user means "I didn't open the attachment."

  • Options
    TL DRTL DR Not at all confident in his reflexive opinions of thingsRegistered User regular
    Mei Hikari wrote: »
    It sounds like you haven't run one of the pre-requisite commands: Is this what you're following? http://technet.microsoft.com/en-us/library/dd744280(v=ws.10).aspx

    Have you done all the steps?

    Thanks, this helped me solve it!

    The document I was looking at was very involved with creating and automating the recovery imaging, which I can do myself now that I understand the basic requirements:
    -Disk has to be partitioned very particularly: System partition, Windows partition, Recovery partiton
    -System to include S:\recovery\windowsre\winre.wim, which is copied from the Windows image's C:\windows\system32\recovery folder.
    -Recovery to include R:\Install.wim, which is your base installation image.

    I just tested it and it works, all I need to do is make sure my recovery image is a sealed/sysprepped OOBE image and then iron out how our automated process will work. The partitioning will be easy; the tricky bit might be that to capture a sealed image, we'll have to boot back onto the network after the sysprep finalizes and run ImageX /capture. It should be fairly straightforward to incorporate into our existing workflow, though.

  • Options
    hsuhsu Registered User regular
    bowen wrote: »
    lwt1973 wrote: »
    So Virus girl did a sob story to my boss and I was told to unlock her internet.
    This is the time where you set up a squid proxy and forward just her IP address through it. Free virus checking and blocking of inappropriate material.
    I would also install a hosts file on her computer from: http://winhelp2002.mvps.org/hosts.htm
    It's amazing how effective blocking known spam/virus/ad sites can be to preventing problems.

    iTNdmYl.png
  • Options
    BigityBigity Lubbock, TXRegistered User regular
    Myiagros wrote: »
    Had a couple users off in Italy for the last week or so. They were using the Wireless provided by the customer and they both came back with IE hijacked and I can't figure out how to remove the home page that it keeps redirecting to. I've manually set the home page and even reset IE settings, I told them to use Chrome.

    Are there any bogus entries in the lmhosts or hosts file?

  • Options
    TomantaTomanta Registered User regular
    lwt1973 wrote: »
    Le_Goat wrote: »
    In case any of you haven't heard yet, IE11 is set to automatically push out to Windows 7 sometime soon; on Windows 8, the date is October 18. If you're using WSUS or System Center 2012, you have nothing to fear. If you don't, then MS released a toolkit to block the automatic install of IE7

    Considering previous similar toolkits and the IE release dates, we could be looking at IE11 getting released with the next set of updates on November 12. What joy!!! (notice sarcasm)

    IE 8 over here because one of our customer's portal doesn't support anything above that after their "upgrade" to a new portal.

    I have a friend that does IT work for the state. They have to jump through a bunch of hoops to install IE 6 on some machines because some state websites don't support anything over that.

    No, not a typo. IE 6.

  • Options
    FrysdiskenFrysdisken Registered User regular
    Install Spiceworks?

    These virtual machines aren't hosted on a server, they are stand alone workstations most likely for laborations (developers created them).

    I tried browsing their website but couldn't find anything specific for this situation. Am I wrong?

  • Options
    MyiagrosMyiagros Registered User regular
    Le_Goat wrote: »
    Myiagros wrote: »
    Had a couple users off in Italy for the last week or so. They were using the Wireless provided by the customer and they both came back with IE hijacked and I can't figure out how to remove the home page that it keeps redirecting to. I've manually set the home page and even reset IE settings, I told them to use Chrome.
    I've had to search through the registry for the URL and fix it through there; royal pain in the ass to deal with. It could also be malware disguised as a program. Which site is it directing to?

    It's forwarding to the secure site of the customer, it can't actually reach the site since it looks to be blocked from the outside, their non-secure site works fine though. I ran malwarebytes and it came up with nothing so I think it's their IT people being complete geese.
    Bigity wrote: »
    Are there any bogus entries in the lmhosts or hosts file?
    Didn't even think of checking that, the redirected page only shows in IE, Chrome and Firefox are fine so I'm thinking it's a registry change. I'm guessing that would be possible for them to do, both users had local admin so if they had to sign into a page to access the internet it may have made a registry edit.

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • Options
    Le_GoatLe_Goat Frechified Goat Person BostonRegistered User regular
    A user brought in her company-owned laptop which she never brings into the office, asking us to get her updated and all that fun stuff. "Is it going to take long?"
    "Well, it depends on when the last time you ran updates. Do you know when that was?"
    "Not that long ago I think."

    It shows as last checked on September 28th... 2012; she also has 3 separate AV products installed. I will never understand how people refuse to update their systems. And yeah, it's refuse because by default they are set to be notified, so either they ignore the message saying that updates are available or they turn off the option to be notified.

    While I agree that being insensitive is an issue, so is being oversensitive.
  • Options
    CogCog What'd you expect? Registered User regular
    Group policy.

    No options.

  • Options
    halkunhalkun Registered User regular
    edited October 2013
    Le_Goat wrote: »
    A user brought in her company-owned laptop which she never brings into the office, asking us to get her updated and all that fun stuff. "Is it going to take long?"
    "Well, it depends on when the last time you ran updates. Do you know when that was?"
    "Not that long ago I think."

    It shows as last checked on September 28th... 2012; she also has 3 separate AV products installed. I will never understand how people refuse to update their systems. And yeah, it's refuse because by default they are set to be notified, so either they ignore the message saying that updates are available or they turn off the option to be notified.

    This is why I love our 30 day lockout. It adds a layer of security too because if it was "misplaced" only to find it was stolen and never phoned home, It's locked so no one can get in. Also with our antivirus, we use Symantic Enpoint Protection, which is just a enterprise version of Norton. However, we don't have the know-it-alls in the field going "Oh, Norton sucks, put on *xyz* instead. (that and a password is reqired to uninstall Symantic in the first place)

    Macaffe auto-installing itself though, That's a pain.

    We also block Microsoft Security Essentials by policy.

    Also, we turn off all notifacations for 3rd party apps (Flash, adobe reader) and manage those with our in-house update program we send out every quarter.

    BOFH all up ins :)

    halkun on
  • Options
    Donovan PuppyfuckerDonovan Puppyfucker A dagger in the dark is worth a thousand swords in the morningRegistered User regular
    You block MSE?

    And then spend money on an inferior product?

  • Options
    BigityBigity Lubbock, TXRegistered User regular
    I agree, though I can't say much - we use McAfee. Well, we use it because we have to basically because the umbrella organization we fall under uses it, but ugh all the same.

    I haven't tried the enterprise version of MSE though, ForeFront I think it's called?

  • Options
    Mei HikariMei Hikari Registered User regular
    You block MSE?

    And then spend money on an inferior product?
    You can't use MSE in a business environment larger than 10 machines.

  • Options
    donavannjdonavannj Registered User regular
    edited October 2013
    Bigity wrote: »
    I agree, though I can't say much - we use McAfee. Well, we use it because we have to basically because the umbrella organization we fall under uses it, but ugh all the same.

    I haven't tried the enterprise version of MSE though, ForeFront I think it's called?

    ForeFront is the old name. System Center Endpoint Protection is the replacement for that from Microsoft. The place I've been working for on and off the last few years switched to ForeFront 3 years ago, because the CA Antivirus they were using before was bogging down their systems significantly. Upon my return after a 2 year absence, they were now using System Center Endpoint Protection, which is basically a part of that same family, but it works with the System Center 2012 suite very seamlessly, while administering Forefront and using WSUS was a huge pain. It's fairly robust, but the biggest advantage is how lightweight it feels and the fact that you can use it in combination with System Center to keep track of every single Windows machine on your network. Not being a larger corporation, they don't have to worry about direct attacks from viruses quite as often, though, so it's not gotten any real stress test.

    donavannj on
    steam_sig.png
  • Options
    MyiagrosMyiagros Registered User regular
    We are using a version of ESET from before all major AV software started including anti-malware as well. I can't wait until the license expires next November so I can renew with the AM as well.

    iRevert wrote: »
    Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
    Steam: MyiagrosX27
  • Options
    iTunesIsEviliTunesIsEvil Cornfield? Cornfield.Registered User regular
    Mei Hikari wrote: »
    You block MSE?

    And then spend money on an inferior product?
    You can't use MSE in a business environment larger than 10 machines.

    Huh? Is this a licensing thing or a "anything larger than 10 machines and one can't really maintain MSE like is wanted/needed"?

  • Options
    DevoutlyApatheticDevoutlyApathetic Registered User regular
    Mei Hikari wrote: »
    You block MSE?

    And then spend money on an inferior product?
    You can't use MSE in a business environment larger than 10 machines.

    Huh? Is this a licensing thing or a "anything larger than 10 machines and one can't really maintain MSE like is wanted/needed"?

    A terms of service thing. MSE specifically says it can't be used in places with more than 10 computers. MS was unwilling to completely piss off the AV market.

    Nod. Get treat. PSN: Quippish
  • Options
    bowenbowen How you doin'? Registered User regular
    Mei Hikari wrote: »
    You block MSE?

    And then spend money on an inferior product?
    You can't use MSE in a business environment larger than 10 machines.

    Huh? Is this a licensing thing or a "anything larger than 10 machines and one can't really maintain MSE like is wanted/needed"?

    Licensing. Their solution is retarded.

    If microsoft decided to audit you, you could get sued. MSE is hands down the best AV even without the maintenance. It may not be the "WHOA TOTALLY GOT RELEASE DAY VIRUS" like some links are suggesting now, but, it's unobtrusive, still catches the majority of stupid shit, and doesn't kill our system.

    I had symantec on the server and it easily dropped the performance of the thing down to 25% of the original specs.

    not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
  • Options
    iTunesIsEviliTunesIsEvil Cornfield? Cornfield.Registered User regular
    Wow. That's seems really weird.

    So, are MSE and Windows Defender considered different products then? I mean, Defender is installed by default on Windows 8 machines (or at least every Windows 8/8.1 Pro install I've used has had it). So, are admins supposed to go and disable it in an office where they have more than 10 Windows 8 PC's, or does it somehow disable itself, or is is already disabled on the Enterprise version of 8/8.1, or am I thinking of a different situation than you gents are talking about?

This discussion has been closed.