Interview tomorrow. The location is kind of shitty as it would add at least 30 minutes to my drive just due to traffic. I'm mainly hoping to get an offer for equal or more than what I make now in order to force my current employer to actually have to give me a raise or lose me.
Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
What is the industry standard for medium scale patch management / deployment in an all windows server environment?
Using WSUS to roll things out to systems is all well and good, but you don't really want your hosts restarting on their own, so how do you update a several hundred physical server multi-site environment in a timely fashion, and with maximum automation?
Solar Winds Patch Manager
Yes, yes, and yes. I have a serious hardon on Patch Manager. God damn has that application saved me hundreds of hours. I ran a quick cost analysis and handed it to the CFO showing how much it costs me to do the same thing. She signed off on it immediately.
EDIT: Going back to this OP, are you asking for something other than WSUS to handle Windows updates? I use WSUS to handle the MS updates and Patch Manager for third party patching. I'm sure it can do both, but WSUS has worked fine for me so far.
I do want to note that with Windows Server 2003, they'll reboot automatically if using WSUS (probably any similar system) if you have the updates approved and not logged in. Once the install time starts, it'll install, then reboot. Pretty fucked up, if you ask me. Why the fuck would you ever want a server to reboot automatically like that? I've learned my lesson the hard way. Rarely have I seen the same happen with Server 2008, but it has occurred before.
Le_Goat on
While I agree that being insensitive is an issue, so is being oversensitive.
So, I have this Xerox Workcentre Pro and I have it setup to scan to a network directory. It's been working steady for a while. Recently, we rolled out a new Windows 2012 VM to use for print/scan stuff. Now the Xerox has a big lag between scan and deliver. My colleague had the idea to disable offline files on the users' computers but that doesn't seem to resolve the issue. And the issue seems to be pretty intermittent. I'm getting tired of slamming my head against a wall.
What protocol are you using for delivering the scanned files?
While I agree that being insensitive is an issue, so is being oversensitive.
0
Options
jaziekBad at everythingAnd mad about it.Registered Userregular
What is the industry standard for medium scale patch management / deployment in an all windows server environment?
Using WSUS to roll things out to systems is all well and good, but you don't really want your hosts restarting on their own, so how do you update a several hundred physical server multi-site environment in a timely fashion, and with maximum automation?
Solar Winds Patch Manager
Yes, yes, and yes. I have a serious hardon on Patch Manager. God damn has that application saved me hundreds of hours. I ran a quick cost analysis and handed it to the CFO showing how much it costs me to do the same thing. She signed off on it immediately.
EDIT: Going back to this OP, are you asking for something other than WSUS to handle Windows updates? I use WSUS to handle the MS updates and Patch Manager for third party patching. I'm sure it can do both, but WSUS has worked fine for me so far.
I do want to note that with Windows Server 2003, they'll reboot automatically if using WSUS (probably any similar system) if you have the updates approved and not logged in. Once the install time starts, it'll install, then reboot. Pretty fucked up, if you ask me. Why the fuck would you ever want a server to reboot automatically like that? I've learned my lesson the hard way. Rarely have I seen the same happen with Server 2008, but it has occurred before.
I was under the impression that you could prevent auto-reboot with GPO, is this not the case with server 2003? Because I've definitely done it with 2008 and 2012.
As I said above. The issue isn't really with finding a way to manage patches, it's with finding a way to automatically drain a node in a cluster and get it ready for a reboot, which with the application architecture here isn't really possible.
This is what happens when you design something without scalability in mind, and then try to scale it up later on. You get shit like this.
What is the industry standard for medium scale patch management / deployment in an all windows server environment?
Using WSUS to roll things out to systems is all well and good, but you don't really want your hosts restarting on their own, so how do you update a several hundred physical server multi-site environment in a timely fashion, and with maximum automation?
Solar Winds Patch Manager
Yes, yes, and yes. I have a serious hardon on Patch Manager. God damn has that application saved me hundreds of hours. I ran a quick cost analysis and handed it to the CFO showing how much it costs me to do the same thing. She signed off on it immediately.
EDIT: Going back to this OP, are you asking for something other than WSUS to handle Windows updates? I use WSUS to handle the MS updates and Patch Manager for third party patching. I'm sure it can do both, but WSUS has worked fine for me so far.
I do want to note that with Windows Server 2003, they'll reboot automatically if using WSUS (probably any similar system) if you have the updates approved and not logged in. Once the install time starts, it'll install, then reboot. Pretty fucked up, if you ask me. Why the fuck would you ever want a server to reboot automatically like that? I've learned my lesson the hard way. Rarely have I seen the same happen with Server 2008, but it has occurred before.
I was under the impression that you could prevent auto-reboot with GPO, is this not the case with server 2003? Because I've definitely done it with 2008 and 2012.
As I said above. The issue isn't really with finding a way to manage patches, it's with finding a way to automatically drain a node in a cluster and get it ready for a reboot, which with the application architecture here isn't really possible.
This is what happens when you design something without scalability in mind, and then try to scale it up later on. You get shit like this.
Patch manager can do totally awesome shit like pre-rebooting the server at a specified time, then install the patches at a specified time, then hold the auto-reboot for a time of your choosing. It's the best thing.
Also, it can actually report on your patch compliance accurately. My biggest goddamn gripe about WSUS is that if you approve a patch for any patch group in your entire environment, that patch will count against all groups for determining if they have all "needed" patches installed. If we, for example, have servers that we cannot upgrade above IE8, so they're in their own group not receiving IE updates, every IE update approved for a different group (but left unapproved for the no-IE-updates group) still counts against it's "needed" patches. So unless you blanket approve every single patch for all groups, your patch compliance is always 99% or less on every device. That means without looking into servers or workstations individually, there's zero way to know if they're missing 1 patch or 30.
Solar winds can run custom reports on a per-container basis and give you a compliance metric for the patches approved to that particular container. Which it can run on a schedule and email the results to you after every one of your patch cycles.
Also, it can pull inventory reports for all installed software. Not just stuff it installed/patched. Want to know if someone has uTorrent or WoW or something installed? It's a couple clicks away. It has an RDP client built into it, you can remote manage services and stuff... Calling it "Patch Manager" anymore is so much of a misnomer, honestly, cause it does so much more than that.
For the cluster service, I'm not 100% sure because I've not done it, but I'm tentatively certain it can either handle that or it can kick off a script/batch that will trigger the drain-stop.
I was under the impression that you could prevent auto-reboot with GPO, is this not the case with server 2003? Because I've definitely done it with 2008 and 2012.
# Select the most recent file
$latest =
$directoryInfo.Files |
Where-Object { -Not $_.IsDirectory } |
Sort-Object LastWriteTime -Descending |
Select-Object -First 1
# Any file at all?
if ($latest -eq $Null)
{
Write-Host "No file found"
exit 1
}
# Download the selected file
$session.GetFiles($session.EscapeFileMask($remotePath + $latest.Name), $localPath).Check()
with language to take the files within the last hour rather than "the most recent file". I'm not great at powershell though, most of my 'scripting' is googling for existing scripts and then googling for alternate language to sub in to replace what I don't quite need.
Interview today went great. They are a managed IT place so I'd basically be doing the same job but for multiple clients. The drive is actually shorter than my current one which surprised me. The people doing the interview were great. I was their first interview and they will likely be doing 2nd interviews in the next week or two. The salary will be the only thing keeping me from taking the job, as long as it is within $2/hr of what I currently make I could afford to take the pay cut, and I likely would, just for the opportunity to work somewhere that actually gives raises.
Because if you're going to attempt to squeeze that big black monster into your slot you will need to be able to take at least 12 inches or else you're going to have a bad time...
My work screwed me over today so I'll do work for someone else. Let me dig in, @Cog.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Whoever wrote that .dll made it so the timestamps are actual date objects and not just text. I could kiss them.
Note, I changed it to FTP because that's the test server I was using. Thanks, Southwest Florida Water Management District! Change that back if necessary and add the sshkey back into the options.
Also note, you need to run as admin, apparently, to import dlls like this. At least in Win 8.1
Also also, you need to unblock the .dll file, since it's from the interwebs. In win7 just right click it and click unblock in properties. In win8, open an admin PowerShell and use Unblock-File.
Also also also, that .dll needs to be in the same directory as the winscp.exe
Also also also also, @Cog
param (
$localPath = "D:\test\ " ,
$remotePath = "/pub/usf/ " #god damn vanilla markup. don't put spaces in there.
)
try
{
# Load WinSCP .NET assembly
Add-Type -Path 'C:\Program Files (x86)\WinSCP\WinSCPnet.dll'
# Setup session options
$sessionOptions = New-Object WinSCP.SessionOptions
$sessionOptions.Protocol = [WinSCP.Protocol]::ftp
$sessionOptions.HostName = "ftp.swfwmd.state.fl.us"
$sessionOptions.UserName = "Anonymous"
$sessionOptions.Password = "thanksfor@lettingmetest.com"
$session = New-Object WinSCP.Session
try
{
# Connect
$session.Open($sessionOptions)
# Gel list of files in the directory
$directoryInfo = $session.ListDirectory($remotePath)
# Select the most recent file
$recentFiles =
$directoryInfo.Files |
Where-Object { -Not $_.IsDirectory } |
Where-Object { ($_.LastWriteTime) -gt (Get-Date).AddHours(-10) } #change this to any number of negative hours you're looking for.
# Any file at all?
if ($recentFiles -eq $Null)
{
Write-Host "No file found"
exit 1
}
# Download the selected files
$recentFiles | ForEach-Object {
$session.GetFiles($session.EscapeFileMask($remotePath + $_.Name), $localPath).Check()
}
}
finally
{
# Disconnect, clean up
$session.Dispose()
}
exit 0
}
catch [Exception]
{
Write-Host $_.Exception.Message
exit 1
}
Aioua on
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
+3
Options
mojojoeoA block off the park, living the dream.Registered Userregular
CCNA recerted with a 960/1000
I think the job i wanted is being pushed through holidays as i have heard nothing. Jobs not public yet either.... or if it is i cant find it. So... ima just keep hope alive through to jan. maybe touch base with them after new year.
whew thats over!
Chief Wiggum: "Ladies, please. All our founding fathers, astronauts, and World Series heroes have been either drunk or on cocaine."
@Aioua Very awesome indeed, thanks for taking a whack at it. I imported the .NET assembly dll and unblocked it via powershell a couple nights ago while i was tweaking the above script and failing, so should be no snags there. I believe the connection is actually over sftp but I'll have to double check. If that's the case, I'm under the assumption I just need to change the protocol line to
replacable with a simple call to the session name, instead of declaring the protocol, host, user, password etc every time? And storing the password in essentially cleartext? In this case, that name is GMI
You are a gentleman scholar and I appreciate your efforts on this, the problem you are solving for me that I am solving for someone else who's job this isn't even in the first fucking place. Rest assured no one who directly profits from this work will ever be grateful to you in any capacity. It's the life we lead.
Yeah vanilia just treats the trailing slashes as escape charaters, which meant there was no closing quotes on those strings.
EDIT: your first edit is nicer looking but the second would work, too. PowerShell so forgiving.
I um, don't really know about the saved session stuff. That's all to do with their .net code.
You'd be messing with the $session.open(<???>) part. There might be a way to reference pre-saved sessions.
EDIT2: I think you have to make a SessionOptions object to pass to Session.open(). I'm no coder, but I think I'm reading their documentation right:
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
@Aioua Very awesome indeed, thanks for taking a whack at it. I imported the .NET assembly dll and unblocked it via powershell a couple nights ago while i was tweaking the above script and failing, so should be no snags there. I believe the connection is actually over sftp but I'll have to double check. If that's the case, I'm under the assumption I just need to change the protocol line to
replacable with a simple call to the session name, instead of declaring the protocol, host, user, password etc every time? And storing the password in essentially cleartext? In this case, that name is GMI
You are a gentleman scholar and I appreciate your efforts on this, the problem you are solving for me that I am solving for someone else who's job this isn't even in the first fucking place. Rest assured no one who directly profits from this work will ever be grateful to you in any capacity. It's the life we lead.
Winscp already stores the password in clear text if you're using a saved session.
You could always switch to public key auth, and control what gets access to the private key. That's not really that much better though - anything you automate needs crypto infrastructure behind and within it to do it securely.
@Aioua Very awesome indeed, thanks for taking a whack at it. I imported the .NET assembly dll and unblocked it via powershell a couple nights ago while i was tweaking the above script and failing, so should be no snags there. I believe the connection is actually over sftp but I'll have to double check. If that's the case, I'm under the assumption I just need to change the protocol line to
replacable with a simple call to the session name, instead of declaring the protocol, host, user, password etc every time? And storing the password in essentially cleartext? In this case, that name is GMI
You are a gentleman scholar and I appreciate your efforts on this, the problem you are solving for me that I am solving for someone else who's job this isn't even in the first fucking place. Rest assured no one who directly profits from this work will ever be grateful to you in any capacity. It's the life we lead.
Winscp already stores the password in clear text if you're using a saved session.
You could always switch to public key auth, and control what gets access to the private key. That's not really that much better though - anything you automate needs crypto infrastructure behind and within it to do it securely.
Yeah I think storing it in an xml and putting the security on read access to that file is probably a pretty good route.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
@Aioua it totally worked. It was indeed sftp so I just had to plug in the ssh host key. The original intent was for the script to dump txt files from the ftp in one local storage, and a second script to dump pdf files in another local storage. I couldn't get the Where-Object cmdlet for $_.Extension to actually work, so I just let it grab all the files and instead a local batch file will sort the files into the proper folders.
But the short of it is it's working just fine, and you have my eternal gratitude for whatever that's worth to you.
How many time per day am I allowed to think 'they are all idiots' before the opposite is true, that I am the idiot for expecting people to do what they say?
How many time per day am I allowed to think 'they are all idiots' before the opposite is true, that I am the idiot for expecting people to do what they say?
I think it's an asymptote, so you should be good.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
If they want to bother with it all in one script, I'll slip that in @Aioua
Thanks for all the help.
0
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
Ahh, I have a client with POTS that's large enough to have their own internal hardware, which the vendor is completely unqualified to support since it's old and Their Phone Guy retired years ago.
A user's handset will stop receiving calls and the display dims. I can reconnect it at the patch panel and it works again for a matter of days. Any ideas, learned men of the sysadmin thread?
0
Options
mojojoeoA block off the park, living the dream.Registered Userregular
Anyone else have to work mon tue?
Population here = SPARSE.
Chief Wiggum: "Ladies, please. All our founding fathers, astronauts, and World Series heroes have been either drunk or on cocaine."
0
Options
TL DRNot at all confident in his reflexive opinions of thingsRegistered Userregular
Posts
yeah but your calls are never as important as his.
"The president is in danger!" vs "Did we order enough pink post-its?"
Not as cool.
"they have got the presidents daughter!" vs "The sys admin has the runs and will be out today."
Knowing, bowen, yes. He is.
Now after you fix it you have to go back and break it a day later and then fix it another day after that.
EDIT: Going back to this OP, are you asking for something other than WSUS to handle Windows updates? I use WSUS to handle the MS updates and Patch Manager for third party patching. I'm sure it can do both, but WSUS has worked fine for me so far.
I do want to note that with Windows Server 2003, they'll reboot automatically if using WSUS (probably any similar system) if you have the updates approved and not logged in. Once the install time starts, it'll install, then reboot. Pretty fucked up, if you ask me. Why the fuck would you ever want a server to reboot automatically like that? I've learned my lesson the hard way. Rarely have I seen the same happen with Server 2008, but it has occurred before.
I was under the impression that you could prevent auto-reboot with GPO, is this not the case with server 2003? Because I've definitely done it with 2008 and 2012.
As I said above. The issue isn't really with finding a way to manage patches, it's with finding a way to automatically drain a node in a cluster and get it ready for a reboot, which with the application architecture here isn't really possible.
This is what happens when you design something without scalability in mind, and then try to scale it up later on. You get shit like this.
Patch manager can do totally awesome shit like pre-rebooting the server at a specified time, then install the patches at a specified time, then hold the auto-reboot for a time of your choosing. It's the best thing.
Also, it can actually report on your patch compliance accurately. My biggest goddamn gripe about WSUS is that if you approve a patch for any patch group in your entire environment, that patch will count against all groups for determining if they have all "needed" patches installed. If we, for example, have servers that we cannot upgrade above IE8, so they're in their own group not receiving IE updates, every IE update approved for a different group (but left unapproved for the no-IE-updates group) still counts against it's "needed" patches. So unless you blanket approve every single patch for all groups, your patch compliance is always 99% or less on every device. That means without looking into servers or workstations individually, there's zero way to know if they're missing 1 patch or 30.
Solar winds can run custom reports on a per-container basis and give you a compliance metric for the patches approved to that particular container. Which it can run on a schedule and email the results to you after every one of your patch cycles.
Also, it can pull inventory reports for all installed software. Not just stuff it installed/patched. Want to know if someone has uTorrent or WoW or something installed? It's a couple clicks away. It has an RDP client built into it, you can remote manage services and stuff... Calling it "Patch Manager" anymore is so much of a misnomer, honestly, cause it does so much more than that.
For the cluster service, I'm not 100% sure because I've not done it, but I'm tentatively certain it can either handle that or it can kick off a script/batch that will trigger the drain-stop.
You can absolutely totally do that.
No, I can't get the filemask with the time restriction to work.
ends up getting nothing.
I think I could possibly make the power shell script here work, if I could figure out how to replace
with language to take the files within the last hour rather than "the most recent file". I'm not great at powershell though, most of my 'scripting' is googling for existing scripts and then googling for alternate language to sub in to replace what I don't quite need.
Also lighting the @Aioua batsignal on this one.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Note, I changed it to FTP because that's the test server I was using. Thanks, Southwest Florida Water Management District! Change that back if necessary and add the sshkey back into the options.
Also note, you need to run as admin, apparently, to import dlls like this. At least in Win 8.1
Also also, you need to unblock the .dll file, since it's from the interwebs. In win7 just right click it and click unblock in properties. In win8, open an admin PowerShell and use Unblock-File.
Also also also, that .dll needs to be in the same directory as the winscp.exe
Also also also also, @Cog
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I think the job i wanted is being pushed through holidays as i have heard nothing. Jobs not public yet either.... or if it is i cant find it. So... ima just keep hope alive through to jan. maybe touch base with them after new year.
whew thats over!
On the lines for Is that ALL the spaces or just the ones inside the "s?
EDIT: Testing to see what part vanilla doesn't like
EDIT the 2nd edit: like my first change or 2nd change?
Now, the session already exists as a saved session within SCP, is replacable with a simple call to the session name, instead of declaring the protocol, host, user, password etc every time? And storing the password in essentially cleartext? In this case, that name is GMI
You are a gentleman scholar and I appreciate your efforts on this, the problem you are solving for me that I am solving for someone else who's job this isn't even in the first fucking place. Rest assured no one who directly profits from this work will ever be grateful to you in any capacity. It's the life we lead.
EDIT: your first edit is nicer looking but the second would work, too. PowerShell so forgiving.
I um, don't really know about the saved session stuff. That's all to do with their .net code.
You'd be messing with the $session.open(<???>) part. There might be a way to reference pre-saved sessions.
EDIT2: I think you have to make a SessionOptions object to pass to Session.open(). I'm no coder, but I think I'm reading their documentation right:
open method
options class
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I'm not seeing here how it's done.
Yeah doesn't look like you can.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
But you can protect your passed credentials in other ways. I'll get the goddamn thing working first and worry about masking the creds later.
Well, I'll have another run at this tonight and let you know just how terribly much I do owe you for the help.
Winscp already stores the password in clear text if you're using a saved session.
You could always switch to public key auth, and control what gets access to the private key. That's not really that much better though - anything you automate needs crypto infrastructure behind and within it to do it securely.
Yeah I think storing it in an xml and putting the security on read access to that file is probably a pretty good route.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
But the short of it is it's working just fine, and you have my eternal gratitude for whatever that's worth to you.
I think it's an asymptote, so you should be good.
I am 95% sure this'll work. Hooray for regex.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Thanks for all the help.
A user's handset will stop receiving calls and the display dims. I can reconnect it at the patch panel and it works again for a matter of days. Any ideas, learned men of the sysadmin thread?
Population here = SPARSE.
Same next week, though I'm requesting off Friday.