@wirestyle22 said:

Sorry for the lack of information. I'm currently researching LAN-less technology and was looking at thin clients just for funsies. We would be using ZT already and I was just wondering if thin clients would even work over the WAN. This is something I would possibly implement. We used to have them on mobile carts at the hospital I used to work at (LAN based). Bear with me here. I came in to get my cup of coffee today and someone didn't re-fill the Keurig so my life is meaningless for the next five minutes.

Well thin clients are used over a WAN all the time. Think about any time you RDP into a remote server. Remember a WAN isn't a different technology from a LAN, the devices can't tell them apart. It's all just the same TCP/IP network to the devices.

And when you use ZT, there isn't a WAN, it's all LAN.

yeah I was thinking that was the major draw back.

And systems like Paypal or banking - those allowing a simple email reset just bug me.

@Dashrender said:

@dafyre said:

@Dashrender said:

@scottalanmiller said:

@FATeknollogee said:

@Jason said:

@FATeknollogee said:

Type 3: Users (are contractors), they connect via VPN from overseas

Seems like a bad idea. Usually employees are given VPN access from company owned devices. a VPN is too much exposure for non-company owned devices and for people who aren't full employees. I would look into some other form of access, RD Gateway with RDS or Ctirix etc for these people.

Are you saying access via ZT is not a good idea?

Correct. ZT is a VPN. VPNs from arbitrary devices is normally a bad idea. The only exception to this is when you would have happily exposed the LAN to the Internet and this is purely a handy control of IP addresses. If security is your goal, you are bypassing security using a VPN in this role. VPNs are very dangerous because they are about exposure.

The whole trusted network issue. LAN vs LAN-less

As more and more things move to networks that are not local to our computers, we're changing seeing how we trust things.

Traditionally we trust machines that are on our local LAN, but, if flip that on its ear and trust nothing, and always setup authenticated/trusted communications no matter where device is in comparison to us, then we are much safer.

I think that it is beyond time that we stop trusting machines on our local lan. Even my home network has the service discovery disabled, and each machine has its firewall turned on for that very reason.

I go back and forth on using the home networking features that Windows has these days.

I use them because they are there. I also have linux boxes at my house too, so there's that. 😄

@scottalanmiller said:

@Dashrender said:

There's you're first problem. It shouldn't be an IT thing. that's PR/HR and Legal's thing.

We don't have an HR department other than the CEO/Office manager.. no way she's going to handle this.. it will likely be assigned to me.

Then the question is, are you trained and prepared to act as the HR department or as the corporate attorney? It's important to recognize this as acting as those departments, are you paid, trained or able to operate in those roles?

Lots of SMBs mix roles, just important to recognize what capacity you are working in.

Nope - I suspect I'll be little more than a gopher for this. My boss hasn't even asked me to do anything yet, and she may simply decide that we are staying away from it.

@Ambarishrh said:

was wondering the same, they could move all the Linux and save quite a lot of cost

They are "all in" on MS technologies. I followed them when they were building the system. Their sponsor is a 100% MS devotee (he's the father of VBA, for that matter) and there is no way that they would consider something based on logic. They were the pioneer user of the .NET MVC system and everything they have done is based on total lock in to MS, which has its advantages. But overall, they are using costly, slow components to do work. I'm sure that it works pretty well, but as good as it could? No way.

We've seen other communities like that make odd technology decisions leaving them locked in to old schemes and costing a fortune to do what is cheap with modern design choices.

Welcome Barakat.We are waiting for you arrival

@johnhooks said:

@art_of_shred said:

Sounds like that would take care of both issues.

no more clicking no need to mess with the old hard drive (data mysteriously vanished)

I call it a win!

I don't know what happened, I stuck the hard drive behind my 12" woofer so it was out of the way and I don't see any data at all.

We actually had a similar problem back when Pops and I were running a computer stores. One of our remote offices an hour away would come up to get computers that our main office had loaded and made ready for the sales floor.

They would get them to their destination, and the all kinds of oddball crap was going on. Turns out, the speakers in the back of their van were um.... not stock, and were causing the problems, lol.

@BBigford said:

@Jason said:

@BBigford said:

Still wondering though, how can you build a driver repository with exes, rather than inf files?

Maybe it has an INF calling the exe somewhere.

Your last post "WDS only uses INF" contradicts that statement. If it only uses INF files, EXEs are not needed. You are right in the first post that WDS only uses INF files.

It's not a contraction, INF files can call other filters and such to install besides the INF itself. Not usually Exe's but there are numerous ways to call in other files with a driver INF.

Yet another reason to wipe all computers the instant they walk in the door - no cruft left over to break things!

Lots of taking people out for drinks that is true....

@Dashrender said:

@Carnival-Boy said:

I'd be tempted to replace the iPads with Windows tablets. A bit more expensive up front, and bulkier, but I feel you have so much more flexibility to control them under Windows.

Spending 10 hours a week to troubleshoot 20 iPads is just ridiculous and a huge expense.

Assuming I'm hired to work on this problem, I'll let you all know what the real problems are.

Well if the Meraki Backback does not work, they could setup ownCloud and make that an allowed app. Then the tech just have to swipe right on the folder to have it sync again.

Not as magic as a full MDM that pushes the files successfully.

If you're just messing around in a lab, why not download 2016 so you can familiarize yourself with the backend?

Okay, I couldn't find this information ANYWHERE... However, by scouring the dhcpd.conf man page I was able to come up with the answer.

The below configuration file example is the correct implementation for integrating FOG into your current network's isc-dhcp-server.

#internal LAN (eth2) subnet 10.10.0.0 netmask 255.255.0.0 { range 10.10.224.0 10.10.255.254; option routers 10.10.0.10; option subnet-mask 255.255.0.0; option broadcast-address 10.10.255.255; option domain-name-servers 10.10.1.11, 10.10.1.12; option domain-name "example.com"; option tftp-server-name "10.10.0.10"; next-server 10.10.1.13; #Fog TFTP Server option bootfile-name "undioonly.kpxe"; include "/etc/dhcp/lan.conf"; }

When I have time I might do a quick how-to just so SOMETHING else is out there for people who might be struggling to finding the correct config syntax/entries as I did...

@scottalanmiller said:

Stickie notes.

pzv5j7l.jpg

Yes we do 🙂

/facepalm

From what @olivier said it appears to be an issue with the " error is returned by vhd-util which is responsible for merging the oldest delta in the full disk. So if you have more delta than the retention, it makes sense with the error you encountered."

Meaning it was something with the functionality to compress the old delta's. I'm not certain what caused it to error out in the first place at this time.

@JaredBusch said:

@scottalanmiller said:

@Dashrender said:

Steve specifically mentioned CloudFlare during his podcast and made mention that he didn't think it would work for him.

What kind of site is he running? ML cant work behind it because of Websockets. Is his site a blog or what?

This is completely not true. You can use Websockets with CloudFlare, you just have to pay for it. It has been that way since August of 2014.

Your statement is a complete lie.

Okay yes, with the enterprise level support which is $11K a month, I've been told, then CF will do this.