@Dashrender said:

Yeah, not to bad - I don't like the fact that it's all browser based. You download a client that's installed, then the browser session connects to that install to run the scan from your machine on your network. You have to put credentials into the software to get the scan to do anything worth while.

The first scan I ran came back empty because I didn't associate the credentials with any machines - wasn't obvious this needed to be done, still took me 5 mins to figure it out.

Ah, I was wondering how it did it without an install.

Favorite thing so far is the easy of having everything synced with my desktop. So I can move to the couch or out on the deck and not miss a beat on Skype, lync, email even web pages I had last open.

Congrats Sir 🙂

@scottalanmiller said:

@technobabble said:

@scottalanmiller said:

@technobabble said:

Has anyone used Decrap?

Hopefully not. Much better to do a clean image.

I do like that option when the client is on-board, however very small businesses (mom & pops) usually decline because of time and cost.

Saving money is never something that little shops like. That's why they stay little 😉

Yep.

What's your view on projectors versus televisions? A few years ago we replaced the projector in our training room with a 50 inch telly, and people complain it's too small. But you can get a 60 inch LED now for the price of a decent projector, and a 70 inch for a fair bit more. I'd prefer a television, as I find them simpler to operate and I like lots of HDMI connections. A 100 inch touch-screen monitor is probably a few years away for us.

It annoys me when people complain they can't see something and I ask them if they have glasses and they say "Yeah, but I never wear them at work".

I've not used it but am very interested. Looks like a software defined storage platform.

@Dashrender

Awesome! Glad to have been of service. Feel free to mark my response as BA!

Got a spare Unifi AP hanging around the office? I'd go with a commercial device as a test. Also, make sure yo use various ports on the Verizon router

@Dashrender said:

@alexntg said:

@Dashrender said:

@alexntg said:

A bit on the reimaging rights. Intune with SA is a volume license. You could use the volume license media and key to reimage other computers that run the same exact product version. You could use the Win8.1 Pro media and key for other Win8.1 Pro computers. Upgrade rights are only available with SA, one device per user. Do understand that if you cancel Intune, you'd be revoking your volume license rights.

Alex,
Under the old SA in a VL setup, let's say you bought Office Pro plus with SA, when you purchased it Office 2010 was out, but during your subscription, Office 2013 comes out.
Now say you discontinue your subscription. It is my understanding that you can use 2013 in perpetuity.

Is the same true for machines that you purchase Intune with SA? So you have a Windows XP machine today, you buy Intune with SA which allows you to upgrade to Windows 8.1 Pro (or Enterprise if you wish). If you dump the SA portion of the subscription are you required to go back to XP on that computer? If that's the case, calling it SA was a bad decision as the rules would be different for two things with the same name.

The software, including the OS license, is provided on a subscription basis only. There is, however, a buyout option that's available for cancellations after the initial 12-month term. I'm not sure what the pricing on it is offhand, as that requires contacting MS directly.

Thanks - I do recall seeing something about a buyout.

Do we have a MS rep around to answer this?

@scottalanmiller said:

Fingers crossed then. Could have been almost anything.

That's what I told management...fingers crossed...the only thing I didn't turn back on was Unitrends Free (which I've not had time to use yet but will soon as you may see in another thread)...

The process of writing stuff down for others is a great way to get a new perspective even if the others never see it.

@Dashrender said:

@scottalanmiller said:

@Dashrender said:

All that makes me wonder if/when we can have AD in the cloud, either fully or hybrid, and be safe.

That's been available for a while. But the federation limitations remain. There is both traditional AD in the cloud (NTG runs that way) and Azure's cloud AD service. It is that cloud service that is being discussed binding to.

What about doing something crazy like setting up an RODC in Azure or AWS, and put ADFS on that? or skip ADFS altogether and use something like Pertino for logons.

If you're considering this from a DR perspective, a regular DC in a hosted environment would make sense. That way, if your on-premise infrastructure is unavailable, you can carry on as usual. I use AWS for my geographically distributed AD in my test lab, I have a DC on each side of the country.

the purchase of my question is more: What is a good way to have a distributed AD authentication scheme for a spread out network of mobile users? or if not mobile, in a setup where you don't want to pay for an onsite server (though if you're small enough, an on site small HP would be much cheaper in the long run, of course, not as protected as one in the Azure or AWS network)

What are you currently using for VPN?

Azure AD at this point isn't the full AD that you're familiar with. It's a platform to connect applications to. If you want to use Azure and use it for full AD, you'll need to spin up a Windows Server instance on Azure and set it up as a DC.

Wow many answers. thanks. but i haven't tried yet 😞

Thanks,

@IRJ said:

Why not just make two GPOs and apply the User one to the User OU and the Computer one to the Computer OU? I generally separate them because I use User GPOs for certain things and Computer GPOs for other things.

This is the way to go. Keeping GPO and RSOP processing time to a minimum is key. If you have User GPOs applied to computer objects and vice versa, it requires just a bit more processing for the DC to generate RSOP. Keep it simple; keep it clean.

@Bill-Kindle said:

@scottalanmiller said:

@Bill-Kindle we just run a dev instance side by side on the web server.

How quickly can you have a dev environment setup? The referenced installer is done in about 2 minutes, fully functional and if you use it with dropbox, the dev environment follows you anywhere you can access dropbox. Need another one, just run the instlall again and give it a new folder name. Done.

Five minutes or less and it is persistent and can be used by the while team, shown to approvers, etc.

I love simple fixes,

@Nara said:

Yep! It'll be interesting. I have entirely conflicted feelings about that.

I agree. But I also agree they should never have gotten rid of the start menu on non touch devices in the first place. If they wanted to replace it with something like the 'dock' on Mac.. fine (I actually kinda like the look, but have no idea on the function).

I know in IE, you can set Per Site Privacy Actions under Internet Options/Privacy, but haven't played with that.

@Carnival-Boy said:

I just say "Sorry I don't do surveys" and that normally shuts them up.

Hard to know if it shuts them up or not when you immediately hang up 🙂