Windows file server query
- 
 This adds an extra layer of complication to answering any questions, though. Since we lack goals to start with, and if the business is functioning as a hobby and doesn't prioritize making money, we can't even begin to guess what tech decisions will be seen as positive since saving money isn't a goal or enabling the ability to make money isn't a goal. We lack even the standard "businesses are to make money" framework as a starting point to discussion. 
- 
 @vhinzsanchez said in Windows file server query: It actually is an IT Infrastructure request but is so large a project that I would have to break it down to several phases or steps as what my boss told me. IT infrastructure refresh to be exact. Present servers are custom-built, not even Super-Micro or 2nd hand Dells. Custom-built as in bought a server board, throw in some HDD, RAMs and a capable trurated PSU (not even dual) on a server rack-capable casing. 2 newer servers are IBMs. It houses an ERP (with big RAM) and the other one houses 2nd DC (no file sharing and with only 4GB RAM). It was that way when I arrived that is why I am asking for an upgrade. 
- 
 @black3dynamite said in Windows file server query: Role-based access is the way to go. This site has a good example using role-based. 
 http://www.yster.org/role-based-access-control/Thanks @black3dynamite, one of our directors would want to see the names themselves when checking for ACL. If I am to keyin the group, he can not see each individual. What I'm doing is the group is for Share tab and individual accounts in Permissions tab. 
- 
 @vhinzsanchez said in Windows file server query: @black3dynamite said in Windows file server query: Role-based access is the way to go. This site has a good example using role-based. 
 http://www.yster.org/role-based-access-control/Thanks @black3dynamite, one of our directors would want to see the names themselves when checking for ACL. If I am to keyin the group, he can not see each individual. What I'm doing is the group is for Share tab and individual accounts in Permissions tab. Why would the director be looking at that at all? They should be off playing golf or something... who is in which group/ACL is way below what a director should be doing. That is what the minions are for... 
- 
 @jimmy9008 said in Windows file server query: Why would the director be looking at that at all? They should be off playing golf or something... who is in which group/ACL is way below what a director should be doing. That is what the minions are for... Here, its quite different. He (being a director, a brother of my boss...he is also a boss) wanted to know how has access to what. It is the same reason we can't have backup outside our network (cloud). If an access is needed, he'll need to approve and what kind of access, R+W or ReadOnly. I usually give full access to directors and the administrator of the shared folder...who does nothing as I am the one updating the ACL...with the permission of that boss. 
- 
 @vhinzsanchez 
 Yeah, that makes sense. Still doesnt mean the director needs to see how the ACLs are done (user/group) himself.
 For example, i'd ask you to give, say, Karen, access to a share. You would go an do it. I'd not care how you do it. Thats your job to figure out.I could ask you to report and audit for me who has access to what shares, and you would report it. I'd not need to login and check for myself... the Director has trust issues, otherwise you would do it how you see fit and report the permissions when asked. 
- 
 @vhinzsanchez said in Windows file server query: @jimmy9008 said in Windows file server query: Why would the director be looking at that at all? They should be off playing golf or something... who is in which group/ACL is way below what a director should be doing. That is what the minions are for... Here, its quite different. He (being a director, a brother of my boss...he is also a boss) wanted to know how has access to what. It's not different there. That's not good thinking - it's simply bad business. He's not a director, it's a false title. He's acting as a low level tech. That's fine, it's his business, he can be a low level tech if he wants. But don't excuse him being an L2 tech and giving himself a false title as a cultural or regional thing, it's not really like that. Business is business globally, and a good job is a good job. It's not something affected by borders or culture. 
- 
 @vhinzsanchez said in Windows file server query: 2 newer servers are IBMs. Wait, what? You can't use VMware with IBM. That's literally impossible. VMware is AMD64 only, IBM only makes Power. 
- 
 @vhinzsanchez said in Windows file server query: @tim_g said in Windows file server query: These three suck and just cause issues. 
 Ideally, they sound great and look great on paper, but in practice, they break and cause issues the more you use it and the more users use it.But quite the contrary on our present physical install...but offline files are contained in few users at the moment. @tim_g said in Windows file server query: ABE works as it's designed, never ran into anything with that that would be a reason to not use it when it fits the business needs. Have read about it years ago but has not implemented it. Will be trying to convince management to use it...such great feature to be left out. @tim_g said in Windows file server query: DFSN works great and is a great way to not have shares based on servers or IPs. I do recommend DFSN when able. 
 DFSR, depends on the use case... generally it's fine, but sometimes can cause issues depending on your setup, what you are replicating, and where it's replicating to.@tim_g said in Windows file server query: I'm going to assume that you mean ability for a VM to be "restored" to another host... 
 Define site? Single building? Skyscraper with multiple floors? Single campus with multiple buildings?
 I'm not exactly sure what you're asking, but DFSN is useful in single sites just so you can get away from server names and IPs.This is for a single site and buying a large server with storage with it so I don't think we would need a DFS-N for that, for a single file server that is. I was initially looking into replicating to another virtual server for availability, but then if server can be restarted to another host, then it should not be needed. Correct me if I'm wrong pls. Oh I see what you mean. No you don't need DFSN for that, it depends on how many file servers you have, how many shares you have, what your turnaround is on file servers, etc... DFSN keeps the server names and all that under the hood, so users only have to worry about "\domain\namespace\share" for example, and not \servername\share or \ip\share. For a single file setup with no plans on expanding, I don't see a benefit to using DFSN other than not wanting to use server names. DFSN is only beneficial in an AD environment in which everyone accessing the namespace is authenticated. To the second point, you don't replicate virtual machines via DFSR, you would use the built-in replication of the hypervisor you use... in Hyper-V, it's Hyper-V Replication. In VMWare, it's the same. They both have great built-in VM replication technologies. You don't "restart a server on another host", you fail it over to another host, reverse replication, then turn it on. (usually) This is part of the Hyper-V replication components, and is mostly automatic... (you have to tell it to do it, but it's a checkbox and a "go" button) 
- 
 @vhinzsanchez said in Windows file server query: @black3dynamite said in Windows file server query: Role-based access is the way to go. This site has a good example using role-based. 
 http://www.yster.org/role-based-access-control/Thanks @black3dynamite, one of our directors would want to see the names themselves when checking for ACL. If I am to keyin the group, he can not see each individual. What I'm doing is the group is for Share tab and individual accounts in Permissions tab. This doesn't make sense. If someone wants to see who has access to a given share, then you show open up the group that has access, which shows all the members. When you start granularly adding users to this folder that file here and there, there's no way at all to manage or audit that. You'd have to manually go through each and every folder and file properties to see who has permissions. That's got to be horrible! For example, if you have a folder named \\server\Accounting\invoices:
 You:- Create two groups in Active Directory:
- ACL_Accounting Invoices_READ
- ACL_Accounting Invoices_WRITE
 
- Assign ONLY those two groups with appropriate permissions to that "invoices" folder (in addition to the default permissions, admins group for example).
 Then if your boss says, "hai who is permissions of invoices folder mang?" Then you simply show the members of the above two groups. If someone new needs permissions, or needs permissions revoked, you simple add/remove them from one of those two groups. 
- Create two groups in Active Directory:
- 
 @tim_g said in Windows file server query: You don't "restart a server on another host", you fail it over to another host, reverse replication, then turn it on. And there are even simpler solutions where you just move it from host to host and don't need to do anything at all. Just tell it which host you want it on at the moment. 
- 
 @scottalanmiller said in Windows file server query: @tim_g said in Windows file server query: You don't "restart a server on another host", you fail it over to another host, reverse replication, then turn it on. And there are even simpler solutions where you just move it from host to host and don't need to do anything at all. Just tell it which host you want it on at the moment. Such as Live Migration... no down time. 
- 
 @tim_g said in Windows file server query: @scottalanmiller said in Windows file server query: @tim_g said in Windows file server query: You don't "restart a server on another host", you fail it over to another host, reverse replication, then turn it on. And there are even simpler solutions where you just move it from host to host and don't need to do anything at all. Just tell it which host you want it on at the moment. Such as Live Migration... no down time. Right, exactly. And it is free and included with every platform including Hyper-V, KVM, Xen, Scale HC3, etc., except one... VMware. 
- 
 @tim_g said in Windows file server query: @vhinzsanchez said in Windows file server query: I will need to upgrade it to 2012 R2 or 2016 (our Director is against going directly to 2016 as it may have bugs….I am for using the latest and greatest but then again, its her call—anyways, server 2018 is just around the corner ) This is extremely foolish to not go to Server 2016, especially while 2012 R2 is set to lose MS support soon. That would not be correct. 2012 R2 is ending Mainstream support in October. But Extended Support goes until 2023. 
- 
 Yeah, 2012 R2 is not "old", it's just not "new". Not old enough to normally worry about replacing. But definitely old enough to question why it would be deployed new without a really good reason. 
- 
 @scottalanmiller said in Windows file server query: Yeah, 2012 R2 is not "old", it's just not "new". Not old enough to normally worry about replacing. But definitely old enough to question why it would be deployed new without a really good reason. I mean, I would never install it now, 2016 certainly. Unless no CALS or something in an existing environment. But facts are facts and 2012 R2 is not even close to dead. 
- 
 @jaredbusch said in Windows file server query: @tim_g said in Windows file server query: @vhinzsanchez said in Windows file server query: I will need to upgrade it to 2012 R2 or 2016 (our Director is against going directly to 2016 as it may have bugs….I am for using the latest and greatest but then again, its her call—anyways, server 2018 is just around the corner ) This is extremely foolish to not go to Server 2016, especially while 2012 R2 is set to lose MS support soon. That would not be correct. 2012 R2 is ending Mainstream support in October. But Extended Support goes until 2023. Right, but why would you want to run an OS that gets zero updates, fixes, and features... only security updates... while continuing to fall further behind, for no real reason. A jump from 2012 to 2023? No thanks! 
- 
 @tim_g said in Windows file server query: @jaredbusch said in Windows file server query: @tim_g said in Windows file server query: @vhinzsanchez said in Windows file server query: I will need to upgrade it to 2012 R2 or 2016 (our Director is against going directly to 2016 as it may have bugs….I am for using the latest and greatest but then again, its her call—anyways, server 2018 is just around the corner ) This is extremely foolish to not go to Server 2016, especially while 2012 R2 is set to lose MS support soon. That would not be correct. 2012 R2 is ending Mainstream support in October. But Extended Support goes until 2023. Right, but why would you want to run an OS that gets zero updates, fixes, and features... only security updates... while continuing to fall further behind, for no real reason. A jump from 2012 to 2023? No thanks! There are certainly plenty of real reasons. Notably licensing is expensive, so expenses like that are scheduled and planned. 
- 
 @jaredbusch said in Windows file server query: @tim_g said in Windows file server query: @jaredbusch said in Windows file server query: @tim_g said in Windows file server query: @vhinzsanchez said in Windows file server query: I will need to upgrade it to 2012 R2 or 2016 (our Director is against going directly to 2016 as it may have bugs….I am for using the latest and greatest but then again, its her call—anyways, server 2018 is just around the corner ) This is extremely foolish to not go to Server 2016, especially while 2012 R2 is set to lose MS support soon. That would not be correct. 2012 R2 is ending Mainstream support in October. But Extended Support goes until 2023. Right, but why would you want to run an OS that gets zero updates, fixes, and features... only security updates... while continuing to fall further behind, for no real reason. A jump from 2012 to 2023? No thanks! There are certainly plenty of real reasons. Notably licensing is expensive, so expenses like that are scheduled and planned. This isn't the case at all. He's upgrading anyways. Going to 2012 will cost the same as 2016 in his case (from what I can tell). He did not give any real reasons to not go to 2016 other than the misconception of it being more buggy than 2012. 
- 
 @tim_g said in Windows file server query: @jaredbusch said in Windows file server query: @tim_g said in Windows file server query: @jaredbusch said in Windows file server query: @tim_g said in Windows file server query: @vhinzsanchez said in Windows file server query: I will need to upgrade it to 2012 R2 or 2016 (our Director is against going directly to 2016 as it may have bugs….I am for using the latest and greatest but then again, its her call—anyways, server 2018 is just around the corner ) This is extremely foolish to not go to Server 2016, especially while 2012 R2 is set to lose MS support soon. That would not be correct. 2012 R2 is ending Mainstream support in October. But Extended Support goes until 2023. Right, but why would you want to run an OS that gets zero updates, fixes, and features... only security updates... while continuing to fall further behind, for no real reason. A jump from 2012 to 2023? No thanks! There are certainly plenty of real reasons. Notably licensing is expensive, so expenses like that are scheduled and planned. This isn't the case at all. He's upgrading anyways. Going to 2012 will cost the same as 2016 in his case (from what I can tell). He did not give any real reasons to not go to 2016 other than the misconception of it being more buggy than 2012. Of course that is not the case for the OP. No one ever said it was. But your statement was all encompassing. Oh, and false. 



