e.g. I'm down as being Infrastructure/Network Manager. But in peoples views where do my duties start and end?
(But maybe this is for another topic)
Well the first question is, why is "network" mentioned, given that that's a subset of infrastructure? That's like saying you are a vehicle/car mechanic. Saying you are a network manager, if that's all you are limited to (85% of the time at least) is one thing (I doubt this can be true, network anything doesn't exist outside of the enterprise space, even companies with many thousands of people generally don't need even a single dedicated network focused role), makes sense. And if you cover everything in the infrastructure space, but don't cover things like helpdesk, databases, applications, etc., then infrastructure makes sense (that would include systems, networks, platforms, etc.). But stating both doesn't. Either you are focused enough to say network and infrastructure doesn't apply. Or you are broader and should say infrastructure, and network doesn't apply.
But then "manager" becomes a question. Admins run things, managers manage people. The terms are used very loosely outside of IT, but inside of IT they generally aren't. You admin hardware/software, you manage people and vendors/businesses. The title "IT Manager" is generally considered to be (and this holds up very universally when you talk to people) someone focused on managing people under them and/or vendors. But an IT Admin, would not be assumed to manage people or maybe not even use vendors, and just administer everything that falls under IT.
It is likely obvious, but as I know that some people are searching for this information, creating administrative users in this way can be done very easily from remote command lines such as ScreenConnect, ConnectWise, MeshCentral, and so forth.
No doubt. Currently working on getting Server 2019 DC, DHCP, and RDS working in a lab. A few challenges so far. Was going to try using PS to do many tasks I normally do in GUI (force myself to learn as I go) but decided to put it on the back burner due to frustration. I will get there with PS but it has to wait.
Unfortunately, no matter how much we want to complain about PS and how Windows has no production-level roadmap at this point and is getting worse by the day, if you are going to run Windows today, PS is how it is done. Issues with PS have only one valid purpose to discuss - to use to explain to management why Windows shouldn't be getting deployed in production workloads, or why risks with it need to be accepted. It's like the licensing issues with Windows, these things all add up to cost and risk and risk is really just cost. It's part of the "decision numbers." Beyond that, it is what it is. If the business actually knows how costly it is and still chooses it, then PS is how you manage it.
If you deploy and start without using PS, it'll be that much harder to switch later. I know the learning curve is absurd and the whole thing is so much harder than it has any purpose being, but I would bite the bullet if at all possible and learn it now. It'll just be harder later.
The current install method brings Windows Server on parity with the Linux ecosystem really. You install, choose some options and end up at a prompt after reboot. Then you remotely add the features and shit you want.
Yeah, very in like with Fedora, Ubuntu, or Deepin. Deepin might still be my favourite installer for normal stuff of the four.
Did you have a Deepin install screenshot chain on here?
No, but I do it so often, it would be easy to get.
I ran into a language issue the other day when writing a PowerShell script that uses net localgroup and thought it could be useful to others:
Depending on the language your Windows device is set to, the local Administrators group will be different, so the typical net localgroup administrators domain\user /add command will fail.
Implementing the following will grab the actual name of the group by it's SID first, then use that result.
Note that this is written to work in PowerShell, not CMD.exe.
# Gets the name of the local Administrators group in appropriate language
$localAdminGroupName = (Get-WmiObject win32_group -filter "LocalAccount = $TRUE And SID = 'S-1-5-32-544'" | Select-Object -Expand name)
Write-Output "Local Administrators group detected as: [$localAdminGroupName]"
# Sets the users as a local admin using appropriate local Administrators group name
net localgroup $localAdminGroupName domain\user /add
# Gets local Administrators group members
net localgroup $localAdminGroupName
Obviously, install MySQL/MariaDB first as noted above.
Then do the following. This all needs done in the same SSH session, but otherwise things are simple.
Choose once of these exports for your DB root password.
The first one is for you to specify, the second generates a random one and echo's it back to you.
# Specify your own password for MariaDB root user
# Generate a random password for MariaDB root user
export DB_ROOT_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 30)"
echo "This is your MariaDB root password: $DB_ROOT_PASS"
Specify the application database name and application user name
# Database user to use for application
# Database name to use for application
Generate or specify a random password for the database user
# Specify your own password for the application's database user
# Generate a random password for the application's database user
export DB_PASS="$(head /dev/urandom | tr -dc A-Za-z0-9 | head -c 30)"
echo "This is your password for the application user: $DB_PASS"
Then create the application database, use, and grant access.
mysql -e "CREATE DATABASE $DB_NAME;"
mysql -e "CREATE USER '$DB_USER'@'localhost' IDENTIFIED BY '$DB_PASS';"
mysql -e "GRANT ALL ON $DB_NAME.* TO '$DB_USER'@'localhost';"
mysql -e "FLUSH PRIVILEGES;"
Finally, lock down the system without the interactive requirement of mysql_secure_installation
# Secure MariaDB (this does what mysql_secure_installation performs without interaction)
mysql -e "UPDATE mysql.user SET Password=PASSWORD('$DB_ROOT_PASS') WHERE User='root';"
mysql -e "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1');"
mysql -e "DELETE FROM mysql.user WHERE User='';"
# Beginning on some version of MariaDB after Fedora 29 was released, the test DB is no longer there by defualt.
mysql -e "DROP DATABASE test;"
mysql -e "FLUSH PRIVILEGES;"
Your approach makes it easier to use as part of a script.
It also generates random passwords, which I prefer.