Huh - I love the idea of getting away from Google and their data mongering... but I don't see this being viable.

I'd love to see some proposed replacement solutions to this situation.

Consider a one to one device to user.

Consider a one user to many shared devices.

Assume the ability to lock the workstation is a requirement in all cases.

Edited for clarity.

@scottalanmiller said in Technologies Begging to be Ransomwared:

@dashrender said in Technologies Begging to be Ransomwared:

Consider a one user to many devices.

We do this with Linux and NextCloud and/or Zoho WorkDrive. This is so natural and obvious I just can't fathom the question. Like... I can't find the challenge that you are looking to solve. And I can't think of any way that AD or mapped drives would improve this in a meaningful way.

Having users without AD is just as easy (or easier) than having them with it. Just create users where you want them, have NC installed automatically through countless automated processes, have them log in once and voila. Everything covered.

This isn't just easy, it's literally "out of the box" behaviour in several operating systems. Ubuntu, for example, doesn't require the NC client, it has integration with NC, Google, and other cloud services out of the box. Just sign in when you first log in and ... easy peasy. Makes the AD / mapped drive approach seem .... unnecessarily convoluted. And no need to reboot after putting in access, either.

You missed one part though - the creating that user's account on all of those devices.

AD allows a user to log into any computer joined to AD (at least by default it does). If I have 20 computers spread out at several different offices front desks, I need those 20 people to be able to log into any of them and get there stuff. A centralized authentication solution provides this ability to me.

I'll absolutely give you that scripting solves the rest of the issues - i.e. mapped printers, NC/GD, etc.

But what do you do about creating the user accounts themselves?

A key requirement for me is that a user be able to lock the computer while apps are running to prevent anyone else from gaining access to those apps.

If windows wasn't required - I might consider a Linux based Terminal server and have everyone run remote sessions. Then they could just disconnect from the session and reconnect to it from anywhere....but - windows is required.

@gjacobse said in Fully Functional Domain from Zero:

@dashrender

Do you mean AAD over ADD?

Type-o - fixed.

I meant AAD vs AD - i.e. cloud vs likely onprem or colo

@gjacobse Can we start over with a list of requirements instead of thinking we must start with 'domain'?

@pete-s said in 45TB-60TB / 45-60 mil file volume recommendations?:

Option 3. New server hardware and no external SAS boxes. 8 x 16TB drives in RAID 10.

I'm not up to speed on HPs server options but 8-12 drives in a 2U server shouldn't be a problem.

He might need spindles for IOPs reasons.

But then, I'd look at SSD at RAID 5 (Scott has articles that explain the math on this and why it's safe) and you're crush your IOPs needs and likely be able to stay in a single chassis.

@scottalanmiller said in sudo problems:

@pete-s said in sudo problems:

What are our options, except removing sudo altogether and require login from a privileged account?

Anything that allows sudo is a privileged account. Sudo isn't an alternative to having separate accounts, it's meant as an additional protection on accounts that are already designated as privileged. Just like on Windows.

So this is like an admin account that still trips over UAC, but doesn't require a password - just OK to continue?

@gjacobse said in WinRM: Security Question:

While it is likely I could be missing it,.. As of yet, I don't see any way to run commands like SC / MC. I've been looking over DesktopCentral and nothing stands out.

Well that sucks... so yeah.. you'll have to interrupt the user, remote GUI - and run the command.
but at least you're not driving across town.

@frodooftheshire What's the concern with email?

@hobbit666 said in Point of Sale System Recommendations, POS:

Bit off the main topic, but where is said hotel?
Also do we mango's get a discount

Do ya need one?

@gjacobse ug - so it uses Access style DB's... it's not making API calls, it's SMBing to the DB file itself.

@pmoncho said in POTS EOL?:

@dashrender said in POTS EOL?:

@pmoncho said in POTS EOL?:

@dashrender said in POTS EOL?:

I received an email this morning

anyone else heard of this EOL on copper pair?

Not that I have any - everything I have is Cox - analog over cable.

Yep, Century Link kicked us off in Feb with 30 day's notice. Scrambled to ATT and now paying $80 per line when we were paying $22.

Why did you stick with copper?

Stupid faxes and fire alarm. Like you, we get thousands of pages a month. Also, at the time we found out our fire alarm does not have a wireless option either. UGH. Just a crap show....

Yeah, but copper? We haven't been on copper in a decade. We're on Cox's VOIP ATA service. You could easily change to SIP faxing through an ATA device to your fax machine, should be WAY less than $80/m

@dave247 said in Exchange Environment - Lab:

@travisdh1 said in Exchange Environment - Lab:

@stuartjordan said in Exchange Environment - Lab:

@travisdh1 said in Exchange Environment - Lab:

@stuartjordan said in Exchange Environment - Lab:

I can see what others are saying, onsite exchange not really no point, but a lot of MSP's still host their own copy of exchange normally in a datacenter and you could sell your own hosted exchange to customers. This only would be advantageous with lots of users. But you just cannot beat the costs of 365 with normal Businesses.

If you want to host email, why would you use the worst platform possible to find? Why not Zimbra for example?

I'm not on about me, I personally use mailcow. But I'm stating big MSP'S and hosting companies still use hosted exchange in a datacenter enviroment.

I guess that requires the discussion about management not caring about the company and treating it like a hobby business yet again.

What are you even talking about?

you must be new around here - This is a general theme in many, I'd go so far as to say most, discussions around here.

Don't treat your company like a hobby. Do business correct, i.e. don't use local Exchange unless you have a regulation forcing you too.
Run the company like a real company - care about costs, do the 'right' thing, not just the simple get it done thing, etc.

@stuartjordan said in Exchange Environment - Lab:

At the end of the day, if the op want's to learn exchange that's up to him. This is a forum where we can give constructive criticism but, there is also no need to go on about it and give a little help instead. Just a thought??

At this point I was just trying to let dave know of the typical MO around here.

I think this really boils down to needed functionality.

If VOIP.ms' PBX functions provide you everything you need - I'd go that route, one less thing to manage, worry about.

But if you need more functionality - then I'd stick with what you know. Having been on both FreePBX and VitalPBX, I think today I'd stick with FreePBX because it really does seem more flexible.

@brandon220 Oh SIP is definitely the way to go here and a save a TON!

But even RC would be a HUGE savings for them today!

But your solution will save 50% or more over the cost of RC most likely.

After I created a new account for someone, they heard from their rep in about 24 hours...

@dafyre said in ATA sp112 behind Sonicwall to Skyetel:

[takes thumb out of ass for a moment, speaking begins]

Isn't there an option in the Sonicwalls that has to be turned off (or maybe on)? I don't deal with them, so I'm not sure what that option is called any more.

[puts thumb back where it belongs]

SIP-ALG - yep.. that should be killed with fire!

@skyetel said in Anyone know of current Skyetel Promo codes ?:

60F85B623E

You guys are awesome!

I'm primarily asking in regards to HIPAA.

Most of us will say that Windows 7 is not secure today (aka not HIPAA compliant) because MS is no longer supplying updates for it.

With that in mind - I'd say - HELL NO the iPad 2 is not secure, and if PHI is touching it at all, forget-about-it!