@gjacobse said in AD/AAD and VPN integration:

@dashrender said in AD/AAD and VPN integration:

Let me guess - they all have passwordless keycards they use to access their computers?

No - all users use a AD userID and Password, password required is at least twelve: upper.lower.number.symbol on 90day cycle.

OK - so that's how you explain the logging into a phone - this is just like your computer, only it's your phone so YOU can get YOUR calls at THIS phone.

Now, if they don't need their own extension to follow them, then the phone just has whatever extension is assigned to it.

Originally I did this because when I joined this location - users were breaking things (sometimes on purpose) and not admitting to such damage. Assigning devices to people make them specifically responsible for that device, and the years have shown this to be true.

Additionally, my experience with things like Roaming profiles had been horrible. They can require a ton of storage (never as cheap as someone says it is), they break constantly, depending on setup they can take a while to load down from the network, if you stay logged onto one station change it, then log into a second station at the same time, the changes might not be seen there, etc, etc, etc...

@scottalanmiller said in Laptops versus desktops and roaming users:

@jaredbusch said in Laptops versus desktops and roaming users:

@dashrender said in Laptops versus desktops and roaming users:

The question would be - why?

Because it is not more expensive unless you make it more expensive. It is typically cost neutral and adds flexibility. Pre-COVID I was already nearing 50% laptop vs desktop for new desks.

Post-COVID, I am close to 95% laptop for new desks.

These days we are getting great (and I really mean that) laptops under $700. Sometimes way under.

I'd like a source on those - Any laptop I've touched under $800 in the past 2 years have been A9 shit machines!

@hobbit666 said in Who do you call for IT assistance:

@dashrender said in Who do you call for IT assistance:

So we need to reach out for help when needed. Yes I would say I have a broed knowledge in a wide range (part thanks to this forum) but some stuff I know we would need some external help with.

I believe Scott’s argument to that would be:
Of course not, not in house. They would hire it out through an MSP. This allows for the sharing of the MSP’s resources across multiple companies while getting all the advantages.

Scott’s said this before.

But he also said what i referenced that we Should. I several times if we need to reach out we have failed in IT.

They don’t contradict each other as long as that reaching out is to your continuation of the IT team… aka the MSP.

That said I don’t agree with is “must know everything or you’ve failed” approach

@hobbit666 said in Who do you call for IT assistance:

@scottalanmiller said in Who do you call for IT assistance:

2. That EVERY IT department shouldn't be tasked with having complete scope. Of COURSE they should. Imagine if we said the same thing about doctors or lawyers!!!

Unfortunately we live in the real world.
No SMB will have enough people (or money) to cover everything in the IT world, from basic desktop support, server hardware/software, security, firewalls, pentesting, cloud, azure, etc etc etc.

So we need to reach out for help when needed. Yes I would say I have a broed knowledge in a wide range (part thanks to this forum) but some stuff I know we would need some external help with.

I believe Scott’s argument to that would be:
Of course not, not in house. They would hire it out through an MSP. This allows for the sharing of the MSP’s resources across multiple companies while getting all the advantages.

Scott’s said this before.

I'm not looking for a direct answer to the topic title.

I just had my first review with my new boss.

She asked me a question that seemed odd, but after more information was less odd due to her position.

Question: is there a certifying authority you can get certified in that you can also reach out to to get help with problems you can't solve?

Her example was SUNA - Society of Urologic Nurses and Associates. They certify nurses and have personal you can contact to get help with your questions.

@stuartjordan said in KVM or VMWare:

@pmoncho said in KVM or VMWare:

@stuartjordan said in KVM or VMWare:

@obsolesce said in KVM or VMWare:

@scottalanmiller said in KVM or VMWare:

Not instead, in addition to.

If Hyper-V Server as a single product is going away, then it can't be "in addition to". He said Hyper-V Server, not Hyper-V.

@scottalanmiller said in KVM or VMWare:

ASHCI is MS doubling down on Hyper-V, not abandoning it.

Right, not what I was referring to. He said, "Hyper-V Server". We all know that Hyper-V is not going away.

I was Indeed Meaning Hyper-V Server, not the Hyper-V role.

I am wondering if MS expects businesses to be all cloud in the next ten years? Those that are not, they don't care about.

Is indeed what they want I believe, especially with Windows 365. They already had a method of creating RDS solutions in Azure. They have just made it easier to do with Windows 365.

Shit, many companies thought this 20 years ago...

@pete-s said in Slow "internet" customer says...:

@jaredbusch said in Slow "internet" customer says...:

@pete-s said in Slow "internet" customer says...:

Thanks guys, that's good ideas to get started!

How many client devices can one AP handle as a rule of thumb?

Completely depends on the AP. The various UniFi devices are generally in the 200 to 300 device range. A few can do 500.

But that's the theoretical max right? Since you're sharing the bandwidth on the AP, how many clients would you like to have per AP?

Or is my thinking flawed?

I have my environment to be around 20 devices per AP, I'm running voice over it though, so more time-slices is important.

@jaredbusch said in Slow "internet" customer says...:

@pete-s said in Slow "internet" customer says...:

Thanks guys, that's good ideas to get started!

How many client devices can one AP handle as a rule of thumb?

Completely depends on the AP. The various UniFi devices are generally in the 200 to 300 device range. A few can do 500.

have you actually loaded a single AP with 2-300 devices? I would expect the performance with that many devices to be horrible - I mean if they are all doing next to nothing, simply connected, then sure.. but if 2-300 are trying to do zoom, hell, if just 20 are trying to do zoom at once I would expect problems... maybe my expectations are just wrong though.

Something new I just discovered, M365 Business Premium includes Azure Virtual Desktop.

I need to dig into this more, but if it's what I think it is, and RDS session, This lower price might make it make sense to use.

@hobbit666 said in Why Do People Still Text:

@scottalanmiller Again disagree but i'll keep my thoughts to my self as your view is the right one

I've tried a few times switching to Linux but always gone back to installs for the reason of finding apps and installing them to do what i need.

Agreed - the software I often want is not included - like a graphics editor.

Today for the masses this is much less of an issue, 95% is done online. I think the bigger issue is peeling people off their old windows based software. some card making program, some old tax program, etc...

@siringo said in hot potato workers:

TLDR, but whatever you end up doing, you'll need to make it very easy for the users, otherwise they'll just end up sharing passwords coz that'll be easier and faster.

You somehow need to make the users responsible for their actions, that's the only way you'll get compliance from them.

OMG THIS ^.

Yes I definitely realize this. New management definitely seems more on board with trying to right with security, so hopefully it will be easier to hold employees feet to the fire for doing stuff wrong, but you're absolutely right that people will create their own shadow IT whenever possible/when they find it easier than doing what's right.

@dafyre said in MS EDGE "You have been warned":

Shoot... I need to go install Safari on everything now, lol.

Gawd - why even say that?

YES - DNS resolution.

MS dumped the use of .local domains around 5 years ago I think.

the recommended way to name your AD is now AD.domainname.com

Example mangolassi.it would be AD = ad.mangolassi.it and AAD = mangolassi.it

@scottalanmiller said in Active Directory Domain name:

But the absolute first, most basic rule of Active Directory is never, ever to make it the same name as your domain. Because AD requires DNS to work, it has to control whatever domain you set it to. So if you use a public domain name used for anything else, proper DNS cannot work. So, for example, your company website will not have an possible DNS entry for it because you made both your website AND your domain the same name and since the domain is mandatory, your website won't work.

/sigh - huh? This didn't become the rule until many many years after MS, All MS training for 2000 said use your real domain name, then for Windows 2003 (I think) they changed it to .local, then they dumped .local sometime after 2010.

All that said - I ran with a domain with my real domain name for nearly two decades. Did it cause split DNS issues of course it did - could I work around it - of course I could/did like like thousands of others.

But - if you are standing up something today - definitely use something completely unrelated to anything real or likely more simple - just use a subdomain of your real domain, such as ad.domain.com

yes we definitely noticed.

users were calling me mins before the notices from Skyetel were being sent out.

@krzykat said in Did you notice the Skyetel outage today?:

Yes, was very nice on two fronts. First off - they had a plan of attack for such an incident occurring, and their plan worked out just as written up.

Secondly, and almost as important was their communication to their client base letting them know what was happening with each step along the way.

Very happy and impressed with them.

Agreed - the constant stream of updates keep my management as happy as they could be considering being in an outage.

@pmoncho said in Active Directory Domain name:

@dashrender said in Active Directory Domain name:

@jt1001001 said in Active Directory Domain name:

When we set it up we used a different TLD (not .local) thinking that was best practice. It bit us more times than I care to count. Project for 2022 now is to move 100% to "cloud" and remove AD from the footprint entirely.

I'm working toward this same goal.
replacing things like Group Policies is a next major focus of mine.

I would really like to do the same thing but am having trouble figuring out what to replace it with.

Things on my plate - intune (comes with Microsoft 365 Premium)
Salt
Ansible
Chef

I'm more toward a client on the endpoint solution - i.e. intune and Salt, I don't know if the others use that or not?

@siringo said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

It's not windows based - but Clonzilla does what you want, and you can figure out the script/command line for it too.

Does clonezilla run off a usb stick?? I need something that doesn't require a network.

Yes.

I happen to use a network to host my images, I'm sure you could also pull your images from a USB stick as well - though I would expect that to be slow.

An external USB drive with SSD storage might be your best bet.

@obsolesce said in windows based FREE imaging app:

@dashrender said in windows based FREE imaging app:

@obsolesce said in windows based FREE imaging app:

@siringo said in windows based FREE imaging app:

@obsolesce g'day. they just need the 'corporate' image on them. They're brand new.

Does the corporate image have anything additional than the one it comes with?

How about the fact that is likely doesn't come with a bunch of crapware from teh OEM

What is he buying with the PC? Which crapware is he trying to prevent?

Hell - the brand new HPs and dell both come with HPs and Dells built in shit that almost no one really needs plus they generally come with AV and other crap you don't want at purchase. and those things all come back when you do a refresh image inside windows.