Best posts made by flaxking

Don't worry, they're just jealous of our ice castles. I'll send you a PM

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

tryton

@scottalanmiller said in DB Admin/Data Analyst (Remote):

Location? At least the city?

HQ is Virden, Manitoba, but this position can be done remotely. I believe we can hire across Canada, but anyone not living in Canada would have to be taken on as a contractor.

@travisdh1 said in LANLess explained.:

@dashrender said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com

That just leaves managing the Windows machines, assuming they aren't BOYD.

Who needs to manage them at that point? Besides making sure updates are downloaded and installed normally, and that they have the latest OS. Those are both automatic and free (currently, subject to change.)

LANless doesn't mean leaving users to their own means on company workstations. With something like Salt, it should be easier to manage them than ever. A lot of the time, users are left to report issues with their workstation that could be fixed with routine maintenance (clearing browser cache, etc.), or that could be detected earlier (i.e. running smartmontools to report if there are bad sectors in the hard drive). Before it might have seemed like a daunting task, but with today's tools that is what a modern desktop admin should be doing. Workstations are just servers that serve one person.

Django popularity seems to have skyrocketed in the past couple of years. Python being just an all around popular language has probably helped that.

https://www.jobbank.gc.ca/jobsearch/jobposting/31295810

@mike-davis said in Local Admin PW:

I keep hearing people mention Salt. Is anyone using this in their environment to manage Windows machines? I was trying to get an idea of how much work it would be to deploy it to just do the local user password change task, and came across this in regards to installing the client on the minion:

CREATE THE UNPRIVILEGED USER THAT THE SALT MINION WILL RUN AS

Click Start > Control Panel > User Accounts.
Click Add or remove user accounts.
Click Create new account.
Enter salt-user (or a name of your preference) in the New account name field.
Select the Standard user radio button.
Click the Create Account button.
Click on the newly created user account.
Click the Create a password link.
In the New password and Confirm new password fields, provide a password (e.g "SuperSecretMinionPassword4Me!").
In the Type a password hint field, provide appropriate text (e.g. "My Salt Password").
Click the Create password button.
Close the Change an Account window.
ADD THE NEW USER TO THE ACCESS CONTROL LIST FOR THE SALT FOLDER

In a File Explorer window, browse to the path where Salt is installed (the default path is C:\Salt).
Right-click on the Salt folder and select Properties.
Click on the Security tab.
Click the Edit button.
Click the Add button.
Type the name of your designated Salt user and click the OK button.
Check the box to Allow the Modify permission.
Click the OK button.
Click the OK button to close the Salt Properties window.
UPDATE THE WINDOWS SERVICE USER FOR THE SALT-MINION SERVICE

Click Start > Administrative Tools > Services.
In the Services list, right-click on salt-minion and select Properties.
Click the Log On tab.
Click the This account radio button.
Provide the account credentials created in section A.
Click the OK button.
Click the OK button to the prompt confirming that the user has been granted the Log On As A Service right.
Click the OK button to the prompt confirming that The new logon name will not take effect until you stop and restart the service.
Right-Click on salt-minion and select Stop.
Right-Click on salt-minion and select Start.

That's a whole lot of manual stuff on each machine just to get the client installed. Am I reading that right or is there an easier way?

I use Salt to manage Windows workstations.
That's just if you don't want it to run as the 'root' user, which I've never had an any incentive to change.

Run the bootstrap script on your Salt master. point 'salt' in your DNS to the Salt master and install it on your workstations via the Windows installer, and then you have Salt operational. However, I would suggest alternatively specifying a public DNS name that you can control in order to future proof for when you're ready to move outside your LAN. However, you could just use Salt to change that too!

Of course you have to go deeper down the rabbit hole to get a 'nice' setup.

@Julien said in Beginner, where to start?:

Unless I'm saying something stupid, isn't better to learn and master very few technologies instead of learning a little bit of everything?

In general, not necessarily, it depends on your role. When starting learning something, yes it would make sense to have the ability to actually do something. But you don't need to master it.

https://www.jobbank.gc.ca/jobsearch/jobposting/31345703

I suspect it's listed in Alberta to get more applications without having to raise salary expectations.

Forget about Zentyal, it was bad back when I tried it (interface so buggy). Just using straight Samba isn't that bad, and it might be easier to follow the documentation to plan out what you want.

You might have to use samba-tool anyway to do what you want with Nethserver. I haven't used Nethserver, but I've looked into it, and that is the direction I would point you too if you want a GUI.

I would say Nethserver is like Windows Server, there's prepackaged roles that you can install, but you only install the roles you require for the purpose you've given the server.

Python was the first language I learned. But these days I don't often get to use it. Would I have been further ahead in my career today if I had chosen one of the languages I use now as my first language? No, it just doesn't work that way. The knowledge is culmalative. Experience with a variety of things becomes an asset, even if you don't actually use that tool.

Speaking to just the YAML side of things and not Ansible, you've got it pretty good, just a few minor clarifications:

2. a. hosts is a key within a dictionary, not a dictionary itself, looks like they might have just been a typo

3. c. I mean, you could think of that dictionary being named tasks, but getting technical, tasks is a key in a dictionary that has a dictionary as the value.

@thwr said in IP security Camera Question.:

@dustinb3403 said in IP security Camera Question.:

@thwr digital zoom is what you likely would be using on anything in this price range anyways.

Sure, but a proper lens would just be better.

OK, it gets even better. Just had a look at the price tag: https://shop.omg.de/ubiquiti-networks/unifi/unifi-video/ - will order one on monday

do they work "standalone" for testing purposes? E.g. could you view a live stream or something like that without a DVR?

Yes, the cameras have a web interface where you can view video. Last time I checked they hadn't implemented to ability to record to microSD card yet though.

I can't imagine you can do 'magic zoom' from the camera's web interface. Which is something you will want to test out, because it is pretty awesome. I used it to capture licence plates. When I was setting it up you couldn't even do it directly from the NVR web interface, you had to use the phone App, I don't know if that has been changed.

Publishing your own project or contributing to an open source project is often the path to meeting those goals. I've mostly just seen internships as parts of training programs you pay for.

I made it to IT from bench because the person who hired me didn't know the difference.

Harry Potter taught me everything I needed to know

@dbeato Thanks! I didn't check all the locations

Not all the positions will need to be on site, and we do have some history of international hiring.

I started with Learn Python the Hard Way. In order to get OOP I had to do a lot of playing with it. But after that it became natural to me and now I can't imagine how it took so long for me to get.

My first real personal project was a local job web scraper that posted to Facebook. When you go through learning material you should always have a project in mind/on the back burner that you can mentally (and then actually) apply what you are learning to.