Posts made by Shuey

I don't have the space for a "lab" anymore, but here is what mine looked like way back between 2003 to around 2008:
Full gallery: http://shuey.deviantart.com/gallery/454063/Home-Network

A couple shots from the gallery:

For RDP connections: https://terminals.codeplex.com/

For VNC connections: https://sourceforge.net/projects/vncaddressbook/

I'm a huge fan of #4. If you're running an HP server with iLO, be sure to buy an "advanced license". They generally retail for around $200, but you can find them on Amazon for $25. We just bought 10 copies for our ProLiant servers and have already taken advantage of the "remote console" feature multiple times. It's worth it for that feature alone.

A few more recommendations I would make:

1. It might seem obvious, but always make sure you have redundant power supplies if your server supports it (I can't think of any modern day servers that don't)

2. If there's money in the budget, it's worth it to make sure you have both CPU sockets populated with whatever you can afford in terms of model/speed.

3. The same goes for RAM: You don't necessarily need to buy 384GB, but if you think your server could benefit from extra RAM (96-192GB for example), it's worth it to get more than you may initially think you need. I think it happens more often than admins would like to admit: you buy what you think will be enough, only to realize later on down the road that you really should've just bought more to begin with (especially since the cost of RAM is so much more affordable nowadays).

One word of warning I would interject: You have to be careful with Bcc's with certain bosses because some bosses aren't good at paying attention to details and won't even realize that they were included as a bcc instead of inline with the other recipient(s). This can increase the risk of more trouble vs less.

@Dashrender said in What would you use to replace WSUS from SBS:

@Shuey said in What would you use to replace WSUS from SBS:

@JaredBusch said in What would you use to replace WSUS from SBS:

@DustinB3403 said:

Ah....

Sorry for the confusion then. Do they have the resources to run another WSUS server and proper licensing? It really is quite a simple solution.

PDQ Deply has options for 3rd party app updates etc, but requires annual renewal.

Oh, I can easily setup WSUS on one of their existing VMs. Just not really sure I want to with the size overhead for this many users.

Hey Jared, sorry if I sound a little lost, but what is the overhead you're referring to? You pretty much only have two options: Deploy a WSUS server and use a GPO (or regedit) to make the workstations talk to it, or you can manually install updates once per month (or per quarter). I would think you could easily deploy a very small WSUS server (either on 2008 or 2012) using WID and about a 60-80gb hard drive. You could even make it one of the guest VMs.

When I was supporting Office 2010 and Office 2013, Windows 7 and 8.1 I needed more like 120 GB to hold all of the updates, and monthly had to do the cleanup or I would run out of disk space.

Obviously there will be some variables to consider. I was basing my recommendation off our current WSUS setup (over 200 workstations, and 30 servers) vs his environment (8 desktop, 2 laptops and some unnumbered servers). Up until recently when MS changed the way the update cycle works, I cleaned our db every month and we've been doing completely fine with an 80GB hard drive on the server.

@Minion-Queen said in Synergy - Software KVM:

It does work locally over the LAN (but the home computer is called the server) does it via IP address. I wonder if it would work over a VPN but haven't tested that out.

I don't picture doing it this way since it's always used where you can see the monitors of each computer running Synergy. I know it works over SSH though, and that would essentially be about the same objective as doing it over a VPN connection.

@JaredBusch said in What would you use to replace WSUS from SBS:

@DustinB3403 said:

Ah....

Sorry for the confusion then. Do they have the resources to run another WSUS server and proper licensing? It really is quite a simple solution.

PDQ Deply has options for 3rd party app updates etc, but requires annual renewal.

Oh, I can easily setup WSUS on one of their existing VMs. Just not really sure I want to with the size overhead for this many users.

Hey Jared, sorry if I sound a little lost, but what is the overhead you're referring to? You pretty much only have two options: Deploy a WSUS server and use a GPO (or regedit) to make the workstations talk to it, or you can manually install updates once per month (or per quarter). I would think you could easily deploy a very small WSUS server (either on 2008 or 2012) using WID and about a 60-80gb hard drive. You could even make it one of the guest VMs.

@scottalanmiller said in What does your desk look like?:

@Shuey that was a very old pic, not sure that Synergy was even around back then!

First version was in 1996

@scottalanmiller said in What does your desk look like?:

Just found this one. Taken in 2008, nearly a decade ago. This was my home office setup when I lived at Eleven80 in downtown Newark.

This was taken in March of that year, so about six months before we bought our house in New York and my first child was born. This is back when Spiceworks was just starting and had not really become a full fledged IT community yet. But the super amazing part is that the desktop device driving those monitors that you can make out behind them.... is the same desktop that I use still!

Looks like you needed Synergy (instead of using two keyboards/mice)

@Dashrender said in Windows Update Error 0x800B0100:

3194496

We don't have any Windows 10 machines.... I was referring to what fixed our Windows 7 test machines (since it appeared that the Op was referring to the issue on Windows 7 workstations :-/)

@Reid-Cooper

@Reid-Cooper said in Windows Update Error 0x800B0100:

@Shuey said in Windows Update Error 0x800B0100:

Might be a long shot, but we have some machines on our network that can't successfully install dozens of updates. We've actually tested a few boxes where we download each patch individually from Microsoft's site and installed them one at a time (rebooting after each single patch install) and they successfully installed.

So you think that maybe doing it one at a time might work when doing them all at once will not? maybe there is some update conflict in a couple of the packages.

I can't explain why it doesn't work from within Windows Update, but that's what worked for us here; if we tried even a single update from within the Windows Update client, it would fail. But if we downloaded the KB patch from Microsoft's site and installed it manually, it worked fine (and almost every patch requires a reboot, so we pretty much had to reboot as many times as we had patches to install).

@scottalanmiller said in ElectricSheep - An amazing screensaver!:

Is this what androids dream of?

Yep, I think this is what they really dream of

Might be a long shot, but we have some machines on our network that can't successfully install dozens of updates. We've actually tested a few boxes where we download each patch individually from Microsoft's site and installed them one at a time (rebooting after each single patch install) and they successfully installed.

A collective "android dream", blending man and machine to create an artificial lifeform.

http://electricsheep.org/

I've been using this for over 10 years now, and I can still sit and watch it for long stints of time while listening to music. I noticed it wasn't talked about in the forums here, so I thought I'd share it for anyone who's never heard of it :).

When you first run it, it has to either generate sheep or you need to download and install sheep to get it up and running more quickly. There are some "sheep packs" available online for free, and I have a collection of the latest flocks that I'd be willing to upload if anyone wants about 50GB worth.

I forgot to add PipeWalker!
http://pipewalker.sourceforge.net/

@Shuey said in Migrate and/or replace old cert server?:

Something I've not been able to verify: Is it safe to demote the DC before backing up and/or migrating the cert services? If so, I'm going to demote it and do the V2V. This will still give me time to chip away at the cert side of this project while also being able to re-purpose the old hardware.

Looks like I found my answer to this portion:
https://social.technet.microsoft.com/Forums/windowsserver/en-US/d922860b-c8cd-4ed5-9b0b-05391c18afc0/demoting-a-domain-controller-with-a-ca-on-it?forum=winserversetup

Something I've not been able to verify: Is it safe to demote the DC before backing up and/or migrating the cert services? If so, I'm going to demote it and do the V2V. This will still give me time to chip away at the cert side of this project while also being able to re-purpose the old hardware.

@EddieJennings said in Migrate and/or replace old cert server?:

@scottalanmiller You haven't lost your mind, but the issue might be one of terminology. We use AD certificate services to push out machine certs, which (right now) we use with establishing VPN connections.

Dang, yet another good example! I guess I gotta keep doing more research so I can at least get more familiar with the reasons for having/using one, and see where/how that plays into our environment.

@StrongBad said in Migrate and/or replace old cert server?:

@Shuey said in Migrate and/or replace old cert server?:

@StrongBad said in Migrate and/or replace old cert server?:

@Shuey said in Migrate and/or replace old cert server?:

@Mike-Davis said in Migrate and/or replace old cert server?:

If your sharepoint server is on its own VM, and the only roles on your DC are the cert services, I would build a new DC migrate your FSMO roles over and back up the old DC. Then shutdown the old DC and listen for the screams. If you hear nothing after a week or so power it back up and demote it.

If it wasn't a DC, I would do a V2V right now. But I've heard doing a V2V of DCs is horribly frowned upon.

Yes, it generally is. But really only if you have more than one DC. If you only have the one, then you can move it.

Thanks for the info - so in our case, a V2V is definitely a bad idea since we have 6 total DCs, lol.

Yeah, dont' do that. Just make a new one then, no need to V2V.

I still need to do the V2V for what's left on it after I remove the CA and DC; SharePoint (because we want to re-purpose the old hardware with a clean slate)

@StrongBad said in Migrate and/or replace old cert server?:

@Shuey said in Migrate and/or replace old cert server?:

@Mike-Davis said in Migrate and/or replace old cert server?:

If your sharepoint server is on its own VM, and the only roles on your DC are the cert services, I would build a new DC migrate your FSMO roles over and back up the old DC. Then shutdown the old DC and listen for the screams. If you hear nothing after a week or so power it back up and demote it.

If it wasn't a DC, I would do a V2V right now. But I've heard doing a V2V of DCs is horribly frowned upon.

Yes, it generally is. But really only if you have more than one DC. If you only have the one, then you can move it.

Thanks for the info - so in our case, a V2V is definitely a bad idea since we have 6 total DCs, lol.

So I guess to be safe, I better build a new CA, migrate all the info from the old one to the new one, THEN I can hopefully safely remove the cert services and demote the DC. THEN I can V2V it and move it to our ESXi environment (Until I learn how to build a new SharePoint server and migrate our DB over to it, lol)