Re: [NTSysADM] Server build recommendation

[James M. Pulver]

You can actually go to IT Creations on ebay, they're a good refurbisher, 
and get an IBM System X 3550 M4 for around $3,000 specced with 2x 8 core 
Xeon, 256GB RAM 2x Enterprise Value SSDs, 2x 10Gbit SFP+ and 4x 1Gbit 
RJ45, IMM upgrade for remote KVM etc... Oh, and dual power and redundant 
cooling. And a 5 year warranty from IT Creations.


Of course, that's probably massively overkill. But you could get a 
custom spec by chatting them on ebay. Very reasonable price, and these 
IBM servers tend to last forever in my experience.


James Pulver
CLASSE Computer Group
Cornell University

On 01/25/2018 07:03 AM, Gantry Zettler wrote:
They are pretty long in the tooth at this point, but I've had very good 
luck with Lenovo TS140s.  Cheap and reliable, has full KVM remote access 
at the BIOS level which is good for emergency situations.


The two big things I have for small servers are SSDs and to virtualize 
them.  I use the built-in RAID1 with Samsung Pro 850s, not the highest 
end setup but I've had few issues.




On Wed, Jan 24, 2018 at 5:58 PM, Gordon Pegue > wrote:


Do they have a budget Kurt?

-Original Message-
From: listsad...@lists.myitforum.com

[mailto:listsad...@lists.myitforum.com
] On Behalf Of Kurt Buff
Sent: Wednesday, January 24, 2018 4:46 PM
To: ntsysadm >
Subject: [NTSysADM] Server build recommendation

The owner of a small 5-6 person property management company has
approached me to help acquire a new server. They're currently running
a 10+yo machine with SBS 2003, and wish to replace it.

They've migrated their email to gmail, so don't need exchange, but do
want a DC for account management, DHCP/DNS, etc., so they're looking
to go with Server Essentials.

The fellow he's nominated at his firm to be their sysadmin is quite
green, and got a quote from Dell for a tower box with a software RAID
card, and I told them to hold off on that purchase, while I look at
alternatives.

I was leaning toward an HP Microserver, but haven't played with one in
years, and it looks like the current generation is using an AMD
processor, and doesn't come with a RAID card to support RAID1.

Anyone have a recommendation they can make regarding hardware?

Kurt

[NTSysADM] Setting up a single / standalone RDS server on Server 2016

[James M. Pulver]

I've been sort of muddling through on this since I began playing with 
Sever2016. I need to set up a new terminal server, and in 2016, I can 
get sort of half way there in the way I set up on Server 2008 R2, but I 
can't get all the GUIs or however you do remoteapp etc to work.


I tried the RDS option in add roles and features, but it always fails 
with remote powershell not accessible. But I've tried the command to 
enable it, and it doesn't help. I'm not accessing the server remotely, 
it's on the one server. I don't have a cluster or farm, and this server 
should also be the licensing server for RDS.


I have sort of gotten it to work by adding the role manually, but then I 
never get the UI to set up remoteapps or manage RDS connections that I 
did get on Server 2008 R2.


My googlefu seems weak on this - how do I make the add roles and 
features thing work on the local terminal server? How is this supposed 
to work for individual - stand alone terminal servers?

--
James Pulver
CLASSE Computer Group
Cornell University

Re: [NTSysADM] Dropping Kaspersky Av, who to replace it with?

[James M. Pulver]

I've always liked ESET, and when we dropped Symantec, ESET was quoted to 
be the least expensive of a bunch we looked at. The ERA appliance is 
great, but a self install on Linux was buggy as hell. Glad I moved to 
the Virtual Appliance. Their tech support is B+ in my opinion. Upgraded 
to an A- as they don't run screaming from Linux. Some of the best I've 
dealt with, the main failing is no real route back to devs if there's a 
bug, but  in terms of using what's there and being aware of work-arounds 
- they're among the best I've ever interacted with.


They seem to be pretty effective, but then so was Symantec in our 
environment - we don't give out admin, and seem to have enough e-mail 
screening via Office 365 and central IT to really limit ransomware, 
followed by decent user culture of asking before clicking so there's not 
a lot of chances for it to step in. It does kill a few "driveby" 
unwanted applications for us, but we haven't (knock on wood) seen much 
real malware anyway.


So if you have to tick the box for AV, like we do, ESET is a pretty good 
choice IMO. The other obvious "tick the box" one would be Windows 
Defender if you don't have to be cross platform. However, I think ESET 
is more effective - but as others said, that's not a high bar.


I should point out, even the "traditional AV" isn't traditional AV 
anymore - ESET isn't just scanning against signatures. They have HIPS as 
well as behavior analysis and the like.


James Pulver
CLASSE Computer Group
Cornell University

On 09/14/2017 12:31 PM, Michael Leone wrote:

We use Kaspersky for our AV needs, and to be honest, it's worked out
well for us. It's certainly caught things that McAfee, our previous AV
solution, didn't. However, they have this slight problem with being a
covert arm of the Russian government, apparently ..

So we need to drop them, as the federal agencies are doing.

There are lots of reviews, such as av-test.org, that we are looking
at. But tell me, who do you have? And - more importantly - if you had
your say in the matter, would you keep them?

We're an sort of enterprise level organization, maybe 1K users, bunch
of laptops issued to remote users. So far, all Win 7 for workstations,
but obviously that will change in the future. Servers are all Win
2008/2012 R2 (so far). So we need something with a centralized
console, to push out rules, updates, etc.

We use Proofpoint as an email gateway, so it does mail scanning. We
have Checkpoint firewalls for managing that sort of traffic.

Thoughts?  I know I've heard good things about ESET and Sophos, among
others. Just soliciting some real world opinions, along with our own
research.

Re: [NTSysADM] Recommendations for a Security Software Reseller

[James M. Pulver]

If you can't afford the fancy stuff, I'd take a look at ESET, via say 
CDW. They had good pricing, good licensing (you buy X seats and can use 
Windows ,Linux , Mac, server ...) and if you use their virtual appliance 
for the server it is dead simple to set up. They also have pretty savvy 
tech support.


The product is a nice blend (on Windows anyway) of traditional AV, 
behavior analysis, firewall, NPS, IDS, and HIPS. I can also say that the 
HIPS works, to my pain sometimes - It'll kill dead things like Dell 
Privilege Manager till you whitelist it, it also seems to stop remote 
ctrl-alt-del from software like LogMeIn until whitelisted.


Anyway I have found it to be really lightweight, and only one bug - 
users can try and run syspector (some sort of system analysis tool for 
tech support as far as I can tell) but they wouldn't have Windows 
permissions and it loops starting and exiting rather than throwing an 
error. Simple user training or configuration can prevent this though.


James Pulver
CLASSE Computer Group
Cornell University

On 09/05/2017 05:56 PM, Joe Tinney wrote:

Hey folks,

I'm interested in working with a reseller that has a strong knowledge of 
current security software (anti-malware, app whitelisting, endpoint 
firewall, etc). Before I go with what I know (Symantec Endpoint 
Protection) I want to make sure I've vetted some of the newer offerings. 
I've seen lots of different suggestions come through from everyone and 
if you have any more of those that would be great as well.


Basically, I'm looking to provide a solid layer of prevention (right now 
we've invested heavily in response via logging and reporting tools like 
Netwrix, AlienVault, etc). By prevention I meant I'm interested in 
looking at a solution that provides endpoint network isolation, 
authorization management, application whitelisting, behavioral analysis, 
etc.


We've come out of contract with a vendor that was providing TrendMicro's 
cloud product and I was very underwhelmed. I've trialed Symantec 
Endpoint Cloud and again, the same. These small business products just 
aren't up to the task I'm looking to accomplish.


I believe that I do not have the time at the moment to learn, design and 
implement solutions using Group Policy nor do I have extensive MS 
licensing that would allow me to employ more advanced solutions like 
AppLocker. The implementation of products that I'm interested in may of 
course change my mind depending on how protracted the configuration can be.


If anyone has someone they enjoy working with and is sharp please let me 
know. This would be for a company based in the Midwestern Region of the US.


Regards,
Joe

Re: [NTSysADM] dell rant

[James M. Pulver]

It does depend on the warranty a lot. I know IBM/Lenovo have CRU vs FRU, 
CRU = customer replaceable unit. If you want a tech for CRUs also, you 
pay for the upgrade. That being said, in the business lines(Think 
branded products and SystemX servers) they are pretty willing to send a 
tech in the last few years, to the point where they're actually pushing 
to send one sometimes.


Usually I only want a tech if it's a motherboard replacement / would be 
a LOT of work to swap a part.


As usual, there's a reason there are so many warranty / service contract 
options - of course most people don't understand what the "base / 
cheapest" option really means. And it's not like the order sites really 
explain what the upgrades mean except for time in most cases. They 
certainly don't put up blinking text "Cheapest option means YOU have to 
replace a bad part in many cases"...


James Pulver
CLASSE Computer Group
Cornell University

On 05/03/2017 07:33 PM, J- P wrote:

So one of my friends asks me to check the laptop,, turns out the hard
drive is bad I see its under warranty , I call dell explain the
situation and they send we'll send you the drive so you can replace it-
I said, no its under warranty send a box so she can send it back, they
said "but since you are technically savvy can you do it" I said NO, she
paid for your product with your warranty thus you are responsible,

and they said but you are able to do this, I replied THATS NOT THE
POINT, if I do a repair for a client and something goes wrong I don't
tell then "I'll send you the part, you replace it" I did the work, they
paid for it hence its MY RESPONSIBILITY not the clients.


what nerve ,  I mean REALLY?



finally after 15 minutes of arguing they agreed to send the box-



Jean-Paul Natola

Re: [NTSysADM] Reset permissions on hard disk - Windows 10 Enterprise

[James M. Pulver]

Taking Ownership usually isn't sufficient, you then have to grant 
yourself full control. However, with an Enterprise OS, shouldn't you use 
a domain account, and then have the same user and permissions?


James Pulver
CLASSE Computer Group
Cornell University

On 03/29/2017 01:25 PM, Eric Levinson wrote:

I’ve come across this issue many times before and don’t really have an
easy way to resolve.



System has two hard disks – a C drive and a D drive.



D has all the data, C is the OS and page.



C drive goes bad, so it is replaced, OS is reinstalled clean (Windows 10
Enterprise)



After taking ownership of the D drive and everything below it, there are
still lots of folders that won’t open or allow reads or writes.



Even though effective permissions says I have full access to folders – I
receive permission denied errors and can’t seem to figure out how to get
the access back.



Permissions on D are for previous OS – so there are a lot of GUID users
in there with no user names.



Is there an easy script I can run (cmd or bat) that will delete all the
permissions on the D drive and reset the ownership of every object?  The
GUI doesn’t seem to work properly.



Any help would be greatly appreciated!

Re: [NTSysADM] Has anyone here used this product, and can comment on it?

[James M. Pulver]

Well, it seems to be Windows only, which is quite a limitation. Ideally 
(for me) it would be web based and run on a linux server. I do wish it 
was less "flash" in the demo and more ideas about price and actual 
functionality. Yes, I saw it works with CISCO IOS devices. That's great. 
We don't run CISCO. We have IBM System Networking / Blade switches and 
HPe Procurve, some with only web management. I doubt this can log in to 
that. Plus we have interconnects we don't have direct access to - how 
does it handle that?


I'm not interested in trialing something that's "almost working" and 
costs a lot of money - there's plenty of FLOSS thats "almost working" so 
the time I put in is it, not also a large capital outlay.


And like you, I just skip the companies who don't even give me an idea 
of the pricing structure. I mean, are we talking 10K for 100 switches 
and 20% maintenance? 10K/year? 100K? These are very different 
propositions for purchasing software. And what is support like? Do they 
include so many new hardware integrations?


Too little info for me to wast time on.

James Pulver
CLASSE Computer Group
Cornell University

On 03/28/2017 02:55 PM, Don Ely wrote:

It is cool and it IS expensive

On Tue, Mar 28, 2017 at 11:37 AM Kurt Buff > wrote:

https://www.netbraintech.com/

I just interviewed someone who mentioned using it, so I looked it up.

The general rule of thumb I've used is that if the web site has a
button to request a quote rather than listing prices, it's probably
really expensive - and probably beyond the reach of my current firm.

They have a bunch of youtube videos, which reinforces my impression
that it's expensive, but it looks pretty cool, and I wondered if it's
worth investigating.

Kurt

Re: [NTSysADM] Asset Management Options

[James M. Pulver]

GLPI + Fusion Inventory plugin?

James Pulver
CLASSE Computer Group
Cornell University

On 03/14/2017 08:25 PM, Kurt Buff wrote:

I haven't had a chance to use it yet, but this looks very interesting:
https://osquery.io/

Kurt

On Tue, Mar 14, 2017 at 2:42 PM, Alex Nabicht  wrote:

Greetings All,

Currently we are in the market for a new asset management system. We had
previously been using Samanage, which we will have to drop soon since they
will no longer be supporting Linux. Does anyone have any recommendations
that can support multiple systems? We have a somewhat mixed environment of
Apple, Windows, and Linux devices. Any feedback is appreciated.

Thanks,
Al

Re: [NTSysADM] Sohpos disables UAC ?

[James M. Pulver]

As far as I know, UAC isn't a security feature.

James Pulver
CLASSE Computer Group
Cornell University

On 03/10/2017 11:24 AM, Klaus Hartnegg wrote:

Has anybody recently seen Sophos Antivirus ("Endpoint Security")
disabling User Account control in Windows 7?

Many computers here suddenly have UAC off, and my research points to
Sophos installer/updater as culprit: UAC stays on when rebooting
normally, but reproducably switches to off after a reboot that followed
an install, uninstall, or larger update of Sophos. Maybe it only happens
if SRP is turned on. I will continue testing on Monday, but maybe others
already know more??

I had previouosly read complaints that antivirus software sometimes
disables certain security features, but UAC!?!

Re: [NTSysADM] Serial device servers

[James M. Pulver]

We've had good luck with Moxa serial servers.

James Pulver
CLASSE Computer Group
Cornell University

On 01/16/2017 11:55 AM, Lee Anderson wrote:

http://www.systech.com/nds-rackmount



we have deployed 100’s of  systech devices and are very happy with their
performance and reliability.



Lee



*From:*listsad...@lists.myitforum.com
[mailto:listsad...@lists.myitforum.com] *On Behalf Of *NP
*Sent:* Monday, January 16, 2017 10:04 AM
*To:* ntsysadm@lists.myitforum.com
*Subject:* [NTSysADM] Serial device servers



Looking for any recommendations on Ethernet attached serial port device
servers for remote access/management.  I’m tired of having to track
someone down to get a laptop plugged in at remote sites.  We try to keep
a laptop in the rack but it’s just not a reliable solution and you still
have to find someone to move the cable around between devices.  I’ve
used a lot of smaller single port devices over the years.  There’s just
a lot of options out there a many of them will break the bank,
especially for something that hopefully never gets used. What are you
all using out there?  Rack mount preferred, 8 ports.

Thanks




Avast logo   

This email has been checked for viruses by Avast antivirus software.
www.avast.com 

Re: [NTSysADM] RE: CMAK profiles without admin rights

[James M. Pulver]

While not super secure, you can use a compiled AutoIT script to elevate 
a process. You can also look into powershells credential cache stuff I 
think.


James Pulver
CLASSE Computer Group
Cornell University

On 10/19/2016 11:24 AM, James Rankin wrote:

Task Scheduler can run stuff with admin rights, and the triggers are pretty 
granular...

-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Melvin Backus
Sent: 19 October 2016 16:08
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] RE: CMAK profiles without admin rights

OK, so let's try running this around the defensive ends. :)

Instead of letting the CMAK profile update the route table with it's normal 
cmroute.dll method, I can manually update the routes with post-connect tasks, 
etc.  The logic is straightforward enough to do it and remove it at disconnect. 
 I even have scripted a user creation process during the profile installation 
to build an admin level user on the machine to use for the purpose.  All well 
and good.  I was planning on doing a runas to call the required scripts so 
they'll work, but gee, I can't pass the password, it prompts for it.

Any words of wisdom on silently running an admin level task?  Since I'm 
assuming BYOD units will have admin level access anyway this is really only for 
our portable users to prevent having to give them admin rights to actually run 
the VPN.

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.


-Original Message-
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On 
Behalf Of Kurt Buff
Sent: Tuesday, October 18, 2016 3:56 PM
To: ntsysadm <ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights

I'm afraid not.

We use the 2012R2 DirectAccess, and it's a champ (with one caveat - I've had a 
fair amount of problems with Win10 1607, it loses connections with regularity, 
and I don't know if there's an update for either client or server that helps.)

For a backup (and those without company laptops to take home) we use an 
Aventail/Dell EX6000 for SSL VPN, and it Just Works.

Kurt

On Tue, Oct 18, 2016 at 10:55 AM, Melvin Backus <melvin.bac...@byers.com> wrote:

My apologies if I stepped too closely to those extremities.  :)

I'd really love to get this in place as it would solve more than one nagging 
problem.  Any words of wisdom to ease that journey?

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.


-Original Message-
From: listsad...@lists.myitforum.com
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
Sent: Tuesday, October 18, 2016 1:20 PM
To: ntsysadm <ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights

Ah. I first configured DirectAccess with 2008R2 and UAG 2010, and have since 
migrated to 2012 R2. That name change didn't catch up with me...

And I resemble that remark - We're no more than 10 miles from the campus of the 
Evil Empire, on the border between Redmond and Krkland...

Kurt

On Tue, Oct 18, 2016 at 9:24 AM, Melvin Backus <melvin.bac...@byers.com> wrote:

URA = Universal Remote Access = DirectAccess 2012

You know how our friends in the great NW like to rename things. :)


--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.


-Original Message-
From: listsad...@lists.myitforum.com
[mailto:listsad...@lists.myitforum.com] On Behalf Of Kurt Buff
Sent: Thursday, October 13, 2016 7:00 PM
To: ntsysadm <ntsysadm@lists.myitforum.com>
Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights

URA? I do not know this term.

However, it looks like it might be related to DirectAccess, and I was going to 
make a snarky comment about you needing to implement that.
It's so beautifully transparent, and just works.

Kurt

On Thu, Oct 13, 2016 at 12:00 PM, Melvin Backus <melvin.bac...@byers.com> wrote:

I just confirmed that this doesn't work, at least on my W10 box.  UAC is off, 
when you try to run either a route add to manually add a route or when 
cmroute.dll runs to automatically update the routes you're prompted for 
elevation and since the user isn't in the administrator group they can't 
elevate.

I've been working on getting URA in place anyway. Maybe this will
finally be the push to make it happen. :)

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.


-Original Message-
From: listsad...@lists.myitforum.com
[mailto:listsad...@lists.myitforum.com] On Behalf Of James M. Pulver
Sent: Thursday, October 13, 2016 9:00 AM
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] RE: CMAK profiles without admin rights

If the problem is the routes don't get published, you can put Users in Network 
Configurat

Re: [NTSysADM] RE: CMAK profiles without admin rights

[James M. Pulver]

If the problem is the routes don't get published, you can put Users in 
Network Configurator Operators group, and turn off UAC, and then normal 
users can update their route maps.


James Pulver
CLASSE Computer Group
Cornell University

On 10/13/2016 07:46 AM, Melvin Backus wrote:

Budget for this is nil but I’ll have a look and see.  The installation
of the connectoid isn’t the issue, it’s all runtime when the user tries
to connect to the VPN.



--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.



*From:* listsad...@lists.myitforum.com
[mailto:listsad...@lists.myitforum.com] *On Behalf Of *James Rankin
*Sent:* Thursday, October 13, 2016 7:15 AM
*To:* ntsysadm@lists.myitforum.com
*Subject:* [NTSysADM] RE: CMAK profiles without admin rights



You can use privilege management tools like AppSense Application
Manager, RES, Scense and the like to configure specific files that can
run with elevated rights.



There’s also tools like CPAU from JoeWare which can run scripts with
elevated privileges so that you can get the profile build to complete maybe?



*From:* listsad...@lists.myitforum.com

[mailto:listsad...@lists.myitforum.com] *On Behalf Of *Melvin Backus
*Sent:* 13 October 2016 12:05
*To:* ntsysadm@lists.myitforum.com 
*Subject:* [NTSysADM] CMAK profiles without admin rights



Hello folks,



We’ve been working on removing admin rights for users in our
environment. One snag we’ve run into is related to our RAS VPN
connections and CMAK profiles.  In order to make everything work we’re
using CMAK to build the profile which includes routing, etc.  We can’t
seem to find a way to get those to work without admin rights because
cmroute.dll won’t run without elevation.  Any recommendations on how to
get around this or possibly push the routes once during initial install
and not have to run them at connect time?



Thanks




Melvin Backus | Sr. Systems Engineer | Byers Engineering Company |
404.497.1565

Service Desk | 404-497-1599 | https://servicedesk.byers.com

--
There are 10 kinds of people in the world...
 those who understand binary and those who don't.

Re: [NTSysADM] core suggestions was- VLAN dhcp issue Netgear GS748Tv5

[James M. Pulver]

Personally, if you need support, I'd just buy what you're familiar with, 
in this case Cisco. For others who are self supporting, Ubiquiti is 
decent, and Blade/IBM/Lenovo switches can be had on e-bay for super 
cheap for what you can get. I actually would think this would probably 
hold for vendor of choice.


I know I like getting G8052s for ~$400 and G8124s for ~$800.

James Pulver
CLASSE Computer Group
Cornell University

On 08/24/2016 09:29 AM, J- P wrote:

Does anyone have a contact for Juniper, or do I buy from my regular
vendor (CDW/PCM etcc)







From: j...@smalltype.net
To: ntsysadm@lists.myitforum.com
Subject: Re: [NTSysADM] core suggestions was- VLAN dhcp issue Netgear
GS748Tv5
Date: Tue, 23 Aug 2016 23:29:16 +

Support from JTAC on the Juniper product line has been fantastic in my
experience.

On Aug 23, 2016, at 7:12 PM, J- P > wrote:

Asidr from the Cisco, who has the best support?

can i pick up the phone and get actual  human being on the phone? As
this will become the core , support is a big.factor.


From: kurt.b...@gmail.com 
Date: Tue, 23 Aug 2016 15:56:35 -0700
Subject: Re: [NTSysADM] core suggestions was- VLAN dhcp issue
Netgear GS748Tv5
To: ntsysadm@lists.myitforum.com 

HP's command set is similar to, but much simpler than Cisco's. The
web interfaces I've found to be mildly useful. I found it easy to
transition from Cisco to HP.

Juniper's command set is a good deal different than Cisco's, and I
like it more than I do Cisco's though it can be confusing until you
get used to it. But the Juniper web site has a pretty cool
Cisco-to-Juniper translator than can help, and the web interface,
especially on the newest firmware, is pretty darn nice. Also, there
are two display modes for command output on the Juniper - one of
which is something like XML (the native interface, and I'm growing
to like it), and another using "display set", which shows a more
line-oriented output, more like Cisco's output.

Ubiquiti's don't have a terribly good command line - it's just
easier to use the web interface in most cases, and I haven't had
much need for the CLI on it. Bang for buck, they're very nice.

Kurt

On Tue, Aug 23, 2016 at 3:28 PM, J- P > wrote:

Im by no means  a ccna, but i do know Cisco as I service
business  and that is all they  use , i dont do the full
configs  as i just set them up, enable the port and web acces
(where applicable  ) and the "mother ship" takes over from there.

Now ive never used Procurve , brocade, juniper ,   but if
the cli.is  the same or similar im willimg.to
 explore


From: kurt.b...@gmail.com 
Date: Tue, 23 Aug 2016 15:00:15 -0700
Subject: Re: [NTSysADM] core suggestions was- VLAN dhcp issue
Netgear GS748Tv5
To: ntsysadm@lists.myitforum.com


Any CAD or video editing, or similar high-bandwidth data movers?

If not, then most anything will work.

Do you have a personal preference for any brand? That is, are
you well experienced with a particular brand of switch, or are
you relatively inexperienced with switches?

If you have a preference, stick with it. If not, I'd suggest
either HP or Ubiquiti.

If the environment has big data movers, then check the backplane
capacity for the various switches, and you might consider
Juniper as well as HP or Ubiquiti.

I'm becoming more a fan of Juniper all the time, but they aren't
much like Cisco or HP.

Cisco would be my last resort, because of price more than
anything else - they're otherwise fine switches.

Kurt

On Tue, Aug 23, 2016 at 2:33 PM, J- P > wrote:

Currently flat,
60 workstations, 60 phones, 12 printers
8 AP's,  about 12 poe door buzzers, pa's and they will be
getting 12 ip cameras

A couple of synology that have 4 1gb nic

i site  to site

4 physical  servers, 2 of them hyperv   (hosting 4 vms each
) both servers have 4 1 gb nics,

primary internet is 100mb
backup internet is 25mb

about 20 concurrent  remote  users



 

Re: [NTSysADM] Macrium Reflect Opinions anyone?

[James M. Pulver]

What is it you're trying to do? I demo'd Macrium because of their 
technician license, which I think would be cost effective for cloning an 
existing Windows computer to a different one. I used to use Acronis for 
all of that till the licensing changed such that I'd need an expensive 
license per PC. For just cloning on the same hardware, I'd suggest 
PartedMagic which has CloneZilla all set up and ready to go. It's the 
only place I've gotten CloneZilla to work personally, but there is a 
free CloneZilla disk that you can dl and use.


If you want to do deployment, I strongly endorse SmartDeploy. The 
Sysadmin reddit turned me on to it, and while it's not free, it is a 
reasonable price for what you get, even though you do have to license it 
per PC. The main advantage is that if you use business class PCs, they 
pretty much do all the driver crap for you, you download a "Platform 
Pak" and off you go with your image. It's much slicker than Acronis / 
O / Macrium style HAL/mass storage driver only injection for a base image.


It's also much simpler than MDT - it holds your hand through the whole 
thing. The only thing I miss is that their incremental image updates are 
no where near as good as Acronis's were, so I just do full images every 
few months to capture Windows Updates. The WSUS offline updater helps 
fill that gap, and I guess it may be moot come October with potentially 
just 1 update to get and install going forward from WSUS.


James Pulver
CLASSE Computer Group
Cornell University

On 08/23/2016 06:14 PM, Mark Gottschalk wrote:

I've used it for years, but for backup imaging and not imaging new
machines.  Been very happy with it for what I use it for (several 2012
R2 servers and a few critical workstations).  Images can be mounted as
drives in another system and individual files restored from any of the
backups.  Full emergency restores by booting to USB key or burned
CD/DVD, which you create from Macrium Reflect in advance (have only done
this once, with success, thankfully).  Backups are encrypted and
compressed in my case, which works fine.  I've got a rotation of
daily/weekly/monthly full and incremental backups across some NAS's and
removable drives for taking offsite.  Makes use of OS shadow copy
function to deal with open files during image/backup.

I have used it multiple times to clone machines to the same hardware
with success.  Mostly for reconfiguring RAID drive arrangements or
simple stuff like moving to a larger drive on a workstation.  It will
clone to smaller drives if the data fits.

-- Mark



From:Harry Smith 
To:
Date:08/23/2016 12:10 PM
Subject:RE: [NTSysADM] Macrium Reflect Opinions anyone?
Sent by:




Reference: Macrium reflect

I have used it across my home machines (ThinkPad's, hp desktops, acer
desktops, and an ideapad) to image to
(and from) local drives, and to (and from) a networked 2012 server (dl380).

I had no issues during cloning.  Est 1 hr per 100 gig over gb backbone
at my home, your results may vary  ;)

CAN create a boot partition change, so the user could boot off the
Macrium boot code to restore or boot off c drive or boot off the main os.
I found that very useful, but, it must be updated per o/s, so if you
update from 7 (winpe3) to 10, you must update the pe to 10.
I did not test boot loader OR imaging with encryption on or enabled.
It can also back up individual partitions, and be scheduled with its
built in scheduler.


The only issue I can (so far) see is each machine copies the drivers for
THAT machine into the boot stick or dvd/cd.

I would imagine you can copy from one hardware stick to another, but I
have not yet tried it.

Good luck!


hsmith

"You can patch software, but you cannot patch experience” me
"Make a habit of two things: to help; or at least to do no harm." -
Hippocrates

-Original Message-
From: listsad...@lists.myitforum.com
[mailto:listsad...@lists.myitforum.com] On Behalf Of Darren Martin
Sent: Tuesday, August 23, 2016 1:45 PM
To: ntsysadm@lists.myitforum.com
Subject: RE: [NTSysADM] Macrium Reflect Opinions anyone?

Looking into it myself for Win 10 clients. Interested to hear responses
on this also...


D


-Original Message-
From: listsad...@lists.myitforum.com
[mailto:listsad...@lists.myitforum.com] On Behalf Of Bambi J Saastad
Sent: Tuesday, August 23, 2016 8:44 AM
To: ntsysadm
Subject: [NTSysADM] Macrium Reflect Opinions anyone?

I am looking at Macrium Reflect for imaging Has anyone used it and could
give me their opinion's of it?

TIA


-
Bambi Saastad
office 952-402-7888
cell612-963-1478


FSR CONFIDENTIALITY NOTICE: This email, including any attachments, is
for the sole use of the intended recipient(s) and may contain
confidential and privileged information. Any unauthorized 

Re: [NTSysADM] PowerShell on Linux and Open Source

[James M. Pulver]

I just hope it actually can help with managing Windows from Linux. Heck, 
if I can get choclatey to let me just run cpack on CentOS7, that's 
really all I need to get away from an old Win7 laptop that I basically 
use just for that.


Of course, this starts to address a big reason I never have done much 
with powershell - the lack of applicability for me over AutoIT - i.e. if 
I was going to learn something completely new, I'd go for Python so I 
can use it on Linux and Mac as well. I eagerly await maturity, and 
especially GUIs, as that's one complication in Python, almost too much 
choice. Of course, the other bit which I'm not sure anyone is really 
doing is the ease in AutoIT of "compiling" to a single file .exe that 
anyone can just run, and you don't need an installer to set it all up. 
Python especially can be pretty complicated to get a particular program 
to run IME, which has been one reason I haven't gone further with it.


Digressions aside, PowerShell becomes more plausible for me as cross 
platform support grows.


James Pulver
CLASSE Computer Group
Cornell University

On 08/18/2016 03:33 PM, Joseph L. Casale wrote:

Mono will remain of interest to the majority crowd that it appealed to,
the mobile guys under Xamarin.
Once dotnetcore becomes more feature complete and finally the primary
runtime, I certainly don’t see mono getting much attention thereafter.
If the vendor itself supports your platform (Microsoft supporting dotnet
on Linux), why maintain a parallel effort…

But that’s my opinion…

jlc



*From:*listsad...@lists.myitforum.com
[mailto:listsad...@lists.myitforum.com] *On Behalf Of *Andrew S. Baker
*Sent:* Thursday, August 18, 2016 12:36 PM
*To:* ntsysadm@lists.myitforum.com
*Subject:* Re: [NTSysADM] PowerShell on Linux and Open Source



This is interesting…



They are coupling everything else in Windows, but decoupling PowerShell?



This could be *very* interesting, if people start using PowerShell on
other platforms, it could increase the usefulness of PowerShell on Windows.



OTOH, I haven't heard a lot of new about Mono in years…



*Download | Mono *

To try pre-release packages, check the alpha or beta download pages.


mono-project.com 



Image removed by sender. Mixmax 





We'll have to see how it all plays out, and if people will just sit
skeptically on the sidelines, or contribute in a meaningful way.



Maybe the only real benefit will be much desired features on Windows.
Image removed by sender. simple_smile





Regards,

* **ASB*
* *_http://XeeMe.com/AndrewBaker _





Image removed by sender.





On Thu, Aug 18, 2016 11:51 AM, Michael B. Smith mich...@smithcons.com
 wrote:


https://blogs.msdn.microsoft.com/powershell/2016/08/18/powershell-on-linux-and-open-source-2/



Discuss.

Re: [NTSysADM] Recommendations for 3rd party hardware maitenance

[James M. Pulver]

I've never used such a service, but I wonder what you might expect to 
actually get from them? We have pretty specific hardware, like a Flex 
x240 or specific System X 3550 M3 server configuration platform that 
doesn't often show up on, say, ebay the way a System Networking G8052 
might. So if you have a dual processor v3 6 core Xeon, and yours dies, 
can they get and plug in a new one the way IBM/Lenovo (insert OEM here) 
would? What about a system board?


The small print I saw was riddled with things like "can get equivalent 
hardware" - well for us that's pretty useless. A Dell blade isn't going 
to slot into a Flex chassis for instance. A 1U isn't the same either in 
terms of physical space, etc...


So I've been pretty much just keeping my own spares on hand and 
replacing hardware as is possible because I'm not at all sure these 
sorts of services would actually be useful.


James Pulver
CLASSE Computer Group
Cornell University

On 08/01/2016 03:46 PM, Maglinger, Paul wrote:

I've been asked to look at a third-party for hardware maintenance.  A few names 
have popped up several times including Reliant Technology and Park Place.
Has anyone had any experience with either of these?  At this time it would be 
for NetApp filers but could expand into HP, Dell, and Cisco.

TIA

Paul