There's that, and there's also ruthless preemption, so that when the system is at capacity and a responder with a flagged number needs to make a call, the switch will drop someone else's call to let the responder through
Now we just need Doc Manhattan to start shredding the riff from Iron Maiden's "Two Minutes to Midnight" while riding a bomb down and i think we'll have all the pop culture references covered
thats not that many once you think about. with all the snap-ins they have already that ship with os and the few products i use that have their own, i'm sitting at over 1,100. one of powershell's biggest advantages is the standardization of cmdlet names. plus you dont have to remember all the cmdlets, get-command is your friend
Domain admins having admin on windows client isn't that big of a deal. A domain admin wielding GPO or Configuration Manager can do more harm then with local box admin privs. Plus, those guys own the directory service, there's a lot of power that just with that.
Your better OEMs will allow you to subsitute a statement of destruction for a warrentee replacement. If the drive has had an opertunity to have come in contact with anything classified, its wiped, exposed to a bulk magnetic eraser, then a hammer till the platters are in parts. Dont think a magnet will kill and ssd, but my "Air Force Fine Adjustment Tool" will.
Group Policy can distribute your public copy of your root cert to you're windows box in your AD environmnent. Whole process should take way under an hour to do.
Agreed. Take a few steps back from this, and assume not everyone is an enthusiast. think about a few things.
I'm a government agency with about 1500 desktops/laptops. our first big cost is labor. yes our technicians are salaried, but we need a certain level of productivity to meet internal SLA's
We go with a Tier 1 OEM for our desktops, and are pretty strict about what come in the door.your choices are based on what i can support with microsoft's Configuration Manager's Operating System Deployment (OSD). using OSD, our imaging time is 1 hour. Thats all the drivers, patches, applications, everything. and the technician spends about 5 minutes to launch the process and walk away. My OEM goes as far to deliver driver packs for my OSD process. new model of their business class desktop? no proble, in about an hour, i can add support of that model in to our OSD imaging process.
How about that licensing you mentioned? are you seriously considering retail media (if your activation isnt stored in the motherboard, its not OEM)? how do you plan to manage your license keys? OEM means its in the bios and you dont have to worry too much. no keys to keep track of, or enter. You could go with an enterprise agreement, roll the enterprise edition of your OS, and either use a single MAK key or run KMS. its one thing to deal with a stick on the side of the box when you first image it, but how about 9 months down the road when you hdd craps out, and you need to reinstall your OS.
anything you bring in the door has a minimum life cycle of 3 years. our contract with OEM states everything will have a warranty for at least that, with options for 4 and 5 years as well. With that in mind, i know my end users will be down for a day while parts are being delivered, i wont get a different revision of a part that might break something else. and i dont have to worry about parts availability in general.
also, are you looking at a business class system? and is some of your hardware specs realistic? Six core I7 system for general office work isnt realistic. your HR people aren't going to care that their system gets a really high benchmark score. Can they process their paperwork in a quick manner, if so then they're happy. Try looking a Core2 system with 4 gigs. we pay about 600~700 for one with with a three year warranty.
at the end of the day, that desktop is a fixed, one time cost. however, your salary is an ongoing expense. you should look at maximizing that value. look at how well you can deliver a quality service with minimal time. If you have a good relationship with your OEM, your job gets even easier.
I may be sitting on a descent home build here at home, but at work, its a Optiplex 755 with a core2-quad and 8 gigs.
. I don't know why the hell we let people who hate the idea of a good time dictate what's socially acceptable, to the point where anyone who doesn't conform is labeled an alcoholic and stuck in a treatment / proselytizing program.
simple, everyone else is busy having said good time. They're also probably pissed off they're not having a good time as well.
Exactly. boxes from Dell's Optiplex line and HP DC series are designed to be long like machines. common parts between models, long availability of orderable parts make supporting the things 3 years from just as easy.Desktop support is supoposed to be quick and boring.
You'll also want to look at deployment tools. I know Dell gives away tools to intergrate into Microsoft Deployment Toolkit and System Center Configuration Manager. And both HP and Dell will sell you an alteris based solution to roll these boxes out. If you put the proper infrastructure in, you will cut down your long term costs in rolling the boxes out, We invested in Coinfiguration Manger, and with Dell's driver packs, it takes me about 15 minutes to add support for a new model and my master image wont break. It also take about 5 minutes of a tech's time to kick off a system reimage (boot from network, enter your credentials, pick your OS, click next, walk away) and an hour and a half later, out pops a done box, completely patched.
This is nothing new. MS has a tool called System Center Custom Update Pubpluser (or SCUP). Dell, Citrix, and Adobe Flash all have had catalogs to publish into WSUS/SCCM since 2007. Shavik put out a custom catalog last week.
Agreed,I cut my teeth on DAT DDS3 drives. The carts wer junk, just flimsy plastic. The drives had to be constantly cleaned, and i was lucky if all my drives made it througha week with no problems. I've been doing LTO now for 8 or so years, and they have been solid
Agreed. We have to archive stuff for 10+ years due to various legal reasons. I found have good backup software and a library with a barcode reader really helps. The backup software reads the barcode from the tape via the library and sets the media name the same. That saves alot of administrative overhead. Plus if your backup software is any good, it will keep a database of what data is on what tape.
The one thing you have to be mindfull about with LTO tapes is they have obselecence built in. The drives will read and write is generation (n) and one before (n-1), and read N-2. anyhing past N-2 your SOL
As for off-site tape vendors, shop around and visit the facility.I've seen some on paper that sound great, but inspected they arent that great. If you're Near the Philly, New Jersey, New Your area, Vital Records is a great company (not a paid shill, just a very happy customer)
I'm right there with you. I bashed Vista pre-sp1, but there was some griup policy issues. Once you understand why ms did some of the things they did, they got a lot right. It a really easy OS to manage. My favorites feature is the hardware-agnostic wim image and off line driver injection. It adds up to let you have a single master image that doesn't care about the target system. New model of opti from dell, no problem.
They didn't mention it because it doesn't matter. Its the result of bad coding practices. A sql injection attack is caused by the front end application accepting whatever input its given and using to generate the sql statements. You stop these attacks by sanitizing your input, use stored procedures to do the database work, and possibly stick in a middle ware tear to handle database access, ie apache -> websphere -> database.
I'm also on the ServiceTag/Serial Number boat. My automated build tools will read the tag number from the BIOS. the host name stay the same cradle to crave. Details like where its located assigned goes into the AD deiscription field. All the other data sits in my ConfigMgr database
We call that Disordly Conduct here in Delaware. Its an excellent tool for dealing with unruly neighbors From Del Code, title 11
 1301. Disorderly conduct; unclassified misdemeanor.
A person is guilty of disorderly conduct when:
(1) The person intentionally causes public inconvenience, annoyance or alarm to any other person, or creates a risk thereof by:
a. Engaging in fighting or in violent, tumultuous or threatening behavior; or
b. Making an unreasonable noise or an offensively coarse utterance, gesture or display, or addressing abusive language to any person present; or
c. Disturbing any lawful assembly or meeting of persons without lawful authority; or
d. Obstructing vehicular or pedestrian traffic; or
e. Congregating with other persons in a public place and refusing to comply with a lawful order of the police to disperse; or
f. Creating a hazardous or physically offensive condition which serves no legitimate purpose; or
g. Congregating with other persons in a public place while wearing masks, hoods or other garments rendering their faces unrecognizable, for the purpose of and in a manner likely to imminently subject any person to the deprivation of any rights, privileges or immunities secured by the Constitution or laws of the United States of America.
(2) The person engages with at least 1 other person in a course of disorderly conduct as defined in paragraph (1) of this section which is likely to cause substantial harm or serious inconvenience, annoyance or alarm, and refuses or knowingly fails to obey an order to disperse made by a peace officer to the participants.
Disorderly conduct is an unclassified misdemeanor.
Real ID isnt a national ID. Its a a set of rules to make it harder to game the system in getting your state issued plastic. Its still a state owned and managed process. You're info stays at the state level. Instead of paper based reciprocity, the verifcation is done a lot quicker electronicly.
There is a reliance, good bad or indifferent, on your state issued id. the biggest burdon to my state is the overhaul of the DMV apps to support the new info, and providing an electronic interface to other states to query our record.
driver licences are forged quite often, and there's a number of authenticity checks built into the state issued DL. i made the mistake of making a remark of how card is it to forge an id, and i quickly shown just how many anti-counterfitting measures there are
Slashdot Mirror
There's that, and there's also ruthless preemption, so that when the system is at capacity and a responder with a flagged number needs to make a call, the switch will drop someone else's call to let the responder through
Now we just need Doc Manhattan to start shredding the riff from Iron Maiden's "Two Minutes to Midnight" while riding a bomb down and i think we'll have all the pop culture references covered
thats not that many once you think about. with all the snap-ins they have already that ship with os and the few products i use that have their own, i'm sitting at over 1,100. one of powershell's biggest advantages is the standardization of cmdlet names. plus you dont have to remember all the cmdlets, get-command is your friend
Domain admins having admin on windows client isn't that big of a deal. A domain admin wielding GPO or Configuration Manager can do more harm then with local box admin privs. Plus, those guys own the directory service, there's a lot of power that just with that.
Your better OEMs will allow you to subsitute a statement of destruction for a warrentee replacement. If the drive has had an opertunity to have come in contact with anything classified, its wiped, exposed to a bulk magnetic eraser, then a hammer till the platters are in parts. Dont think a magnet will kill and ssd, but my "Air Force Fine Adjustment Tool" will.
Group Policy can distribute your public copy of your root cert to you're windows box in your AD environmnent. Whole process should take way under an hour to do.
Amen. Thats one of the things i'm working on is getting my os imaging process to enable bitlocker without human intervention.
Of course, that old BIOS option where it would protect the MBR worked real well.
It was the SGC firing at yet another goa'uld mothership, duh!
Agreed. Take a few steps back from this, and assume not everyone is an enthusiast. think about a few things.
I'm a government agency with about 1500 desktops/laptops. our first big cost is labor. yes our technicians are salaried, but we need a certain level of productivity to meet internal SLA's
We go with a Tier 1 OEM for our desktops, and are pretty strict about what come in the door.your choices are based on what i can support with microsoft's Configuration Manager's Operating System Deployment (OSD). using OSD, our imaging time is 1 hour. Thats all the drivers, patches, applications, everything. and the technician spends about 5 minutes to launch the process and walk away. My OEM goes as far to deliver driver packs for my OSD process. new model of their business class desktop? no proble, in about an hour, i can add support of that model in to our OSD imaging process.
How about that licensing you mentioned? are you seriously considering retail media (if your activation isnt stored in the motherboard, its not OEM)? how do you plan to manage your license keys? OEM means its in the bios and you dont have to worry too much. no keys to keep track of, or enter. You could go with an enterprise agreement, roll the enterprise edition of your OS, and either use a single MAK key or run KMS. its one thing to deal with a stick on the side of the box when you first image it, but how about 9 months down the road when you hdd craps out, and you need to reinstall your OS.
anything you bring in the door has a minimum life cycle of 3 years. our contract with OEM states everything will have a warranty for at least that, with options for 4 and 5 years as well. With that in mind, i know my end users will be down for a day while parts are being delivered, i wont get a different revision of a part that might break something else. and i dont have to worry about parts availability in general.
also, are you looking at a business class system? and is some of your hardware specs realistic? Six core I7 system for general office work isnt realistic. your HR people aren't going to care that their system gets a really high benchmark score. Can they process their paperwork in a quick manner, if so then they're happy. Try looking a Core2 system with 4 gigs. we pay about 600~700 for one with with a three year warranty.
at the end of the day, that desktop is a fixed, one time cost. however, your salary is an ongoing expense. you should look at maximizing that value. look at how well you can deliver a quality service with minimal time. If you have a good relationship with your OEM, your job gets even easier.
I may be sitting on a descent home build here at home, but at work, its a Optiplex 755 with a core2-quad and 8 gigs.
. I don't know why the hell we let people who hate the idea of a good time dictate what's socially acceptable, to the point where anyone who doesn't conform is labeled an alcoholic and stuck in a treatment / proselytizing program.
simple, everyone else is busy having said good time. They're also probably pissed off they're not having a good time as well.
If you read further into EFO, you'd see that bootloaders are not a requirment any more
Exactly. boxes from Dell's Optiplex line and HP DC series are designed to be long like machines. common parts between models, long availability of orderable parts make supporting the things 3 years from just as easy.Desktop support is supoposed to be quick and boring.
You'll also want to look at deployment tools. I know Dell gives away tools to intergrate into Microsoft Deployment Toolkit and System Center Configuration Manager. And both HP and Dell will sell you an alteris based solution to roll these boxes out. If you put the proper infrastructure in, you will cut down your long term costs in rolling the boxes out, We invested in Coinfiguration Manger, and with Dell's driver packs, it takes me about 15 minutes to add support for a new model and my master image wont break. It also take about 5 minutes of a tech's time to kick off a system reimage (boot from network, enter your credentials, pick your OS, click next, walk away) and an hour and a half later, out pops a done box, completely patched.
This is nothing new. MS has a tool called System Center Custom Update Pubpluser (or SCUP). Dell, Citrix, and Adobe Flash all have had catalogs to publish into WSUS/SCCM since 2007. Shavik put out a custom catalog last week.
They have. DDS is junk. I rana little bit of DLT, and a lot of LTO. LTO has been very good to me.
Agreed,I cut my teeth on DAT DDS3 drives. The carts wer junk, just flimsy plastic. The drives had to be constantly cleaned, and i was lucky if all my drives made it througha week with no problems. I've been doing LTO now for 8 or so years, and they have been solid
A sure fire way to make sure you get your tapes off site is a regularly schedualed pickup from your off-site company.
Agreed. We have to archive stuff for 10+ years due to various legal reasons. I found have good backup software and a library with a barcode reader really helps. The backup software reads the barcode from the tape via the library and sets the media name the same. That saves alot of administrative overhead. Plus if your backup software is any good, it will keep a database of what data is on what tape.
The one thing you have to be mindfull about with LTO tapes is they have obselecence built in. The drives will read and write is generation (n) and one before (n-1), and read N-2. anyhing past N-2 your SOL
As for off-site tape vendors, shop around and visit the facility.I've seen some on paper that sound great, but inspected they arent that great. If you're Near the Philly, New Jersey, New Your area, Vital Records is a great company (not a paid shill, just a very happy customer)
I'm right there with you. I bashed Vista pre-sp1, but there was some griup policy issues. Once you understand why ms did some of the things they did, they got a lot right. It a really easy OS to manage. My favorites feature is the hardware-agnostic wim image and off line driver injection. It adds up to let you have a single master image that doesn't care about the target system. New model of opti from dell, no problem.
They didn't mention it because it doesn't matter. Its the result of bad coding practices. A sql injection attack is caused by the front end application accepting whatever input its given and using to generate the sql statements. You stop these attacks by sanitizing your input, use stored procedures to do the database work, and possibly stick in a middle ware tear to handle database access, ie apache -> websphere -> database.
serivce tag/serial number. it never changes. things like the description fields in AD help out for tracking the more dynamic stuff.
I'm also on the ServiceTag/Serial Number boat. My automated build tools will read the tag number from the BIOS. the host name stay the same cradle to crave. Details like where its located assigned goes into the AD deiscription field. All the other data sits in my ConfigMgr database
I forgot to mention the test is "if it would cause a resonable person to react violently under normal conditions"
We call that Disordly Conduct here in Delaware. Its an excellent tool for dealing with unruly neighbors From Del Code, title 11
 1301. Disorderly conduct; unclassified misdemeanor.
A person is guilty of disorderly conduct when:
(1) The person intentionally causes public inconvenience, annoyance or alarm to any other person, or creates a risk thereof by:
a. Engaging in fighting or in violent, tumultuous or threatening behavior; or
b. Making an unreasonable noise or an offensively coarse utterance, gesture or display, or addressing abusive language to any person present; or
c. Disturbing any lawful assembly or meeting of persons without lawful authority; or
d. Obstructing vehicular or pedestrian traffic; or
e. Congregating with other persons in a public place and refusing to comply with a lawful order of the police to disperse; or
f. Creating a hazardous or physically offensive condition which serves no legitimate purpose; or
g. Congregating with other persons in a public place while wearing masks, hoods or other garments rendering their faces unrecognizable, for the purpose of and in a manner likely to imminently subject any person to the deprivation of any rights, privileges or immunities secured by the Constitution or laws of the United States of America.
(2) The person engages with at least 1 other person in a course of disorderly conduct as defined in paragraph (1) of this section which is likely to cause substantial harm or serious inconvenience, annoyance or alarm, and refuses or knowingly fails to obey an order to disperse made by a peace officer to the participants.
Disorderly conduct is an unclassified misdemeanor.
by the same logic, license plates are a national id. USDOT sets the standards the state need to conform to a federal standard
Real ID isnt a national ID. Its a a set of rules to make it harder to game the system in getting your state issued plastic. Its still a state owned and managed process. You're info stays at the state level. Instead of paper based reciprocity, the verifcation is done a lot quicker electronicly.
There is a reliance, good bad or indifferent, on your state issued id. the biggest burdon to my state is the overhaul of the DMV apps to support the new info, and providing an electronic interface to other states to query our record.
driver licences are forged quite often, and there's a number of authenticity checks built into the state issued DL. i made the mistake of making a remark of how card is it to forge an id, and i quickly shown just how many anti-counterfitting measures there are