Hah! I have the same problem. I actually have a Splunk search saved that I check every morning telling me if anyone's operating with an expired password. I call them up and usually ask "Have you noticed that you haven't been able to print anything for 24 hours? That you haven't been able to access any of the shares? No? Well, anyways, please logoff and log on again, Thanks!" People really would go for weeks without logging off, not being able to print or access network data and just not tell anyone about it.
If you want a mobile remote desktop box, this is NOT it.
Uh... that's seriously how you use Citrix? I hate to break it to you, but businesses don't use Citrix for remote dektop; I'd estimate that at least 85% of Citrix servers serve up applications, not desktops, and if they do full desktops, they're only in addition to the apps served. If you use Citrix solely for remote desktop, I'm sorry but your company just wasted at least 50k.
Are you serious? Either you're a troll, or you're completely clueless as to what Citrix is. Citrix allows you to stream applications (remote desktop streaming is probably the least used feature) at extremely high speeds across a LAN or WAN. As in a user clicks a program icon from their start menu and it launches a program and they have no idea it's not running on their computer. Or they click a link on a webpage and it launches a program that appears to be running locally. Like, you're running Linux or OSX and you click a link and a window pops up and there is Excel 2007 at almost full speed. Maybe I'm not up with the times, but I'm pretty sure VNC can't approach that. Not only this, but Citrix also allows integration with LDAP, AD, eDirectory, or whatever directory service you run to allow granular control over user access. I don't even think VNC is directory-aware. Then, on top of that, it they also have software that allows you to cluster and load-balance streamed applications across multiple pieces of hardware. VNC is truly not even in the same category of software as Citrix. I'm not saying it's perfect, or that you would have any reason to use it, but to compare Citrix to VNC is just plain silly. OpenVPN is even sillier, you're confusing a VPN with a service that is commonly used over a VPN.
Right... and my point was that they do not care enough about their customers to automate something like that. Seriously. They just don't do it, or if they do it they don't look at it, or if they look at it they just sit back and laugh about it. I think if you'd ever tried to find out what was going on with your PRIs when they go down from a company like Paetec, or Verizon, or this shitty company, you would understand what I'm talking about. They just don't give a shit.
What, someone just happens to be browsing through their records of billions of phone calls and notices this pattern? Also, you are assuming that they value their customer; I don't think you've ever dealt with a phone company in a business setting...
This guy sucks. How is he more of a cyborg than someone with a pacemaker? I feel like a pacemaker makes you way more of a cyborg than this egotistical jerk with an RFID chip in his arm.
Alright, so let's start a discussion here; what do you guys do to audit your security logs?
I'm really not sure if I do enough. I have the FW logs all forwarded to both its own DB as well as Splunk. I then analyze the FW logs with Sawmill, but only when something comes up, and about once a month I'll kinda just poke around for anything abnormal. Where I really do most of the work is in Splunk though. I have alerts set up for Router and FW access, too many failed logon attempts from the DCs, excessive errors and all that, and about once a week I go in and just browse the logs (through Splunk). Is this enough? What do you guys do? I'm just a one-man team here and I really just implemented these procedures myself without any real policy outline in place.
About 50% of our apps are written in-house, and yeah, they certainly have caused the most trouble, but nothing that testing and tinkering didn't fix. Like I said, though, the last office that I did went over great. I prepped scripts to do pretty much everything, perpared the entire domain, users, OUs, policies and all, did it in one weekend and literally by that Wednesday everyone was back to normal productivity levels. The "very roughly" part happened in the very beginning, when myself and the previous admin knew nothing about AD and just kinda winged the HQ conversion without planning or testing anything. That was a nightmare, I'll certainly give you that. I will have a nice holiday, you too.
Actually it's going great, and the project's almost over. I've had one office over for about a year, and another office just went over a couple weeks ago; only had one day of confusion and the productivity gains from migrating have been well worth it.
Not only does it make administration easier, but it also makes HIPAA compliance a billion times easier, enterprise-wide management systems easier, provisioning is easier, data sharing is easier, well, pretty much everything's easier than with Netware, and the users get the feel for it very quickly. I don't know why yours went so poorly, that really is a bummer. Ours went very roughly at first, but if yours really went that bad, then sorry to say but either you didn't do a very good job, or we're talking about two different beasts. My offices are about 80 users each, and I'm doing it pretty much alone; maybe you're talking about thousands of users or something. All it really takes, though, is careful analysis, planning and thorough testing. Emphasis on the analysis part.
Hah, yeah, I did forget about Hyper-V (does anyone actually use it?), however it's really cool that if you don't want it, they let you buy a cheaper license without it. The other awesome thing about 2008 is that you can buy licenses that include use on virtual machines, either four or unlimited, which I think is a killer feature this day in age.
I think it's pretty difficult to argue that Windows Server 2008 was not well tested and thoroughly prepared. Can you name something that was seriously wrong with that release? In my opinion (keep in mind I run Ubuntu Server LTS for most of my new deployments), Server 2008 is a truly fantastic OS; it's rock solid, got great features, has full-fledged CLI, and is polished out of the box. Even the licensing is now easy. Or how about Office 2007? Aside from the initial shock at the UI change, it went very well. What about Visual Studio 2008?
I'm not defending IE, I can't stand it myself, but I think [citation needed] is appropriate here if you're going to make broad statements like that.
Is a release candidate still considered a beta? I was always under the impression that release candidates were past the "beta" moniker and were part of the next phase of deployment. But I'm an admin, not a programmer, and really have no clue when it comes to that kind of stuff. Coincidentally, I just watched Blade Runner on my Sony Superbeta hi-fi, still looks fantastic after all these years. Suck it, Blu-ray.
You know I actually just assumed that the new RAIDiator would work the same with Webkit and didn't even try it out with Chrome since it was only a minor revision. Good to know.
We have a ReadyNAS 1100, it's alright, but I wouldn't call it stellar. I get around 80Mb/sec to it over the network, but the management interface is IE only (as far as I can tell, since it has problems with FF and Chrome), and it has these odd delays when opening shares and browsing directories. Some of the nice features are the out-of-the-box NFS support and small, 1U size.
Yeah, that's right! What if our roads were all owned by the government, it'd be a disaster! We certainly wouldn't have one of the world's best road infrastructures if that was the case.
Slashdot Mirror
Hah! I have the same problem. I actually have a Splunk search saved that I check every morning telling me if anyone's operating with an expired password. I call them up and usually ask "Have you noticed that you haven't been able to print anything for 24 hours? That you haven't been able to access any of the shares? No? Well, anyways, please logoff and log on again, Thanks!" People really would go for weeks without logging off, not being able to print or access network data and just not tell anyone about it.
If you want a mobile remote desktop box, this is NOT it.
Uh... that's seriously how you use Citrix? I hate to break it to you, but businesses don't use Citrix for remote dektop; I'd estimate that at least 85% of Citrix servers serve up applications, not desktops, and if they do full desktops, they're only in addition to the apps served. If you use Citrix solely for remote desktop, I'm sorry but your company just wasted at least 50k.
Are you serious? Either you're a troll, or you're completely clueless as to what Citrix is. Citrix allows you to stream applications (remote desktop streaming is probably the least used feature) at extremely high speeds across a LAN or WAN. As in a user clicks a program icon from their start menu and it launches a program and they have no idea it's not running on their computer. Or they click a link on a webpage and it launches a program that appears to be running locally. Like, you're running Linux or OSX and you click a link and a window pops up and there is Excel 2007 at almost full speed. Maybe I'm not up with the times, but I'm pretty sure VNC can't approach that. Not only this, but Citrix also allows integration with LDAP, AD, eDirectory, or whatever directory service you run to allow granular control over user access. I don't even think VNC is directory-aware. Then, on top of that, it they also have software that allows you to cluster and load-balance streamed applications across multiple pieces of hardware. VNC is truly not even in the same category of software as Citrix. I'm not saying it's perfect, or that you would have any reason to use it, but to compare Citrix to VNC is just plain silly. OpenVPN is even sillier, you're confusing a VPN with a service that is commonly used over a VPN.
skyisfalling tag has never been so accurate!
Right... and my point was that they do not care enough about their customers to automate something like that. Seriously. They just don't do it, or if they do it they don't look at it, or if they look at it they just sit back and laugh about it. I think if you'd ever tried to find out what was going on with your PRIs when they go down from a company like Paetec, or Verizon, or this shitty company, you would understand what I'm talking about. They just don't give a shit.
Because the water company doesn't own the pipe six inches to the left, and the company that got their water hijacked was a "pipe security" company.
What, someone just happens to be browsing through their records of billions of phone calls and notices this pattern? Also, you are assuming that they value their customer; I don't think you've ever dealt with a phone company in a business setting...
This guy sucks. How is he more of a cyborg than someone with a pacemaker? I feel like a pacemaker makes you way more of a cyborg than this egotistical jerk with an RFID chip in his arm.
That's a good idea, I'll have to look into that.
I forgot, we also annually have an outside consultant come in and do intrusion and security testing.
Sorry, I forgot to include
Alright, so let's start a discussion here; what do you guys do to audit your security logs?
I'm really not sure if I do enough. I have the FW logs all forwarded to both its own DB as well as Splunk. I then analyze the FW logs with Sawmill, but only when something comes up, and about once a month I'll kinda just poke around for anything abnormal. Where I really do most of the work is in Splunk though. I have alerts set up for Router and FW access, too many failed logon attempts from the DCs, excessive errors and all that, and about once a week I go in and just browse the logs (through Splunk). Is this enough? What do you guys do? I'm just a one-man team here and I really just implemented these procedures myself without any real policy outline in place.
www.gotoboardingschool.com
Why don't we test their Internet gateways? Right now! Let's go, crowd, everybody start hammering their GWs! Hooray, we're helping!
About 50% of our apps are written in-house, and yeah, they certainly have caused the most trouble, but nothing that testing and tinkering didn't fix. Like I said, though, the last office that I did went over great. I prepped scripts to do pretty much everything, perpared the entire domain, users, OUs, policies and all, did it in one weekend and literally by that Wednesday everyone was back to normal productivity levels. The "very roughly" part happened in the very beginning, when myself and the previous admin knew nothing about AD and just kinda winged the HQ conversion without planning or testing anything. That was a nightmare, I'll certainly give you that. I will have a nice holiday, you too.
Actually it's going great, and the project's almost over. I've had one office over for about a year, and another office just went over a couple weeks ago; only had one day of confusion and the productivity gains from migrating have been well worth it.
Not only does it make administration easier, but it also makes HIPAA compliance a billion times easier, enterprise-wide management systems easier, provisioning is easier, data sharing is easier, well, pretty much everything's easier than with Netware, and the users get the feel for it very quickly. I don't know why yours went so poorly, that really is a bummer. Ours went very roughly at first, but if yours really went that bad, then sorry to say but either you didn't do a very good job, or we're talking about two different beasts. My offices are about 80 users each, and I'm doing it pretty much alone; maybe you're talking about thousands of users or something. All it really takes, though, is careful analysis, planning and thorough testing. Emphasis on the analysis part.
Yes. I run Netware 5 on HP LC3s. They have been up and running since 1998. We're migrating to AD right now. Get off my case!
At first I read "Novell causes brain cancer." I need more sleep.
Hah, yeah, I did forget about Hyper-V (does anyone actually use it?), however it's really cool that if you don't want it, they let you buy a cheaper license without it. The other awesome thing about 2008 is that you can buy licenses that include use on virtual machines, either four or unlimited, which I think is a killer feature this day in age.
I think it's pretty difficult to argue that Windows Server 2008 was not well tested and thoroughly prepared. Can you name something that was seriously wrong with that release? In my opinion (keep in mind I run Ubuntu Server LTS for most of my new deployments), Server 2008 is a truly fantastic OS; it's rock solid, got great features, has full-fledged CLI, and is polished out of the box. Even the licensing is now easy. Or how about Office 2007? Aside from the initial shock at the UI change, it went very well. What about Visual Studio 2008?
I'm not defending IE, I can't stand it myself, but I think [citation needed] is appropriate here if you're going to make broad statements like that.
Holy crap I miss my 1990 Oldsmobile Cutlass Supreme. Thanks for bringing that up. :'-(
Is a release candidate still considered a beta? I was always under the impression that release candidates were past the "beta" moniker and were part of the next phase of deployment. But I'm an admin, not a programmer, and really have no clue when it comes to that kind of stuff.
Coincidentally, I just watched Blade Runner on my Sony Superbeta hi-fi, still looks fantastic after all these years. Suck it, Blu-ray.
You know I actually just assumed that the new RAIDiator would work the same with Webkit and didn't even try it out with Chrome since it was only a minor revision. Good to know.
We have a ReadyNAS 1100, it's alright, but I wouldn't call it stellar. I get around 80Mb/sec to it over the network, but the management interface is IE only (as far as I can tell, since it has problems with FF and Chrome), and it has these odd delays when opening shares and browsing directories. Some of the nice features are the out-of-the-box NFS support and small, 1U size.
Yeah, that's right! What if our roads were all owned by the government, it'd be a disaster! We certainly wouldn't have one of the world's best road infrastructures if that was the case.