@Eatsshootsandleaves said in Setting up a MS 2019 PKI for secure Wifi access - will this break anything in domain??:

Newbie to Certificate Services and while everything in our domain fine I need to refresh our Wifi setup to be more secure and using certs with EAP-TLS seems to be the best way to go.
Introducing a PKI into our domain is there any chance this may break existing functionality - I only want this PKI for Wifi nothing else. Thanks guys

No, you can bring up a PKI such as AD CS without any impact to existing infrastructure.

Once you distribute certificates, and require them for WiFi connection as in your example, only then will it have an obvious impact.

Of course there are many variables at play, but generally speaking, without any major or crazy numbers in any aspect, it won't mess with anything simply by creating a PKI.

Just make sure to use proper planning in every aspect. It's a PITA to revoke, remove, and redistribute certs because you didn't plan for something and need to make a change.

@gjacobse said in Designing for tech startup: Network, AD, Backup etc:

@DustinB3403 said in Designing for tech startup: Network, AD, Backup etc:

I suppose you could use Storage Spaces Direct (all windows across the entire thing) but I wouldn't consider SSD at all mature nor production ready, especially at this scale.

Thanks, had not heard of this.

DataOn solutions fully support this and vice versa. They are experienced with this kind of scale and much larger.

@Dashrender said in Domain Planning: Network shares or ,..:

@dafyre said in Domain Planning: Network shares or ,..:

@notverypunny said in Domain Planning: Network shares or ,..:

Does NC allow exposure of their "file shares" as smb? If you have users that can't / don't want to use a browser-based access they can always mount it in windows explorer via webdav. Alfresco allows (allowed?) access via both, but the last time I played with it the performance was meh, which I attributed to it being built on java...

You can mount NextCloud into a drive letter or folder using WebDav.

The question does become the aforementioned performance issue (if there is one).

I wonder how file locks are handled when using WebDav?

There are a few topics elsewhere here where file locking and cloud hosting were discussed. You do have to give up what we have all come to appreciate in file locking. Here is a response in one of those other topics I spoke about:

@scottalanmiller said in file sharing in the 21st century:

@Donahue said in file sharing in the 21st century:

I am aware of that. It's online locking that I am after. Though, I will concede that any locking scheme has to plan for both online and offline. I like sync because of local performance and offline availability, but it really feels like it is best for non shared files. When you add multiple users into the mix, almost everything goes out the window, especially when and if they go offline.

Everything is best for non-shared files 🙂

SMB shines at "always online, always nearly local" files because it handles offline so poorly. It's a balance. To handle offline or very distant (e.g. high latency) networks well, you have to sacrifice locking.

@Romo said in Deploy Active Directory via PowerShell:

Great Job @EddieJennings !!, Really liked the flow and tempo of the video 😃

Thanks 😄

@Mike-Davis said in Server 2019 Essentials - Domain controller requirement:

@Dashrender said in Server 2019 Essentials - Domain controller requirement:

@IRJ said in Server 2019 Essentials - Domain controller requirement:

@Dashrender said in Server 2019 Essentials - Domain controller requirement:

@IRJ said in Server 2019 Essentials - Domain controller requirement:

@Dashrender said in Server 2019 Essentials - Domain controller requirement:

@CCWTech said in Server 2019 Essentials - Domain controller requirement:

@Dashrender said in Server 2019 Essentials - Domain controller requirement:

No one here knows - we don't run that software.

No one here runs Server 2019 Essentials?

No - most here run standard Windows Server or some flavor or Linux. Essentials is only for SUPER tiny environments (I think it's limited to 25 connections)... a version that at least with 2012 didn't require User CALs, making it significantly cheaper for super tiny shops that required Windows, but once you hit over 25, you got a HUGE upgrade cost i.e. full server license and 25+ CALs.

Yep. It is generally not reliable either. At least earlier version weren't. Throw all MS services on one piece of underpowered hardware and then throw all your apps over it. What could go wrong?

I guess i was lucky - when they started calling it Essentials - there weren't that many services left - File/Print/AD/DNS/DHCP and what WSUS? that's all pretty typical single box stuff in my mind. WSUS could be shit for sure, but the rest can work together no issues.

Back when it was SBS server and had Exchange and possibly a corporate firewall and SQL server - OMG - yeah, kill me now!.

That's just the out of the box stuff that can be simple solved off windows very easily 😉

Dont forget that these businesses like to throw quickbooks and other poorly made sofware on their Essentials server including these other services which are already too much to have on one box IMO. It's 2019, virtualize 🙂

It would be interesting to know if Essentials allows for the install of 3rd party software like that?
Probably does..

QuickBooks is the reason I have so many Essentials servers out there. If the environment is large enough where you can't just make one computer "the server" and share QuickBooks from there, Server Essentials goes in along with QuickBooks Database manager and its 25 year old architecture and you call it a day.

Same kind of problem here.