Port - What server OS to use

DustinB3403

Ported from SW

Ok, so i just got hired on with a start up company and they have zero infrastructure what so ever.

Im in the process of getting things up and running and i was thinking about doing a setup where all the computer ( we should have about 15-20) will point back to one system where i can manage workers user names and password, and also there permissions on what they can and can not do, also i would like to use the same setup as a on-site place to store files for the workplace that can be accessed by certain users.

what would be the best way to do this, any feedback would be awesome

Thank you

Dashrender

@dustinb3403 said in Port - What server OS to use:

d have about 15-20) will point back to one system where i can manage workers user names and password, and also there

Centralized authentication of the PC is the issue.

For Windows machines it's traditionally been Active Directory. For Linux probably something like LDAP, but I have no actual experience.

As for a file server, to move to a LAN-Less setup, go with something like NextCloud. I'm not sure if NC can integrate with AD or not, but it definitely can and does have its own authentication mechanism so the user logging into the PC doesn't matter.

Purely managing the PCs can be done with RMM tools like Salt. But I'm not sure how you'd use Salt to create and manage users across machines.

It's mentioned an onsite server - why? What does an on site server give you a hosted VM can't?

scottalanmiller

The first big question is... is this really needed? With twenty or fewer machines, it's pretty trivial to live without formal central authentication in most cases. That tends to bring in a lot of cost and effort where it might make sense to just keep things simple.

DustinB3403

Another question is what does the business do, as that might dictate what kind of systems are needed. IE proprietary software that only operates on Windows / Mac / Linux.

black3dynamite

Since you are starting from the ground up, I would keep it simple.

Dashrender

@scottalanmiller said in Port - What server OS to use:

The first big question is... is this really needed? With twenty or fewer machines, it's pretty trivial to live without formal central authentication in most cases. That tends to bring in a lot of cost and effort where it might make sense to just keep things simple.

So what do you propose? no logons locally at all? or logons where there's a list of passwords for every machine?

Or do you have the expectation that one but the assigned user will ever use that computer?

Dashrender

@black3dynamite said in Port - What server OS to use:

Since you are starting from the ground up, I would keep it simple.

What does this really mean? What does simple fully look like to you?

black3dynamite

@dashrender said in Port - What server OS to use:

@black3dynamite said in Port - What server OS to use:

Since you are starting from the ground up, I would keep it simple.

What does this really mean? What does simple fully look like to you?

Setup Nextcloud and good backups and be done with it.

Dashrender

@black3dynamite said in Port - What server OS to use:

@dashrender said in Port - What server OS to use:

@black3dynamite said in Port - What server OS to use:

Since you are starting from the ground up, I would keep it simple.

What does this really mean? What does simple fully look like to you?

Setup Nextcloud and good backups and be done with it.

How do you manage the desktops? make sure they are updated, deploy software, etc?

scottalanmiller

@dashrender said in Port - What server OS to use:

@black3dynamite said in Port - What server OS to use:

@dashrender said in Port - What server OS to use:

@black3dynamite said in Port - What server OS to use:

Since you are starting from the ground up, I would keep it simple.

What does this really mean? What does simple fully look like to you?

Setup Nextcloud and good backups and be done with it.

How do you manage the desktops? make sure they are updated, deploy software, etc?

Proper settings and PowerShell.

black3dynamite

@dashrender said in Port - What server OS to use:

@black3dynamite said in Port - What server OS to use:

@dashrender said in Port - What server OS to use:

@black3dynamite said in Port - What server OS to use:

Since you are starting from the ground up, I would keep it simple.

What does this really mean? What does simple fully look like to you?

Setup Nextcloud and good backups and be done with it.

How do you manage the desktops? make sure they are updated, deploy software, etc?

PDQ Deploy Pro or PDQ Deploy Free (For deploying software)
Set Windows 10 updates to restart on the weekends or after-hours
Chocolatey
PowerShell
SaltStack/Ansible

Dashrender

@scottalanmiller said in Port - What server OS to use:

@dashrender said in Port - What server OS to use:

@black3dynamite said in Port - What server OS to use:

@dashrender said in Port - What server OS to use:

@black3dynamite said in Port - What server OS to use:

Since you are starting from the ground up, I would keep it simple.

What does this really mean? What does simple fully look like to you?

Setup Nextcloud and good backups and be done with it.

How do you manage the desktops? make sure they are updated, deploy software, etc?

Proper settings and PowerShell.

I was asking @black3dynamite specifically he didn't list any way to manage them. Of course your answer works, but those things don't work well in a non AD setup because there is no single authentication source (i.e. you have to manage the admin user account manually to enable Powershell).

Dashrender

I suppose if IT is deploying machines to these 15-20 users, they could setup a general admin account on all machines and a user account, then IT would know these things to use the listed tools.

scottalanmiller

@dashrender said in Port - What server OS to use:

I suppose if IT is deploying machines to these 15-20 users, they could setup a general admin account on all machines and a user account, then IT would know these things to use the listed tools.

That's pretty trivial and less work than adding each to the domain, anyway.

Mike Davis

@scottalanmiller said in Port - What server OS to use:

That's pretty trivial and less work than adding each to the domain, anyway.

It sounds like you've done this before. How does something like deploying a printer work without group policy or permissions? (permissions to the printer or permissions to install the driver that the server supplies)

I'm also having a hard time figuring out how powershell would work when you would have to feed each computer different credentials. Do you just add a username password field to the list of computers and then rip through with the for each loop as normal?

scottalanmiller

@mike-davis said in Port - What server OS to use:

It sounds like you've done this before. How does something like deploying a printer work without group policy or permissions? (permissions to the printer or permissions to install the driver that the server supplies)

Well, you can do it manually. For twenty machines that's often faster than taking the time to make a group policy. Or you just make a group policy, as that doesn't depend on a domain. Or you use a tool like Salt or just use PowerShell. And you have permission from the admin account.

scottalanmiller

@mike-davis said in Port - What server OS to use:

I'm also having a hard time figuring out how powershell would work when you would have to feed each computer different credentials.

Why different credentials? I mean you sure could have different ones and that might make sense, but you can use a common account, too. Remember that with AD we are okay with shared creds, so we probably are here, too.

scottalanmiller

PowerShell is built for tasks like this, it makes them pretty easy.

https://technet.microsoft.com/en-us/itpro/powershell/windows/printmanagement/add-printer

Mike Davis

@scottalanmiller said in Port - What server OS to use:

@mike-davis said in Port - What server OS to use:

I'm also having a hard time figuring out how powershell would work when you would have to feed each computer different credentials.

Why different credentials? I mean you sure could have different ones and that might make sense, but you can use a common account, too. Remember that with AD we are okay with shared creds, so we probably are here, too.

Isn't the username without AD computername\username ? So you would have to change the computername for each one even if you set the password the same.

scottalanmiller

@mike-davis said in Port - What server OS to use:

@scottalanmiller said in Port - What server OS to use:

@mike-davis said in Port - What server OS to use:

I'm also having a hard time figuring out how powershell would work when you would have to feed each computer different credentials.

Why different credentials? I mean you sure could have different ones and that might make sense, but you can use a common account, too. Remember that with AD we are okay with shared creds, so we probably are here, too.

Isn't the username without AD computername\username ? So you would have to change the computername for each one even if you set the password the same.

Well you have to cycle through machines either way, so you must be working from a list of some form. So whether you remote in and install the printer, or you install the printer remotely with the computer name there, you would need a list to work from, how else do you know where to install the printers?

Same as Group Policy. You might make a list that is just "all", but you are still making a list. Here you don't quite have the luxury of an "all", but the list is so small, that that's not a big deal. Twenty max is an easy list to make.