ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    AzureAD and shares

    Scheduled Pinned Locked Moved IT Discussion
    137 Posts 9 Posters 16.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • DashrenderD
      Dashrender @scottalanmiller
      last edited by

      @scottalanmiller said in AzureAD and shares:

      @brandon220 said in AzureAD and shares:

      @Obsolesce Yes. Unbelievable.

      Worse, is that someone pays and/or believes them. How could it come to that?

      Because those who are paying for those audits simply don't know any better - and the advertising for said auditor is better than anything the local IT group can give.

      scottalanmillerS 1 Reply Last reply Reply Quote 0
      • DashrenderD
        Dashrender @scottalanmiller
        last edited by

        @scottalanmiller said in AzureAD and shares:

        @brandon220 said in AzureAD and shares:

        I know @Obsolesce uses samba too. How well does this work if the MS users connecting to samba sign in to their PCs with MS accounts instead of local user accounts? Basically, does it work properly with email addresses for usernames? I don't use MS accounts personally and have never tried to connect to a samba share that way.

        I thought that they were dropping those weird things for local or AD?

        Well - @brandon220 has two choices - use MSA (Microsoft Accounts) or purely local to the machine accounts.

        Actually he has a third as long as he has O365.
        O365 comes with a lite version of Azure AD. You can join your Win10 machines to it, and users can roam between PCs via this authentication method. No extra cost needed outside the base license for O365.

        So now the question becomes - can Samba use usernames like [email protected]? If it can, then there shouldn't be any issue.

        1 Reply Last reply Reply Quote 0
        • DashrenderD
          Dashrender @brandon220
          last edited by

          @brandon220 said in AzureAD and shares:

          My best option IMO is to spin up 3 new VMs - 2 AD/DNS and 1 file server.

          Where are you planning on hosting this? I have to assume you don't mean to buy two servers, and setup AD/DNS on each of them, plus then setup a file server on one of them as well? That would be hardware overkill for something like this.
          So assuming you did go with a single server - then you're down to two VMs - 1 AD/DNS and 1 file server.

          Another option would be 1 NAS, and simply map it to everyone's computer.

          You mentioned managing local user accounts - do users move around and use other people's computers? or are they mainly only on their own? If they are mostly single use, a NAS is likely the best option. You'll build the users on the NAS and be done with it.

          brandon220B 1 Reply Last reply Reply Quote 0
          • ObsolesceO
            Obsolesce @brandon220
            last edited by

            @brandon220 said in AzureAD and shares:

            I know @Obsolesce uses samba too. How well does this work if the MS users connecting to samba sign in to their PCs with MS accounts instead of local user accounts? Basically, does it work properly with email addresses for usernames? I don't use MS accounts personally and have never tried to connect to a samba share that way.

            Where I work now, we're moving to LANless at full speed, and SDP in the meantime and where LANless is more challenging.

            DashrenderD 1 Reply Last reply Reply Quote 2
            • DashrenderD
              Dashrender @Obsolesce
              last edited by

              @Obsolesce said in AzureAD and shares:

              @brandon220 said in AzureAD and shares:

              I know @Obsolesce uses samba too. How well does this work if the MS users connecting to samba sign in to their PCs with MS accounts instead of local user accounts? Basically, does it work properly with email addresses for usernames? I don't use MS accounts personally and have never tried to connect to a samba share that way.

              Where I work now, we're moving to LANless at full speed, and SDP in the meantime and where LANless is more challenging.

              SDP?
              What is your proposed or already decided solution for normal file storage? (word, etc, type files)

              ObsolesceO 2 Replies Last reply Reply Quote 0
              • ObsolesceO
                Obsolesce @Dashrender
                last edited by

                @Dashrender said in AzureAD and shares:

                SDP?

                Software Defined Perimeter.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Dashrender
                  last edited by

                  @Dashrender said in AzureAD and shares:

                  Because those who are paying for those audits simply don't know any better

                  Of course they do, they have IT to advise them. That's why IT's job is to do, and it is managment's job to understand that IT is their rep, and the auditors are the vendor's reps. There is never, ever, ever a situation where management isn't mandated and tasked with understanding who is on their team and who they need to be protected from. If you didn't need that, you'd not even need management!

                  DashrenderD 1 Reply Last reply Reply Quote 0
                  • scottalanmillerS
                    scottalanmiller @Dashrender
                    last edited by

                    @Dashrender said in AzureAD and shares:

                    @scottalanmiller said in AzureAD and shares:

                    @brandon220 said in AzureAD and shares:

                    @scottalanmiller said in AzureAD and shares:

                    @brandon220 said in AzureAD and shares:

                    The more OSS you have, the lower your score will be.

                    Then it's an anti-audit. I mean it's that easy. If they are specifically penalizing security, that literally makes these guys social engineers / hackers. Instantly, you have a requirement to ban them from the company. Financial regulations actually makes that criminal.

                    Not to derail this thread, but I deal with this every year. These auditors come in and HAVE to find something "wrong" even though what they find are not actual problems. It just justifies the money spent for the audit. I know there are others on here who deal with these auditors. They know exactly how bad it is.

                    Right, so you have a criminal activity going on for personal gain. The bank needs to understand that the auditors are being paid to put them at risk, because that's how they get compensated. Doesn't change that it's illegal.

                    This is clearly totally the wrong mind set for both the auditors and the audited. If anything both should be hoping that they don't find anything.

                    Auditors do what they are paid to do. If they are paid only to scam people, they will scam them. Only those being audited forcing that to happen can be at fault in a free market.

                    DashrenderD 1 Reply Last reply Reply Quote 0
                    • DashrenderD
                      Dashrender @scottalanmiller
                      last edited by

                      @scottalanmiller said in AzureAD and shares:

                      @Dashrender said in AzureAD and shares:

                      Because those who are paying for those audits simply don't know any better

                      Of course they do, they have IT to advise them. That's why IT's job is to do, and it is managment's job to understand that IT is their rep, and the auditors are the vendor's reps. There is never, ever, ever a situation where management isn't mandated and tasked with understanding who is on their team and who they need to be protected from. If you didn't need that, you'd not even need management!

                      Sure - that's the way it's "supposed" to work. Sadly - as I already said - once you're an employee - your opinion basically never means anything anymore.

                      1 Reply Last reply Reply Quote 0
                      • DashrenderD
                        Dashrender @scottalanmiller
                        last edited by

                        @scottalanmiller said in AzureAD and shares:

                        @Dashrender said in AzureAD and shares:

                        @scottalanmiller said in AzureAD and shares:

                        @brandon220 said in AzureAD and shares:

                        @scottalanmiller said in AzureAD and shares:

                        @brandon220 said in AzureAD and shares:

                        The more OSS you have, the lower your score will be.

                        Then it's an anti-audit. I mean it's that easy. If they are specifically penalizing security, that literally makes these guys social engineers / hackers. Instantly, you have a requirement to ban them from the company. Financial regulations actually makes that criminal.

                        Not to derail this thread, but I deal with this every year. These auditors come in and HAVE to find something "wrong" even though what they find are not actual problems. It just justifies the money spent for the audit. I know there are others on here who deal with these auditors. They know exactly how bad it is.

                        Right, so you have a criminal activity going on for personal gain. The bank needs to understand that the auditors are being paid to put them at risk, because that's how they get compensated. Doesn't change that it's illegal.

                        This is clearly totally the wrong mind set for both the auditors and the audited. If anything both should be hoping that they don't find anything.

                        Auditors do what they are paid to do. If they are paid only to scam people, they will scam them. Only those being audited forcing that to happen can be at fault in a free market.

                        We don't have a free market - not when you are required to have audits, and often required to have audits by a special list of auditors.

                        scottalanmillerS 1 Reply Last reply Reply Quote 0
                        • brandon220B
                          brandon220 @Dashrender
                          last edited by

                          @Dashrender said in AzureAD and shares:

                          @brandon220 said in AzureAD and shares:

                          My best option IMO is to spin up 3 new VMs - 2 AD/DNS and 1 file server.

                          Where are you planning on hosting this? I have to assume you don't mean to buy two servers, and setup AD/DNS on each of them, plus then setup a file server on one of them as well? That would be hardware overkill for something like this.
                          So assuming you did go with a single server - then you're down to two VMs - 1 AD/DNS and 1 file server.

                          Another option would be 1 NAS, and simply map it to everyone's computer.

                          You mentioned managing local user accounts - do users move around and use other people's computers? or are they mainly only on their own? If they are mostly single use, a NAS is likely the best option. You'll build the users on the NAS and be done with it.

                          Nothing has to be purchased as there are 2 Hyper-V hosts running and are less than 6 months old.
                          Users only use 1 machine each. No roaming.

                          DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                          • DashrenderD
                            Dashrender @brandon220
                            last edited by

                            @brandon220 said in AzureAD and shares:

                            @Dashrender said in AzureAD and shares:

                            @brandon220 said in AzureAD and shares:

                            My best option IMO is to spin up 3 new VMs - 2 AD/DNS and 1 file server.

                            Where are you planning on hosting this? I have to assume you don't mean to buy two servers, and setup AD/DNS on each of them, plus then setup a file server on one of them as well? That would be hardware overkill for something like this.
                            So assuming you did go with a single server - then you're down to two VMs - 1 AD/DNS and 1 file server.

                            Another option would be 1 NAS, and simply map it to everyone's computer.

                            You mentioned managing local user accounts - do users move around and use other people's computers? or are they mainly only on their own? If they are mostly single use, a NAS is likely the best option. You'll build the users on the NAS and be done with it.

                            Nothing has to be purchased as there are 2 Hyper-V hosts running and are less than 6 months old.
                            Users only use 1 machine each. No roaming.

                            wow - they have two servers already? what are they doing? what is on them workload wise?

                            brandon220B 1 Reply Last reply Reply Quote 0
                            • ObsolesceO
                              Obsolesce @Dashrender
                              last edited by

                              @Dashrender said in AzureAD and shares:

                              What is your proposed or already decided solution for normal file storage? (word, etc, type files)

                              I know Google Drive is heavily pushed.

                              1 Reply Last reply Reply Quote 0
                              • scottalanmillerS
                                scottalanmiller @Dashrender
                                last edited by

                                @Dashrender said in AzureAD and shares:

                                @scottalanmiller said in AzureAD and shares:

                                @Dashrender said in AzureAD and shares:

                                @scottalanmiller said in AzureAD and shares:

                                @brandon220 said in AzureAD and shares:

                                @scottalanmiller said in AzureAD and shares:

                                @brandon220 said in AzureAD and shares:

                                The more OSS you have, the lower your score will be.

                                Then it's an anti-audit. I mean it's that easy. If they are specifically penalizing security, that literally makes these guys social engineers / hackers. Instantly, you have a requirement to ban them from the company. Financial regulations actually makes that criminal.

                                Not to derail this thread, but I deal with this every year. These auditors come in and HAVE to find something "wrong" even though what they find are not actual problems. It just justifies the money spent for the audit. I know there are others on here who deal with these auditors. They know exactly how bad it is.

                                Right, so you have a criminal activity going on for personal gain. The bank needs to understand that the auditors are being paid to put them at risk, because that's how they get compensated. Doesn't change that it's illegal.

                                This is clearly totally the wrong mind set for both the auditors and the audited. If anything both should be hoping that they don't find anything.

                                Auditors do what they are paid to do. If they are paid only to scam people, they will scam them. Only those being audited forcing that to happen can be at fault in a free market.

                                We don't have a free market - not when you are required to have audits, and often required to have audits by a special list of auditors.

                                It's a free market here given the case of the auditor selling a fake issue to convince them that it is valuable . That doesn't exist when required.

                                1 Reply Last reply Reply Quote 0
                                • scottalanmillerS
                                  scottalanmiller @brandon220
                                  last edited by

                                  @brandon220 said in AzureAD and shares:

                                  @Dashrender said in AzureAD and shares:

                                  @brandon220 said in AzureAD and shares:

                                  My best option IMO is to spin up 3 new VMs - 2 AD/DNS and 1 file server.

                                  Where are you planning on hosting this? I have to assume you don't mean to buy two servers, and setup AD/DNS on each of them, plus then setup a file server on one of them as well? That would be hardware overkill for something like this.
                                  So assuming you did go with a single server - then you're down to two VMs - 1 AD/DNS and 1 file server.

                                  Another option would be 1 NAS, and simply map it to everyone's computer.

                                  You mentioned managing local user accounts - do users move around and use other people's computers? or are they mainly only on their own? If they are mostly single use, a NAS is likely the best option. You'll build the users on the NAS and be done with it.

                                  Nothing has to be purchased as there are 2 Hyper-V hosts running and are less than 6 months old.
                                  Users only use 1 machine each. No roaming.

                                  Why? And they have spare Windows licensing, too?

                                  1 Reply Last reply Reply Quote 0
                                  • brandon220B
                                    brandon220 @Dashrender
                                    last edited by

                                    @Dashrender One has 2 Server 2019 VMs running databases and the other has 3 Fedora30 VMs.

                                    DashrenderD scottalanmillerS 2 Replies Last reply Reply Quote 0
                                    • DashrenderD
                                      Dashrender @brandon220
                                      last edited by

                                      @brandon220 said in AzureAD and shares:

                                      @Dashrender One has 2 Server 2019 VMs running databases and the other has 3 Fedora30 VMs.

                                      Do you know why they have two servers instead of one?

                                      brandon220B 1 Reply Last reply Reply Quote 0
                                      • scottalanmillerS
                                        scottalanmiller @brandon220
                                        last edited by

                                        @brandon220 said in AzureAD and shares:

                                        @Dashrender One has 2 Server 2019 VMs running databases and the other has 3 Fedora30 VMs.

                                        So likely they still need a lot of licensing for AD.

                                        1 Reply Last reply Reply Quote 0
                                        • brandon220B
                                          brandon220 @Dashrender
                                          last edited by

                                          @Dashrender The original was intended to just run databases and did not have enough horsepower to run the other applications. A second was purchased and the plan is to migrate everything to it.

                                          1 Reply Last reply Reply Quote 0
                                          • scottalanmillerS
                                            scottalanmiller
                                            last edited by

                                            AD + SMB.... it's like designing for ransomware.

                                            ObsolesceO 1 Reply Last reply Reply Quote 0
                                            • 1
                                            • 2
                                            • 3
                                            • 4
                                            • 5
                                            • 6
                                            • 7
                                            • 4 / 7
                                            • First post
                                              Last post