Posts made by flaxking

Forget about Zentyal, it was bad back when I tried it (interface so buggy). Just using straight Samba isn't that bad, and it might be easier to follow the documentation to plan out what you want.

You might have to use samba-tool anyway to do what you want with Nethserver. I haven't used Nethserver, but I've looked into it, and that is the direction I would point you too if you want a GUI.

I would say Nethserver is like Windows Server, there's prepackaged roles that you can install, but you only install the roles you require for the purpose you've given the server.

Just in case it isn't a time issue...
Is this the only DC in the forest? As in, you're not accidentally using an unsupported schema are you?

https://www.technibble.com/forums/

It's more focussed towards IT business owners, (though most businesses there aren't running huge operations, a lot of one-man shows) and they'll boot anyone who isn't at least a tech. It's a pretty close knit community, with people often going the extra mile to help a fellow member out.

I'd say it's a very different community than Spiceworks. Expertise level is lower in some areas, but in other areas there some very different discussions going on. It can be a refreshing breaking from all the reoccurring posts about the same thing happening over and over that you see on Spiceworks. A decent amount of data recovery experts on there too that are always willing to give some good insight.

@mike-davis said in Local Admin PW:

I keep hearing people mention Salt. Is anyone using this in their environment to manage Windows machines? I was trying to get an idea of how much work it would be to deploy it to just do the local user password change task, and came across this in regards to installing the client on the minion:

CREATE THE UNPRIVILEGED USER THAT THE SALT MINION WILL RUN AS

Click Start > Control Panel > User Accounts.
Click Add or remove user accounts.
Click Create new account.
Enter salt-user (or a name of your preference) in the New account name field.
Select the Standard user radio button.
Click the Create Account button.
Click on the newly created user account.
Click the Create a password link.
In the New password and Confirm new password fields, provide a password (e.g "SuperSecretMinionPassword4Me!").
In the Type a password hint field, provide appropriate text (e.g. "My Salt Password").
Click the Create password button.
Close the Change an Account window.
ADD THE NEW USER TO THE ACCESS CONTROL LIST FOR THE SALT FOLDER

In a File Explorer window, browse to the path where Salt is installed (the default path is C:\Salt).
Right-click on the Salt folder and select Properties.
Click on the Security tab.
Click the Edit button.
Click the Add button.
Type the name of your designated Salt user and click the OK button.
Check the box to Allow the Modify permission.
Click the OK button.
Click the OK button to close the Salt Properties window.
UPDATE THE WINDOWS SERVICE USER FOR THE SALT-MINION SERVICE

Click Start > Administrative Tools > Services.
In the Services list, right-click on salt-minion and select Properties.
Click the Log On tab.
Click the This account radio button.
Provide the account credentials created in section A.
Click the OK button.
Click the OK button to the prompt confirming that the user has been granted the Log On As A Service right.
Click the OK button to the prompt confirming that The new logon name will not take effect until you stop and restart the service.
Right-Click on salt-minion and select Stop.
Right-Click on salt-minion and select Start.

That's a whole lot of manual stuff on each machine just to get the client installed. Am I reading that right or is there an easier way?

I use Salt to manage Windows workstations.
That's just if you don't want it to run as the 'root' user, which I've never had an any incentive to change.

Run the bootstrap script on your Salt master. point 'salt' in your DNS to the Salt master and install it on your workstations via the Windows installer, and then you have Salt operational. However, I would suggest alternatively specifying a public DNS name that you can control in order to future proof for when you're ready to move outside your LAN. However, you could just use Salt to change that too!

Of course you have to go deeper down the rabbit hole to get a 'nice' setup.

@scottalanmiller said in Local Admin PW:

@jmoore said in Local Admin PW:

@dafyre My boss told me that microsoft took away the ability to change the passwords via gpo because of some issue where they were being sent in plain text. I have no way to verify but thats what he told me

But he also told you that it was still happening. Can't be both.

Are you sure it can't be? My guess is that whatever update removes this ability might not remove an existing GPO with it already setup (in which case there probably is a hacky way to change the password). Or maybe his boss just thinks it is still happening, I couldn't really tell you.

@irj said in Resume Critique:

How many resumes should you have? Do you have 3 or 4 different offshoots depending on what position you are applying for?

This is a good question that I'd also like to hear other's thoughts on. I've seen resumes that made me think "Did you apply for the right job", and so I've always tailored my resume to each job I've applied for. However, recently I applied for a job with a tailored resume for the job, and then after my first interview they started getting ideas about other things they could use me for and my second interview was mostly just answering questions that would have been answered by my resumed if I hadn't tailored it as much.

My currently thinking is to make sure your resume is relevant to the field of the job you are applying for, and only do minor tweaks.

@tim_g said in Resume Critique:

@flaxking said in Resume Critique:

I'm also not a big fan of the home lab section. If you run your home network like a business using these technologies day to day, that I'm interested in. If you followed a walkthrough and installed something, I don't care. Show me that your home lab is actually doing something.

Home lab shows experience, interest, and willingness to learn... among other things. I'd rather hire someone who does this stuff in his free time to learn and gain experience than someone who doesn't have it at all.

The home lab isn't meant to run your home network. It's meant for learning, gaining experience, and fun. And if someone is running their home network like a business, more to them!

I don't fundamentally have a problem with it being on there, it just doesn't tell me enough with the information provided. What was actually done with it?

Listing all the IT books you've read and training resources you've used would show me initiative as well, but what I'm most interested in is what you've actually used in production, so if you can show me you actually USED something long term in your home lab, that's much more interesting.

Maybe even if the home lab section was showing me the home lab stack rather than something that I could interpret as "I did this once in my home lab"

@tim_g said in Resume Critique:

@flaxking said in Resume Critique:

This resume still leaves me with a lot of questions. What size is this company? Multi-locations, are you sole IT staff? What are your responsibilities? I would also like to see more information on what you are using group policy for, 'implementing group policy' just only tells me you have seen what a GPO looks like.

Also, all your skills should come back into play in your projects. Your skills list tells me what you have used, but your projects shows me how much experience you have with them.

This sounds like questions for the interview, not to be put in a novel in an attempt to get an interview. I don't think the person hiring has the time to read through all that when sifting through resume after resume.

It's not meant for the first sift through. The thing is that the person hiring has even less time to arrange interviews and ask all these questions, so if you don't answer questions in the resume, they are going to make assumptions based on every little thing you write.

This resume still leaves me with a lot of questions. What size is this company? Multi-locations, are you sole IT staff? What are your responsibilities? I would also like to see more information on what you are using group policy for, 'implementing group policy' just only tells me you have seen what a GPO looks like.

Also, all your skills should come back into play in your projects. Your skills list tells me what you have used, but your projects shows me how much experience you have with them.

I'm also not a big fan of the home lab section. If you run your home network like a business using these technologies day to day, that I'm interested in. If you followed a walkthrough and installed something, I don't care. Show me that your home lab is actually doing something.

I also would be reluctant to install RSAT, it just seems like a lot of extra baggage for the task at hand

Check out @dafyre 's link

This might be another option too
https://gallery.technet.microsoft.com/scriptcenter/Using-SystemDirectoryServic-0adf7ef5

@travisdh1 said in LANLess explained.:

@dashrender said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

That's not the way of the world anymore.
Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

Give me an example of your achieved via open source tools solution, please.

I not 100% sure we are talking about the same thing, but here it goes.

I'm almost done creating a Salt collection (I should turn it into a Salt Formula) that uses Syncthing to Sync folders like Desktop, Documents, etc to a Syncthing 'master' server (essentially replacing Folder Redirection). Therefore whenever one of my user logs on to a workstation that I manage with Salt, their files will get synced without needing to be on the same LAN, just internet connection required.

It might be possible to do something similar using the Google Drive API

This sounds good, but is it tenable for someone with many gigs on their desktop? If we discount laptop/mobile users for the moment, the idea of working off cloud only stuff, i.e. no local sync, there's no syncing required at all.

Offline access is the sticking point in this.

If you have policies in place that prevent huge amounts of data/files from needing to be synced, then the above mentioned syncing solution might be doable for regular users, but in the wild west of people having huge amounts of things to be synced, especially to a new machine, that's a super slow logon process.

You're missing the point that the data and apps live on the servers, and not on the local workstation. Syncing to the workstation actively inhibits use.

No, I was replying to @flaxking desire to have files synced all over the place, regardless of what machine he's on.

I agree with you, @travisdh1 that having no data local removes these issues. Some things just don't work that way. I.E. CAD, sure you can have VDI CAD solutions, perhaps even RDS CAD solutions. So unless you're offloading those apps to the remote access, you're still going to need local data access for those type of things. But even in the cases where you do offload them, you still haven't abstracted the data storage like you have with O365 and online Word. But then again, neither did @flaxking solution.

Don't get me started on old/bad CAD software! I can do 95% of everything the expensive CAD packages do at www.tinkercad.com! Now that's off my chest...

Yes, CAD/CAM/FEA applications do make things more difficult. Just think about what hosting your CAD applications on an on-demand cloud instance would do for the end users. Of course it's always more expensive to do anything with CAD, but that's an issue no matter where it's being run. Think of something like XenApp that publishes a specific application and also spins up/down Amazon EC2 GPU platforms as needed. Very complicated to get setup initially, but you can't tell me it wouldn't be a better experience for the end user.

There are some things no amount of IT magic can fix without degraded user experience. I have tested out amazon appstream 2.0 and wasn't impressed. Sometimes you just have to design your solution with how the application was intended to be used a the front of your mind. Application developers have to be on board with LANless applications, IT can't do it all.

@travisdh1 said in LANLess explained.:

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

That's not the way of the world anymore.
Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

Give me an example of your achieved via open source tools solution, please.

I not 100% sure we are talking about the same thing, but here it goes.

I'm almost done creating a Salt collection (I should turn it into a Salt Formula) that uses Syncthing to Sync folders like Desktop, Documents, etc to a Syncthing 'master' server (essentially replacing Folder Redirection). Therefore whenever one of my user logs on to a workstation that I manage with Salt, their files will get synced without needing to be on the same LAN, just internet connection required.

It might be possible to do something similar using the Google Drive API

This sounds good, but is it tenable for someone with many gigs on their desktop? If we discount laptop/mobile users for the moment, the idea of working off cloud only stuff, i.e. no local sync, there's no syncing required at all.

Offline access is the sticking point in this.

If you have policies in place that prevent huge amounts of data/files from needing to be synced, then the above mentioned syncing solution might be doable for regular users, but in the wild west of people having huge amounts of things to be synced, especially to a new machine, that's a super slow logon process.

You're missing the point that the data and apps live on the servers, and not on the local workstation. Syncing to the workstation actively inhibits use.

LANless design should ideally be done under the a DevOps mindset, which in this situation means that you shouldn't be doing something counter-intuitive to users even if it is 'the best way' for IT to do it.

@Dashrender has a good example with CAD. We are still limited by programs that meet business needs, and business needs come first. We can now easily manage workstations, so that should not be an excuse to invest in expensive infrastructure that we say is 'easy for IT' but less intuitive for users.

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

That's not the way of the world anymore.
Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

Give me an example of your achieved via open source tools solution, please.

I not 100% sure we are talking about the same thing, but here it goes.

I'm almost done creating a Salt collection (I should turn it into a Salt Formula) that uses Syncthing to Sync folders like Desktop, Documents, etc to a Syncthing 'master' server (essentially replacing Folder Redirection). Therefore whenever one of my user logs on to a workstation that I manage with Salt, their files will get synced without needing to be on the same LAN, just internet connection required.

It might be possible to do something similar using the Google Drive API

This sounds good, but is it tenable for someone with many gigs on their desktop? If we discount laptop/mobile users for the moment, the idea of working off cloud only stuff, i.e. no local sync, there's no syncing required at all.

Offline access is the sticking point in this.

If you have policies in place that prevent huge amounts of data/files from needing to be synced, then the above mentioned syncing solution might be doable for regular users, but in the wild west of people having huge amounts of things to be synced, especially to a new machine, that's a super slow logon process.

It syncs in the background, I make it priority for my workstations not to have login wait times. But yes there are limitations to it, and it also can pale in comparison these days to things like file stream. I'm implementing it to replace Folder Redirection (which I hate) and it's mostly just a fancy backup for random user files. My users also don't switch workstations unless they have to. Like I said, it's a stop-gap measure while we still expose users to the OS file system. My goal is to make things as intuitive as possible for my users.

@travisdh1 said in LANLess explained.:

@dashrender said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

The idea would be to move to G Suite entirely, including file storage with Google Drive. No need for AD, and all credentials managed through admin.google.com

That just leaves managing the Windows machines, assuming they aren't BOYD.

Who needs to manage them at that point? Besides making sure updates are downloaded and installed normally, and that they have the latest OS. Those are both automatic and free (currently, subject to change.)

LANless doesn't mean leaving users to their own means on company workstations. With something like Salt, it should be easier to manage them than ever. A lot of the time, users are left to report issues with their workstation that could be fixed with routine maintenance (clearing browser cache, etc.), or that could be detected earlier (i.e. running smartmontools to report if there are bad sectors in the hard drive). Before it might have seemed like a daunting task, but with today's tools that is what a modern desktop admin should be doing. Workstations are just servers that serve one person.

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

That's not the way of the world anymore.
Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

Give me an example of your achieved via open source tools solution, please.

I not 100% sure we are talking about the same thing, but here it goes.

I'm almost done creating a Salt collection (I should turn it into a Salt Formula) that uses Syncthing to Sync folders like Desktop, Documents, etc to a Syncthing 'master' server (essentially replacing Folder Redirection). Therefore whenever one of my user logs on to a workstation that I manage with Salt, their files will get synced without needing to be on the same LAN, just internet connection required.

It might be possible to do something similar using the Google Drive API

@dashrender said in LANLess explained.:

@flaxking said in LANLess explained.:

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

That's not the way of the world anymore.
Heck MS tried to bring that back (at least in mobile with their HUBS idea - but we all know where that is now). Each vendor wants it's own branding front and center.

It is achievable with open source tools, but it's kind of a stop-gap thing while we are still exposing users to the OS filesystem

@romo said in LANLess explained.:

@flaxking said in LANLess explained.:

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

You can try setting up G Suite Password Sync (GSPS) to get your AD passwords insync with their GSuite account

Yes, but there is still a disconnect even if the password is the same. I sign and access the files I need vs I sign in and access the files I need and also need to sign into Google file sync/stream. An optimum user abstraction would make it seem to the user that there is only one 'place' where their files are and they don't have to think about it.

@travisdh1 said in LANLess explained.:

@flaxking said in LANLess explained.:

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)

We actually have GSuite at my part-time position right now, I just need to get people to actually USE IT. Yep.

Good luck with that. We have GSuite at my job too, but there's no incentive to fully use it. There's a disconnect between their regular AD login and their GSuite account, and so it doesn't make sense for users to start using this service that seems separated from everything else, and there doesn't seem to be any way to script Google Drive. It makes sense with Chromebooks, since everything gets linked together, and it would make sense with BYOD since your Google account is "how you get in" to the company resources. So unless company culture and structure changes (i.e. get rid of SMB access to the fileserver) there's no good way to ease them into it.

At with Office 365, from what I hear, you can do SSO with Onedrive and then do redirected folders into the Onedrive folder. Currently I'm working on coming up with a solution using Syncthing.

Don't forget tools to manage the workstations. In a LANLess design, you can treat the workstations like they're on a public network and crank the firewall up, and that means you don't rely on the LAN to manage/access workstations.

I'd say you're most of the way there with just Office 365 or GSuite only if you've gone all the way in (which for GSuite requires Chromebooks unless you're all BYOD)