2FA ought to be a part of this consideration.
Posts made by PhlipElder
-
RE: Ms licensing for a windows jump server
-
RE: Ms licensing for a windows jump server
@scottalanmiller There are "ways" to make a RDS setup work without AD. They are not officially supported but can be done.
For a Jump box set up an isolated Private virtual network that both the DC and the RDS Broker/Gateway/Web and Session Host sit on.
Use a *NIX freebie edge VM with two NICs with a VLAN structure set up to allow communication from the outside (I suspect this is needed?).
Cloud/Internet HTTPS --> Production Edge --> VLAN to *NIX Edge vNIC ---> Edge --> Gateway subnet vNIC --> RD Broker/Gateway/Web --> Session Host --> Jump endpoint.
-
RE: What would you suggest for a Windows tablet?
I use my gifted from Dad Surface 3 (original) with Intel Atom for most carry-about duties. It works quite well for remote support when required, but is my main input device as I prefer to write in OneNote and keep track of everything in there as well. Writing, for me, is the best way to help with memory retention.
The new Surface Go is pretty much the same thing and has enough umph to do what you require.
I prefer to stick with a Windows device for all around ecosystem integration.
-
RE: Make a Bootable Windows 10 USB Installer from Fedora Linux
This is what a Rufus formatted USB flash drive looks like:
We have a fair number of different high speed and ultra-high speed flash drives we use for OS loading. Since using Rufus to set up the uEFI ones we do not have anymore issues especially with servers where things can get finicky.
-
RE: Make a Bootable Windows 10 USB Installer from Fedora Linux
@scottalanmiller We use RUFUS by default to set things up as uEFI has a specific set of requirements for two partitions.
FAT32 will generally not work anymore as there is a 4GB file size restriction.
-
RE: Windows Server - AppCmd crashing
Are all RDS (Broker/Gateway/Web/Session Host) set up on the same server?
If that is the case, make sure Broker/Gateway/Web are set up correctly and have the correct permissions set for the deployment and for the collection(s).
Obvious, but make sure the host is up to date.
Where is the RD License server? Has it been set up and activated correctly and is the Session Host working with it without error?
-
RE: Centralized password manager
@black3dynamite said in Centralized password manager:
If you want to stick with keepass, KeeWeb is a good option.
https://keeweb.info/
https://github.com/keeweb/keewebSelf-hosted web-based password manager is possible.
https://github.com/keeweb/keeweb#self-hostingSuweet. Thanks for that one.
-
RE: Centralized password manager
@ambarishrh We use KeePass and MiniKeePass on iDevices.
Database works well on SharePoint/SP4B/OneDrive or other shared storage.
We back up to off-site and cloud.
-
RE: Folder Redirection - Roaming Profiles
Roaming Profiles can be a real bear to manage and when they break they break hard.
We've been using Redirected Folders since the 2000/2003 days. We redirect My Docs and subfolders, Desktop, Links (Favourites/Quick Access links in File Explorer), IE Favourites, and that's it.
Redirecting AppData can be a bad thing. There's certificate and security service content in there that tends to not like being redirected.
Some pearls and caveats involved with Redirected Folders:
1: If user content needs to be redirected back to their machines logon times can be very long especially if they have a lot of content.
2: If a new server destination is set logon times can also be very long as files/content get transferred to the new destination.
3: Destination permissions need to be set as per Microsoft's KB to allow for traverse but exclusive to user access.
4: Be mindful of user OU structure and Redirected Folder destinations relative to Sites especially WAN based sites.
5: If exclusive access is set in the GPO then don't mess with the permissions on the user's home folder (they get created automagically).
6: In cases where the destination server's name is different use the Disable Strict Naming setting in Group Policy to allow DNS to point to the new location and just connect the old file server VM's VHDX/VMDK and share it. Note that the new destination will need to have a new share name.
7: Make sure to use File Resource Manager to set quotas and file type filters and have e-mail set up to warn the user and the admin(s).
8: Offline Files should be set via Group Policy with file types such as .PST, .QBxx, and other active content excluded from redirection.
9: Limit the Offline Files cache size based on the smallest storage being delivered to users or GPO/OU delimit the size for different groups.
10: Redirected Folders and the GPO settings tend to tattoo so keep this in mind.
11: We use GPPreferences to create a set of folders on the C : drive: C:\ClientData\AppName\SubFolders <-- Users are trained to put their active data such as archive PSTs, QB, Sage, ETC data there.Long story short, there would be a lot less grief with Redirected Folders.
EDIT:
12: Enable Access-based Enumeration on the root share (we do this for all shares)Some posts that have aged well:
http://blog.mpecsinc.ca/2009/06/sbs-2003-to-sbs-2008-migrations-folder.html
Root folders permissions setup:
http://blog.mpecsinc.ca/2010/12/sbs-2008-and-sbs-2011-folder.html
Microsoft's official doc:
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj649078(v%3Dws.11) -
RE: HyperVServer Build
@obsolesce said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
Note that since the guest VMs are Windows based, the Windows Server Standard license covers installing the host OS in Desktop Experience Mode using the Server Standard installer files and activating with the supplied key that came with the license.
It does not work like that.
Please clarify?
There is no desktop experience in Hyper-V. This is basic Hyper-V 101 knowledge here.
To clarify:
Note, that since the guest VMs are Windows based, the licensed and installer files purchased to run those VMs can be used to install the host OS in Desktop Experience Mode and activate using the supplied key.
/sigh
FFS No. this is not how anything works.
The OP is installing Hyper-V Server, as he should. Not Windows Server.
Take a deep breath.
I am suggesting that the OP instead use the OS installer files that came with the purchased license(s) to avoid the expressed frustration with the non-GUI Hyper-V Server.
That better?
Having a GUI for no reason at all will not solve any of the OP's issues that are going on...
Having a GUI avoids the need to delve into PowerShell and CLI to set up a server for the first time. Or, at least trial and error the commands and see the results directly in the managers.
And, if the OP needs this box to go into production shortly, avoids the possibility of unknowingly having something misconfigured.
I'm pulling out. Have a great weekend everyone.
-
RE: HyperVServer Build
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
I believe that I've made myself clear in the follow-ups.
You did, but only because I responded to your misleading post.
Dude, give a guy a break. Jimney Cricket.
-
RE: HyperVServer Build
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
Note that since the guest VMs are Windows based, the Windows Server Standard license covers installing the host OS in Desktop Experience Mode using the Server Standard installer files and activating with the supplied key that came with the license.
It does not work like that.
Please clarify?
There is no desktop experience in Hyper-V. This is basic Hyper-V 101 knowledge here.
To clarify:
Note, that since the guest VMs are Windows based, the licensed and installer files purchased to run those VMs can be used to install the host OS in Desktop Experience Mode and activate using the supplied key.
/sigh
FFS No. this is not how anything works.
The OP is installing Hyper-V Server, as he should. Not Windows Server.
Take a deep breath.
I am suggesting that the OP instead use the OS installer files that came with the purchased license(s) to avoid the expressed frustration with the non-GUI Hyper-V Server.
That better?
No, actually, because you were not suggesting that.
You never recommended that the OP wipe his install completely and then install a Windows Server instead of Hyper-V Server.
You incorrectly spewed misleading information.
Additionally, there are nearing on absolute zero situations where anyone should ever install Windows Server on the hardware.
That's a whole lot of "you" statements. I believe that I've made myself clear in the follow-ups.
Yes, I made a few assumptions there as tends to happen thus the need for clarification.
With a USB flash drive it takes all of 15 minutes to re-install the OS.
And, we install Windows Server on bare hardware a lot here as that's what we do for a living.
Please, feel free to express whatever opinion but keep things professional otherwise what's the point?
-
RE: HyperVServer Build
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
Note that since the guest VMs are Windows based, the Windows Server Standard license covers installing the host OS in Desktop Experience Mode using the Server Standard installer files and activating with the supplied key that came with the license.
It does not work like that.
Please clarify?
There is no desktop experience in Hyper-V. This is basic Hyper-V 101 knowledge here.
To clarify:
Note, that since the guest VMs are Windows based, the licensed and installer files purchased to run those VMs can be used to install the host OS in Desktop Experience Mode and activate using the supplied key.
/sigh
FFS No. this is not how anything works.
The OP is installing Hyper-V Server, as he should. Not Windows Server.
Take a deep breath.
I am suggesting that the OP instead use the OS installer files that came with the purchased license(s) to avoid the expressed frustration with the non-GUI Hyper-V Server.
That better?
-
RE: HyperVServer Build
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
Note that since the guest VMs are Windows based, the Windows Server Standard license covers installing the host OS in Desktop Experience Mode using the Server Standard installer files and activating with the supplied key that came with the license.
It does not work like that.
Please clarify?
There is no desktop experience in Hyper-V. This is basic Hyper-V 101 knowledge here.
To clarify:
Note, that since the guest VMs are Windows based, the license and installer files purchased to run those VMs can be used to install the host OS in Desktop Experience Mode and activate using the supplied key.
-
RE: HyperVServer Build
@jaredbusch said in HyperVServer Build:
@phlipelder said in HyperVServer Build:
Note that since the guest VMs are Windows based, the Windows Server Standard license covers installing the host OS in Desktop Experience Mode using the Server Standard installer files and activating with the supplied key that came with the license.
It does not work like that.
Please clarify?
-
RE: HyperVServer Build
Please have a look at these:
http://www.mpecsinc.com/powershell-guide-standalone-hyper-v-server/http://www.mpecsinc.com/powershell-guide-new-vm-powershell/
The first is a complete set of PowerShell and CommandLine to run on the newly installed Hyper-V Server OS.
The second is the PowerShell to use to set up a VM.
The simplest thing to do is set up the second partition on the host, create a folder called ISOs, copy the necessary ISO files into that folder, and tweak the above PowerShell to point to that location.
Note that since the guest VMs are Windows based, the Windows Server Standard license covers installing the host OS in Desktop Experience Mode using the Server Standard installer files and activating with the supplied key that came with the license.
-
RE: Oops... StorageCraft site down
Activation and Partners are still offline. Must be bad.
-
RE: Default printer Webex on Remote Desktop Session
I gather that the terminal client MSTSC has local resources unchecked?
Are the printers set up on the Session Host(s) that the users would be using? Are they allowed to choose the default printer via Devices & Printers (Control Panel) or are they not able to get into any Control Panel applets?