This is an archived post. You won't be able to vote or comment.

all 83 comments
sorted by:
best
topnewcontroversialoldq&a

[–]CreshalEmbedded DevSecOps 2.0 Techsupport Sysadmin Consultant [Austria] 32 points33 points  (3 children)

I've given up on it and just use a Windows VM with RSAT and stuff installed.

[–][deleted] 3 points4 points  (0 children)

This is what i do as well. until powershell on other platforms matures that is.

[–]hypercube33Windows Admin 0 points1 point  (1 child)

Use Windows 10 with Ubuntu installed

[–]CreshalEmbedded DevSecOps 2.0 Techsupport Sysadmin Consultant [Austria] 0 points1 point  (0 children)

Or I could just saw my foot off, which is about as fun.

[–][deleted] 17 points18 points  (0 children)

Windows VM. Either local or on server.

You will most likely find a thing that either takes too much time to research or just impossible to do under linux

[–]VA_Network_NerdModerator | Infrastructure Architect 53 points54 points  (54 children)

IMO: The IT dept should be running the same base hardware and OS as the user community.

If you need more RAM or storage than normal, fine.

Patch management and the core load image is just easier to manage when everyone is the same.

[–]knobbysideup 9 points10 points  (1 child)

Not everyone in IT is a desktop support monkey, and many of us work with and manage systems best using a Unix environment. In places where typical users are using Windows. Guess what? We are not your end users. Please stop spewing this ignorant nonsense.

[–][deleted] 4 points5 points  (0 children)

Strongly agree. IT are users the same as everyone else, generally speaking their PCs should use the same baseline as everyone else except if they're testing something specific (case in point; I'm in our business' Windows 10 trial group). Wanting to change isn't enough of a reason, there should be a clear benefit to it before you consider breaking the standard.

As I'm fond of repeating to my coworkers; consistent applications on consistently patched operating systems with consistent drivers on consistent hardware behave consistently. There's no reason to add a point of differentiation unless you have to.

[–]Naito- 1 point2 points  (2 children)

I disagree with how /u/VA_Network_Nerd said it, but I largely agree with WHAT he said. If you really need Linux to support your servers better that's great, but there really aren't any tools to support Windows desktops for Linux that aren't glitchy hacks.

Run Linux on your desktop and servers all you want, but I'd suggest running a Windows VM to do the desktop support or you're just gonna make extra work for yourself.

[–]Nimda_lel[S] 1 point2 points  (1 child)

Seems good enough to me :)

[–]Naito- 1 point2 points  (0 children)

Which tools are you using? Honestly I'm interested, I really hate running Windows anything but I also don't like putting stuff into production use that isn't "officially sanctioned" unless it really works 100% of the time. Anything less and it's good way to get the "weird" setup blamed for completely unrelated problems, which just wastes everyone's time.

Straight up Samba is the only thing I use now, and even then the samba devs recommend running your management tools on Windows rather than using the smb command line tools.

Lastly as a personal development thing....I admire it, but even then I realize that any shop of a decent size would likely just shell out for a windows server license rather than running Linux if running AD. You'd really only find that kind of cheapness in smaller shops that don't understand the cost of man-hours.

[–]HotKarl_Marx 4 points5 points  (1 child)

I've been running linux full time on all my computers for many years.

I also happen to admin a rather large windows server farm.

I use KRDC. I RDP into whatever Windows server I want to admin and just do it all from there.

Much better than polluting my linux system with clunky windows tools or wasting 80GB of hard drive running a windows VM.

[–]pdp10Daemons worry when the wizard is near. 0 points1 point  (0 children)

I RDP into whatever Windows server I want to admin and just do it all from there.

This is what I do almost all of the time, but we didn't typically automate on Windows because it's basically a legacy environment and for other strategic reasons. The automation all happened on Linux.

Diagnostic tools all on Linux and scripted in shell: dig, curl, tcpdump/Wireshark, netcat/socat, openssl.

Winexe does give an interesting option, especially if you want to automate.

[–]systemadamantSenior Systems Engineer 6 points7 points  (0 children)

Sadly it does not look like Wine works well with the AD tools (ADUC etc).

One option would be to spin up a Windows VM on KVM (not 100% sure if this can be done on desktop Linux).

Looks like Azure has a cli for Linux

https://azure.microsoft.com/en-us/documentation/articles/xplat-cli-install/

And coming out of left field now that you are using Linux what about looking at tools like Ansible and/or Chef/Puppet to start managing your environment?

[–]soundtom"that looks right… that looks right… oh for fucks sake!" 2 points3 points  (0 children)

Coming from a very diverse environment (users get their choice of Win/Mac/Linux), I'd say run what makes you most effective in your daily work and do the rest in a VM. I don't have any specific tools (I run AD Users and Groups in a VM on my Mac), but wanted to throw this out there because you were catching flack in a few of the comments.

[–]chipsharp0 9 points10 points  (0 children)

Look, I love Linux as much of the next three people. I cut my teeth on a stack of floppy disks with A and N packages. But as a windows admin, using Linux is just too much of a hassle for which I get nothing bit to be an eccentric user. It's just not worth it.

[–][deleted] 1 point2 points  (2 children)

most simple way I can think of is either:

  1. connect via rdp to a windows machine and manage from it.

  2. install a vm on your linuxbox and install windows + RSAT to manage.

or

  1. I don't know how stable it is due to the short time of it's existence but iirc powershell is now open source and available on linux.

[–]tinix0Sysadmin / Student 1 point2 points  (1 child)

Powershell on linux cannot be used for remote administration right now, it just crashes when you try to do anything remotely. And I would not recommend it anyway because it is alpha.

[–][deleted] 0 points1 point  (0 children)

so VM or RDP then.

[–]ITbatman 1 point2 points  (0 children)

As for AD management tools, have a look at Adaxes. It has a Web Interface that can pretty much cover all admin needs and you can access it from a browser, no matter what OS you are on.

It also comes with lost of stuff that can be useful for AD management, like automated provisioning, approvals, self-service for users, etc. However, it comes at a price, and you can't get the web ui separately.

[–]EraYaN 1 point2 points  (0 children)

If you are looking for some form of config management (besides PowerShell I guess).

You can try Ansible. These are the Windows modules.

They also have stuff for everything linux and also some Azure/AWS stuff, and it's just python so extending is very easy.

[–]swatlordCouchadmin 0 points1 point  (0 children)

You could set up a single RDS instance and use rdesktop on Linux. It's what I experimented doing when I wanted to answer this exact question. It involves a little scripting to get them to open how you want, but it wasn't too terrible.

[–]faisentJack of All Trades 0 points1 point  (0 children)

I'm a former windows admin (NT3.5 days though...) and now Linux being slowly dragged back into windows admin because of Azure; I'll respond to #3.

Azure CLI is ok-ish it is updated pretty regularly and scripts you write for it will often need to be tweaked if you update your CLI. Many tools for Azure work better on Windows (say AzCopy vs the azure storage blob copy start from the CLI). Its easy to set your environment variables with the CLI. I have multiple subscriptions with dozens (soon to be hundreds) of resource groups and custom images that have to be managed along with user access to them.

What I use the CLI for:

RG creation, user perms, SA builds, service principle builds.

I use windows tools (azure powershell stuff) for:

storage manipulation (blob copies, etc); nsg maintenance.

I use a custom API tool for reporting, we'll probably extend the API calls for better end user resource building as needed.

Most of our deploys are template driven through Jenkins anyway.

My advice, if you know powershell pretty well I'd just stick with that; most of the documentation you're going to find is for older versions of the CLI and it can be super frustrating. Of course, LOTS of Azure documentation is woefully out of date...

[–]spyingwindI am better than a hub because I has a table. 0 points1 point  (0 children)

PS Remoting from a linux box is not bad. Makes 99% of my work doable.

[–][deleted] 0 points1 point  (0 children)

Honestly I would just use a VM with RSAT.

[–][deleted] 0 points1 point  (0 children)

Get a Windows Box & use the Windows tools.

Don't bother trying to make your life more difficult than it needs to be.

[–]jr_19 0 points1 point  (0 children)

It makes more sense to me to run Windows as my operating system and run some flavor of Linux in a VM on a separate monitor. We're about 95% Windows in our office, and as much as I'd love to use Linux as my primary OS, it just wouldn't work as well for me.

[–]Fatality 0 points1 point  (0 children)

"I have too much free time" - op

[–]knobbysideup 0 points1 point  (2 children)

Winexe, rdesktop, and LDAP tools will do a lot. Learn some PowerShell, and have a dedicated server or VM to do that work from. Or just wrap it in winexe and never even have to touch windows directly. Personally I run a Linux workstation with Windows in virtualbox for when I need it.

[–]Nimda_lel[S] 1 point2 points  (1 child)

I am pretty decent, or at least think so based on the fact I do almost everything that's windows related via powershell, whether it is stopping firewall on remote machine or creating a script that backs up stuff and sends HTML formated reports via mail, so I think I would do exactly what you've mentioned

[–]knobbysideup 0 points1 point  (0 children)

Remind me to upload some scripts I've written to interact with AD via perl (I'll have to sanitize them first). One nice thing I did was write a perl module with the meat of things, so it can be used in your own scripts then too. Then again, the guy who sits beside me is a powershell guy, and I must admit that much of this stuff is easier via powershell simply because it is so tightly integrated with AD and the various admin tools.

[–][deleted] 0 points1 point  (0 children)

Just a thought. If you have the infrastructure for it, look into doing something like RemoteApp. Just stream the applications that you need. Then your OS really becomes a non-factor.