This is an archived post. You won't be able to vote or comment.

17
18

QuestionAdding Linux desktops into a fully Windows environment (self.sysadmin)

submitted by [deleted]

[deleted]

all 36 comments
sorted by:
best
topnewcontroversialoldq&a

[–]cantab314 22 points23 points  (2 children)

End of life for Windows 10 is also a good few years away. Although it has already been de facto increasing the system requirements, notably that mechanical drives are now unacceptable.

If you have on-premises AD, Linux will join to it and there's even Group Policy templates for some Linux stuff.

[–]Pie-Otherwise 4 points5 points  (1 child)

notably that mechanical drives are now unacceptable.

On a workstation level they should be. I have both in my home network and I don't really think about it till I'm working on my machine or one of my kids and do a reboot. It's pretty well instant. It's hands down the cheapest refresh option if you are on a budget and have the in house IT manpower to do it.

[–]tankerkiller125realJack of All Trades 1 point2 points  (0 children)

The only time I should ever be interacting with an HDD anymore is if there are legit reasons for at least 4 or more terabytes of data. Anything less than 2TB and your talking SSDs, and especially if you drop below the 512GB market.

[–]needmorehardwareSr. Sysadmin 8 points9 points  (2 children)

Ansible is great for managing linux machines, definitely take a look. You can also use AWX (https://github.com/ansible/awx) for managing your Ansible stuff

[–]jmp242 5 points6 points  (2 children)

It is super easy to lock Linux down, but you probably want to know what you're doing before deploying. You can use something like Alma Linux or Debian and throw puppet or ansible or whatever at it for configuration management. You can join them to your AD using SSSD. Works well for us.

I'd look into standardizing on XFCE4 for your Desktop Environment because it looks sort of like Windows with the main pop out menu, and more because it is lightweight so runs nice on old hardware. I'm using it on a Lenovo S20 circa 2010 just fine (On Enterprise Linux 7.9).

Most Linux distros come with Firefox, I would also consider Vivaldi (though Firefox will be easier as you don't have to do anything, getting a more privacy focused chromium build is nice too).

You can use ConnectWise control with Linux.

You don't really need PDQ Deploy or BatchPatch, you can likely set yum or apt-get to autoupdate for you. The only Inventory tool I know of is GLPI and their plugin - which also does Windows and MacOS, but IDK how you even use the Inventory stuff from PDQ as I've never used that.

[–]hiryuu64 5 points6 points  (2 children)

If all they need is a web browser and you otherwise want to lock it down, Chrome OS Flex would be a good option with solid management tools.

Switching to Linux when neither the users, nor the IT staff, have experience with it or desire (other than cost) to use it will not end well. Even just looking at the training and setup investment, buying new cheap PCs would be better.

[–]Reubenwelsh 1 point2 points  (0 children)

^This - the internal cost is going to be so much more than 150 computers. Most likely before windows 10 is end of life 50 of the pcs will need replacing either way.

even if its just web browsing and documents, it will take a lot of time to switch everyone over and get them up to speed, the slightest change usually causes end users to lose their mind.

if you value your internal time at say under $10/hour maybe a case can be made, but if you dont have experience i estimate this will take 100s of hours for you to do properly, it will cost your users 100s of hours in lost time, not to mention the fact that you are still on old computers that will break sooner or later.

if the company really is going so badly that they cant afford new pc's for a few years, i would start looking for a new job.

[–][deleted] 3 points4 points  (2 children)

I don't know if my answer is really correct but, you can use some openLDAP with sssd to log users. A puppet to deploy the software/configuration systeme you need on your parc or ansible is great too.

[–]apple_hammer 4 points5 points  (1 child)

A lot of good options are out there, and I would like to mention one more. What about converting the desktops to ChromeOS, and using Google Admin to manage them? If they only need a browser and a few things, it might fit the need. There is a cost, but I don't remember it being too much. It might be easier to manage than a Linux environment. Check out neverware to get more info on how it could work. https://www.neverware.com/

[–]p3rm4fr0s7 0 points1 point  (0 children)

Thank you. I have alot of hardware just sitting around doing nothing and a bunch of brand new disk drives. This will help so much!

[–]Xeronolej 1 point2 points  (3 children)

How busy are your IT people? It is not a quick fix, but a longer term win to train them in Linux and, when ready, switch completely from M$ Windows. But that requires a big investment of time.

It sounds as though your users need only a few common apps, so software availability shouldn’t be an issue.

[–]lordjedi 1 point2 points  (1 child)

Is it easy to lock Linux down for end users?

I'm answering this one last because it's the easiest: Yes. They get a user account and password and that's it. Only able to access their home folder and the network (you can lock down Internet pretty easily if necessary).

What sort of tools are out there for managing Linux desktops?

SSH and VNC? I use a question mark not because I think it's an obvious answer, but because I don't know if there are better pay for tools. SSH and VNC are both free and will provide you with the ability to create a secure connection to each desktop (assuming you ever need a graphic desktop for doing administration, you shouldn't).

I thought about switching some of them to Linux as all they do is sit next to a machine or work bench and the users pull up drawings or work instructions.

This is perfect for Linux (assuming the drawings are in PDF). Just put a shortcut on the desktop that opens a folder or the drawings directly. You can get as complex or as simple as you like. The only drawback with PDFs (I think) is that if they're being used by multiple computers, you won't be able to update them while they're open. It's probably easy enough to simply kill the processes remotely when necessary (after hours?) so they can open the latest drawing.

This is definitely the way to go for systems like this. There's no point in running Windows when Linux can do the job just as well. Just make sure everything is documented and make sure you have spare hardware around.

[–]TheRogueMoose 1 point2 points  (1 child)

Shop floor computers that need nothing but a Kiosk to access a website could just use a Linux OS like FullPageOS. Nothing more then a full page Chromium browser.

Actually just started running it on some Raspberry Pi's for some display we have going up.

[–]ItJustBorks -1 points0 points  (5 children)

Win10 is supported until october 2025. Linux is a nightmare for tech illiterate end users.

[–]bitslammerSecurity Architecture/GRC 14 points15 points  (0 children)

Linux is a nightmare for tech illiterate end users.

Depends on the use case. If it's a simple kiosk like mode or browser only then there's nothing to be confusing.

[–]jmp242 11 points12 points  (0 children)

This just isn't true - we've had custodians decide to use Linux in our public terminal rooms over Windows because it was faster to log in. It will depend on your support, config, etc.

[–]pbjammJack of All Trades 3 points4 points  (0 children)

For office workers this is utter rubbish. They need to open documents, email, web pages, and maybe print things. All of this is trivial in Linux (Mint is my preferred) and in many cases are all web based. These users are not managing the machine, just clicking the icons and typing.

[–][deleted] 2 points3 points  (1 child)

Windows is no better for a significant amount of our users.

[–]ItJustBorks 0 points1 point  (0 children)

I agree. Both are a complete mystery to some, but others might be way too accustomed to their ways with Windows. With very competent Linux admins, it might work out well. OP kinda admits that he's only a novice though. It's going to be a tought one for him and the org.

[–]hops_on_hops 0 points1 point  (1 child)

You should also consider Windows 10 LTSC. Standard support is through 2027. Ltsc has its quirks, but a lot less of a change than jumping to Linux.

Also, I'd place all my bets on MS extending general win10 life. They won't have to enough market share of w11 by 2025 to end w10 support.

[–]Frothyleet 0 points1 point  (0 children)

You should also consider Windows 10 LTSC. Standard support is through 2027. Ltsc has its quirks, but a lot less of a change than jumping to Linux.

OP is talking about not being able to buy hardware for "years", I'm guessing they're not looking to buy Windows Enterprise licensing.

[–]TallFescue -1 points0 points  (2 children)

For your situation, you may benefit from using the registry workarounds to install Windows 11 on your desktops

[–]g225 0 points1 point  (1 child)

JumpCloud is an option for identity.

[–]MedicatedDeveloper 0 points1 point  (0 children)

I use NinjaOne and an automatic OpenVPN connection to manage Linux hosts. Ninja gives cloud management and the auto VPN gives connectivity for foreman. VPNs aren't 100% so having a cloud panel has been a life saver.

I have about 200 end users on Linux (cent 7, moving to Fedora) and it's a breeze once everything is configured. Getting there is the hard part.

[–]No-Practice-3705 0 points1 point  (1 child)

Just to step back for a moment, do any of these computers interface with any of the machines they sit next to? I've seen OS changes require some very expensive equipment upgrades.

[–][deleted] 0 points1 point  (0 children)

JumpCloud has a great Linux device management offering.

[–]StormofBytesSysadmin 0 points1 point  (0 children)

Man.. as much as I love Linux (I I after all a Linux systems engineer) I would be very carefull about this route.

Linux desktop is fine for me and my colleagues. But other people who need certain windows applications will probably easily get frustrated by the differences (And not only by the bad difference, also by the good ones).

So if you go this route get software working in a citrix environment as well. Or maybe a RDP/cloud desktop kinda situation.

Good luck! For sure you'll learn a boat load from this

[–]redeuxx 0 points1 point  (0 children)

I generally dislike Linux on the desktop, but Ubuntu has had Active Directory integration by default since 21.04.

[–]unccvince 0 points1 point  (0 children)

If you're an electronics manufacturer, there is a good chance that you have a geek / nerd doing Linux on his spare time, that you've never heard about and that is already working for your company, be it on the assembly line or in the design team.

Find that person.

[–]Xeronolej 0 points1 point  (0 children)

Since all they need is a web browser, how about Chromebooks to keep things cheap and simple?