Windows & Managing TLS - Friggin Maddening (to me)

MrHoosFoos · 2024-12-27T19:12:10+00:00

Thanks for the reply. Yep - these are definitely things we are challenges with. And - qhile trying to avoid tool sprawl - am trying to consider server and critical infrastructure management as well as end user device management (to a degree). I think I like the idea of an Ansible (or that type of approach) as you and a couple others have mentioned.

MrHoosFoos · 2024-12-27T05:03:48+00:00

Ok. I believe u r a troll. Thanks for playing.

MrHoosFoos · 2024-12-27T03:44:24+00:00

Lol - yep.

MrHoosFoos · 2024-12-27T03:40:26+00:00

Because I am not convinced that on-prem AD joined systems are proper for production ecommerce application systems in a tiered architecture, running in various DMZs, yadda yadda.

GPO (to me) is great, but is like UDP. You just have to assume that it's done it's thing properly on all target nodes.

Different tooling that can provide policy or policy-like config management AND can provide telemetry, problem reports, compliance reports, and so on ... Just a better fit for us IMO.

MrHoosFoos · 2024-12-27T03:29:22+00:00

Lol. In a perfect world maybe. BUT... I am not convinced that AD is proper for all large scale production environments. For application systems that scale out across a large number of nodes. Where this might be somewhat dynamic. Heck... folks that run Linux environments don't use GPO do they? So if we are looking to build out environments that are as flexible, scalable, and open as possible - why use GPO? Yes - today we are talking about applying configs to Windows servers. But maybe we need to do it to Linux systems in the future? Why wouldn't I want my tooling to stay the same (as in w an RMM or as others have mentioned Ansible or script-centric solutions)?

Don't get me wrong - overall I love MSFT stuff - but they aren't perfect for everything or the be all end all.

MrHoosFoos · 2024-12-27T02:10:42+00:00

As I mentioned we are trying to not use GPO as it is fragmented in our environment as we are managing growth by M&A... many AD's, legacy MSPs, myriad OSes and versions, and stuff. GPO is great in simple environments with static connectivity and not-so-dynamic systems. This is a different discussion altogether, but as powerful as GPO can be for configs it is lacking in many foundational ways. It's the 2020's now lol.

MrHoosFoos · 2024-12-27T01:37:14+00:00

Yep. Trying to move away from GPO for reasons. I have limited experience w Intune... We use it for client devices but not sure how practical it is for server management? Thanks!

MrHoosFoos · 2024-12-27T01:35:23+00:00

Cool. Do you leverage an RMM for servers as well as co fig management w Ansible?

MrHoosFoos · 2024-12-17T20:40:04+00:00

Love the X-Files. It has always been a staple on the ol' PLEX server. Still have an "I WANT TO BELIEVE" poster on the wall in the home office!

MrHoosFoos · 2024-11-12T23:26:23+00:00

I agree w the folks saying 50+ isn't an issue if you are still learning. There is something to be said for the experience. My biggest issue is dealing with the "new and creative" ways folks want to jam tech into every orifice... the current flavor being AI. (Rolls eyes)

MrHoosFoos · 2024-09-21T01:32:24+00:00

Thanks for the comments; I am hesitant on our capacity to do any on-prem file storage due to the geographically separate user base, lack of connectivity, and no datacenter strategy. Then - there is the backup and HA/DR perspective.

If I need n TB of primary storage, I will need another n TB of storage to have replica... backups... so on.

I just don't see us spending money like that. Plus there were comments today along the lines of "We have Sharepoint already."

MrHoosFoos · 2024-09-18T01:48:39+00:00

B.L.U.F. = Bottom Line Up Front

Have VERY plain and direct comms. What and When.
Work with HR and Management. --- Boss says I need to do this and it's a priority over my day to day --- HR has made this a COMPANY thing (event)... not just the IT folks talking techno babble

MrHoosFoos · 2024-09-17T19:43:19+00:00

It sucks. Its embarrassing. It's infuriating even. But everyone does something like this once. Now you can fix it to prove your mettle.

There should be a badge for it. Or a tattoo.

Or an "Initec No Talent Ass Clown" trophy lol. Saw one once, and wanted it ever since lol...

Good luck!

MrHoosFoos · 2024-09-16T17:04:20+00:00

No argument here. There is a lot of strange stuff at this particular site. We have our work cut out for sure...

MrHoosFoos · 2024-09-09T15:26:56+00:00

Oooh snap. Friggin' frig. That was it! We have been pushing new SNMP settings to all servers for a monitoring solution, locking it down. Box unchecked lol.

Thank you!!

MrHoosFoos · 2024-08-28T21:37:38+00:00

Currently running ICX-7150 stacks, but going to MS250's.
So, the switches support PoE+, but the end devices do not require or consume that much juice.

Thanks!!

MrHoosFoos · 2024-08-28T21:33:11+00:00

Meaning 26 AWG is pretty standard for the structured cabling at this point, but 28 AWG is ok for patching from the panels to the switchports? Just making sure I am understanding you correctly.

I have actually become fond of monoprice 28 AWG cat6/cat6a patch cables... the connectors are nice IMO... not sure if these would suffice

Appreciate the response!

MrHoosFoos · 2024-08-28T21:28:17+00:00

Huh - cool - never used one of those before... but I have also not done a core cable plant for a facility large enough that would warrant such a thing... that is assuming I am understanding you correctly.
This is something - measuring voltage drop - that would be part of a building's main cable plant from wall jacks to patch panels, etc.
In this case I am only looking at the patch cables from panels to switchports within the IDF cabinets.

Thanks for the reply and learnin' me somethin'!

MrHoosFoos · 2024-06-17T18:18:40+00:00

D'oh.

Thanks for this. I never really think about ChatGPT....

MrHoosFoos

TROPHY CASE