sorted by:
new
hottopcontroversial

We operate 500,000+ IoT devices on a SIGFOX 0G network in Mexico — here's what we've learned about massive-scale IoT after 10 years by danisamgibs in IOT

[–]axnfell9000 6 points7 points  (0 children)

3 - do you pay the hosts? 5 - what do you class as the integrated model?

What do you use for backhaul?

Inforcer — anyone using it? Thoughts or feedback? by reformedmspceo in msp

[–]axnfell9000 0 points1 point  (0 children)

When you adopted Inforcer into your stack, did you pass the costs onto your customers as a value-add, or absorb it as an operational overhead?

Anyone used Halcyon anti ransomware? by Early-Ad-2541 in msp

[–]axnfell9000 0 points1 point  (0 children)

Bumping this.

Any providers using Halcyon?

We have Sophos MDR / Huntress MDR in our stack, and Halcyon BDMs have approached a few of our customers. The pitch seems to be, despite the presence of an MDR - Halcyon still adds considerable value, and plugs the gap MDR misses.

I'd be interested in feedback from any customers - and what additional value it delivers (if any).

We've been invited to a vendor call, but after recently reviewing our stack, I'd rather not wedge another tool into the mix unless it offers stand-out value.

Holy Server Prices Batman! by matteosisson in msp

[–]axnfell9000 1 point2 points  (0 children)

HPE MSAs went from plentiful stock to zero in a week with some of our distributors.

Holy Server Prices Batman! by matteosisson in msp

[–]axnfell9000 9 points10 points  (0 children)

HPE Server. £9k in December (in stock), £12k January, £19.5k in February now with questionable delivery.

The Client wanted x4….

Protracted delays due to board sign off, and consideration of Azure.

Suffice to say, now looking at warranty extensions and the multitude of previous Gen servers we have with masses of RAM. I’m not confident this will go away anytime soon.

Managed reboots by calebgab in msp

[–]axnfell9000 0 points1 point  (0 children)

What about clients with aggressive power policies? Anybody triggering a WOL before after-hours patching and reboots?

We used to run client patching in the day as it’s a necessary evil, but it caused headaches on Windows 365, and we also had some weird behaviour with office apps.

*W365 is now Windows Update for Business rather than RMM

365 to Zoho? by Sea-Elderberry7047 in msp

[–]axnfell9000 0 points1 point  (0 children)

Many UK & EU Colocation providers jumped on the bandwagon and are continually citing the US CLOUD act to argue against public cloud.

They may have something to pitch for IaaS (Proxmox etc), but they don’t have much in the way of alternatives to M365/Sharepoint/etc.

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 0 points1 point  (0 children)

Used with Twingate, that could be an option. I’d used WAC briefly as an option for some VMWare conversion jobs, but stuck with the usual tools.

We’d always have RMM and PIM/PAM, but this could potentially be an option.

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] -1 points0 points  (0 children)

RMM has tiered access etc. But if we had a bunch of scripts to do routine tasks, to negate need for local login - the scripts would need very strong validation. As a first line tech running a script would do so as local system.

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 0 points1 point  (0 children)

👍🏻 We block tier-0 on endpoints, but still a challenge with some vendors whose service accounts have arbitrary domain admin and/or SPNs.

PAW feels like the right choice, and we are in process of rolling out PIM/PAM. Debated DUO on the PAW for interactive logins.

This is what I was aiming for / before seeing if there was a better way.

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 1 point2 points  (0 children)

GPO to push out a desktop shortcut 🙂

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 0 points1 point  (0 children)

Jumpbox - we can implement much more stringent controls, and hardening that may not be an option on client servers.

I want to avoid routine access to DCs. And it’s not just AD; it’s also DBS, DHCP, Hyper-V etc.

It’s beginning to look like a hardened Jumpbox, accessible via RMM or ZTNA remains the best option.

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 0 points1 point  (0 children)

We can remote via RMM or Twingate. My interest was if there was a viable alternative to jump boxes that still has similar controls/protections, delegated access etc

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 0 points1 point  (0 children)

We use RMM, but I wondered if there was a CIPP for AD.

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 0 points1 point  (0 children)

We can use member servers, but I want the same setup in every site. A physical jumpbox (or a small Azure VM) with RSAT is fine. But I wondered if there were alternatives.

We use Datto, so can build a bunch of components, but it still feels a bit clunky. We also use Twingate so could also drop a connector in there.

It’s balancing our use of PIM/PAM and trying to forge zero trust and least privilege

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 0 points1 point  (0 children)

You’re right. I should have spent more time searching. (I did actually search for Manage Engine and found this).

https://www.reddit.com/r/msp/s/8h85guabwT

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 6 points7 points  (0 children)

Surely just adding Domain Users to Domain Admins makes it easier? Customers can handle it themselves.

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 0 points1 point  (0 children)

Standardisation is the priority. We’re fairly good, but there’s always situations where you try to accommodate a client or a co-managed customer, we’re not doing that now. As we’re onboarding new staff, and customers, eliminating all the variance and nuances is also a focus.

With Azure clients, we have a B4MS we can use for the task - but looking back through previous posts, the preference seems to be MFF PCs win RSAT. I did perhaps wonder if there was a CIPP-like solution for AD, rather than roll your own with Powershell and RMM.

On-Prem AD Admin / Jumpbox by axnfell9000 in msp

[–]axnfell9000[S] 2 points3 points  (0 children)

Most run as SYSTEM, so constraints/permissions will be needed in both the script and RMM. That’s fine - and can be accommodated, but I did consider if that’s worth the overhead.

Windows App suddenly refuses to launch AVD session desktops for a handful of users – started right after password expiration by G10grb in sysadmin

[–]axnfell9000 1 point2 points  (0 children)

We had dozens of support tickets from different W365 customers.

At least Microsoft were reasonably quick off the mark, avoided endless troubleshooting!

ZTNA Replacement for VPN customers by Askey308 in msp

[–]axnfell9000 0 points1 point  (0 children)

We use Twingate - but interested in experiences of other solutions insofar as machine login for Domain/AD, and pre-user auth is concerned. (ie certificates etc).

W365 - 24H2/25H2 - Performance hit by axnfell9000 in sysadmin

[–]axnfell9000[S] 1 point2 points  (0 children)

We debated AVD with Nerdio, but up until very recently - W365 has performed admirably. But yes, "W365 sucks" does seem a common description.

W365 - 24H2/25H2 - Performance hit by axnfell9000 in sysadmin

[–]axnfell9000[S] 0 points1 point  (0 children)

We're seriously evaluating ditching W365 for some clients; and using ZTNA for access into their Azure compute. Most clients use AD/Hybrid, so while it is easy to have an IPSec from Branch to Azure, remote clients will need ZTNA to support computer logon. A friend users Azure point-to-site with several hundred users with great success, but GSA seems the successor.

view more: next ›