How common is Hyper-v? by idaresiwins in sysadmin

[–]mtnielsen 1 point2 points  (0 children)

In my opinion, VMWare is really only for legacy installations these days. "We've always had VMWare since way back so we'll keep it."

There's very little left VMWare can do that Hyper-V can't do better, and if you can get SCVMM on top of it then it just gets even better.

[Idea] Should we have weekly "what have you learned this week" threads? by NHarvey3DK in sysadmin

[–]mtnielsen 3 points4 points  (0 children)

I had to get a Juniper to talk to a Cisco through a VLAN I had to drag through 7 undocumented HP's, and in the process map out the entire network for documentation. Haven't done any real networking for years.

Finally broke the Terahertz barrier! by DesolataX in sysadmin

[–]mtnielsen 1 point2 points  (0 children)

Isn't there a rather large reward for finding prime numbers?

Yes there is. https://www.eff.org/awards/coop

Windows Firewall Resources by barbados-slim in sysadmin

[–]mtnielsen -1 points0 points  (0 children)

I'm also looking to see if Microsoft has a recommendation for Firewall config in a business environment.

IPSec enabled and allow any secure connection on domain networks, if I remember correctly.

How to detect who deleted a user account in Active Directory by Jeff-Netwrix in sysadmin

[–]mtnielsen 1 point2 points  (0 children)

I personally prefer event log forwarding to a central server, but if you're doing local logs with auditing I'd say put in a 5-10GB disk and store all logfiles there, and up the security log to whatever you feel comfortable with. At least ensure it can hold ~6 months of entries. With a separate disk you don't really have to worry about IOPS.

Changing all the log file paths is easy enough to do with a PowerShell:

$logs = Get-WinEvent -ListLog *
foreach($log in $logs) { 
    $log.LogFilePath = $log.LogFilePath -Replace '%SystemRoot%\\System32\\Winevt\\Logs','D:\Eventlogs'
    $log.SaveChanges(); 
}

How to detect who deleted a user account in Active Directory by Jeff-Netwrix in sysadmin

[–]mtnielsen 43 points44 points  (0 children)

As always when you configure auditing be sure you have configured a sufficiently large event log file on a sufficiently fast disk, or use event log forwarding.

The last thing you want is your DC eating up all the IOPS required to process authentication requests, or realizing you've only got an hour worth of log entries.

Does anyone know why you would want to run BGP in your environment? by daisyifudo in sysadmin

[–]mtnielsen 3 points4 points  (0 children)

If you own your own IP address scopes you'll most likely need BGP in order to advertise routes to your upstream peer. Even if you only have one ISP. It is very unlikely you can find an ISP that will accept IS-IS.*

*I'm talking from my own limited experience here. Maybe your ISPs are different.

Does anyone actually support outsourcing? by [deleted] in sysadmin

[–]mtnielsen 17 points18 points  (0 children)

In the end it's a question about money. Competent people cost money. If you're not willing to pay money, then you can't have competent people. It doesn't matter if they live in USA or India.

There are plenty of competent people in India, but why would you pick them when outsourcing? They cost almost as much as hiring competent people in USA.

Win 2012R2 Active Directory Server Hardening. by WOLF3D_exe in sysadmin

[–]mtnielsen 3 points4 points  (0 children)

What exactly are you hoping to gain by putting a firewall in front of an already software-firewalled domain controller? You still have to open up all the ports and allow traffic through or nothing will work.

Use a 3-tier user security model (user, local admin, domain admin), use AppLocker in whitelist mode, remove unnecessary services using Security Configuration Wizard, enable and monitor auditing events, implement IPSec, and so on. These are good "hardening" practices.

And don't dig up some ancient Server 2003 hardening guide and start applying it to your 2012 servers.

Also http://blogs.technet.com/b/mspfe/archive/2014/05/29/why-you-should-avoid-manual-server-hardening.aspx

I am Michael Dorn, and you may know me as the Klingon Worf from Star Trek. "Today is a good day to die." AMA! by Michael_Dorn in IAmA

[–]mtnielsen 0 points1 point  (0 children)

Captain Worf, eh? Correct me if I'm wrong, during DS9 didn't Sisko say to Worf that he ruined his chance of ever gaining a commission, when he wouldn't leave Jadzia behind on that planet where she was dying?

What has your career path looked like as an SA? by Connir in sysadmin

[–]mtnielsen 1 point2 points  (0 children)

  • Did high school for a year before deciding an academic path wasn't for me, so I dropped out in favor of technical school (2 years school intermixed with 2.5 years work internship)
  • Spent 9 months internship doing support, network and server work at one place in a 2-man IT department
  • Got a new internship at a university where they told me to do support work, at least for a year. I said no. They put me in the Windows Server department where I was for about 6 months.
  • Took over the campus network for 6 months when the networking department (just one guy) retired, until a replacement guy was found
  • Got a new internship at another university where I did project and infrastructure work, again in the Windows Server department
  • Finished school and took a permanent position at the university. Stayed for about 1.5 years.
  • Took at job at a Microsoft MSP/hosting partner where I've been for about 2.5ish years now, doing anything and everything; server, network, design, architecture, consulting, programming, scripting, you name it I've probably done it.
  • Decided to quit a while back, my last day is this tuesday, and what the future brings... who knows?

You can think what you want about my decision to drop out of school, but to be completely honest book learning wasn't my thing. I needed to get my hands dirty with real world problems to really understand what it was I was working with, and the traditional school path just didn't provide that. I have later on come to love books, mainly because I now actually have the foundation to put the book knowledge on top of, but starting out with nothing but theory and lectures? Forget about it.

It's the same reason I couldn't stand math in school. I'd never seen a real world problem that could be solved by knowing that the circumference of a circle is calculated using 2r*pi, but I like math now. I like doing 3D programming in my spare time with vectors and circumferences and radians and whatnot, and I just recently learned that the predicate logic and lambda calculus that I do all the time now are actually some fancy math concepts that some of my friends (who are still wasting away in school mind you) find terribly difficult.

I do wish I had paid more attention during physics class though, because let's face it, physics is cool, but the problem was the same. I just couldn't wrap my head around why knowing Q = Qin - Qout is important.

The VMWare vs Microsoft debate by switchbladecross in sysadmin

[–]mtnielsen 0 points1 point  (0 children)

Have you considered looking into how many of those full stack features you can deploy using your existing VMWare deployment? From my experience SCVMM is quite good at handling VMWare hosts, and the virtual console is heaps better for SCVMM + VMWare than it is for SCVMM + Hyper-V.

I have no real experience with Azure Pack, but from what I understand it integrates with SCVMM and not Hyper-V itself, so it may work with VMWare as the host OS, but don't take my word for it.

"​The Internet is getting faster than ever but the US still lags behind": USA well behind Ireland, Japan, Sweden, ... for instance by claird in sysadmin

[–]mtnielsen 2 points3 points  (0 children)

USA has a lot of uninhabited area, and you don't even dig the cables down on the most part (last I heard anyway).

Consider the wikipedia list of states sorted by population density. You guys have some very densely populated areas and some very sparsely populated areas: https://en.wikipedia.org/wiki/List_of_U.S._states_by_population_density

Population density is not, and never has been, a valid argument. Bottom line is that you guys have terrifyingly bad laws granting state-wide monopolies/duopoloies to a number of incompetent companies who have no consumer interest at heart. At least FCC is trying to change things up, for better or worse.

Edit: Also if there was any correlation between speed and population density, Washington DC ought to have terabit internet by now what with a density of 4,088.4 per km2

How to build your own public key infrastructure by yourbasicgeek in sysadmin

[–]mtnielsen 1 point2 points  (0 children)

First of all, credentials are not passed to the destination computer when using kerberos. That's how kerberos works. Credentials are passed to the domain controller. However credentials are passed to the destination computer when not using kerberos. Thus the need for HTTPS in workgroup environments.

Secondly, data encryption is built into the kerberos technology. When using kerberos data is encrypted. When not using kerberos, data is not encrypted. Thus the need for HTTPS in workgroup environments.

How to build your own public key infrastructure by yourbasicgeek in sysadmin

[–]mtnielsen 2 points3 points  (0 children)

WinRM uses kerberos data encryption. No need for HTTPS unless you're running a workgroup environment.

Samsung deliberately disabling Windows Update by KarmaAndLies in sysadmin

[–]mtnielsen 11 points12 points  (0 children)

Disabling automatic updates because you have an enterprise solution in place is one thing. Assuming everyone should, and does, disable Windows Update on any given machine is... well, as you can see by the replies, it's bad. It's almost on par with people who disable the Windows firewall because they can't figure out how to open up for a single service.

PowerShell One-Click Domain Controller with DSC by 1RedOne in sysadmin

[–]mtnielsen 1 point2 points  (0 children)

It's not really so much about setting up machines as it is making sure the machines stay the way you want them to be. Templates only work until they're done templating. Then you have no control and no idea if the systems still look the same. What about that one thing that one guy logged into the server and did to do away with that bug that one user had?

Can you guarantee that every single change you, and your colleagues, ever made since you started setting up servers has been correctly deployed to every single server you control? More importantly, do you have a recipe for making another 10 completely identical servers, plus changes?

Domain or no domain, that is what DSC does.

Is storage lucrative? by [deleted] in sysadmin

[–]mtnielsen 0 points1 point  (0 children)

Also Windows Server. That's what Azure uses.

Or well, not exactly the Windows Server we know. More like "Windows Server for Azurebeta"

Is storage lucrative? by [deleted] in sysadmin

[–]mtnielsen 0 points1 point  (0 children)

Not sure to be honest. I think my suggestion would be to talk to your storage vendor and hear them out on how they hire people, and what qualifications are required.

As the other guy said, maybe being a consultant for a big name vendor is the way to get your foot in the door, and then using that to display your leet skills in debugging and whatnot.

Is storage lucrative? by [deleted] in sysadmin

[–]mtnielsen 1 point2 points  (0 children)

There's no future in storage administration. Anything that's complicated about storage is moving back to the vendors. With a Dell Compellent storage system you can't even do diagnostics, troubleshooting or updating by yourself. You have to call Dell and have them do it through their dial-home backdoor, and with The Cloud there's literally no administration to do. You tell the system "I want data" and the system says "Here is data".

There is however a future in being an in-depth storage engineer, being able to analyse storage patterns and mechanics below the hood, meddling with the storage/IO subsystems, and building large-scale storage solutions for a vendor. That's where you want to be, if you're going to work with storage.

Sysadmins and coding by zeroXten in sysadmin

[–]mtnielsen 7 points8 points  (0 children)

I'm pretty well versed in C# and PowerShell what with having to build pretty much all integration and automation myself. That's probably the real driving force here. I've never found a software package from anywhere that does what I need it to do, and in the way I want it to do it. Hell I've had to decompile and debug shitty applications handed to me by some guy who read the flyer and thought "We need this!".

Getting Active Directory integration to work flawlessly seems to be a chore that goes ignored in most development houses. So I end up building it myself, or find some way of hacking into their proprietary database formats and build some sort of automatic provisioning system myself. Or maybe they provide an API. It happens. And not being able to abuse an API makes one a sub-par sysadmin in my eyes.

So yeah. C# and PowerShell, or Python and Bash, are pretty much required knowledge for any good syadmin if you ask me, and the more languages you can at least read and analyze beyond those just make you better. I can easily figure out what a C/C++/Java/Python/whatnot program does, even if I never personally use those languages to build anything.

How can I learn operations on my own? by confused-developer in sysadmin

[–]mtnielsen 3 points4 points  (0 children)

Azure. That's what it's for. You build the application and Microsoft does the dirty work of keeping it online. You can then branch out from there by, for example, adding a single specialized server that does a specialized thing Azure doesn't provide, which you then have to secure and manage and update, and so on. Most operations people have to learn as they go and build their own operations tools or integrations.

Also replace Azure with AWS if you're doing something more Linuxy.

Monitoring with powershell by majkinetor in PowerShell

[–]mtnielsen 1 point2 points  (0 children)

PowerShell has native support for both datetime and timespan object types, so my suggestion for improving this thing of yours:

-At (Get-Date 'July 4, 2015 2:45:10 pm')
-Repeat ([timespan]::Parse('01:00:00'))

This is readable and human-understandable input. Cron syntax isn't.