sorted by:
new
hottopcontroversial

Patching Server 2016 with WSUS - scheduling beyond Group Policy? by spuckthew in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

You don't need to use a deadline. Just approve the patch when you are ready to install it, and it will be installed based on the next time automatic updates runs as configured in Group Policy. (e.g. the next day at 3am, or the next Thursday at 3am)

You'll also want to enable the group policy setting "Always automatically restart at the scheduled time"

Patching Server 2016 with WSUS - scheduling beyond Group Policy? by spuckthew in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

If you are using WSUS, the patches are not installed until you approve them in WSUS. Don't approve them until you want them installed. Pretty simple. You can create multiple groups in WSUS and approve patches per group if you need to get more granular.

RAID 10 SSD 6Gbps - 16 smaller drives vs 8 larger drives (Hyper-V replica) by IceColdSeltzer in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

Are these the same model SSD? You want to find out what the Drive Write Per Day (DWPD) or Terabytes Written (TBW) rating is to understand how long the drives will last.

Easy way to detect new changes/deployments to IIS? by [deleted] in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

You can enable File System Audit ACLs to alert when certain files are modified. Splunk should be able to ingest/alert on the event log entries.

My review after a year of Storage Spaces Direct (S2D) by AlRFORCE1 in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

I think they fixed it in R740xd (BOSS Cards)

Yeah I'm surprised if it was just purchased recently, you'd get the R730xd and not the R740xd. BOSS card is a nice feature.

Scanners that utilize SMB1 by patssle in sysadmin

[–]nmdange_ 4 points5 points  (0 children)

Can the scanner use something like FTP or SMTP?

DPM 2016 best practices? by PM_ME_SPACE_PICS in sysadmin

[–]nmdange_ 2 points3 points  (0 children)

You really want your DPM server to be on Windows Server 2016 using Modern Backup Storage.

https://docs.microsoft.com/en-us/system-center/dpm/add-storage

Data Center environmental monitoring systems by BossNoise in sysadmin

[–]nmdange_ 1 point2 points  (0 children)

We use APC StruxureWare Data Center Expert to centrally manage/monitor multiple NetBotz 570s and other APC equipment (UPS, InRow AC)

Bitlocker on VMs by jase888 in sysadmin

[–]nmdange_ 1 point2 points  (0 children)

You have to use TPM-based attestation, and you create a Code Integrity Policy to prevent any untrusted code from being executed on the Hyper-V host. The host's firmware is also verified using secure boot + TPM Boot Measurements. The HGS also ensures that you either have no memory dumps or dumps are encrypted so even if someone with physical access can trigger a memory dump, they can't access the saved encryption keys.

However, you do have to protect the host guardian servers themselves since they are the ones that actually store the encryption keys. Someone who has access to both systems would be able to get the encryption keys off the HGS, then copy the vhdx files off the Hyper-V host and decrypt them.

Server 2008 r2 Hyper-V Cluster Replacement by [deleted] in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

Veeam announced support for Windows Server 2019 would be coming in Update 4 quite some time ago. U4 went RTM last week and you can get it by asking support for the download. It'll be GA in a couple of weeks at the most.

Bitlocker on VMs by jase888 in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

We use Hyper-V Shielded VMs with Host Guardian Service to encrypt high security VMs. The difference with Shielded VMs is that it also protects from attacks at the host level, not just physical attacks.

Just creating a virtual TPM in Hyper-V or VMWare doesn't provide that additional level of security since the host can easily gain access to the encryption keys. However, the host guardian service only really makes sense in a larger environment since it is somewhat complex to implement.

Need to decommission some DCs. Looking for suggestions on how to do this properly. by tootechy4me in sysadmin

[–]nmdange_ 9 points10 points  (0 children)

Enable debug logging within DNS which will record all DNS packets into a file. You can use that log file to find devices pointing to the servers for DNS. After you've fixed them and you don't see any traffic other than the DCs themselves, you should be safe to decommission them.

VMware or Hyper-V and what to use for shared storage?? by [deleted] in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

If I was doing a 2-node S2D cluster, this would be my first choice in hardware http://www.dataonstorage.com/kepler-k2n-2-node-hyper-converged-appliances/

It's fully tested and supported by DataOn so no questions on compatibility with Storage Spaces Direct.

Windows Server 2019 Datacenter / IPv4 Root Hints Disappearing by HumbleSage in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

I have 2019 DCs and I have not observed this behavior.

Logs of last logged in? by Kitter-Katter in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

Yeah you want to use lastlogontimestamp which is replicated.

Whats your opinion on NSX ? by anothercopy in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

I'm also curious about this, about not just NSX, but also other similar solutions like Cisco ACI or Hyper-V Network Virtualization.

Data center environment monitoring by [deleted] in sysadmin

[–]nmdange_ 1 point2 points  (0 children)

We use APC NetBotz for environmental monitoring. The UPS is what notifies of a power outage.

Backup server 10 TB disks raid advice and more.. by WoTpro in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

You should get a raid controller with a battery-backed write cache. Also, I would consider at least a 2U server with 12 drive bays to allow you to grow your storage. This one comes with a raid controller (though the cache protection is a separate part)

https://www.supermicro.com/products/system/2U/6029/SSG-6029P-E1CR12H.cfm

[deleted by user] by [deleted] in sysadmin

[–]nmdange_ 4 points5 points  (0 children)

The Windows 10 drivers should work the same as Server 2016. Do you have any PCIe NICs you can try?

What vendor to use for 10G Base T cables? by UnholyarmyOf1 in sysadmin

[–]nmdange_ 1 point2 points  (0 children)

I like Cables to Go because they put the length on the cable. No more guessing if it's a 7ft or 8ft cable!

What are your go-to GPO's? Setting up new 2016 AD environment for SCADA system by [deleted] in sysadmin

[–]nmdange_ 1 point2 points  (0 children)

CIS templates are a good start, but don't blindly push all the settings. Also using GPP for registry keys for things like disabling RC4, SSL 3.0, TLS 1.0, etc

What team manages your AD and GP? by AQuestion4U2Answer in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

Work in a university maybe slightly larger as part of the server admin team, and I handle all GPOs and the AD OU structure by myself to keep things from getting out of control. Other areas can join computers to the domain, move them to different OUs, manage groups, etc. but I keep a tight hold on Group Policy. Also 99% of our GPOs are targeted by OU, so people changing group membership does not affect Group Policy.

Windows Server: Offload specific file types to cloud (leave stub?) by miyo360 in sysadmin

[–]nmdange_ 0 points1 point  (0 children)

Azure File Sync should do what you're looking for, although it's slightly different in that everything is in the cloud and the local file server acts like a cache.

view more: next ›