The Consolidated B&EC "Quick Question" Thread.

Discussion in 'Business & Enterprise Computing' started by looktall, Jun 6, 2015.

  1. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,573
    ~500 users
    ~700 mailboxes
    ~400 groups
    Not many computers

    Early stage planning currently, just weighing up my options. There no real structure to it at the moment, and groups have been repurposed many times over, so any documentation we have, can't be assumed good.

    I can find where service accounts are used for actually running services, but I haven't yet worked out a way to find which "service" accounts are in use that get configured within applications (things like ldap lookup accounts, and SQL accounts).

    I'm also struggling with a plan to work out how to audit group membership and a plan to migrate to a Sane (or at least, well documented and process driven) RBAC system for users and access.

    I know what my groups are, but I don't have a complete picture on where/how they are being used in many places. (again, windows stuff, I can report on, but *within* applications, I'm at a loss).

    I'd like to be able to do it without resorting to scream-testing things, but I'm slowly coming to the conclusion that this won't be possible.
     
  2. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,095
    Location:
    NSW
    What kind of groups? Security/Distro?

    Personally that is a hell've system to be rebuilding from scratch.

    I'd go the route i suggested. Create some OU's and once you've worked out your GP's start to sanitise what you have so you can at least get some consistency to your setup. Then once that is done work out your groups and then security accounts. You'll probably find you can consolidate most of your security accounts and do this by auditing them to help reduce the number of them and see what is in use and what isn't.

    Then lastly the fun one, ntfs security groups for directory permissions. Last time i had to do a report for that kind of stuff it ran into thousands of pages long. I cracked the shits and recreated stuff by BU and only a very few folders that were just under that BU folder got separate permissions, the rest all flowed down the tree, unlike the previous thousands of page report where some moron set it to flow up the directory tree.
     
  3. wullieb1

    wullieb1 Member

    Joined:
    Jul 9, 2013
    Messages:
    469
    Whats the VM count before its better getting a Datacenter licence??

    I reckon we're getting f%cked over by our US arm who control our licensing and would like to know what the theoretical limit for purchasing a DC licence would be.

    Any ideas?
     
  4. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,361
    Location:
    Canberra
    With 2016?

    Who fucking knows.
     
  5. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,573
    Using List Pricing estimates for 2012R2 (the licensing model changes with 2016), of 6K for Datacenter and $800 for Standard, break even is about 7 Standard licenses, which allow you to run 14 Guests.

    But

    a/ Nobody pays list pricing
    b/ If you have more than one host that the VM's might be moved to
    c/ What your licensing agreement with Microsoft is

    It is impossible to say.
     
    Last edited: Jan 29, 2017
  6. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,361
    Location:
    Canberra
    2016 DC VL is still 16/24 core packs tho.
     
  7. bcann

    bcann Member

    Joined:
    Feb 26, 2006
    Messages:
    6,095
    Location:
    NSW
    Its the cost of standard vs datacentre.

    Standard last i looked was about 1500 and datacentre was 7000.

    So 10 vms and your better of with dc.
     
  8. Dre_

    Dre_ Member

    Joined:
    May 25, 2014
    Messages:
    841
    What gives you that idea?

    Sounds like you might be under an EA which means SA is also bundled in with the license.

    People often misunderstand the virtualisation rights and get caught out there. Soooooo many people think they're licensed correctly with Standard, when they're waaaaaaaaaay off and DC licensing could have been massively cheaper.
     
  9. sic_vl2000

    sic_vl2000 Member

    Joined:
    Dec 13, 2004
    Messages:
    987
    Hey, looking to pic up a cheap server to do some labs, plan is to run esx and then SCCM lab, with a few clients etc. I've seen some HP G5's around going for less than $200 as well as a few Dells.

    Thoughts on these older servers, I'd be planning to upgrade the ram to at least 32gb.
     
  10. g00nster

    g00nster Member

    Joined:
    Sep 10, 2004
    Messages:
    352
    Location:
    Melbourne
    Check the VMware HCL's - You might be limiting yourself to older versions of hypervisors due to drivers etc.

    I checked last week and it seems that they've removed HP DL3xx G7 from the vSphere v6.5 supported list.
     
  11. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,420
    Location:
    Narrabri NSW
  12. roger895

    roger895 Member

    Joined:
    Aug 27, 2007
    Messages:
    178
    Location:
    Hobart, TAS
    It seems over on reddit /r/homelab the minimum people go for are 11th gen Dells' (Rx10 models), or G6 HP's. Older ones chew more power than they're worth, hence the cheap prices.

    Depends if you pay for power or not...
     
  13. j3ll0

    j3ll0 Member

    Joined:
    Jul 13, 2005
    Messages:
    4,798
    Anyone know how far behind VMware releases Lenovo usually are with their custom isos?

    .
     
  14. OP
    OP
    looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,614
    the main problem with G5's is that their power supplies have a tendency to go pop.
    even while sitting in standby.
    i burnt through about 6 in one year on DL380 G5 that i was using as a test machine at work.

    the second biggest problem with the G5 is that i uses FBDIMM for memory.
    these are as rare as rocking horse shit, particularly in high densities.

    my advice is to get yourself something newer.
    maybe a G7.
     
  15. Luke212

    Luke212 Member

    Joined:
    Feb 26, 2003
    Messages:
    10,179
    Location:
    Sydney
    (on shore) cold storage ideas? needs to be api driven.
     
    Last edited: Feb 8, 2017
  16. mr626

    mr626 Member

    Joined:
    Jul 17, 2011
    Messages:
    2,750
    Windows 10, sysprep, using setupcomplete.cmd to run some stuff on first logon.

    Is there some trick to getting powershell scripts to launch?

    Eg the contents of my setupcomplete.cmd are:

    Code:
    set_powershell_execution_policy.cmd    #set PS execution policy to unrestricted
    timeout 5    #allow time to set PS execution policy
    <full path to powershell> <full path to the .ps1 I want to run>
    
    But the actual .ps1 I want to run on line 3...never runs.

    setupcomplete.cmd is definitely running (have tested by doing some non powershell stuff- works fine). If I manually setupcomplete.cmd, the .ps1 runs fine.

    Any thoughts?
     
  17. freaky_beeky

    freaky_beeky Member

    Joined:
    Dec 2, 2004
    Messages:
    1,169
    Location:
    Brisbane

    Instead of setting the powershell execution policy like that have you considered doing something like the following:

    Code:
    %windir%\system32\WindowsPowerShell\v1.0\Powershell.exe -ExecutionPolicy bypass -NonInteractive -WindowStyle Hidden -File %systemroot%\Scripts\myScript.ps1
    
    And seeing if that works? (The key part is the ExecutionPolicy on the command line, the rest is just icing)
     
  18. mr626

    mr626 Member

    Joined:
    Jul 17, 2011
    Messages:
    2,750
    Ha, I was just reading elsewhere that I could do it all on one line. It's been a while between powershell drinks. Thanks, will try that and report back.
     
  19. OP
    OP
    looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,614
    if you place your cmd and ps1 files in the same directory you can do

    Code:
    powershell -executionpolicy bypass -noninteractive -noprofile -file .\<filename>.ps1
     
  20. mr626

    mr626 Member

    Joined:
    Jul 17, 2011
    Messages:
    2,750
    After some more through testing, I think the problem is with setupcomplete.cmd (or my understanding of it)

    More specifically, it should probably be called setupalmostbutnotquitecomplete.cmd

    My powershell script was running, just not when I expected it to be.

    Because of the nature of what the powershell I'm running needs to do, I need it to run after the user logs in. I was under the impression that setupcomplete.cmd had the same behavior as FirstLogonCommands via the unattend.xml But I know know this isn't the case.

    If I use the FirstLogonCommand / unattend.xml method, everything works as expected.
     

Share This Page

Advertisement: