* Posts by david 64

38 publicly visible posts • joined 22 Jun 2009

It's a Bing thing: Microsoft drops plans to shove unloved search engine down throats of unsuspecting enterprises

david 64

Re: Anyone willing to bet...

AKA a Microsoft Account.

Boffins blow hot and cold over li-ion battery that can cut leccy car recharging to '10 mins'

david 64

Wireless charging

Perhaps once the tech has matured enough and time has rolled on, there will be the future-equivalent of a wireless charging pad built in to the parking space surface, so you just park up, go into the services and do whatever, while your vehicle is charged wirelessly.

To get even more futuristic - perhaps these kind of wireless charging capabilities could be built in to roads themselves in future. You could have a 'charging lane' or something like that.

Gosh it's naive of me to think this country could organise that.

Official: Microsoft will take an axe to Skype for Business Online. Teams is your new normal

david 64

Re: Teams

Unfortunately, don’t be fooled by the ‘machine-wide installers’ that they use. All these do is drop the (mostly) same old installer in Program Files on your master image, which is then run by end users who log on. When run by each user at logon, it just installs the product into the user profile the same way the standalone installer does.

So no different but an easier way to deploy the same tool the same way to users of golden VDI images. End result is the same.

david 64

Re: Teams

Sure I get you. I think we are mostly on the same page :)

Application control (from whichever vendor, we happen to use Appsense but there are others) is an absolute base requirement these days as you say. Application control shuts the door on all your concerns.

eg. 'a user downloading a file and running it from their profile'. The user doesn't download a file - a process does, running as the user (or another user). So you use application control to prevent, say, chrome.exe from writing to <wherever>, or excel.exe, or whatever. Why should chrome.exe get to write to the Documents folder? Or the Appdata\Local\<anything-other-than-Google-subfolders> folder?

Then to combat a user running a piece of code they downloaded (or side-loaded somehow) - application control will stop that. Why should the user be able to run any old code? As you say - they shouldn't. So we don't let them right? You've alluded to certificate-based validation of exes which is one way. Say they want Teams - we let them download and run Teams, and teams only, and then we let the teams.exe process run the meeting-addins, etc. and so on and so forth. We configure it tight.

Obviously i'm simplifying things as you know :)

I think we are on the same page.

Just my point is it really doesn't make any difference which part of the disk it is downloading to and running from, when an application control product is in control. Thus - who cares how Teams\Slack\Whatever installs - we just manage it with application control, and roam it and it's personalisation data around a server farm with UPM\FSL. Happy users.

I wish I had bloody shares in an application control company the amount i'm bleeting on about this :)

david 64

Re: Teams

"Teams will have to copy a huge slug of crap back in again on each login."

Stop using 'legacy' profile management like Citrix UPM that copies hundreds of files, (or thousands in badly-configured environments) at each logon and log off - utilise your brand new shiny entitlement with MS, via your RDS CALs, to use FSLogix profile containers. There is no file copying at log on/off.

It is free to you.

We are currently mid-migration from UPM to FSLogix so this is the voice of experience :) You will wonder why you didn't do this sooner.

Citrix have started doing a profile container too if you prefer to stay with Citrix for profile mgmt.

Watch your logon times drop through the floor. It is quite a revelation :)

Also you can use the FSLogix Office Data File Container to enable fully managed, roaming Outlook cached mode to your Xenapp users, so you can stop the PAIN of Outlook online mode, or the semi-pain of SMB-hosted OST files.

Do it :)

david 64

Re: Teams

Out of interest, what are your issues with applications in the user's profile?

(Like most reg readers I've worked in IT a long time so I'm familiar with many of the classic responses to that question). eg.

*Users can download and install apps themselves : Use application control, now they can't.

*Profile bloat : all VDI shops use a profile management solution that helps you manage profile bloat, be it UPM, UEM, FSLogix etc.

*Files can be downloaded and overwrite genuine files : use application control, now they can't.

The profile is just 'a piece of disk', but it happens to be one that roams with the user. Permissions aren't hugely relevant because - application control. If you view the 'user profile' as an area where the user has full read\write, unmanaged access to save and execute whatever they want, then sure I can see the problem.

Application control is the key - doesn't matter what NTFS permissions there are, or what process is trying to do the reading\writing - application control has a vice-like grip on it all. I'm not trying to say it is a utopia, it needs careful thought and implementation (like the rest of our IT systems).

Alternatives are:

1. Say NO to these apps your users\business needs, because 'SECURITY'.

2. Use your weight with the application vendors to have them see the 'error of their ways' and change the way they package and deploy their applications.

Or - accept it, you can't control what business critical (or non-critical) app your users will need next week, or how it is packaged\delivered, but you can ensure you have an IT environment that is capable of dealing with it whatever it may be.

I suppose different approaches to the same problem.

None of us want to work in an IT team that just says 'No' to everything all the time, like we did in the 90's/00's. We have technology these days that should enable us to say 'Yes!' a lot more now :) Or- maybe 'Yes!, but......'.

The real reason I think for the move away from MSI (VSTOR, C2R, Squirrel etc.) is WVD, full-on user virtualisation in Azure (hence FSLogix purchase), flexibility for software deployment on-the-fly, no reboots, self-updating apps etc. Sounds good right if we can manage it effectively!

david 64

Re: Teams

I don't disagree with you but our world is changing, and the expectations of, for example, non-persistent VDI environments are different now than they were two years ago. Today's users need to perceive a more flexible environment, not the rigid IT delivery of the 00's - if we don't provide them with what they need they go 'shadow' on us.

#quote: "There's no such thing as Shadow IT - only your users telling you what they need.".

We also use Teams on XenApp - it (like other modern software) just requires a different way of managing it. We use for example FSLogix to containerise and roam while maintaining performance, and use Application Control (in our case Appsense) to permit\deny anything from anywhere. Trusted Ownership FTW.

Teams, and it's ilk (eg. Squirrel-based installers into the user profile) - are here, and here to stay so we need to adjust how we deliver. A 'bag of shit' it may be now, but it won't be long before everyone wants\needs it and we as IT need to have an answer other than 'No' - otherwise: GOTO #quote.

IMHO. YMMV. et al.

HPE: Since y'all love cloud subs so much, we'll throw all our boxes into GreenLake by 2022

david 64

Re: “Everyone recognises that customers want technology delivered as a service,

Snap.

Even factor in Office suite and it gets no better. Office 2016 vol + Exchange on prem (+ multi-site DAG, hardware, backup) is still less than 1000 E3 licenses, even by year 3 let alone year 5.

Sure you don't get the cloud services of O365. But like many mid-sized orgs down here in the real world, our lot can't see past "all we need is word, outlook and excel".

Not a reflection on the tech or the model necessarily - more the pricing :)

Small business (<300 seats) things look a bit better.

Have I Been S0ld? Troy Hunt's security website is up for acquisition

david 64

He has some very interesting blog entries on how he has setup and run this service, eg. obscene performance on Azure table storage. Worth a read even for the interested.

https://www.troyhunt.com/working-with-154-million-records-on/

We like transparency and we're a CA, hackers hack all night and we log all day

david 64

"It’s only six inches...

...but it makes a big difference.”

*Snigger*

Microsoft reckons the accursed Windows 10 October 2018 Update is finally fit for business

david 64

Re: 1809

I must be lucky. We have done scores of Dells. A handful of manual upgrades from ISO. The rest via WSUS. Many via WSUS with 3rd part full disk encryption active (McAfee). So far so good.... I will count my blessings.

Welcome. You're now in a timeline in which US presidential hopeful Beto was a member of a legendary hacker crew

david 64

Ah BackOrifice

Popping open some random guy's CD-ROM drive, waiting 60 seconds, the opening it again, repeatedly, imagining the look on their face on the other side of the Internet.

The innocent and simple pleasures in life :)

Microsoft changes DHCP to 'Dammit! Hacked! Compromised! Pwned!' Big bunch of security fixes land for Windows

david 64
Thumb Up

Re: MS DHCP - just say no

"I agree with the 'just say no'. The MShaft DHCP server is WORTHLESS. I just use bind for DNS with isc-dhcpd on a Linux or FreeBSD box. It has worked for me for nearly 2 decades, and was relatively painless to set up with a short RTFM session."

Thanks for:

1) commenting so eloquently on something you demonstrably know nothing about

2) firing out the 'it's worked for me for 20 years, it must be fine' classic

3) taking the time to do both in a public IT forum

Brightened up my day.

Only plebs use Office 2019 over Office 365, says Microsoft's weird new ad campaign

david 64

Re: What's lower than plebs?

Peons?

Windows Server 2016: Leg up or lock in?

david 64

SA is relevant to larger organisations who have take DR seriously and need to failover hundreds or thousands of Windows VMs to failover sites. Instead of licensing for the primary physical virtualisation hosts, and the failover hosts, you only pay the SA percentage on top to license both and can failover at your leisure.

To the small fry with 5 Windows servers and a couple of old Linux boxes who think they're Mr Robot, the real benefit of these 'outrageous' and 'extortionate' licensing schemes is not something easily grasped.

That's not to say I disagree with the terms 'outrageous' and 'extortionate' with respect to some MS licensing (ahem SQL server Ent ahem) - just that their offensiveness is dynamic based on the scale at which you're looking at these costs.

ROI calcs, based on hard facts not Utopian whims, can often have surprising results....

I also believe that you can run a medium-sized enterprise's IT environment, from desktop through apps to servers and virtualisation, a lot cheaper using MS Windows over, say 5 years, than attempting to run a purely non-MS shop of the same scale, with the same requirements, same results, same end-users IT literacy (lack thereof) - mainly because I believe this sort of environment can be built and run by a smaller, cheaper IT technical team than an equivalent *nix environment.

Reminds me of the classic adage: "Linux is only free if your time has no value". Of course things have moved on a lot since that phrase was coined but in terms of enterprise requirements (not a farm of web servers, or containers, or Facebook\Google, or specialist requirements - real-world enterprise log-on-and-do-your-work environment), you buy MS Windows and hit the ground running. Fast.

MS know what these companies want and expect from their IT and IT staff, and what they're prepared to pay for it. And yes stretch it a bit. OK a lot.

Of course this is just now, and will change over time. And that is a great thing about our industry right?

Want a Windows 10 update? Don't go to Microsoft ... please

david 64
WTF?

What's the difference - really?

You think when your machine downloads an update, it comes from Microsoft's own servers?

One word - Akamai.

They must pay an awful lot of money to CDNs like Akamai to globally\geographically distribute the vast number of TBs of data all their products consist of.

You didn't think that every installation of Windows across the whole world downloaded updates from a single server\cluster in Redmond somewhere, right?

To me, they are just swapping out a long-standing CDN infrastructure for a new one. You still download your update bits from "someone else's computer" as you have done for years.

So what - in reality - is the difference?

Objectively it makes sense to me tbh and i can see how it might save them a lot of money, with - realistically - negligible impact on customers. A bit crafty\cheeky though I suppose!

Yes there are some large updates. No your pc might not cache all the pieces of a full update necessarily. Yes you can control it. Yes you can turn it off.

eg. https://4sysops.com/archives/windows-update-delivery-optimization-wudo-in-windows-10/

re: Network\Bandwidth, WU has been using BITS for years without issue\uproar over bandwidth??

In corporate where you have little pockets of computers distributed nationally\internationally, and unlikely to have WSUS in each site, this will clearly be a beneficial option to the administrator.

GPOs provide control over the type of remote computer your machine pulls updates from - eg. local subnet, AD-site based, Internet etc.

Interestingly it apparently might be relevant to the borked WSUS CU issues with 1607. "This is a bug in the Windows client that will be fixed in an upcoming cumulative update." Hmm.

Agree it could be nice for the tin-foil hat brigade if there was a clear gui-based method to disable this 'new' functionality (ie. CDNv2) and revert back to the old way (CDNv1). But then that would require MS to keep paying Akamai, thus negating any financial gains (which is what it is all about) of moving to this new approach.

IMHO - much ado about nothing.

We're not looking for MH370 in the wrong place say investigators

david 64

Re: everyone [..] wants [..] a better chance of it not happening again

Aviate, Navigate, Communicate.

vAdmins vJoice! vSphere finally gets a modern web client

david 64

... Which is ironic as the thick client isn't exactly responsive and smooth......

But I know what you mean.

Hey cellcos: Guess who's got your backhaul still? That's right. Big daddy BT

david 64

Extending Layer 1 into the cloud. The spook's dream.

Citrix really needs to get its act together, and soon

david 64

+1 for Netscaler.

Gonna RUB MYSELF against the WALL: Microsoft's Surface Hub 84" monster-slab

david 64

...And after all......

@elreg - they'll be missing a big trick if they don't use that song in the marketing!

Pull up the Windows 10 duvet and pretend Win8 and Vista were BAD DREAMS

david 64

Fud, Fud, Glorious Fud!

LMGTFY - "windows 8.1 setup without..." oh look there it is in the drop down.

IT bods: Windows XP, we WON'T leave you. Migrate? Chuh! As if...

david 64

Re: I believe it

I'm arguing with some of the statements posted previously, namely that:

Win 8.x requires an MS account.

Win 8.1 is an upgrade only.

Win 8.1 can only be installed from the MS store.

I'm saying they are not true (because they aren't). Of course there are use cases out there where people will be upgrading Win 8.0 to 8.1 through the app store, with their MS accounts, on WinRT, while standing on one leg. Naturally. But to come on to an IT Pro site, making statements like those above in such a way as to make them sound true, is not fair to anybody reading it.

Personally - I don't care how those people are going to upgrade. There'll be someone somewhere ready to make a fast buck out of helping them with their upgrade i'm sure. From an enterprise perspective however.....

"Show me the local account option there. You know, in spite of it being an upgrade to a (virtual) machine which was primarily run on a local account."

Honestly I can't answer that question with much authority, as I haven't upgraded 8.0 to 8.1 using an MS account through the app store, as I think you might have gathered..... :-) However, in the 'don't-piss-our-business-customers-off' edition (which in my case is called, erm, Win 8.1 Professional and which I suspect is code-wise exactly the same as every other edition other than the SKU\licensing differences), when upgrading from 8.0 or fresh-installing 8.1 (I have done both) you are prompted to sign in with a MS account during OOBE\mini-setup, you click 'Create a new account', and then when the new account sign-up form appears, you click, cunningly, 'Sign in without a Microsoft Account'. Rocket science... I'm not trying to say it's the most intuitive thing ever - but it's there in plain sight.

To argue I upgraded using an MS account, by virtue of the fact my ISO came from MVLS, is pretty weak!!

david 64

Re: I believe it

@M Gale

Wow! It's not a store download only, nor is it an upgrade only (technically - marketing wise it might be). Where does all this FUD come from!

I got the Windows 8.1 ISO from MVLS and did a clean install to a blank hard drive. Just like all it's predecessors. Next, Next, Finish. I don't understand the confusion here?

MS store - I don't have an MS account (MVLS account is corp, not mine), yet I managed to install 8.1 fresh.

I'm posting this from said Windows 8.1 Pro install, which - for the sake of clarity - I downloaded the ISO image of from MVLS, installed clean onto a blank hard disk drive, created a local user during setup, logged in and joined to an AD domain - all without having to use an MS account, hack around anything or 'go into the control panel' or anything! It's almost like it's just the same as Windows 7!! (but we can't say that round these here parts else we're liars and heretics!).

Try it. Just get the ISO image, create a VM and boot the ISO. Run through setup, same as Win7 etc., and you'll see what I mean. Try it. Go on. Then come back here and post the results...............

You don't have to like Win8, you certainly don't have to use it. Personal opinion and taste of course., horses for courses always. But these points we're arguing about are facts, they're not open to the interpretation of personal opinion. We should get our facts right when discussing in a public forum, that's all.

david 64

Re: Those who have gainsaid me

@stevenroper - No you're just spreading FUD. Our industry doesn't need any more of it, there is enough already. Other people read this as if it is factual information, and then go off assuming and\or spreading the same rubbish. I don't care whether people buy or use Windows 8 or 9 or 21 or whatever. MS have enough money, I have no interest in them making any more, i'm not a shareholder or employee. It annoys me however to see crap like this come from a fellow "IT professional" . Same applies to all the Apple bashing and Freetard calling etc. Just wish people would get their facts straight before jumping on the bandwagon. Sadly, the people who gave you twice the upvotes than downvotes are similarly minded - if they had used it themselves, they wouldn't be giving you upvotes would they.

Criticising any product because of some issues with a *beta* 18 months ago seems a bit strange too doesn't it, in our industry?

david 64

Re: I believe it

Two or three clicks during mini-setup to avoid using an MS Account pal - did it earlier in the week. It is a bit sneaky though i'll grant you that.

No need to sign into MS account at all during any stage of installation, setup, or use.

david 64

Re: I believe it

@steven roper - quality gibberish there. Clearly no idea what you're talking about!

re: Microsoft account. Not needed in 8.0, not needed in 8.1.

re: installing software. Have you actually tried to install software like you would expect to? Or are you referring to WinRT on Surface?

re: cloud storage. Been using 8.0 and now 8.1 since launch, i have no cloud storage from anywhere (i think my icloud account might come with some but i dont' use it). I see no references, pop ups, nags etc. to coerce me to use cloud storage? I have a c: drive - it lets me use it like all the previous versions of Windows. Where are you being "constantly pushed towards unwanted cloud storage"? Maybe i downloaded a different version to you.

re: ownership. I know this is hot in the industry, fair enough. But my experience of 8.x suggests no transfer of ownership of my hardware, OS or data. Yet anyway. Other than rhetoric, where and how is Windows 8.x urging you to move your data to the cloud?

re: walled garden - you really haven't used it have you. Unless you're talking WinRT again.

re: constantly monitored, logged and spied on. Sure another hot topic, but do you feel Win8.x does this any more than say OSX Mavericks or iOS? (if you use them), or your OS-independent broadband provider at home?

Availability - got my 8.1 from MVLS. This is an IT pro site right? App Store schmapp schmore.

Installed fine, OOBE does admittedly try to trick you into signing up to an MS account, but two clicks get you round that and using a local account as per the last 15 years. Join to domain, wham bam. It's windows 7 but faster. Really don't see what all the fuss is about TIFAKMSJUDJEHZ and all the other stupid stuff people moan about it. None of it matters - it's a means to an end, a tool to do a job, the job being the important thing right? It's not a religion.

Try it - it's pretty good. Win 7 on steroids.

I think a alot of confusion comes from MS\Windows trying to be all things to all people. As a sysadmin dealing primarily with vsphere, windows\AD\Exch\SQL and supporting technologies, it ticks all the boxes for me (like 7 did, like Mavericks does, like Xub 13.10 does). Tool to do a job.

If you're an IT pro put off by the new start menu and not booting straight to desktop, then i think you're in the wrong job...

Still - i will admit.... doesn't come close to MBP with Mavericks for a bit of couch-based slickness at home :-)

NSA Prism: Why I'm boycotting US cloud tech - and you should too

david 64
Stop

Erm.... Magna Carta, Shirley?!

NASA chief: Earth is DOOMED if we spot a big asteroid at short notice

david 64
Stop

Simple

Save the Cheerleader.....

VMware vSphere Enterprise Plus: An El Reg deep dive

david 64
Thumb Up

Re: Good article

I know they do starter kits and acceleration packs and all that - but I agree that a clearly defined, discreet, *reasonably priced* package for SME's with no hidden costs a la MS SBS could only be a good thing right?

david 64
Thumb Up

Complicated install? For the 'next, next, finish' guys sure it might seem complex when it doesn't just install. This is core infrastructure software that provides the basis for our customers' IT services - there can't be many techs worth their money that go at something like this without a pot of coffee, a shut door, google and a big pile of PDFs printed out....

IMHO! Nothing personal - just a bug bear of mine about our industry.

DRS available in Enterprise, S-DRS only in Ent+.

Doing a 5.0 to 5.1 upgrade this afternoon - only a small one though. SRM included. Fun fun fun.

Thanks for the article Trev!

Curiosity parks for a day, looks back in wonder

david 64
Go

Re: "The little rover that could"

Gingers have souls.....

Apple cofounder Steve Jobs is dead at 56

david 64
Meh

Yes as somone wiser than i once said, "Great men are not always great men".

I'm no a Apple\Jobs fan - but the guy deserves respect for his achievements.

RIP Jobsy.

Engineer commits suicide after losing iPhone prototype

david 64

They should call the next iPhone....

... the iPhone Sun.

NASA orbiter returns first shots of Apollo moon sites

david 64
Go

I for one...

... think it's awesome. cool as f***. well done the human race. onto the next rock now eh.

Orange UK exiles Firefox from call centres

david 64

ie

our users don't have rights to install anything.

we insist on ie simply for centralised and managed patch management. don't give a hoot what the users think, we need to be able to apply patches across the board quickly and reliably. hence we stipulate (and force) ie.

we use wsus to standardise on ie7 - contemplating the ie8 rollout, we've been using it in IT since its release and has caused no issues with our internal web apps or anything else. so guess will be rolling that out soon.

if mozilla release some sort of centralised updating mechanism that corporates can use to reliably and quickly update all firefox installations across our wan, then we might take it a bit more seriouly as a corporate tool.

personal opinions and preferences aside, my employer employs me to keep things as secure and manageable as possible.. rightly or wrongly, at the moment, that is ie simply due to manageability (gpo\ieak) and patch management (wsus).

bye!

Glasgow unbans Life of Brian

david 64
Happy

"Jehovah Jehovah Jehovah!"

That scene above "Thwough him to the floor \ Bickuth Dickuth" is pure genius. Watching Palin desperately trying to keep it together.

Epitamy of British comedy IMHO, and still stands proud to this day.

My other faves:-

"Conjugate the verb 'To Go'" - Romanes eunt dormus http://www.youtube.com/watch?v=IIAdHEwiAy8. Horrifyingly similar to a particular Latin teacher i had a school....

And the 'Jehovah' sketch at the stoning with Cleese. Brilliant.

Will be spending the rest of the afternoon watching clips on youtube now methinks! Thanks reg!

KCOM hands network management to BT

david 64

But the question is...

... do we still have to deal with these utter w@***rs to provision a DSL connection in the Hull area?

Or can we use BT now?