"I've been told our website needs more hashtags"
ffffffffffffffffffffffffffffffffffffffffffffffffff
Migrating a broken, sprawling 2012sp2 SCCM to a shiny clean fresh 1706 setup with less servers, more forests and less shitty design decisions.
kill me![]()
Please don't teach me what to do with my pc.
We are looking for an SCCM replacement, but we don't need everything. Realistically I'm looking for something that can do patch management (asin like with SCCM where you can define an actual window to patch in, we will still use wsus to push them thats fine), application deployment and asset reporting (ie, what machines have what software installed). If it can do the compliance stuff as well that would be awesome but its not essential. Doesn't need to be free, but cheaper than SCCM would be good. I'm fine with scripting and working out how to get packages to deploy, I'm not fine with overly fucking complicated interfaces for absolutely no reason.
Does anyone have any ideas? I was honestly thinking of trying out puppet for the lols (and because I wouldn't mind learning puppet) but this is for an actual company and im not sure how they would feel about me taking 3 months to learn a new install system this complicated.
Originally Posted by lubica
For patching, i gave up with 'everything' a while back and just use WSUS with a few different GPO's.
Desktops are set to autopatch/reboot around 3am, with SCCM power management waking the machines up around that time and 2nd line engineers have rolling jobs to chase down unpatched machines.
Most servers are set to autopatch from midnight, with only super-critical Databases + VDI connection brokers done manually.
Is SCCM expensive then? It's free for us \o/
The architecture rebuild i'm doing is reducing this lot:
- Central site server (+ Db Instance)
- site 1 primary site server, 2x deployment servers, update server (+ Db Instance)
- site 2 primary site server / deployment server / db instance +1 deployment server
- site 3 primary site server / deployment server // db instance +1 deployment server
to
1 primary site server / deployment server / database
4 distribution points indifferent buildings.
![]()
Please don't teach me what to do with my pc.
Its free with software assurance. You can buy intune at $6/user/month and get it as well, or you can pay outright which no one ever does. We don't have software assurance because it's a small company (50ish people). Currently everything is manually installed which means we have all various versions over all the machines and nothing is consistent..
Originally Posted by lubica
Viking, n.:
1. Daring Scandinavian seafarers, explorers, adventurers, entrepreneurs world-famous for their aggressive, nautical import business, highly leveraged takeovers and blue eyes.
2. Bloodthirsty sea pirates who ravaged northern Europe beginning in the 9th century.
Hagar's note: The first definition is much preferred; the second is used only by malcontents, the envious, and disgruntled owners of waterfront property.
PDQ Deploy (along with PDQ Inventory) still seems to be a thing. There's a free version, so that can be even properly tested: https://www.pdq.com/
I personally have no expereince with it, but saw it mentioned often, when similar requests came up.
I think I tried pdq and it wasn't great.. That may have been one of the other things I've tried though.. So much random testing..
We are probably going with jamf to manage the macs though because it's pretty good, so that's one less thing I need to worry about.
Originally Posted by lubica
Jamf is the only game in town for mac management.
Today in weird SCCM shit you find out 10 years later:
DHCP options are officially deprecated as of years ago, and a single line in the switch config per-vlan to add an extra bootp helper makes reams of DHCP configuration redundant.
Please don't teach me what to do with my pc.
Is anyone following the Trustico fuck-up? It's so bad that it's comedic.
Cert reseller decides they want to revoke 50k Symantec certs.
DigiCert tells them "nope you're not the cert holder, so we can't do that without proof of compromise".
Trustico's CEO promptly e-mails them 23k private keys as an attachment.
DigiCert goes "What. The. Fuck." and promptly revokes the certs associated with those keys, seeing as Trustico just definitively proved that they were compromised. DigiCert also e-mails the cert holders notifying them that their keys were compromised.
Trustico's CEO throws a fit and claims that DigiCert had no right to e-mail their clients.
In the ensuing discussion, someone notes that Trustico's key creation page runs a lot of third-party ad-serving JS, and that this could potentially expose keys.
In the spirit of curiosity, people take a closer look at the site.
What's that? No input sanitization at all? Whoops.
Root? Oh dear.
And now Trustico's website is down.
I thought what I'd do was, I'd pretend I was one of those Thukkers, that way I wouldn't have to have any goddamn stupid useless conversations with anybody.
Failing the Voight-Kampff test, one tortoise at a time.
Cert resellers are middlemen. They (theoretically) do all the heavy lifting of getting an SSL certificate for your site, so you can use encrypted connections for stuff like online commerce.
And thanks, it's been a while.
I thought what I'd do was, I'd pretend I was one of those Thukkers, that way I wouldn't have to have any goddamn stupid useless conversations with anybody.
Failing the Voight-Kampff test, one tortoise at a time.
Well they did ALL the lifting for you, right from getting you the certificate, to verifying the customer, to getting your certificate compromised. What a deal!
I'm going to assume if the site has been running as root and just randomly executes code, its been compromised for a while now.
Originally Posted by lubica
Bookmarks