• A
    Adam Gordon

    Michael,

    I hope all is well. I am not sure if I understand your question correctly, so please advise me if the information that I am providing makes sense after you take a look, and we can clarify as needed.

    Because your VM's tools are "Guest Managed", that means that they cannot be updated or upgraded via vCenter (vSphere Web Client or vSphere client) or directly via the vSphere Host Client.

    Instead, you use OSP''s to manage and update the tools natively from within the Linux Guest O/S directly leveraging whatever update mechanism is supported natively.

    If you are not familiar with OSPs, check out the link below to see what versions are available/supported:

    https://www.vmware.com/support/packages.html

    VMware provides OSPs for older operating systems. For newer operating systems, the vendor or community provides open-vm-tools as part of the operating system, and VMware recommends that you use the open-vm-tools that come with these operating systems. VMware does not provide OSPs for operating system for which open-vm-tools are available. To learn more about open-vm-tools, see the following:

    https://github.com/vmware/open-vm-tools

    This article "VMware support for open-vm-tools (2073803)" has some good summary info on the open-vm-tools, maily the same info to be found on the GitHub Repo that I point you to above, but almost at the very bottom of the article is a blurb about the release schedule for open-vm-tools and being able to subscribe to the list for release announcements, which I would advise you do if you want to stay current.

    https://kb.vmware.com/s/article/2073803

    I hope that helps to answer the question, but if not, please be in touch as needed and I can adjust to help you as needed in a more specific way.

    Good Luck !!!

    Cheers,

    Adam

    posted in General Discussion read more
  • A
    Adam Gordon

    Art,

    Great issue to raise, and a challenge for many organizations today, whether the cloud is in the picture or not. Without having visibility into the specifics of the issue(s) that you would want to address, there are provisions made for these exact scenarios, or many of them anyway, in all of the major cloud service providers PAM / IAM stacks today. Whether it is Microsoft Azure, Amazon AWS, or even Google GCP, all of them offer approximate compliance solutions along similar lines.

    Since you mentioned Azure specifically, perhaps taking a look at the link below will give you a better idea of the large number of roles that are available, as well as descriptions, and if you continue down the list below the roles, a detailed permission breakdown for every role.

    https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/directory-assign-admin-roles

    I have had many of these exact conversations about this issue in the filed, and in classrooms, and there are solutions that will stand up to scrutiny for auditability and validation, but you do need to plan carefully and document thoroughly as well as implement relentlessly through standardized models across the enterprise to ensure that things turn out as required.

    Cloud vendors, especially the big 3, have come a long way with regards to security and compliance alignment in the PAM / IAM area in the last few years. Gone are the days of the "random role" that used to plague us as auditors and cause havoc for customers vis-à-vis compliance. If you pay attention to the details and guidance that the vendor makes available, typically via the security and compliance center, or whatever it may be called, you will have a great place to start from, and the resources that you need to craft a successful outcome.

    I would be happy to discuss specifics with you if you have a scenario in mind, or are looking for advice about a certain approach. Feel free to contact me directly if that is of interest to you, my email is: adam@itpro.tv

    Be in touch if you feel that I can help further. I look forward to hearing from you.

    Good Luck !!

    Cheers,

    Adam

    posted in Security read more
  • A
    Adam Gordon

    Penny,

    I hope all is well. Everything is relative, but having said that, you should be able to get yourself an entry level help/service desk position, or perhaps become a junior/entry level system administrator on a larger team (perhaps desktop or server stack administration), with the opportunity to learn by doing and benefit from a year or two of hands on experience as you hone your skills with an eye towards moving into a more senior position.

    What you need to keep in mind is that you will need to put some time in learning the day to day administrative routine(s) of whatever company you get hired by, and that time you put in will be some of the most valuable time you spend, as it will allow you to become comfortable applying the knowledge that you have, and to learn new skills that you will need to move up and become a more senior IT professional over time.

    If you want to add some additional skills to make yourself more attractive as a candidate initially, try to leverage your python skills with an eye towards scripting, automation and / or security, as python is heavily leveraged for all of these areas.

    Powershell or Ruby or any other scripting languages that you can pick up and show proficiency with will be very very helpful as well.

    If I can be of any assistance, or can answer any other questions for you, please let me know as needed.

    Good Luck !!!

    Cheers,

    Adam

    posted in General Discussion read more
  • A
    Adam Gordon

    Armand,

    I hope all is well. A bit of an issue indeed !!… There are potentially a combination of issues that may be causing this behavior, as you have no doubt surmised based on your research online already.

    Typically it is hard to pin down to a specific issues and resolution unless you do exhaustive testing for every iteration set to find the culprit.

    The usual issues normally tend to be permissions based, as you indicated you are suspicious of already, and can usually be fixed by addressing the inheritance issue(s) that are causing the permissions problem(s) in the first place.

    Try the following:

    Go into the Advanced Security Settings for the C:\Users\Default folder (its hidden by default) and checking the box to "Replace all child object permission with inheritable permissions from this object".

    See if that does the trick. Let me know.

    Good luck !!

    Cheers,

    Adam

    posted in Microsoft read more
  • A
    Adam Gordon

    Dan,

    I hope all is well. I am starting to shoot the VCP65-DCV show this week. It will be made available in the library as we produce episodes, so it will incrementally appear over the next 4 - 6 weeks as we work through all of the material.

    If you have any more questions, please let me know.

    Cheers,

    Adam

    posted in General Discussion read more
  • A
    Adam Gordon

    Giovanni,

    I hope all is well. Ahhhhh, sysprep… I feel your pain. :)

    The good news is that I believe the solution is pretty simple.

    There are 1 or 2 items in the file that may not be set correctly.

    Take a look at the following:

    https://theitbros.com/sysprep-a-windows-7-machine-start-to-finish-v2/

    Read through the steps and the discussion of how the unattend file is created, by section, and the settings used. Pay attention to the stuff in Step 6: specialize AND the stuff further down under oobeSystem.

    I think if you verify what you have against what is shown, you should figure out your issue.

    Please let me know if it works out after you have a chance to take a look and try it out.

    Good luck !!

    Cheers,

    Adam

    posted in Microsoft read more
  • A
    Adam Gordon

    Gaurang,

    I hope all is well. I am confirming, as you requested, what I posted as the answer to Jonothon earlier up in this chain. The timeline is in flux right now, due to some other shows that I have been tasked with completing. However, SCCM is still on the roadmap for me to do, and will hopefully be done right around the end of the year. :)

    posted in Microsoft read more
  • A
    Adam Gordon

    Mark,

    I hope all is well. The short answer is:

    Does Windows Server 2019 have the same licensing model as Windows Server 2016?

    A: Yes, Server 2016 Licensing info is here :

    https://www.microsoft.com/en-us/cloud-platform/windows-server-pricing

    It is highly likely that there will be an increase in the pricing for Windows Server Client Access Licensing (CAL).

    posted in Microsoft read more
  • A
    Adam Gordon

    @waqkas-ahmed said in PowerShell:

    Start-HistoricalSearch

    Waqkas,

    I hope all is well. I think that you have 1 of 2 issues with the syntax for the Start-HistoricalSearch cmdlet above.

    1. It could be a permissions issue that is preventing the export of the actual data, but I am not too confident that this is the issue. You should check the permissions associated with the account being used to execute the script and ensure that you have full permissions for Exchange as an administrator.
    1. the other issue could be that the last part of the cmdlet syntax : Export-Csv C:\report.csv may be the issue.

    Take a look at the following, if you have not already done so:

    https://docs.microsoft.com/en-us/powershell/module/exchange/mail-flow/start-historicalsearch?view=exchange-ps

    I am not sure if the syntax to export is correct, and as a result, I think that may be causing the issue. It does not appear as if the syntax you are using is supported according to the documentation.

    I would read through the documentation and perhaps switch your solution to match the example in the documentation, attempting to use a notification e-mail address instead of the export-csv output and see if that helps.

    posted in Microsoft read more
  • A
    Adam Gordon

    Wilfried,

    My apologies for not seeing this last part of your question sooner. I am glad that everything else with the script worked well. To get any property that is declared and available to output is a relatively straightforward process.

    You would have to find out what the SPECIFIC REFERENCEABLE NAME of the property is, and then call it via the script.

    So, in the script we discussed originally:

    Import-Module Activedirectory Get-ADUser -Filter * -Properties DisplayName,EmployeeID,memberof -searchbase 'OU=Users,OU=CONTAINER,DC=DOMAIN,DC=local' | % { New-Object PSObject -Property @{ UserName = $_.DisplayName EmployeeID = $_.EmployeeID Groups = ($_.memberof | Get-ADGroup | Select -ExpandProperty Name) -join "," } } | Select UserName,EmployeeID,Groups | Export-Csv C:\Reports\ADreport.csv -NTI

    You would modify the line Get-ADUser -Filter * -Properties DisplayName,EmployeeID,memberof

    so that the -Properties value(s) produce the output that you want.

    The full list of all declared properties for get-aduser can be found here:

    https://social.technet.microsoft.com/wiki/contents/articles/12037.active-directory-get-aduser-default-and-extended-properties.aspx

    Please let me know if you have any other questions.

    Cheers,

    Adam

    posted in Microsoft read more