How to properly implement Access Control Policy.

Several days ago finished my free video seminar. Recording is done in Mongolian. Many my friends, Mongolian IT engineers ask me how properly organize, monitor, maintain assigned permissions to different IT resources (not only shared folder or printer) in accordance with least required access, how adequately conduct Access Control using RBAC. Please share this video with your friends/co-workers – i believe that discussed problem is very common in our IT community.

Follow by this link to watch my video lesson on youtube.Read the rest

INVITATION TO IT SEMINAR

Briefly: how to maintain remote branches computers without visits.
how to format or re-image or backup or restore or repair or monitor company computers over lan, over wan.

We propose to attend our new two days seminar:

Agenda:

  • Windows Deployment Service/WDS
  • pxelinux before WDS for protection by password and booting Linux distributives including ESXi installers, memtest, ghost, Acronis and so on
  • How to netboot MS DaRT/ERD tools to repair/backup remote computers settings and data
  • Unattended installation
  • KMS server for Windows, Office auto-activation during unattended installation
  • free Veeam End-point Backup and Veeam Backup and Replication Server for remote restores
Read the rest

Facts about Active Directory to help understand it and properly use.

  1. AD is the basement/heart/glue for all Microsoft (and not only Microsoft) server products. Almost any Microsoft solution is based on AD as a prerequisite. Therefore it’s common misunderstanding and misuse that AD is considered only as side effect (or even as lesser unavoidable evil :)) of implementation of other Microsoft systems like MS Dynamics NAV, Exchange, Lync, Sharepoint. It means you cannot install Exchange without pre-installation and pre-configuration of AD. As a result of a such wrong approach to AD many companies don’t use Active Directory appropriately, some of them completely don’t understand what is the main role of AD
Read the rest

iMac and macbooks in Windows environment, why you better integrate them.

The main reason why you need to limit end-users on Windows and Mac computers is the same – much longer periods of stable, guaranteed work with less maintenance overheads.

Recently i see more and more companies which ignores that principle. Mindlessly MacOS is considered as more stable and protected by default without any needs in extra efforts. But if you don’t deprive end-user rights for full system configuration as you do for Windows computers you can get really bad problems. The most unpleasant one is when you got a blocked computer with unknown EFI firmware password. On modern models of

Read the rest

Protect your linkedin, facebook, gmail, microsoft, dropbox and other accounts by 2fa.

Have you ever lost access to your linkedin, microsoft, skype, yahoo, twitter, facebook IDs? Do you know what pain is it to restore access? If the answer is yes, then you know what i mean. #2fa is what you need.

There are a lot of hardware and software keyloggers to steal your credentials (username and password). In this article i am going to give you some initial recommendations how to protect your internet accounts.

The most widespread type is surely software keyloggers inside various viruses and other malware, so good antivirus is first defensive line. Just don’t relax too early, … Read the rest

GAL/Global Address List without Exchange

One of the most useful features of Lotus, Exchange and so on is Global Address Directory which can be centrally maintained by IT team or delegated HR user .  GAL makes company email, phone contacts lists more adequate, freshly updated and as result more trustworthy, with less mistakes unlike manually updated on each user Outlook (after regular mass email with updated contacts for everybody in organization. Such multiple updates finally completely mess up all contacts, multiple NDR and returned email)

Advantages of GAL:

  1. new employee immediately has access to the latest updated company contacts
  2. no need manually for each user
Read the rest

Register to new IT seminar. Bootcamp for SMB IT sysadmins.

Building from scratch SMB IT infrastructure. Common mistakes, pitfalls.

Intro:

This seminar was designed for IT sysadmins, IT engineers who needs to systematize own field experience and fill the gaps in practical and theoretical knowledge. The agenda of seminar deliberately organized to embrace as much as possible practical skills, specifics from real life needs in Mongolia. The topics which included in the seminar are missing in other official courses or too spread over different resources and never before collected in a such way in one place interconnected.

[spoiler effect=”blind”]

Other our courses are more formal and official, but this one … Read the rest

Video how to use Monuni v1.0 on one computer for multiple Windows users

It’s highly recommended to avoid assigning to ordinary user excessive rights. A such limitation considerably reduce that workstation maintenance time and efforts, creating more stable and predictable work environment.
But on other hand it’s very common that many sysadmins provide LocalAdmin rights justifying themselves that legacy programs stop working without elevated rights. It’s one of the main reasons when Active Directory implementation projects misstep.

In fact there are several resolutions for a such situations. One example is demonstrated below:

Monuni v1.0 program.

Purpose: to convert old style win1251 encoding text (created by Monkey, Monwin and others) to Unicode text directly … Read the rest

Some considerations about what is highly preferable to have for SMB companies in Mongolia:

 

1. For central office to have at least small server room – dedicated isolated room with at least consumer Air Conditioner [better japanese – about 1500000 mnt + installation fee]( when you use only RACK without server room – too loud, physically not secure even for locked RACK [anybody can hit or collide with RACK and shock damages hard drives], too much dust which will clog all fans and as consequence rise of temperature, fan speed, even more noise). Size is at least 2×2.5 meter to place RACK and be able to go around it, room door better Read the rest

Advantages and disadvantages of Dell Optiplex as a cheap server for SMB.

 

pros:
1. considerably cheaper, more affordable
2. small size
3. later can be re-used as usual workstation

cons:
1. not so reliable as a real server
2. weak redundancy
3. not supported by vmware and so on
4. no real RAID, only fake intel matrix raid.
5. not so high quality of internal parts and so on
6. if to compare with Dell PowerEdges – no lifecycle controller, idrac and so on (poor remote management)

But what justifies such compromise approach:
1. i7 cpu is not so good as recent Xeon, but very close by performance (good enough for

Read the rest