While we all agree the original release of Windows 11 and the 8th Gen Intel CPU requirement was garbage, it's now believed to be understood why this was put out by MS.
MS is including VBS (Virtual based Security) in Windows 11 22H2, which requires an 8th Gen Intel CPU.
Presuming this was MS's intention to include this on day one, but it wasn't ready for mainstream use - makes sense why the requirements where what they were.
@Pete-S said in Windows 11 versus 10:
Sure but I didn't mean that. New OS often requires new hardware which means a new oem license for MS and also new opportunities to sell M365 and other services. I'm sure they have this down to a science.
Actually, that's not true. From windows 7-10 hardware requirements stayed the same or went down.
Win 11 with the requirement for TMP 2.0 is the first new required thing in ages.
@Pete-S said in Windows 11 versus 10:
I haven't had time to run Windows 11 yet.
From a sysadmin's perspective, what is the difference between these OSes?
Or is it just the usual make-a-new-version-so-we-can-market-and-sell-upgrades?
It's definitely not about upgrades - at least not on the OS side. MS is giving the upgrade away for free, just like Windows 10.
And normal people will simply get Windows 11 when they buy a new computer.
As for what's different - they have dumbed it down. They have removed several of the ways that you used to be able to do things. For example, you used to be able to right click on the Start Bar and launch task manager - it's been gone (though, after more than a year, it's coming back).
The Start Bar has been completely rewritten. (FYI it can't be moved to the sides or top anymore)
They have cleaned up a lot more of the control panel options, moving them into the newer Windows Settings.
Setting your own choice of default browser is harder, and not as fully integrated as it was in Windows 10 - i.e. some "browser" features still demand using MS Edge instead of say, Chrome if you make Chrome your default.
@scottalanmiller said in Another new server question:
@Pete-S said in Another new server question:
@siringo said in Another new server question:
Thanks everyone for the thoughts and advice.
This server is going into an environment where what is chosen will, eventually, attract criticism, not formerly, but by way of passing comments.
I would be better to suggest a server with bells and whistles rather than one that did the job and cost less. But with that said, putting in place an overspec'd server would also be criticised.
If I were to select Dell as the vendor, that would be acceptable, Lenovo possibly less so.
I'll use the info from this post and go and take another look at what I can get my hands on.
I think I'll look for something with all SSDs that gives me 4TB of useable space, that's all I need, with some type of disk redundancy.
64GB RAM and a single CPU.
It will run Server 2022 with the Hyper-V role and house around 6 VMs.
I'm open to suggestions.
Thanks again.
CPU
Only needing 64GB of RAM suggest getting an E-2200/2300 series Intel CPU.
That's what used to be the called the E3-1200 series. Entry-level servers with Xeon CPUs that are similar to their desktop i7 equivalent. Up to 8 cores, max 128GB RAM (E-2300).
You pay for 16 cores with Windows so get what you feel is appropriate for the VMs running. But 6 cores is probably good enough.
RAM
- 4 x 16GB is probably your best bet
- 2 x 32GB will also work fine with 100% performance but might be more expensive
SSD
4TB options:
- 2 x 4TB RAID 1 (lower failure rate with only two drives)
- 3 x 2TB RAID 5
If you can get a good deal go for that - whatever combination.
Dell adds 200-300% on their SSD prices though. IMHO only enterprise customers get a fair price from Dell.
SSD price 3.84TB SATA enterprise drive
- Manufacturer $600-$700 (Samsung PM893)
- Lenovo $1,180 (maybe it's a special offer - I don't know)
- Dell $2,172
Server
Dell
- R250 is their entry level range (R240 old model)
- R350 has the same CPU range (R340 old model)
- R6515 (AMD Epyc) if you need more CPU or fast NVMe SSDs
Be aware of backplane configurations. Hotswap ability and backplanes is standard on high-end servers but not on entry level servers.
Lenovo SR250 seems to be their entry-level but it has more advanced option compared to Dell's R250.
I looked quickly but this all seems solid. I'd concur.
The number of RAM modules will depend more on the channels used by the CPUs - assuming you don't want to gimp yourself.
@JaredBusch said in Another new server question:
@Dashrender @notverypunny we have already had this discussion. Do you all have no memory?
The OS is not open for discussion.
nope
@JaredBusch is the machine domain joined?
@notverypunny hit the nail on the head. If you're standing up a new VM host - why go with something that has already been retired.
That said - Someone spouted some crap at me the other day -
it's not dead, just the stand alone product is dead - why do I say that? Because it's still in the Windows Server 2022 server itself. Sure that means you have to burn a license for the host, but meh, that's the cost of doing business
I suppose there could be some argument to be had there... But @scottalanmiller is much better at these explanations than I.
@travisdh1 said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@travisdh1 said in What Are You Doing Right Now:
We're visiting my brother-in-law for the first time, they're in central Minnesota.
not exactly a great time to go there...
No, but better than Novermber or December!
Actually, it's all about the same until Jan... They get some snow in Dec, but they start getting dumped on in Jan
@travisdh1 said in What Are You Doing Right Now:
We're visiting my brother-in-law for the first time, they're in central Minnesota.
not exactly a great time to go there...
@bbigford said in Alternative to never in stock Ubiquiti EdgeMax line:
+1 for Mikrotik for that use case. It gets a ton of hate in small enterprise but for shops that were/are using Ubiquiti, it's a great router option. It's super inexpensive and has plenty of features. They do also make switches.
I've heard the same for TPLink.
@RojoLoco said in What Are You Doing Right Now:
We had a little cold front roll through the south last night. Had to bring all the plant babies inside, and then got to enjoy that distinct aroma of turning the heat on for the 1st time in 8 months. And we have a freeze warning for the next couple of days. Stay tuned for more 80F days coming soon.
24 F this morning at 6:30. We were below 32 a few days ago as well as one day last week. We have a warmup coming
@bbigford said in Tenant disabling of Basic Auth cause OAUTH iPhone to break:
@Dashrender said in Tenant disabling of Basic Auth cause OAUTH iPhone to break:
is it possible to know which method was used when signing in with the native client?
Technically, I think you could dig that out of the Azure activity logs but I haven't really looked into it much (although that question keeps surfacing). But it's not something you'd be able to see on the client side since it doesn't determine the auth, it's just prompted at the time the request is generated so by re-entering the password in settings it'll generate a modern auth request if basic was used prior.
an answer to this question could have been handy so IT could inform those people to re-authenticate to prevent this issue.. oh well.
is it possible to know which method was used when signing in with the native client?
@scottalanmiller said in Miscellaneous Tech News:
But if you are the malicious entity and you are trying to get past security, it's a useful tool.
I agree with this - but that's not what the article said.
@article said
—makes it easy for an attacker with administrative control to bypass Windows kernel protections.
No help for IMAP, but I found this
Notice it says not compatible with Security Defaults. With MS enabling Security Defaults on everyone at some point or another, I don't know if you can choose to just disable it again?
@scottalanmiller said in Miscellaneous Tech News:
@Dashrender said in Miscellaneous Tech News:
@stacksofplates said in Miscellaneous Tech News:
For almost two years, Microsoft officials botched a key Windows defense, an unexplained lapse that left customers open to a malware infection technique that has been especially effective in recent months.
Microsoft officials have steadfastly asserted that Windows Update will automatically add new software drivers to a blocklist designed to thwart a well-known trick in the malware infection playbook. The malware technique—known as BYOVD, short for "bring your own vulnerable driver"—makes it easy for an attacker with administrative control to bypass Windows kernel protections. Rather than writing an exploit from scratch, the attacker simply installs any one of dozens of third-party drivers with known vulnerabilities. Then the attacker exploits those vulnerabilities to gain instant access to some of the most fortified regions of Windows.
It turns out, however, that Windows was not properly downloading and applying updates to the driver blocklist, leaving users vulnerable to new BYOVD attacks.
OK that's definitely bad that they don't block it - but since you're an admin - why do you even care? the article says that the attacker is starting as a local admin.
Installers are typically local admins.
let me ask this another way.
Yes - it's bad that MS isn't blocking something they said they would.
But does that make the situation any worse than it would really be if they did?
the attacker already has local admin - why would they need to install a driver that has vulnerabilities when they already have full local admin control - what advantage do they get they didn't already have?
@stacksofplates said in Miscellaneous Tech News:
For almost two years, Microsoft officials botched a key Windows defense, an unexplained lapse that left customers open to a malware infection technique that has been especially effective in recent months.
Microsoft officials have steadfastly asserted that Windows Update will automatically add new software drivers to a blocklist designed to thwart a well-known trick in the malware infection playbook. The malware technique—known as BYOVD, short for "bring your own vulnerable driver"—makes it easy for an attacker with administrative control to bypass Windows kernel protections. Rather than writing an exploit from scratch, the attacker simply installs any one of dozens of third-party drivers with known vulnerabilities. Then the attacker exploits those vulnerabilities to gain instant access to some of the most fortified regions of Windows.
It turns out, however, that Windows was not properly downloading and applying updates to the driver blocklist, leaving users vulnerable to new BYOVD attacks.
OK that's definitely bad that they don't block it - but since you're an admin - why do you even care? the article says that the attacker is starting as a local admin.
@JaredBusch said in What Are You Doing Right Now:
@Dashrender said in What Are You Doing Right Now:
@scottalanmiller said in What Are You Doing Right Now:
And of course Rogue One, was great. Andor has a lot of potential.
Yeah, it's pretty awesome so far. Sux it's Disney keeping to the ol' television dole out one episode per week.
All of the streamers do that for the biggest name stuff, even Netflix.
I've never seen Netflix do that - but I haven't watched a Netflix series in years....
@scottalanmiller said in What Are You Doing Right Now:
And of course Rogue One, was great. Andor has a lot of potential.
Yeah, it's pretty awesome so far. Sux it's Disney keeping to the ol' television dole out one episode per week.