Solution for a NAS acting as "lightweight" active directory going wrong

nlinecomputers said:
Then what ARE you saying?
Click to expand...
They have office365. I guess, looking at it now.... they basically HAVE to have a stripped down version of what @YeOldeStonecat mentioned.

I had thought (and perhaps it USED to be this way, but has been changed and rebranded) that there was an O365 offering similiar to the home use / family plan but for business. Higher cost, but you get actual customer support and so on. And legal to use in that setting.

From what I see here, it's the $6 per seat option. They have 6 users on that, including the two in the A and B wallpaper situation. I've harped on them forever, but even their office licensing situation is a bit messed up. 6 users on O365. 8 more on some version office 2013 professional plus or 2016 pro plus that were bought outright via key code at local big box, and 2 or so using just libreoffice.

Going the 0365 biz route just seems to solve a ton of their problems. If I can talk the owner down off the ledge that he thinks "going cloud based" is.
 
@brandonkick Never in the history of M365 services have any of the for business use licenses been "sharable".

You've always been required to have an account per user, and a license per user.

Oh, and it's not $6 / month, that's if you agree to an ANNUAL commitment. It's $7.20 / month if you want to keep it month-to-month.

If you do the annual thing, you can add licenses, but you can only remove those licenses once a year, within a week of your renewal date. If you do the month-to-month thing, that week happens once a month.

So what you have is a customer in violation of the licensing agreement, which is a full stop no support until you fix it situation. Any other pathway on your part, will potentially get you sued. Not to mention to be frank... you can't "fix" the problems they are having until this is corrected.

I repeat... RUN!
 
@Sky-Knight
@nlinecomputers

This is exactly what I'm trying to say. They are "sharing" the account in the sense that all their licenses get billed to the same business, same credit card. They each have a seat paid for. It's no violation of any TOS. If there is wrong doing, it's my butchering of the English language and a failure on my part to properly articulate the situation.

All I was going for there was that I thought, somehow, it may be possible for this wallpaper shows up on another users machine (literally a photo of a buck that one guy shot and had mounted on his wall) was because they were both utilizing O365. It's one thing in common between these two users, that not every other user has in common. Not all users at this business have O365 licenses. There are only local user accounts, no roaming profiles, and besides being on the same LAN, they also both connect to the existing synology NAS. That's what these machines have in common.

I was simply going through all of the ways which were even remotely possible for a guy in another part of the office to set his wallpaper to the picture of the buck he had mounted, and somehow, some period of days later, it replicates to another user in another part of the office.


Pardon my poor use of the term "sharing". Maybe utilizing would have caused less confusion. I apologize.
 
Then you should be aware that "account" is a technical term that refers to a specific entity that represents a single human user.

A "tenant" is what holds all the users. The tenant has a bill to pay, the accounts do not.

But even then, one must always be careful because there is no sharing accounts. Each human gets their own. If you need shared access to some data, there are means to do that separately.

I too use local Windows accounts for most of my clients, and I do this because the AAD accounts cannot really be used for sharing, or direct RDS access. And when you do these things you learn really quickly to never reuse that local windows account for a new employee that shows up. You make a new one, or you will have issues.
 
Sky-Knight said:
I too use local Windows accounts for most of my clients, and I do this because the AAD accounts cannot really be used for sharing, or direct RDS access.
Click to expand...

I don't do file sharing across workgroups anymore really, esp if the client is in 365 (we have Teams/OD for that). But I did have to look up file/printer sharing across workgroups for a unique printer setup a client had. For the share permissions, if setting up a workgroup with AzureAD joined workstations, the share permissions would be to
azuread\joecool for example.
 
YeOldeStonecat said:
I don't do file sharing across workgroups anymore really, esp if the client is in 365 (we have Teams/OD for that). But I did have to look up file/printer sharing across workgroups for a unique printer setup a client had. For the share permissions, if setting up a workgroup with AzureAD joined workstations, the share permissions would be to
azuread\joecool for example.
Click to expand...

I do this for Quickbooks, and other LOB apps that must work that way. Basically turns someone's workstation into a server for the LOB app. The app itself stores its data in a Sharepoint vault via Onedrive. Backups scripted via RMM to move data into another vault.

And people need to be able to RDS into the platform, which MS seems to want to hide all the permission for all these things.

And what is that azuread bit? The whatever.onmicrosoft.com that defines that? Manually typed? What is this 1994?
 
Sky-Knight said:
I do this for Quickbooks, and other LOB apps that must work that way. Basically turns someone's workstation into a server for the LOB app. The app itself stores its data in a Sharepoint vault via Onedrive. Backups scripted via RMM to move data into another vault.
Click to expand...
How does that not screw up for you? I've always had issues with corruption placing the data files in a synced directory. I keep QB out of the synced directories and have the backups saved there with a backup performed daily.
 
Sky-Knight said:
And people need to be able to RDS into the platform, which MS seems to want to hide all the permission for all these things.

And what is that azuread bit? The whatever.onmicrosoft.com that defines that? Manually typed? What is this 1994?
Click to expand...

I haven't had the need for RDS into workstation once I move a client to 365 (as....365....Teams/SP/OD)...makes the computer portable. I'm doing these things like migrating away from "on prem" to "365"..to get rid of "old clunky ways" like VPN and RDP.

BUT...you can add AzureAD users to the local remote desktop users group....still works, like file permissions above.

Not sure what you mean by "azuread" bit...it's just like separating old school domain user account (domainname\username)...from local user accounts. Yes, you still need to separate domain from local
 
YeOldeStonecat said:
I haven't had the need for RDS into workstation once I move a client to 365 (as....365....Teams/SP/OD)...makes the computer portable. I'm doing these things like migrating away from "on prem" to "365"..to get rid of "old clunky ways" like VPN and RDP.

BUT...you can add AzureAD users to the local remote desktop users group....still works, like file permissions above.

Not sure what you mean by "azuread" bit...it's just like separating old school domain user account (domainname\username)...from local user accounts. Yes, you still need to separate domain from local
Click to expand...

Oh most certainly VPN is a crutch, RDP is too in many ways. But there are still plenty of people out there that use on premise LOB apps, and RDP into the desktop is the best way to handle that. Well... short of doing VDI, which is the real answer but not for 4 people.

*Edit*

I'm an idiot... you're being literal!

Code: 
net localgroup "Remote Desktop Users" /add "AzureAD\username@domain.onmicrosoft.com"

So I'm adding AzureAD\UPNofUser. I have some testing to do.
 
I haven't tried storing QB's data file in a folder that OneDrive sync manages.....to be that would be wobblier than running Quickbooks over wifi. I have read that some people have done that.."single user" of course, and it may run fine for a while if the company file is small. But, IMO, as it grows...just...database files that constantly change...do not do well with sync clients. I'd not put that risk on the most important data file a business has.

For users I move to 365 (the cloud)...Quickbooks goes there too....RightNetworks!
 
QB isn't the only app I run this way, but it's certainly one of the most common.

I've got some offices setup where QB stores data in a folder that isn't synced, with backups configured to go into one that does. I've got others that have both synced. I haven't had a single issue OTHER THAN, when I am syning the live QB data, Onedrive doesn't get the DB file offsite but a few times a month. This is largely due to users leaving QB open somewhere.
 
You must log in or register to reply here.

Similar threads

thecomputerguy
Which Unifi VPN should I be using here?
Replies
5
Views
402
Sky-Knight
Sky-Knight
thecomputerguy
AutoCAD LT .... Egnyte, Vault, or in-house?
Replies
8
Views
402
Sky-Knight
Sky-Knight
HCHTech
MacOS Ventura - how to make the equivalent of mapped drives?
Replies
4
Views
369
Markverhyden
Markverhyden
JoelM
Synology & Resilio
Replies
3
Views
558
britechguy
britechguy
Appletax
[REQUEST] Recommend a NAS Solution
2
Replies
25
Views
2K
labtech
labtech
Back
Top