Rick Claus 🦋 @RegularITguy.com

"Metrics rule, but Authenticity trumps. Do the right thing." - @RicksterCDN (5/1/14)

Warm Sourdough with a garlic parm inclusion folded in. DAMN! I’ll be over here in the corner munching away…

Andrew has been making all this tech content FOR FREE and it’s helped a LOT of folks get ahead and learn about these technologies and platforms. Have you checked these out and subscribed yet?

I was in Las Vegas and SoCal this past week for a spring break D1 Softball trip to watch some of my daughter’s final season. Great games and awesome weather. 🥎 Now back to Washington. 😔

Learn how to Modernize workloads and how (and when) to migrate them. Registration is OPEN. Going live on March 12th (Asia and Europe timezones) as well as April 23rd (Americas). Lots of great resources - sign up for the free event at aka.ms/MigrateandMode…

Psssst. Dona and I were in studio getting in trouble with our shenanigans while we were helping to put together a "Migrate and Modernize" virtual event. It's got a keynote from Amanda Silver (and friends) as well as two technical sessions (one Infra, one Dev). 1/2

@techspence Very acurate and includes formatting, fixing things up and more.

@RegularITguy Nice. Have you found it’s quite accurate?

For all the people out there using voice dictation on windows for interacting with AI coding platforms/IDs what are you using?

Had a lot of fun and shenanigans with @donasarkar this week. Good discourse on how ops and dev teams are handling the advent of AI. There are striking differences as well as unexpected similarities on approaches. What are your thoughts on her QUESTION below? #itpro #infra #ops

A quick little montage I made from a bunch of clips for my time down here in São Paulo for the #MicrosoftAItour. Such a fun time.

Full Video: youtu.be/pa0EPn8NzuI

Walk N' Talk: I chat with Yash Shekar about the huge native NVMe performance boost here NOW for to Windows Server 2025. What it is, how to enable it, and a sneak peek at what's to come. #ITPro #SysAdmin #WinSrv #WindowsServer #HelpDesk #Architect

Excited to be heading down to São Paulo next week to talk about using AI Tools to manage traditional hardware / workloads. It will be my first time in Brazil and connecting with the IT Infra Community. Will you be there? #itpro #AgenticOps #PneumaticNailer

On campus yesterday creating some content between meetings. One was a scrappy chat with a Windows Server feature PM, the other was a funded project with an engineering lead. Both of these will be awesome, why? genuine "human to human" storytelling. Capture those stories & share.

Excited to speak at the European AI & Cloud Summit! I’ll be delivering “Introduction to Azure Kubernetes Service for IT/Ops Admins” — a practical, scenario‑driven walkthrough to help teams operate AKS with confidence. cloudsummit.eu/en/session?gui… #AzOps #ITPro #Azure #AKS

Cmon @SeattleKraken

@timheuer @SeattleKraken Yes Please!!! Loved seeing this one last night.

ACTIVE DIRECTORY HISTORY AND VISION FOR TODAY/TOMORROW Out of the box a Greenfield Windows Server Active Directory has the following Group Policy Objects (GPOs): Default Domain Policy Default Domain Controllers Policy It's like looking at a yuge pile of LEGO bricks, or Technic, with the vision in mind of what they look like in a finished state. In the year 2000, planners and implementers built based on what they had with their Windows Server NT configuration. One big flat ADDS Forest/Domain. After all, who would have thought one's AD could be completely hosed by a perp eh Maersk? ;-) It took time to understand how to architect a properly functioning AD/OU/GPO structure especially since getting to the Group Policy Management Console in Windows Server 2000 was a PITA. By Windows Server 2003 almost all of the flat AD/OU/GPO basic structures were in place. Folks like .@MMinasi and .@JeremyMoskowitz were working hard to train peeps up on the what/where/when/how of Active Directory. Dr. Minasi and Jeremy were the primary sources for me to learn Active Directory, Group Policy, and OU structuring. ARCHITECTING FOR TODAY & TOMORROW Today's threatscape has changed how one should look at the pile of LEGO bricks but also one's current legacy flat AD Forest/Domain setup. How we would architect, or re-architect an existing, Active Directory Forest/Domain structure with each representing a unique Forest/Domain: 1: UserVille: Is a hostile tenant treat it as such ** Exchange Server and SQL Server locked down via GPO/Windows Firewall ** Software Restriction Policies are key here ** AppLocker 2: IT: Privileged Access Workstations ** Jump Servers in each Forest/Domain ** Strict routing and access for each ** DUO or other 2FA mandatory 3: DEV: Another hostile tenant environment 4: DMZ: Windows Server IIS works well with AD ** One can leave the *NIX & *BSD off the DMZ AD 5: Infrastructure: Our physical servers ** Cluster Node and Standalone Hyper-V ** Backup Servers ** Routing absolutely clocked down via GPO/Windows Firewall and pRouter(s) For a Greenfield we have the PowerShell to set up a 10, 100, 1000, 10000, or larger Enterprise quite quickly which is important to understand given the last 15 years worth of Cloud First/Cloud Native peer-to-peer networks out there. I can't imagine having to manage a large 1,000+ peer-to-peer network without Active Directory and Group Policy. I remember those days and they were horror shows! It may seem daunting to pull it all back on-premises, but with the right tools it's actually not that painful. * PowerShell for setup ** User AD Objects ** OU Structure ** Group Policy Objects ** User Exchange Server Mailboxes ** Security Groups and Membership ** Base shares set up with the proper permissions The AD benefits are yuge for Greenfield but also for those needing to re-architect for today's threats as that would essentially be Greenfield too: * Architected Secure by default * Layers with out the complicated "AD Tiers" * Users run in Standard Mode * Users are managed via AD and GPOs * Software Restriction Policies lock UserVille down * No risk of token theft breaking the org open that then leads the perps to all others * DUO or other 2FA/MFA * The data gets backed up and test restored regularly * No snoops * No legalese Terms & Conditions hiding the snoops * Real people behind the IT to help when things don't work Once one has a fairly good understanding of what Active Directory and Group Policy are capable of the public cloud "imitations" barely compare. AZURE AD/ENTRA ID FAILURE After all of these years, since BPOS in 2008, Azure Active Directory/Entra ID have failed dismally to come anywhere near the features and abilities of Active Directory created by Microsoft in the late 1990s and deployed in the year 2,000. In an Enterprise setting with the right Microsoft tools one can deploy and manage 1 to 10,000 users and/or computers with little to no fanfare. And, that ability gets an instant response. No mystery waiting. CONCLUSION IMNSHO, a company's full IT should never have been moved into the Public Cloud. A portion maybe for those companies that are seasonal but not the main IT. By doing so, companies have lost control over all aspects of their IT that count. And, with the Shared Responsibility Model for public cloud resident services the onus is still on the companies to back their data up. A company's main IT belongs on-premises. All of it. ACRONYMS 2FA = Two-Factor Authentiction AD = Active Directory ADDS = Active Directory Domain Services GP = Group Policy GPO = Group Policy Object MFA = Multi-Factor Authentication OU = Organizational Unit pRouter = Physical Router

@JenMsft @DJ_EddieL I bought a double headed usb C and A… game changer But I need to find it. 🤔

@DJ_EddieL 💯

Number of USBs I own: Countless Number of USBs I can find when I need one: 0

Bring it!!!! Can’t wait to read future posts!

Link to check this out: aiskillsnavigator.microsoft.com

New year - new training targets. MSFT launched AI Skills Navigator. Think of it as your "coach" for creating a plan to achieve new certifications and skills in the Microsoft ecosystem. My team has been asked to help for the IT Pro / Infra content. Any requests?