• @SquiffSquiff
    link
    411 year ago

    Avoiding snark and concentrating on first party features:

    • Domain integration, e.g. ActiveDirectory
    • Group policy configuration

    You can do these things to an extent bit not as comprehensively and robustly

    • @Mango
      link
      71 year ago

      What can you do with active directory that you can’t do with user groups in Linux? When I worked l1, active directory’s job seemed to be breaking and letting us lock out people who just got fired by one of our clients.

      • @SquiffSquiff
        link
        211 year ago

        with ActiveDirectory ad group policies you can centrally configure the entire windows installation to the point that it isn’t possible for a local user, even with admin to leave the domain. User groups in Linux don’t really cover the use cases for installing and uninstalling applications and configuring options within all of those applications. Yes you can do some similar stuff with, e.g. FreeIPA or even binding to AD but fundamentally you have a local system with remote admin added on.

        • @Mango
          link
          71 year ago

          Ok that’s fair enough I guess. I’d like to have something I can point at as an alternative but I don’t know enough.

        • @thews
          link
          21 year ago

          You can absolutely go as nuts or more nuts with this on linux. You can do all kinds of hardening steps, and centrally deploy the policies with push or pull. Microsoft has even moved towards dsc (desired state configuration).

          • @SquiffSquiff
            link
            41 year ago

            Sure. And then boot the client single user, and go even more nuts.

            P.s. I’m not a windows fan

            • @thews
              link
              31 year ago

              I get it.

              There are quite a few areas on the linux desktop that show obvious signs of too many choices and loose integration making it an unpolished experience.

              Outside of niches like online forums, people seem to think GUIs and marketing are what make something professional.

              In reality outside of individual use you really want to avoid GUIs in configuration so that you can be consistent. You shouldnt have to dig down into menus and click through lots of screens to do comparisons or set something up. Thats really where Microsoft’s ecosystem is weakest right now. WinRM and powershell remoting lack polish in the same way wifi or bluetooth management in the linux desktop does

              You cant fully setup winrm with gpo, for example listener addresses get bound the first time its enabled with gpo and then its just stuck at that. If the system has it’s ip changed you have to disable the gpo to make any changes and when you get it fixed it reverts when the policy is applied again

              Microsoft only seems to care about how things will be managed in their cloud now and all products for managing things locally are showing some rot. Sccm -> mecm -> mem is terrible, theyve even ending all training for tools for on premises management. All they do is azure training and certs now.

      • @psmgx
        link
        131 year ago

        FreeIPA and OpenLDAP are PITA compared to AD.

        I hate windows but AD works pretty well and integrates with a lot of SSO functionality easily.

        Modern IAM tools should fix any of the locked out / just fired users issues you speak of… by using AD.

    • lazynooblet
      link
      fedilink
      English
      1
      edit-2
      1 year ago

      Extending on this as it’s the first serious answer.

      Intune; cloud managed, deeply integrated configuration and automation

      Autopilot; having new laptops delivered directly to end users that automatically set themselves up is magic and saves a lot of time

      Backwards compatibility; Linux can do this, however kernel and library dependencies make this not as good as Win11 running WinXP stuff