r/sysadmin Blast the server with hot air Sep 14 '24

My business shares a single physical desktop with RDP open between 50 staff to use Adobe Acrobat Pro 2008. Question

I have now put a stop to this, but my boss "IT Director" tells me how great it was and what a shame it is that its gone. I am now trying to find another solution, for free or very cheap, as I'm getting complaints about PDF Gear not handling editing their massive PDF files. They simply wont buy real licenses for everyone.

What's the solution here, and can someone put into words just how stupid the previous one was?

Edit - I forgot to say the machine was running Windows 8! The machine also ran all our network licenses and a heap of other unmaintained software, which I have slowly transferred to a Windows 10, soon 11 VM.

1.0k Upvotes

408

u/jnkangel Sep 14 '24

109

u/smoothvibe Sep 14 '24

This! We run Stirling in a simple Docker container and people love it.

22

u/skipITjob IT Manager Sep 14 '24

What's the difference between the Windows version and a docker container?

26

u/jnkangel Sep 14 '24

Needs external Java and is functionality wise kinda like the ultra lite docker 

But runs locally which can be a benefit to some 

25

u/bbqwatermelon Sep 14 '24

Hoo boy I prefer anything depending on Java in a container

27

u/elonzucks Sep 14 '24

If you are not living at the edge due to java security holes, are you even living?

12

u/obetu5432 Sep 14 '24

docker is not really meant to be a secure sandbox

36

u/MrCertainly Sep 15 '24

It's still better than raw-dogging Java on bare metal.

→ More replies

6

u/doubled112 Sr. Sysadmin Sep 14 '24

I used to hate when vendors provided their own runtime, or only support one and it's not the one you want.

Please, for the love of all that is holy, let me use the OS provided packages so I don't have to worry about maintaining this thing.

5

u/obetu5432 Sep 14 '24

literally the easiest dependency to provide

3

u/jnkangel Sep 14 '24

Plus the benefit of the containers is that you can basically make it like that RDP the users were used to, just better, since browser UI 

79

u/mitharas Sep 14 '24

First feature

Dark mode support.

Nice

14

u/epaphras Sep 14 '24

How have I never heard of this. Saved for later

2

u/bailey25u Sep 15 '24

It’s fucking dope!

If it’s taking a user a long time to get an adobe license. I just have them use my instance

15

u/BustaLoders Sep 14 '24

I use Sterling quite a bit and recommend it. Works very well and is quick.

3

u/Hungry-Editor6066 Sep 14 '24

Totally agree - superb solution!

3

u/Casperutz87 Sep 14 '24

Thank you!

2

u/SaunteringOctopus Sep 14 '24

Oh sweet Jesus, this might solve a bunch of my problems...

2

u/Subyyal Sep 15 '24

Does it support editing a pdf file like the entire content?

→ More replies

4

u/TequilaFlavouredBeer Sep 14 '24

Thanks a lot, gonna deploy this at work!

→ More replies

261

u/Burgergold Sep 14 '24

2008 was a good year

117

u/deltashmelta Sep 14 '24

It was a very good year for small town PDF editors...

And soft summer CVEs....

55

u/Gene_McSween Sr. Sysadmin Sep 14 '24

We'd hide from the subscription based licencing

On our XP machines...

32

u/slippery Sep 14 '24

With housing crash fear,

It was a very good year

18

u/RBeck Sep 14 '24

SSDs we're making old computers fast again.

10

u/fortune82 Pseudo-Sysadmin Sep 14 '24

....do I know you? One of our clients uses an XP VM with networking turned off to use an ancient Autocad license

→ More replies
→ More replies

5

u/koreytm Sep 14 '24

Good vint, definitely

124

u/Brufar_308 Sep 14 '24

Take a look at pdf-xchange. Licenses are less expensive and perpetual.

43

u/_nachtkalmar_ Sep 14 '24

We have it for years now. Works perfectly fine, no issues. Recommendation, despite the "artisanal" looking website. It's really working well.

47

u/Brufar_308 Sep 14 '24

One of the ways they keep the price low is sticking with their original geocities website.

2

u/radenthefridge Sep 15 '24

God this is funny thanks for this comment 😹

8

u/Brufar_308 Sep 15 '24

I’m glad there’s other people around here old enough to get the reference.

Nothin falls flat quite like cracking a joke, that no one else gets.

5

u/Broken-Technology68 Sep 15 '24

+1.. i learned basic html on geocities! 😅

→ More replies

2

u/justjanne Sep 15 '24

that's what we consider artisanal now? That website looks like any other product website? What am I missing?

18

u/mahsab Sep 14 '24

And it's FAST

14

u/jeffreybrown93 Sep 14 '24

We changed everyone over to this last year and it’s been fantastic, and no monthly fees.. everything is a monthly fee now

→ More replies

9

u/michaelkrieger Sep 14 '24

PDF-change is one of the greatest packages I’ve found. I subscribe and do so for family as well. It’s so much more powerful than Adobe and works better once you get used to it. Plus yes- much cheaper and perpetual licenses should you wish.

Terrible company name though 😂

7

u/calculatetech Sep 14 '24

I've been selling this for years. Just this week I had my first client reject it for Adobe because editing/adding text was somehow too hard. Glad it's their money and not mine.

3

u/XxSpruce_MoosexX Sep 14 '24

We have this and I use it but expect a lot of pushback from people who have been using Adobe for years. We still have a handful of licenses because some users complained so much

6

u/Brufar_308 Sep 14 '24

You should hear some of our users that just got upgraded to Ms office 2022, can’t figure out how to find their files ( they changed to Open dialog to only show .rtf files then claimed all their files were gone ), and are still complaining that they no longer have Word Perfect.

→ More replies

134

u/illicITparameters Director Sep 14 '24

At the beginning of 2017 I accepted an IT Manager role with a small company. 4 days before my start date they were hit with ransomware because of this same setup. They lost hundreds of gigs of data. They were lucky their Exchange server was on a seperate internal AD forest, and somehow it didn’t hit their SQL Server or ERP Server. I got a text earlier this year from someone there (I left in 2020) asking if I remembered if something was lost or recovered from the attack (I luckily remembered the answer, and it was lost).

Needless to say the first thing I did was kill that, and start the process of trueing up their licenses (they were out of compliance for literally every piece of software running).

It’s all fun and games till your business grinds to a halt for a week while you recover from something easily avoidable.

38

u/MasterCureTexx Sep 14 '24

This. I cant get into specifics of cause reasons and NDAs. But! My job had a few XP machines they used for specific software that there isnt a new version of so XP is all there is.

Those XP images had been there since 2012, i told them to make backups as its out of company IT scope to support XP. They grumbled about money for upgrades(bro i said just get a ghost software and make images, $$ vs $$$$$$$) I shit you not, 3 months ago, 2 of those machines shit the bed entirely. Over 17k/day loss due to it, and they kept trying to get me to bandaid fix it till i shot a email up for our main site who brought down a hammer. Now they have backups and a reminder that sends via email every 6 months to refresh the backup.

In this field you HAVE to CYA so when you finally are fixing it, its a one and done.

13

u/illicITparameters Director Sep 14 '24

Agreed. And I always make sure to backup the most impoortant CYA emails.

20

u/Careless-Age-4290 Sep 14 '24

I had a boss tell me "I know you told me but you should've made sure I understood the severity"

So be prepared to be blamed either way unless you can make it so there's no "sides" to the issue. Which can be as simple as saying "this was reported by IT and accepted as a known risk of an incident. We're now following the incident management process for rectifying it and will review other similarly accepted risks with the business to make sure our risk tolerance is where we want it to be"

Which is basically just saying "this failed according to plan" but without sounding like "I told you so"

7

u/GloveLove21 Sep 15 '24

Thanks for this. I loathe this political speak, but it seems necessary for leadership roles.

7

u/Careless-Age-4290 Sep 15 '24

Honestly a lot of it is just learning to defend yourself in ways they'll listen to. When you notice a problem, you make people aware and make recommendations with their associated costs (to do it right!) and you log your actions. You write down in that same place every time you're forced to go cheap, do something unsupported or weird, or skip some important step.

That way it's not just on your shoulders to do some insane untenable thing that's then impossible to keep working perfectly as you can show why things are the way they are. And you call it a risk register which is an official term and then it doesn't just look like a list of grievances when you format it right.

13

u/mahsab Sep 14 '24

Sure, but what has licensing to do with that?

48

u/illicITparameters Director Sep 14 '24

They did it to avoid buying additional licenses for certain pieces of software, so they ran RDP on older windows software with single licenses for office, acrobat, and some other shit. That’s what this thread it. Not wanting to buy licenses.

22

u/TheJesusGuy Blast the server with hot air Sep 14 '24

I've also been asked about implementing these same kinds of solutions for Autodesk software (we're a CAD firm). Autodesk fine HEAVILY for these violations.

11

u/skittle-brau Sep 14 '24

I've said similar things before and was told "Oh are the Autodesk Police going to come and arrest me? Maybe the Font Police will come too."

12

u/TheJesusGuy Blast the server with hot air Sep 14 '24

Yea the autodesk police absolutely will come knocking

5

u/Not_your_guy_buddy42 Sep 14 '24

the autodesk fucking swat team will come in

6

u/ZPrimed What haven't I done? Sep 14 '24

At that point, that's when you give the Business Software Alliance a tip, and reap the reward money.

3

u/tesseract4 Sep 14 '24

lol, call the BSA on them.

7

u/illicITparameters Director Sep 14 '24

I just refuse to do it, and put it in email why. I’d rather be fired then use pirated software (which is what that basically is).

10

u/illicITparameters Director Sep 14 '24

This was a construction company, so same idiocy up top 🤣

3

u/grnrngr Sep 14 '24

DraftSight for CAD; Fusion for (most) modelling.

Ironically, each of the big boy's attempts to steal the other's lunch has resulted in great quality, REALLY AFFORDABLE software that can perform 99% of the market leader's abilities.

→ More replies

10

u/architectofinsanity Sep 14 '24

Reduce blast radius by not having fifty people sharing a desktop.

→ More replies

390

u/BadSausageFactory beyond help desk Sep 14 '24 edited Sep 14 '24

'my business'? nah just your job, take a breath.

make your recommendations in writing, and then implement what your boss wants.

PDFCandy but it isn't free.

96

u/Vektor0 IT Manager Sep 14 '24

He probably just meant it as "the place where I work."

62

u/Ltb1993 Sep 14 '24

Absolutely but it's still working as a comment to distance yourself from the problem

You can only do so much, don't worry about what you can't affect. it'll impact your personal life when it didn't need to

13

u/ComicOzzy Sep 14 '24

I'm an old here to amplify these sentiments. It's just a job. You can take pride in your work but you will never own the product of it. Your mental and physical health erodes slowly like a rock in the river. You won't notice it's a problem until it's too late. Start adjusting your mindset now and you'll last a lot longer.

4

u/Ltb1993 Sep 14 '24

I'm fairly fresh faced all things considered

Got plucked from a warehouse job to pick up support for a new warehouse/office site. Didn't know how to quantify work or know if I was doing a good job for starters and wanted to keep myself in the role

And found things like boundaries and policies getting very blurry and what was worst and I'm still working on is I was letting it.

Still working on somethings but no longer getting laptops shoved next to my dinner in the canteen. Getting more confident telling people no and to follow procedures. It helps and when it's home time I do my best to switch off from work. Not reading emails or getting calls from people who shouldn't even have my personal number

I was getting burnt out but things are improving. Still have to deal with the odd obtuse person but I play my role and leave them to make their own mistakes

6

u/Otherwise-Heron4769 Sep 14 '24

Sr. IT Manager here, also having trouble with this… even though it’s “not my business” it is 100% my career, my reputation, and my value for security and the industry I work in. I’m here in this industry for the long term, and don’t see this as the right outlook.

But I do understand the balance between supporting the business needs (money, resources) and the IT enterprise, however when it comes to compliance?? Cmon…

→ More replies

32

u/[deleted] Sep 14 '24

This x10, it's not your business

And if the previous solution worked then it wasn't stupid :)

23

u/WoTpro Jack of All Trades Sep 14 '24

You mean pirating software? Its clearly a breach of the TOS.

35

u/thatgeekfromthere Linux Admin Sep 14 '24

Do you have expanded knowledge, cause I see no mention of pirated. That was still in the day of boxed copy, that they probably own and share for the needed tasks. Newer versions are expensive, but back in the day it was like $150 per copy. If it was a valid license, they can share a device to use it's legal software. A license to valid software you purchased doesn't expire.

8

u/Polymarchos Sep 14 '24

I'm doubting they have the RDS CALs either, so it would also be a breach of the TOS with Microsoft.

3

u/unhappy_puppy Sep 14 '24

You don't need RDS CALS in a situation like this. This isn't a rdsh server it's a client OS you don't need a license to connect.

3

u/thisguy_right_here Sep 14 '24

Rdp into a Windows 8 machine. Not RDS.

→ More replies

9

u/WoTpro Jack of All Trades Sep 14 '24

Yes you would need a volume license agreement with Adobe, also back in the day...

Licensing support on VMs

Organizations must have a valid Acrobat software license for every user that has access to Acrobat on a server. For more information, refer to the Software license terms.

22

u/thatgeekfromthere Linux Admin Sep 14 '24

Is that thee Eula for the 2008 copy that they bought and would have come on physical media with a license key? 2008 software was licensed completely different than modern day. It was 1 copy to 1 machine, and people were expected to hot desk.

8

u/comperr Sep 14 '24

Look at these fuckin nerds below reading a 15 year old EULA on a Saturday afternoon, haha

10

u/Phuqued Sep 14 '24

Is that thee Eula for the 2008 copy that they bought and would have come on physical media with a license key? 2008 software was licensed completely different than modern day. It was 1 copy to 1 machine, and people were expected to hot desk.

The fact we would have to ask this, kind of proves the value and quality of WoTpro's commentary. For a long time one copy, one machine, used by multiple people was perfectly fine, so long as simultaneous use did not exceed your licenses.

It's just sad to see so many in our industry that just don't seem to have the experience or understanding of how things have changed. So they think this stuff is perfectly normal, when it's not. Just like how BMW tried to normalize the idea of subscription services for heated seats in the car you supposedly own. It's rent seeking to make line go up at our expense... and for what?

2

u/Delta-9- Sep 14 '24

Just like how BMW tried to normalize the idea of subscription services for heated seats in the car you supposedly own.

Man, I'd forgot about that.

Can't wait until Google's search suggestion for "how to root" includes

  • Samsung S24

  • iOS

  • my bmw

It's one thing on a phone (still a shitty thing) that you'll replace in two years no matter what, but for something like a car with a functional lifespan of decades, or even those stupid "smart bikes" from peloton, you absolutely don't want significant functionality to depend on some web service that will likely be decommissioned or abandoned in a couple years' time.

→ More replies

27

u/SweetVarys Sep 14 '24

2020 terms dont apply to products you bought and owned in 2008.

→ More replies

9

u/ApolloWasMurdered Sep 14 '24

OPs title says it was a physical desktop, not a VM.

→ More replies

16

u/DeathByFarts Sep 14 '24

By mentioning VM's , I can only assume you didn't actually read the words in the post.

3

u/OfficialJKV Sep 14 '24

I mean, it’s not a VM, it’s a physical PC

→ More replies
→ More replies

3

u/NoPossibility4178 Sep 14 '24

Sounds like an issue between Adobe and management and fuck both of them.

4

u/MeanPrincessCandyDom Sep 14 '24

'my business'? nah just your job, take a breath.

I wonder if these are non-native English speakers? I see the phrases "my company" and "my business" a lot.

I also see inexperienced it-staff wanting to tackle problems way above their pay grade or understanding.

(I am in no way defending management. A majority of the time they are incompetent and/or power-hungry.)

→ More replies

67

u/idiopathicpain Sep 14 '24

I fully support going through whatever hell you must to not give Adobe one red penny.

→ More replies

125

u/mdervin Sep 14 '24

So you turned off a solution that everybody was happy with before finding a replacement because…

37

u/edwardcactus Sep 14 '24

I would imagine the setup OP posted breaks the license agreement and could be a hefty fine for the company.

42

u/JamesTiberiusCrunk Sep 14 '24

That's something you warn management about and let them make their own decision. In writing.

16

u/Careless-Age-4290 Sep 14 '24

Risk registers! With time limits on accepting risk before it's accepted by default because otherwise they'll just ignore things they know are a risk but don't want their names on

Just document who was presented the risk (the risk owner), the options presented (make sure one of those is "do nothing" so they can't just ignore it and make it your problem), and the option chosen by that risk owner.

It tasted so sweet the first day I got yelled at for some system being down and I could say "ah yeah, we presented this on x day, we gave y options, and after a few meetings we were told we weren't spending money on this and just said the risk was acceptable" or "this was identified as a risk, it was deemed unacceptable, but then no decision was made so it defaulted to do nothing like what happened"

15

u/Angelworks42 Sep 14 '24

I actually worked for Adobe - before 2008 - I was a technical account manager. That said I only ever came across once customer who had ever really horribly broken the eula (had one license but installed it on like 1200 machines) so I really never came across license violaters that much.

There was never an Acrobat 2008 - that would have been version 10 or 11 (I was let go after Acrobat 9 shipped which was 2004/2005?).

If they were making PDF files there were license terms that prohibited setting up Acrobat Distiller as a server application or setting to Acrobat itself as a server application (either via automation, or running it on a terminal server without an appropriate license).

I wish I had a copy of the 10/11 license because I feel like this does kinda fall under server use. It's not that far removed from using a single license on a RD session host and letting thousands of users have at it and I suspect they aren't even closing the app and logging off when they are done.

For most enterprises the basic rule of thumb was one license per device though. (Not anymore of course - the current license really prevents this).

Anyhow it's people like op's company that they started getting into subscribition licensing.

(On a side note - now that I'm a sys admin at a university Adobe licensing is a major pita in every regard).

3

u/reilogix Sep 14 '24

I probably still have a physical copy of 9 in the garage but that doesn’t help you in your quest to find a 10 or 11…

3

u/Angelworks42 Sep 14 '24

That would be fun to have - my name was in the credits under wwcsts (I think that meant world wide customer service technical support?) was a pretty fun job at time time :) - worked with and met a lot of really interesting people.

2

u/Kreiger81 Sep 14 '24

My job has a shitload of 9/10/11 Adobe Acrobat for its users. We have license keys purchased and documented, but running into an issue where if deactivating a license fails for some reason we're hosed.

I'm looking to replace it with another software, im looking at PDF XChange atm and I have a couple people testing the functionality and then i'll move them over, but unlike OP, im taking this slow and making sure I know how to do everything that the users might want.

→ More replies
→ More replies

17

u/aretokas DevOps Sep 14 '24

Multiple license agreements more likely. If it's desktop Windows, IIRC RDP is only for the primary user, so sharing it, even one person at a time, is a no+no.

Then, it probably has Office on it too, which has its own shared license model.

But hey, given they're already doing this it's also probably got some sort of RDP concurrent user back on it too.

9

u/mdervin Sep 14 '24 edited Sep 14 '24

So. It’s not OP’s money.

OP: but, but, but we could get fined!!!

Anybody over the age of 40: LOL! we know.

Edit: formatting.

3

u/flecom Computer Custodial Services Sep 14 '24

OP: but, but, but we could get fined!!!

Oh no! Anyway

4

u/edwardcactus Sep 14 '24

You sound like a model IT admin

3

u/mdervin Sep 14 '24

Why thank you.

11

u/[deleted] Sep 14 '24 edited 15d ago

[removed] — view removed comment

7

u/mdervin Sep 14 '24

How is this set up any more vulnerable than giving your users email?

I mean, if a hacker is getting through my modern firewall that I spend a lot of money on, avoiding my modern EDR which I spent a lot of money on, jumping through my patched and best practices AD and RDP, winds up exploiting a 2008 software that we haven’t spent a dime on which nukes the entire corporate system including backups…

You think the problem is the old adobe application?

7

u/[deleted] Sep 14 '24 edited 15d ago

[removed] — view removed comment

→ More replies
→ More replies

2

u/mahsab Sep 14 '24 edited Sep 14 '24

How is sharing a license related with getting ransomwared? Even if they had 50 licenses on paper, how would that make a difference?

7

u/ITguydoingITthings Sep 14 '24

Because people have fallen for the scare tactics for so long without investigating the reality behind ransomware attacks, in this example.

7

u/zandadoum Sep 14 '24

Because it was run on an outdated OS blindly shared with 50 people

3

u/[deleted] Sep 14 '24 edited 15d ago

[deleted]

6

u/ITguydoingITthings Sep 14 '24

OP never stated it was public facing. Was an internal system shared via RDP.

→ More replies
→ More replies

76

u/Afraid-Ad8986 Sep 14 '24

So they need adobe to make the business money ? Yet cant pay for it? The entitlement is out of control at every age.

62

u/vrtigo1 Sysadmin Sep 14 '24

Yep. At a previous job I found out our Creative Director had about 20 full time designers and videographers sharing 1 license for Final Cut, AND it was an education license (we in no way qualify for education licensing).

When we brought this up and said it needed to be fixed he argued with us insisting that this was a perfectly legitimate use case. He was eventually let go, but the sad thing is it only cost ~$5k to properly license the software, and this was a company that had revenue > $200M.

14

u/cgimusic DevOps Sep 14 '24

I never understand why people so blatantly break the terms of the license. You'd be better off just pirating it at that point, it's cheaper, it's equally illegal, and you're less likely to get caught.

9

u/vrtigo1 Sysadmin Sep 14 '24

I perfectly understand why they do it. Because they're lazy and they don't want to take the time to write up a request and business justification and go through the approval process. Unfortunately, when you're hired as a manager/director, that's part of what the company pays you to do.

→ More replies
→ More replies

32

u/blueish55 Sep 14 '24

i'm not here to defend management, but adobe has gotten like fucking unpleasant to use. have you used their stuff recently? it is genuinely a nightmare. i'm not joking.

i'm not siding with management or pirated software in a company but adobe can proper fuck themselves. don't care to talk about the monetary aspect - the user experience makes everything out there blush in how pristine they are. so not surprised a lot of people prefer the older versions.

10

u/Afraid-Ad8986 Sep 14 '24

From an IT perspective it is pretty easy to deploy now. We have about 50 employees with full licenses. I can’t talk on how it works for the employees though.

5

u/blueish55 Sep 14 '24

oh in terms of IT, yeah, having a single post for 50 people with older versions is nightmare nightmare nightmare

it's not so much the setting up, it's that i'd rather quit than work a job that required the use of adobe. which unfortunately is most jobs that do any sort of publishing because pdfs and so on are like, the baseline for most things

truly hellish

but yeah in terms of IT op's post is a nightmare and should be corrected

→ More replies

4

u/jailh Sep 14 '24

Also bugs. Crashes in Photoshop. 2024. First time I got crashes since I started using Photoshop 5 25 years ago.

6

u/shmehh123 Sep 14 '24

We have 100 Acrobat licenses and every day we get tickets about it crashing their entire desktop, no warning. Just closes out of everything open. Piece of shit software.

→ More replies

2

u/Tymanthius Chief Breaker of Fixed Things Sep 14 '24

I went from PDF Xchange at one place to Acrobat at another as default installs.

Acobat opens and 1/3 of the screen space is used up by shit I will never use. I just need a PDF reader for when I grab some spec sheet or manual or whatever.

→ More replies

15

u/crow1170 Sep 14 '24

They did pay for it, for exactly as much of it as they needed. Why should Adobe get a better deal than whoever installed the office bathroom or water cooler?

If it's 50ppl who all need to use it all at once that's a different story, but infrequently used shared assets are a good thing. It's why businesses with more than one employee exist.

6

u/grnrngr Sep 14 '24

This is a great way to put it. Well said.

If it's a resource that's used by a single user at a time, what's the difference in RDP versus handing around a laptop, aside from physical convenience?

3

u/PineappleOnPizzaWins Sep 15 '24

If it's a resource that's used by a single user at a time, what's the difference in RDP versus handing around a laptop, aside from physical convenience?

The license. Which is exactly why TS licenses are typically separate from single workstation licenses, to stop businesses cheaping out.

And I know "fuck adboe" and all that but if you don't like their product support an alternative.

2

u/PineappleOnPizzaWins Sep 15 '24

Because it's against Adobes license?

3

u/GamerGypps Jr. Sysadmin Sep 14 '24

To be fair Adobe is absolutely stupidly expensively because it doesn’t have proper competitors and they milk that as much as they can.

→ More replies

8

u/bailantilles Cloud person Sep 14 '24

I’m more interested in how they all balanced the limit of only 2 people RDPing into the box at the same time. Did they all schedule time to work on their PDFs?

8

u/ScaRuleZ Sep 14 '24

I reply this just for a niche swag. For who interested, there is a little registry tweak that allow unlimited rdps on a non-server windows 😀 easy googleable

6

u/Kirides Sep 14 '24

And there is rdpwrap for non professional windows' as well. Used that thing to remote manage a home edition cheapo tablet PC hosting a game server

→ More replies
→ More replies

32

u/Virtual_Anxiety_7403 Sep 14 '24

Set up RDP Gateway and let people use their outdated Acrobat.

16

u/TheJesusGuy Blast the server with hot air Sep 14 '24

We have a gateway, but Acrobat 2008 has over 100 known vulnerabilities

37

u/mrcollin101 Sep 14 '24

Risk mitigation is about more than just KILL KILL KILL the vulnerabilities! You can segment the PC that has Acrobat on it and only allow RDP traffic to it on the firewall, and don’t allow it to initiate connections. People transfer their files in through RDP once the connection is established, then work on them, then transfer them out.

This is pretty silly imo for a PDF editor, as there are more up to date and patched options. With that said, their are plenty of examples of LOB software from 20 years ago that the developer went away or simply stopped updating, but is critical to a business function, and has no replacement or is truly cost prohibitive.

Segment, restrict, provide access, move on.

2

u/ccatlett1984 Sr. Breaker of Things Sep 14 '24

In this case, I would say the main reason to kill off that functionality would be to remove the risk of litigation from Adobe for the massive license violation that was taking place.

2

u/zz9plural Sep 15 '24

Or put in writing that management accepts that risk. I'm an admin, not the license police.

5

u/Mindestiny Sep 14 '24

Those other examples of LOB apps aren't as heavily targeted for exploitation as Acrobat and PDF files in general.

This is absolutely a risk that should be mitigated by running up to date, properly licensed software.  This isn't some weird app for a proprietary manufacturing tool on an air gapped machine shop computer, it's a windows 8 endpoint running Adobe Acrobat.

It's absurd that people are advocating to accommodate this.

→ More replies

8

u/Virtual_Anxiety_7403 Sep 14 '24

Then your RDP wasn’t exactly open, now was it? Can’t the company get a current Acrobat subscription?

5

u/TheJesusGuy Blast the server with hot air Sep 14 '24

I dont believe you can do RDP now with current named subscription licenses. One named license for 50 staff

11

u/looney_jetman Sep 14 '24

As someone said above, CYA by sending an email to your boss laying out the risks and then let them have the shared resource again.

→ More replies
→ More replies
→ More replies

37

u/ElevenNotes Data Centre Unicorn 🦄 Sep 14 '24

PDF24, baaaah.

6

u/Popsicleese Sep 14 '24

https://www.pdf24.org/en

https://tools.pdf24.org/en/all-tools

A free set of web/desktop tools for doing things with PDFs. Proprietary freeware built with Java, the company out of Germany, makes money with their PDF fax product line and with ads on their website ( I don't know if ads are in the desktop software). The product mascot is a sheep. According to the first page of search results they seem to be of decent reputation.

Probably worth a bookmark.

3

u/Vyse1991 Sep 14 '24

Easy recommendation.

6

u/wou-wou-wO Sep 14 '24

You can buy a key of adobe acrobat pro 2020 still, about $350 and you can license it on 3 different machines. Anyone who logs into the pc (or rdps to) is able to use it.

6

u/rcp9ty Sep 14 '24

PDF xchange by tracker software it looks identical to the old Adobe and can handle massive Pdfs and is dirt cheap to the point it can go on everyone's machine.

6

u/Tymanthius Chief Breaker of Fixed Things Sep 14 '24

This might work for them, and it's free.

https://www.stirlingpdf.com/

3

u/God_TM Jack of All Trades Sep 14 '24

You can self host it. Run it on docker even.

→ More replies

2

u/grnrngr Sep 14 '24

Many of the same features avail via desktop app in PDF Arranger, minus the need to configure a network resource.

→ More replies

27

u/biff_tyfsok Sr. Sysadmin Sep 14 '24

BSA audits are an incredible pain. For sake of argument, let's say this prior "solution" was used for 3 years by 50 people, a full year Acrobat Pro subscription is $290 retail, and your company is 100% in compliance on everything else. Let's say a disgruntled employee rats your company out (we'll come back to that).

A typical opening number would be $290 * 50 * 3 * 3 (triple damages) = $130,500 plus legal fees -- pay up or be sued. Those settlement agreements usually include agreement to annual ongoing audits & a press release about how the BSA struck a blow for blahblahblah. That's assuming their audit doesn't find other things to bill triple for. Using Java on a server without the right license? Here comes Oracle. Got Office 2000 installed on a stack of old laptops without proof of purchase? Here comes Microsoft.

I mentioned disgruntled employees before -- thing is, the BSA actively invites people to do so with a form out on their website, and offers "rewards" to those who turn companies in. Looking at the chart, that could be up to $5k back to the employee.

Bottom line: one past or current sh!t-stirrer could cost your company a LOT of time and money...at the end of which, you still won't have any licenses so now you've got to pay for those too. THAT is the risk the existing "solution" poses, in additional to the technical risk of tying a business process to RDPing into a desktop and god knows what other shenanigans are going on.

My recommended solution would be a new IT Director, a re-examination of why you're monkeying with "massive" PDF files to that degree, and then the proper software to accomplish that revised goal.

17

u/blaktronium Sep 14 '24

When I was a junior sysadmin at the start of my career, with a fresh mcse, I discovered that the senior admin I worked with was using TechNet licenses on our production stuff to save money. I reported it to his boss and they decided to make my life hell instead of doing anything about it so I quit to avoid losing my certs in case of something going wrong.

The guy they replaced me with found out right away, freaked out and contacted the BSA. That was a large 6 figure settlement from my understanding, and they calculated damages using retail prices.

2

u/lastcallhall Sep 16 '24

It's astounding how many people do not understand this, especially in this subreddit.

I'd fire any employee on the spot if I found them trying to circumvent licensing.

→ More replies

4

u/scytob Sep 14 '24

If only one person used it at a time you may not have been beaching the license agreement. You should read the EULA to see what the terms are and if they are fixed or could be updated by later terms on the adobe web site.

5

u/Punchline18 Sep 14 '24

Host an instance of StirlingPDF to be accessed via the network, free

https://github.com/Stirling-Tools/Stirling-PDF

2

u/abqcheeks Sep 14 '24

That looks insanely cool, thanks for the tip

2

u/calculatetech Sep 14 '24

This is awesome! Thank you.

4

u/SecAbove Sep 14 '24

Microsoft Office Word supports opening, editing and saving PDF files. What is wrong with this option?

Exporting PDFs was introduced in Office 2007 Service Pack 2, although it was previously available as a separate (free) download. Full read, write and edit support was added in Office 2013.

9

u/phr0ze Sep 14 '24

You should have a solution in place before disrupting operations. Even if operations is out of compliance, operations first.

Next do an analysis of how many people need serious pdf editing vs people who need some casual features. Also determine if the editing should be done in a word processor then converted.

7

u/TheOnionKnight Sep 14 '24

You don’t yank the existing solution without having a viable alternative ready. This is the type of thing that makes end users hate I.T.

→ More replies

4

u/vabello IT Manager Sep 14 '24

No problem. Acrobat Pro would only be $12,000 a year for 50 people. Adobe makes their software affordable for the masses!

7

u/[deleted] Sep 14 '24

I get my bill every month.  We have just about fifty users.  I have not yet gotten over the rage.

It ain’t my money and it’s the finance people’s problem to pay for it, and it STILL gets me pissed, every month.  Fucking extortionware.  

4

u/roger_27 Sep 14 '24

Wtf did I just read lol . Get foxit or something lol I know it wasn't your call but man.

4

u/Wardzi Sep 14 '24

100% the answer is PDF XChange. I've tried all other alternatives with multiple clients.

It's the closest one to Adobe Acrobat and it has all the features.

I don't know which part of the world you're in, I'm a reseller and get significant discounts, you should find a reseller in your area and get some discount even though they will add a margin on top.

8

u/disclosure5 Sep 14 '24

You can't explain the old solution was stupid to an IT Director that liked it, it's the sort of thing where clearly fell into the role just because they have no interest in hearing "nerd shit".

3

u/enigmussnake Sep 14 '24

Look up bulk pricing for nitro pro

2

u/deltashmelta Sep 14 '24

Seconded nitro. It's been while, but they were a great alternative some years ago for a number of people at a business.

→ More replies

3

u/Pump_9 Sep 14 '24

When I read the myriad of stories like this posted I can't help but think the previous sysadmin set this up as a parting gift right before finding a better role or retiring.

3

u/HeyMJThrowaway Sep 14 '24

FYI - PDFs are editable in Libre Office if you open them in the PowerPoint module.

5

u/iamnewhere_vie Jack of All Trades Sep 14 '24

Have a look at PDF Xchange Pro - it's not really expensive and works awesome with PDF (even large files).

5

u/rostol Sep 14 '24 edited Sep 14 '24

due to a licensing server problem adobe was forced by courts to release CS2 publicly. a fact they keep hidden, as the download is no longer available from them

get it here https://www.techspot.com/downloads/3689-adobe-photoshop-cs2.html

EDIT: that is the photshop only link, the whole suite is here : https://www.techspot.com/downloads/4948-adobe-creative-suite-free.html

5

u/Prestigious_Money223 Sep 14 '24

Unfortunately Photoshop doesn’t handle PDF’s very well

→ More replies

8

u/brusiddit Sep 14 '24

What a party pooper

14

u/[deleted] Sep 14 '24

[deleted]

3

u/BoltActionRifleman Sep 14 '24

It is pretty funny, but I can understand why they’re doing it. No subscription and the software probably works better and is easier to run than the current one. Kind of like Ofifce 2007 vs. 365.

→ More replies

4

u/scytob Sep 14 '24

Oh not to mention with windows they technically need an RDP license whether its windows client or windows server. Only the primary user of a pc or an admin doing admin functions is allowed to connect to the pc. Source: I wrote the RDP license.

2

u/progenyofeniac Windows Admin, Netadmin Sep 14 '24

It’s really convenient to leave the doors at the business unlocked too. No lost keys, no worry about unlocking it when your hands are full, no forgetting your keys.

Maybe suggest that as an improvement your boss could make.

→ More replies

2

u/canadian_sysadmin IT Director Sep 14 '24

I sometimes question by ability as an IT Director, and then remind myself there's a lot of those people out there.

I sometimes fret over the details of a training plan for a multi-continent financial system upgrade, and then there's directors who are doing shit like this.

2

u/1z1z2x2x3c3c4v4v Sep 14 '24

You work to get skills and experience. Why are you still there?
You are wasting your time and your career when you could be working in a better company doing better things for better money...

2

u/Suaveman01 Lead Project Engineer Sep 14 '24

A better idea would be to find a job at a better company

2

u/JustFucIt Sep 14 '24

We totally don't have multiple rds servers doing that

Nope

Not us

2

u/devsk1pp3r Sep 14 '24

The year was 2008. My boss asked me why we can’t just throw acrobat on “the Citrix” to bypass that pesky licensing pop up. Good times

2

u/wild-hectare Sep 14 '24

😂 I'm not totally against this 

just block Internet access for that machine... there secured 😂

→ More replies

2

u/Euphoric_Ability2568 Sep 14 '24

PDF Element works pretty well if you need to OCR or edit and licenses are affordable, perpetual, and reassignable!

2

u/HappyCamper781 Sep 14 '24

Uninstall it from the Windows 8 machine, install it on a Windows Server 2022 machine, enable Remote Desktop Session Host mode and buy a few RDSH client licenses....

2

u/BoggyBoyFL Sep 14 '24

Look at Foxit Editor. Not free but works really well.

2

u/pm_me_your_bbq_sauce Sep 15 '24

Clone the win8 hdd and give everyone a local vm with it lol.

2

u/RandyChampagne Sep 15 '24

A couple questions, how much in your Treasury and how many people with access are above 55?

2

u/wifimonster Jack of All Trades Sep 15 '24

This is chaotic good on the moral axis.

2

u/planedrop Sr. Sysadmin Sep 15 '24

Why do people that are NOT "directors" or "chiefs" have to be the ones to correct such disgusting messes.

To be clear, I don't mean why are we the ones that have to do the actual work, what I mean is why are we the ones that have to tell the much higher paid idiots that things like an open RDP box or unpatched SonicWall are not ok?

2

u/johnyeros Sep 15 '24

The solution is to get everybody on Adobe cloud! Jk. FkDatShit

This is some epic shit and I love the Stirling example. Thank you 🙏

3

u/mini4x Sysadmin Sep 14 '24

Its not just stupid but a licensing breach, pay up or shut up, every time someone complains, point them to the guy holding the purse strings.

Your IT director sounds like an idiot.

2

u/notwhelmed Sep 14 '24

So the business had a cost efficient method of doing something that you took away without having a solution to it?

While there is a potential security issue and lord knows what other issues with 50 staff accessing one machine, this is very much dependent on the actual scenario and workplace. You are asking how stupid it was, yet it might have been a very cleaver solution to a problem.

Cheterton's Fence may apply.

4

u/flip_turn Sep 14 '24

The solution is to revert back to what they were doing before. This is your machination for giving a shit when it was not your turn.

3

u/BananaSacks Sep 14 '24

So, you took away the thing that actually worked, and now it's broke - regardless of the fact that there may, or may not be a better way to provide this service.

And now, you'd like the internet to vindicate you and give you a trophy?

:/

2

u/disposeable1200 Sep 14 '24

You're not only breaching the Adobe licenses - you're also breaching the Microsoft ones.

To have multiple users access a PC remotely via RDP you need VDA licenses.

Hope you don't get audited

3

u/zorinlynx Sep 14 '24

It's okay if it's one user at a time, and you don't use one of the hacks to get around that.

→ More replies

2

u/notHooptieJ Sep 14 '24

quit cheaping out, buy some acrobat licenses.

the amount of money spent trying to avoid buying the right tool has already paid for multiple licenses.

Quit wasting everyones time and do the needful.

→ More replies

2

u/TechFiend72 CIO/CTO Sep 14 '24

As you know this was illegal for pirating software in the US. Last time I checked, ever 10 cals that are pirated is a class C felony. They may have updated the law so you can check what you averted.

→ More replies

2

u/Tech_Mix_Guru111 Sep 14 '24

Gotta love some entitlement in a sysadmin…. Best believe that if a layoff is needed, you’re up first OP.

Childish behavior and I bet your ego is as large as Uranus

5

u/WoTpro Jack of All Trades Sep 14 '24

entitlement? He is protecting the business even when the business is too stupid to realize it. That "IT Director" is not doing his job.

→ More replies

1

u/panopticon31 Sep 14 '24

You could try Kofax for PDF editing