Wallpaper to differentiate prod or non-prod server
Posted by deejay7@reddit | sysadmin | View on Reddit | 48 comments
Recently a business asked to apply desktop wallpapers with different colors and text to warn system engineers. Implemented already.
Still feels like this is very outdated approach. A
nybody else do this?
What are some modern solutions?
DogThatGoesBook@reddit
Why would you be running a window manager on a server anyway?
itskdog@reddit
Despite Microsoft encouraging use of the Server Core install option, which just dumps you into a PowerShell prompt after login, most people are still used to the desktop experience.
DogThatGoesBook@reddit
Ah Microsoft, that explains a lot. Its barely suitable as a desktop OS for secretarial staff so the closest it should be to a server is an SMB mount through at least 3 sets of firewalls
schporto@reddit
Yes. Use bginfo with different configs.
BadSausageFactory@reddit
am I the only one writing on the screen with a sharpie?
Overcast451@reddit
Yep, this works very well.
BCIT_Richard@reddit
Bginfo was the first thing that sprang to mind for me. Never used it myself, but have seen the MDT deployment videos from the guy who does and it seems pretty nifty.
ipreferanothername@reddit
i use it with one config and use a gpo or sccm to set environment variables it can pull
but...yeah, bginfo.
burundilapp@reddit
That’s my choice as well, free and designed for this type of task.
jmbpiano@reddit
Fire is old. It's still the best way to make s'mores.
In all seriousness, though, there are plenty of controls you can put in place to reduce "oopsies" depending on the context.
Cautionary wallpaper is just one layer of accident prevention and it's a pretty darn effective one if you've got people remoting into critical servers.
If there's a way to remove the need for them to remote in altogether, that's probably even better, but if not, why not set the wallpaper?
statikuz@reddit
How can I have some more if I haven't had any yet?
archnemisis11@reddit
Umm, actually /s, fire unevenly cooks the marshmallow making it a less than desirable source for evenly melting it for the s'mores. But I'm also allergic to chocolate, so what do i know about making s'mores? :)
jmbpiano@reddit
It's not uneven if you plunge it fully into the flames. :P
archnemisis11@reddit
Oooh! Good point. See, I know nothing about making s'mores! lol
Daphoid@reddit
There's no reason for it feel outdated. Just because a method is old, does not automatically mean you need a "modern approach". You can layer other things on top (permissions, auditing, things of that nature).
But none of those is as instant as "red = prod, blue = dev" and you logging into a DC and seeing a red background "oops, wrong place".
goronmask@reddit
Having info on the wallpaper is great for debug screen caps
PositiveHousing4260@reddit
As you become older like myself, you will find simple outdated type things make more sense. Having broken more things then you can imagine, little things like red for prod and green for testing go along way. I still break things and probably always will but Im also really good at fixing them which is how I ended up here in the first place. We tend to overthink things because we should, but the simple stupid little things like this will often save us from ourselves.
Civil_Inspection579@reddit
Modern teams usually combine visual cues with stronger guardrails though: different terminal prompts, shell colors, MFA for prod access, RBAC separation, read-only defaults, confirmation wrappers for destructive commands, separate bastion hosts, or completely isolated prod environments.
rthonpm@reddit
Laughs in Server Core...
KStieers@reddit
We do it in the background for our ERP environments...user served RDP windows have a different background so you cant tell which window is local.
Right up there with email banners... its a tiny signal that might make someone think a second, or quickly confirm a conviction.
theEvilQuesadilla@reddit
I understand the intention behind this, but I feel like most people I've seen have the windows in the rdp session maximised, thus hiding the background anyway.
Broccoli_Ultra@reddit
bginfo as others have said but now I want this to be applied to our estate too, its immediately noticeable. Sounds like a good idea imo
WizardsOfXanthus@reddit
I use SuperPutty, so when I'm in my VMs, blue is test and red is prod. I don't know. Works for me so I don't think twice about it.
sgtpepper78@reddit
28 years in this field including a time when “remote access” wasn’t even a thing. I’ve never paused on a desktop to look at the color or even read something like BG info… perfunctory and superfluous imho…
Affectionate-Cat-975@reddit
All the time using bginfo
tk42967@reddit
I did this with BGInfo also. Red is Prod Green is Test.
Public_Fucking_Media@reddit
Yeah I've done this before for some media production servers that had to be remoted into, just another helpful reminder - Swiss cheese model and whatnot
zrad603@reddit
I did this with a GPO, and changed the Windows theme so it was a different color even if you had a window open full screen. But instead of being "production" vs development, we did this for admin accounts.
223454@reddit
Same. Years ago we made admin accounts obvious.
hosalabad@reddit
I use a login banner
TommyVe@reddit
I've brought a similar idea to our company and love it. All the different tiered jump servers have their own colored wallpaper and it helps a ton.
brispower@reddit
If this is the level your engineers are at you have bigger problems
Moontoya@reddit
whats that old saying..
"If its stupid, but it works, it AINT stupid"
colour coding your hardwares wallpapers isnt much different to colour coding your ethernet cables - its a quick/simple/easy reference point.
I wonder do I still have the pictures from a jobsite where they had an intern "tidy up the rack" - without knowing the intern was wholly colourblind. *rummages*
dude_named_will@reddit
The naming convention has so far been my best method for production vs testing. For the web servers (which they often access through a website), a different color and a banner saying it's a test server is what we use.
GozerDestructor@reddit
I've been color-coding my terminal windows since 1995. Red is always reserved for the most important machines, usually the central database server.
Easy-Task3001@reddit
bginfo from Sysinternals works pretty well for this. but questioning why direct logging into production servers is allowed might be the first question I ask.
qwikh1t@reddit
It’s Friday so hot patches are incoming
Individual_Ad_5333@reddit
This is the correct answer
Anxious-Science-9184@reddit
I used to administer a school district (NT4 / Win2K) and had to differentiate that background for student/teacher/aid/admin (green/red/yellow/blue) via group policy.
This is not uncommon, but is highly dependent on the industry you're administering.
Nexzus_@reddit
I used to do that. Red background for production servers.
angrydeuce@reddit
I do this in my home lab lol
Makes it far easier to know which vm im on when the background is big block letters NAS or SEEDBOX or PLEX or whatever, especially when ive got like 3 or 4 of them open at a time.
gumbrilla@reddit
Yeah, absolutely. Prod different from non-prod in bash.. it's just one of those signals that you're not in pre-prod, Dorothy.
Anthropic_Principles@reddit
I used to manage a fleet of about 2,500 servers. We had a server naming convention that uniquely identified each one as to its function, location, status (engineering, qa, training, prod, DR, etc.) It was human and machine readable, so you could tell at a glance what is was and scripts could read it and act based on internal rules.
I suppose we could have used it to apply different wallpapers but seriously whoever looks at a gui on a server?
SVD_NL@reddit
Colors work best, because you immediately notice without needing to pay attention to it. Different background or text color in terminal works very well too.
BuffaloRedshark@reddit
we used to have that prior to rolling out 2019. Not sure why we stopped although I think it was done via bginfo and I know bginfo got removed from our environment including pcs
IdleStamina@reddit
Yeah as a few others here have said, we do the same with BGInfo which gives a few details along with prod or non-prod.
Mental_Beginning_698@reddit
Lit star or unlit star in the bottom corner. Easy simple.
autogyrophilia@reddit
bginfo is best for servers.
I'm fond of desktopinfo, but thats a whole program.