|
Noel posted:If it makes it easier, let's agree that the Software Update Point (SUP) site role and WSUS have to be installed on the same machine. So either I get to install SUP on the existing WSUS (not going to happen), or I set up a downstream on my existing SCCM server. Oh yeah I did totally not click on that. If I wasn't such a strong fan of ITIL these days I would be doing things without telling them just because I know they'll work. I feel for you bud
|
# ? Oct 12, 2010 03:50 |
|
|
# ? May 21, 2024 16:43 |
|
I have a user that needs an individual login script. Is it kosher to put the script and accompanying registry file in sysvol or should I make a share? e: this user doesn't have access to any of our other shares. Quebec Bagnet fucked around with this message at 19:00 on Oct 30, 2010 |
# ? Oct 30, 2010 18:54 |
|
Derpes Simplex posted:I have a user that needs an individual login script. Is it kosher to put the script and accompanying registry file in sysvol or should I make a share? As a rule, I would keep all login scripts in sysvol, that's what it's there for. Unrelated: Does anyone know of an application that can deploy and audit a set of files against a set of servers. I look after a group of ~30 windows xp sp1 servers that run a scada system. The particular scada app uses a whole bunch of individual files to control what functionality each server has and we currently don't have a method to deploy and audit which server gets which set of config files. We already use puppet on the linux boxes here which would be great if it supported windows a bit better. I've looked at packaging up each set of files into an msi. and using wpkg but that doesn't help with auditing, and having to maintain packages for each different type of server would be . SCCM is out as we are forced into running xp sp1. We can spend money if we need to. The ideal app for this would show me a matrix of files x servers and let me click a checkbox to deploy that file to that server. Bonus points if it would also let me generate nice charts that i can show to the higher ups showing that all my servers have all the right configs. More bonus points if it can do it all without needing to run agents on the servers.
|
# ? Nov 11, 2010 06:41 |
|
SCE 2010 just doesn't meet my needs. I tired it because Office 2007 is a PITA to rollout with GPO. Thanks for that change MS. SCE is just too limited, and doesn't tie in with existing AD structure. I'm going to give the trial version of SCCM a try.
|
# ? Feb 4, 2011 20:43 |
|
SCCM can take a log to get going, and has a relatively steep learning curve. But the options once you have it up and running are fantastic. For Office 2007, why not install it using a startup script?
|
# ? Feb 4, 2011 23:53 |
|
So I'm currently playing with MDT 2010 and WDS in an attempt to find a better deployment solution for our network. We currently use altirs, but we do not have control over the servers, and the people who run it are on a old version that does not fully support windows 7 yet. We have machines in the ceiling that we need to get imaged, Is it possible to make a fully unattended (ZTI) install with just MDT 2010 and WDS? It seems like the only hurdle is forcing the machines to automatically boot from PXE, without touching them. Everything else unattended seems to be completely doable at this point. Thoughts?
|
# ? Feb 5, 2011 01:14 |
|
Noel posted:... I have 6 different msp install options for the various depts. Startup scripts won't allow me to uninstall when a user changes depts or job functions. GPO installs were so loving elegant. User changes OU, uninstall - install done. Besides, it gives me an excuse to learn SCCM, since this loving company hasn't payed for even 1 loving training course in 4+years. I'm falling behind. Col. Mustard fucked around with this message at 01:37 on Feb 5, 2011 |
# ? Feb 5, 2011 01:34 |
|
The Onion posted:So I'm currently playing with MDT 2010 and WDS in an attempt to find a better deployment solution for our network. We currently use altirs, but we do not have control over the servers, and the people who run it are on a old version that does not fully support windows 7 yet. We have machines in the ceiling that we need to get imaged, Is it possible to make a fully unattended (ZTI) install with just MDT 2010 and WDS? It seems like the only hurdle is forcing the machines to automatically boot from PXE, without touching them. Everything else unattended seems to be completely doable at this point. Thoughts? I've been using BDD and MDT for a while, and have never gotten a fully ZTI; minimal but not zero. I think you need MDT plus pieces from SCCM to get a truly ZTI.
|
# ? Feb 5, 2011 01:40 |
|
Yeah, good point about Office. I can think some convoluted as hell ways to do it, but I wouldn't want to implement them. I moved from MDT to SCCM and installed the MDT integration tools. However, I found I ended up making OSD Task Sequences from scratch instead of using the MDT ones. Let me know what you decide when you hit that decision. And a tip for Software Deployment through SCCM: you can make collections that query AD groups. It's a hell of a lot easier to (manually or scripted) change the membership of an AD group than it is to muck around with Collection membership queries.
|
# ? Feb 5, 2011 02:54 |
|
I spent the last 2 months learning SCCM. I've setup MDT from scratch in the past. I got a fully working ZTI. Biggest pain in the asses which I went through was 1. XP deployment. BSOD like mad. and 2. Driver management. Sometimes "Auto Apply" simply doesn't work. I just do driver packages and don't import that poo poo into my driver DB anymore. Keeps it cleaner and easier to organize but again it requires a lot of time investment. I have a couple images. Generic images with no software and a couple of hybrid images. The hybrid image was a windows 7 and it contains SQL 2005/2008. The reason for this is because I ended up couldn't justifying how much time i'll invest in getting the SQL packages to work. I would have to slipstream the SQL SP1 into the installer before even setting up the package to test. Most of the headaches are over for me. I still have a couple issues here and there, not really related to ZTI but booting of unknown computers. It doesn't seem to work even when thought I advertised to "All Unknown Systems" but when I advertised to "All Unknown Systems", "All Systems", and "All Desktops and Servers". "Unknown" computer pxe boot does work, but obviously I can't keep those task sequences advertised to those collections. If anyone has any suggestions on this, it would be great. I've been just booting from CD for new systems temporary as it's not high on my priority list. I rolled out a ZTI installation of windows xp to a remote location over the a internet vpn connection from North America to Europe. Took me 4 hours! edit: How much is SCCM anyways? edit2: Anyway to tell sccm to run the advertisment on the client machine like.. right now? Normally I wait like 30mins and check the status messages lol internet. fucked around with this message at 06:58 on Feb 5, 2011 |
# ? Feb 5, 2011 06:37 |
|
lol internet. posted:Good info... Pricing - it's hard for me to say directly as pricing I've seen has always been effected by EA or some other licensing agreement. At my last job it was something around $7 per client and the server was free. Again, that was covered by an EA. My new job has a partner account so it's free for internal use (for as many clients as we have). Perhaps someone else can chime in with more useful experience there. I've found this tool - SCCM Client Center to be a big help with troubleshooting and forcing installs. It'll let you override service windows, re-run advertisements, and recycle policies if something is messed up. There's a number of scripts and stuff out there that will affect installs as well, though I haven't had to use them.
|
# ? Feb 5, 2011 22:21 |
|
I've gotten SCCM down to completely hands free once I boot from CD. My SCCM server sits on one network, and my clients are on three separate network. On one network we run ISC DHCP, and on the the other two I don't have that much control (all I can do is change the MAC for an IP), so I haven't bothered much with PXE booting. I'm also not sure how I feel about the unknown computer stuff, though it could be useful, but I worry with my users that they'll break it and abuse it somehow. I've also taken the hard route of importing every driver into SCCM and then creating driver packages, mostly because I didn't know you could do it any other way.
|
# ? Feb 6, 2011 21:05 |
|
FISHMANPET posted:I've gotten SCCM down to completely hands free once I boot from CD. My SCCM server sits on one network, and my clients are on three separate network. On one network we run ISC DHCP, and on the the other two I don't have that much control (all I can do is change the MAC for an IP), so I haven't bothered much with PXE booting. I'm also not sure how I feel about the unknown computer stuff, though it could be useful, but I worry with my users that they'll break it and abuse it somehow. You should be able to set a password on the boot if they do PXE. ie. When I pxe boot, I have to enter a password to see the availible task sequences. This option I think is settable by right clicking on the boot image and going into the properties. But as I stated in my previous post. Booting from unknown computers doesn't even work for me for new machines. I'm not sure if it has to do with x64 capable machines pxe booting. I'm using the x32 boot disks on all task sequences.
|
# ? Feb 6, 2011 21:14 |
|
FISHMANPET posted:... I use driver packages as well, and I definitely believe it's the way to go. I overload my OSD Task Sequences with each driver package with a WMI condition. I feel like it gives me more control and consistency. I don't do unknown computer. New PCs use thick DVDs, or I pre-seed them in SCCM.
|
# ? Feb 6, 2011 21:46 |
|
Noel posted:I use driver packages as well, and I definitely believe it's the way to go. I overload my OSD Task Sequences with each driver package with a WMI condition. How do you handle renaming PC's after a record has been created in the SCCM database and joined the domain.
|
# ? Feb 6, 2011 22:15 |
|
I assume you're asking about renaming when using thick media deployment? For thick, I set a variable when it asks when creating the media, I think it's OSDComputerName.
|
# ? Feb 7, 2011 02:03 |
|
Anyone try this Dell KACE appliance? It's an all-in-one inventory/imaging/deployment/etc/etc appliance. My boss has a hard-on for it and wants one, but in my experience these things never work as well as you'd want or require a dedicated admin to keep working properly. http://www.kace.com/
|
# ? Feb 7, 2011 15:28 |
|
Noel posted:I use driver packages as well, and I definitely believe it's the way to go. I overload my OSD Task Sequences with each driver package with a WMI condition. I've read that what some people do is import the network and SATA drivers into SCCM so that they can put them into boot images, but the rest they just copy into the sccm drivers folder on the file system, because all SCCM does is copy that folder onto the computer after it dumps the image and says "hey, do any of these infs work for you?" Took forever to figure out how that worked, because the guy who set this up had all the drivers dump into the root folder, so it was the same as applying all drivers always, which didn't work for well when Win 7 x64 drivers got installed onto 32 bit Win XP.
|
# ? Feb 7, 2011 16:34 |
|
Canuckistan posted:Anyone try this Dell KACE appliance? It's an all-in-one inventory/imaging/deployment/etc/etc appliance. My boss has a hard-on for it and wants one, but in my experience these things never work as well as you'd want or require a dedicated admin to keep working properly. Went to a few of the KACE seminars here in the UK a few months ago and played about with a test of the K1000. You've got 2 different boxes here: K1000: Does the management/audit/monitoring stuff. K2000: Does the application/image deployment and sandboxing. Depends what you're going to be using them for mainly. They're pretty solid, but if you want to do complicated stuff with them it requires a lot of scripting and messing around. Appdeploy.com is where to go to get a good overview on what these things can and can't do.
|
# ? Feb 7, 2011 16:43 |
|
FISHMANPET posted:I've read that what some people do is import the network and SATA drivers into SCCM so that they can put them into boot images, but the rest they just copy into the sccm drivers folder on the file system, because all SCCM does is copy that folder onto the computer after it dumps the image and says "hey, do any of these infs work for you?" I can see how that would save some time during initial SCCM setup, but it seems awfully coarse. For example, we have two computer models with different revisions of the same audio chip. The same driver is supposed to work for both, and will install for both, but not work for the older revision. I had to grab an older version of the driver to make the older revision work.
|
# ? Feb 7, 2011 17:06 |
|
The Onion posted:So I'm currently playing with MDT 2010 and WDS in an attempt to find a better deployment solution for our network. We currently use altirs, but we do not have control over the servers, and the people who run it are on a old version that does not fully support windows 7 yet. We have machines in the ceiling that we need to get imaged, Is it possible to make a fully unattended (ZTI) install with just MDT 2010 and WDS? It seems like the only hurdle is forcing the machines to automatically boot from PXE, without touching them. Everything else unattended seems to be completely doable at this point. Thoughts? Be careful what you wish for. A fully automated, zero touch install that anyone can boot from the network is just asking for someone to fiddle with their settings, network boot and accidentally nuke their PC.
|
# ? Feb 7, 2011 17:11 |
|
FISHMANPET posted:I've read that what some people do is import the network and SATA drivers into SCCM so that they can put them into boot images, but the rest they just copy into the sccm drivers folder on the file system, because all SCCM does is copy that folder onto the computer after it dumps the image and says "hey, do any of these infs work for you?" I only import Ethernet/Storage driver for the boot. But I create driver packages and point them to the appropriate directory. I never import drivers anymore. Just because sometimes "Auto Apply" simply doesn't "Auto Apply." Right now I have my directories setup this way: D:\WIN7X64/HP/2540p/(audio/lan/ethernet/etc.) D:\WINXPX32/HP/2540p/(audio/lan/ethernet/etc.) Each driver package pointing to its own directory, I never "Import" it so in Driver Packages -> Package name -> Drivers, there's nothing imported. This is time consuming at the beginning but it saves you a ton of issues down the road. Also, it looks like Windows7 doesn't require you to inject storage drivers via driver package which is a bonus. H2SO4 posted:Be careful what you wish for. A fully automated, zero touch install that anyone can boot from the network is just asking for someone to fiddle with their settings, network boot and accidentally nuke their PC. Actually, just don't advertise the task sequence to "All Systems/All Desktops & Servers" and you should be okay. Also, setup a password on the boot disc. (Will ask during PXE boot, not mandatory advertisements) Just create a collection, and advertise to the collection. For the machines you want to re-image, just drop them into the collection. Just be careful on making the advertisement mandatory or not. lol internet. fucked around with this message at 17:17 on Feb 7, 2011 |
# ? Feb 7, 2011 17:12 |
|
lol internet., I'm not quite sure what you mean. I always use "Apply Driver Package" and never "Auto Apply Drivers", but I still have to import the drivers and put them in the driver packages. Do you point the 'Data Source' tab directly at where you expanded your drivers? If so, wow, this removes an annoying step (import, add to package).
|
# ? Feb 7, 2011 17:45 |
|
There a decent guide out there for imaging with SCCM? A basic walkthrough you might recommend? Right now I'm rolling Ghost and it works perfectly for what I need it to do. I have a nice Zero Touch setup right now, but Windows 7 is looming, and creating new images all the time sucks.
|
# ? Feb 7, 2011 18:03 |
|
Noel posted:lol internet., I'm not quite sure what you mean. I always use "Apply Driver Package" and never "Auto Apply Drivers", but I still have to import the drivers and put them in the driver packages. I think he's adding an extra step, but one less than what you're doing. When you create a new driver package, you specify a path for the files to get stored at. On our server we've got it set up like this: \\server\drivers\SCCM \\server\drivers\source(xp3|Win7_x64|Win7_x32)\Model Name I make the driver package directory something like \\server\drivers\SCCM\XP Latitude E6410. I drop the uncompressed files into source, based on what they're called. Import into SCCM, then add them to the drive package. Then SCCM copies whatever's at \\server\drivers\sccm\<package name> to the Distribution Point(s). You can eliminate the middle man by only importing storage and network into SCCM, then just copying the files from source directory to SCCM directory. I'm still not sure what I like best. If I did it the raw way I could just dump the extracted driver CAB that Dell gives out into the SCCM directory and make my deployments a hell of a lot easier, but it seems so hackish. For reference, here's what my driver console looks like:
|
# ? Feb 7, 2011 18:10 |
|
lol internet. posted:Actually, just don't advertise the task sequence to "All Systems/All Desktops & Servers" and you should be okay. Also, setup a password on the boot disc. (Will ask during PXE boot, not mandatory advertisements) Absolutely. This is completely different, and the right way to do it with an SCCM environment. I was more referring to The Onion's specific situation, where it didn't sound like he had such access.
|
# ? Feb 7, 2011 18:18 |
|
H2SO4 posted:Absolutely. This is completely different, and the right way to do it with an SCCM environment. If I were using SCMM this is how I would do it. But it doesn't look like we are even getting a shot at buying that, So I'm currently stuck with MDT and WDS for now. I'm just going to work with this setup and lock down the bios of the machines so I don't run into the random person nuking their machine scenario. Thanks for the advice guys.
|
# ? Feb 7, 2011 19:52 |
|
I hope this is the right place to ask. I'd like to upgrade our active directory domain controllers from windows 2000 to windows 2008. I'm wondering if it's possible to add a 2008 domain controller to a 2000 AD schema after I run adprep? Then I could just give the new 2008 DC all the roles, demote the other DCs, format and install 2008 on the old DCs, then promote them back. We currently have four DCs and I'm about to demote two of them. The remaining two DCs would be virtualized, so I can test run adprep. We were thinking of pairing our domain controllers down to only two machines, one physical and one virtual, but maybe we want more. We have about 300 users. Am I going about this the right way?
|
# ? Feb 9, 2011 21:32 |
|
Crazak P posted:I hope this is the right place to ask. I'm not an expert on AD, but that should work. At some point you should raise the domain to 2008 functional level.
|
# ? Feb 9, 2011 21:50 |
|
Crazak P posted:I hope this is the right place to ask. Yep just run adprep on the 2000 schema master and you'll be able to install a new 2008 server as a DC. May as well go 2008 R2 (run adprep32 instead if you do) unless you have a specific reason to just stay on 2008, though. Transfer all the roles to the new 2008 server then unjoin the other DC's from the domain and you're good to go to raise the functional and domain levels. If you go the one virtual, one physical route make sure the physical DC has the PDC Emulator role or be sure to read your vendors documentation on virtualizing domain controllers so you can avoid clock drift issues on the VM. Two DC's for 300 users is just fine.
|
# ? Feb 10, 2011 01:12 |
|
I'd like to hear people's experience of USMT, specifically Loadstate. Does it really work well out of the box, grabbing all the data that our beloved users like to hide? Does it get all the required settings/customisations of apps too? And the hardlink store - that scares me a little, the idea that you dump all the user's data onto the same harddisk that you are about to format and trust that it survives the format just seems a little too trusting.
|
# ? Feb 10, 2011 08:47 |
|
spog posted:I'd like to hear people's experience of USMT, specifically Loadstate. USMT worked fine for us, the problem is more that it tends to grab too much poo poo and copies files over into the c:\windows directory that I'd rather keep clean. So I used the uncompressed option /nocompress for USMT. This creates an editable data structure on the server that you can then clean up by deleting everything outside of the documents and settings folder. The precedence for exclusions/inclusions seemed to be too confusing to do this in the configuration xml. Hardlinking also seemed a bit risky to me, I uploaded it to our file server. If someone had enough data to make hardlinking useful it always was an iTunes library which we told people to put on a private external hard disk because we don't support it.
|
# ? Feb 10, 2011 09:26 |
|
I'm a huge USMT fan, but editing the XML files can be a pain. Although once you get it up and going, you rarely have to tweak them. We pulled out all of the application migration stuff except Office, and told it to migrate the entire AppData\Roaming folder. I forget how the AppData\Local\Microsoft\Outlook folder is specified, but that comes over too. We also told it not to migrate the shared videos/pictures/etc. It works like a charm, after ~200 migrations from XP to Vista and Vista to Vista, the only things we have had to go back fishing for are programs that keep settings in their Program Files folder. We also had to add a line to migrate our one big app that installs to c:\fuckyouapp\. Other than those snags, it very rarely fails. I recommend using the /ue and /ui flags intelligently. We /ue everything, and then /ui only that one user account. And turn up the logging verbosity.
|
# ? Feb 10, 2011 14:47 |
|
User migration? What's that? Dump the user profile elsewhere, reimage, have them log in, dump files back. We gives no fucks about your profile customizations.
|
# ? Feb 10, 2011 14:49 |
|
That's basically what USMT does, except you don't need the person to log onto the computer first, and you exclude a bunch of crap (temp folders, etc).
|
# ? Feb 10, 2011 15:22 |
|
devmd01 posted:User migration? What's that? Dump the user profile elsewhere, reimage, have them log in, dump files back. We gives no fucks about your profile customizations. That's ok for people's background image and poo poo, but if we kill their Skype history there will be murder.
|
# ? Feb 10, 2011 15:33 |
|
I'm confused. Wouldn't dumping their user file mean poo poo like Skype history would get copied too?
|
# ? Feb 10, 2011 15:38 |
|
FISHMANPET posted:I'm confused. Wouldn't dumping their user file mean poo poo like Skype history would get copied too? No, it keeps its data in AppData\Roaming Even worse is Chrome that keeps its settings in AppData\Local
|
# ? Feb 10, 2011 15:55 |
|
At least Google put out an MSI and ADM for Chrome. Come the gently caress on Firefox, it's not that hard to hire 1/8th of a full time person to package for Windows. In one of our labs we're installing IE (obviously) and Chrome, but no Firefox. Now that there's another viable option for "alternative browser", we chose the one that is not a pain in the rear end to update. (and no, those community MSIs are not a viable option for us).
|
# ? Feb 10, 2011 16:39 |
|
|
# ? May 21, 2024 16:43 |
|
So, you guys trust it then, that's good to know. But, from what I am reading, you need to run with it a few times to make sure that it is scooping the right stuff. So, if you have an organised shop, then it will work well for you. If you have a bit of a mess, where users aren't tied down too much, there's a fair chance of it missing something. So, perhaps not the best tool for the new sheriff in town, but once things are a reasonably well-managed, it will do the job. And it seems that all of you share my same sceptism for Hard Link Migration. Bunch of cyncics that we are.
|
# ? Feb 10, 2011 17:00 |