|
anyone know a way to downgrade IE9 to IE8 through group policy? I can't find anything at all on Google, and Win7 SP1 images come with 9 instead of 8... and we have some internal software that the manufacturer won't support on 9 and we're going to need a lot of support next week.
|
# ? May 25, 2011 18:59 |
|
|
# ? May 21, 2024 19:32 |
|
I don't have a test machine with it handy, but you should be able to go to Programs, display updates, then choose uninstall IE9. Then load up process explorer and see what GUID was passed to msiexec to uninstall.
|
# ? May 25, 2011 19:23 |
|
I have a few questions: 1. I've been messing around trying to find a good imaging/deployment solution recently. I've created images with ImageX, inserted drivers and applied an unattend.xml with DISM, however when applying the image with ImageX, it installed but ignored everything in my answer file. I also tried with an AutoUnattend.xml on the root of the USB HDD that contained the image but it ignored that too. Is there any way of troubleshooting or seeing from logs why the unattend.xml was ignored? I don't quite understand how DISM applies an answer file to WIM image files if they can subsequently be ignored. The answer file was pretty much exactly what the technet article about creating answer files suggested, and was checked in WSIM with no errors. 2. I've messed about a bit with WDS but couldn't get it working (possibly as we have a linux DHCP server rather than Windows?), and decided I'd download the SCCM 2007 evaluation copy from Technet, but it seems to want SQL server and IIS to operate, is this really necessary to run SCCM? 3. Aside from paid training courses, are there any good tutorials or series of videos about SCCM? edit: 4. I bought Ghost Suite 2.0 from our University software sales dept for £20, but from looking online it seems this version is about 5 years old. Is it worth evaluating? Most imaging will be for PCs in the single digits, generally 1-2 at a time. ryo fucked around with this message at 23:06 on May 25, 2011 |
# ? May 25, 2011 22:53 |
|
peak debt posted:I don't have a test machine with it handy, but you should be able to go to Programs, display updates, then choose uninstall IE9. Then load up process explorer and see what GUID was passed to msiexec to uninstall. on SP1, IE9 is the default installed browser so there's no add/remove... and I'm stumped. I may just let them deal with it in the name of not pushing out old builds of Windows in a fresh all new machine environment and whatnot.
|
# ? May 26, 2011 00:31 |
|
ryo posted:I have a few questions: SCCM does require SQL and IIS. However, after the initial setup (of which a lot is automated), you never really have to touch them again. That being said, SCCM sounds like overkill. Have you looked at MDT 2010? (Microsoft Deployment Toolkit). It has a decently easy learning curve, and is quite powerful for deploying OSs. It can tie into WDS, or you can use a boot CD which connects to the deployment PC and starts the deployment.
|
# ? May 26, 2011 01:59 |
|
Anyone have experiencing deploying patches through SCCM? ie. Adobe reader/flash patches or java. Is it better to actually use the update component or should I just package each update as an application and deploy that way?
|
# ? May 26, 2011 02:28 |
|
lol internet. posted:Anyone have experiencing deploying patches through SCCM? What do you mean by "update component"? I looked into updating software with SCCM for things like java, flash, reader, but in the end I'm going back to Group Policy for these. Main reason: I can't control the computing environment sufficiently, especially with laptops. In the case of laptops, if one is powered on, someone is logged on, and likely has browsers etc open. If, in your environment, the PCs spend some amount of time on but with no user logged on, using the "nobody logged on" condition would work. I would love an "at startup" condition in SCCM.
|
# ? May 26, 2011 03:10 |
|
Telex posted:on SP1, IE9 is the default installed browser so there's no add/remove... and I'm stumped. I may just let them deal with it in the name of not pushing out old builds of Windows in a fresh all new machine environment and whatnot. IE9 has compatibility modes - you might try forcing the application to run in IE7 or 8 mode to see if that helps. You can temporarily enable it by hitting F12 to bring up the dev tools. I think you can send out sites via GPO, or you could at least push a reg hack to enable it on the site.
|
# ? May 26, 2011 03:31 |
|
quackquackquack posted:I would love an "at startup" condition in SCCM. You can require users to be logged off and force logoffs too. Try exploring the task sequence options - they can enable a lot more state checks than a basic package deployment, and they aren't only for OSD.
|
# ? May 26, 2011 03:35 |
|
LoKout posted:You can require users to be logged off and force logoffs too. Try exploring the task sequence options - they can enable a lot more state checks than a basic package deployment, and they aren't only for OSD. Yes, but when do you force logoffs for laptop users? Desktops are not an issue, since they are on at night, bu laptop users have to lock their laptops in a drawer at night, or they take them home. I agree about Task Sequences, it's stupid that they're hidden in OSD. I use them for tons of things, replacing scripting in some cases.
|
# ? May 26, 2011 04:12 |
|
quackquackquack posted:What do you mean by "update component"? The WSUS portion of SCCM. But essentially then for java/flash reader, what you do is grab the latest MSI and run a msiexec upgrade as the login script or group policy? If you add the adobe updates in the WSUS portion of SCCM, it can force a reboot I think during the install if required i think. Right now I'm testing the updates component and basically I set the maintenance window afterhours. The users annoyed during the day every couple hours to either install the updates or his poo poo will get installed in the morning and restarts will happen. I'd imagine this still works if the user is not connected to SCCM as it should download the updates as a cache. Although you make a valid point about the @ startup limitation.
|
# ? May 26, 2011 08:12 |
|
Telex posted:on SP1, IE9 is the default installed browser so there's no add/remove... and I'm stumped. I may just let them deal with it in the name of not pushing out old builds of Windows in a fresh all new machine environment and whatnot. IE9 is not packaged with SP1. Something else has installed it. It is installed as an update, so check the list of installed updates if you wish to remove it.
|
# ? May 26, 2011 11:30 |
|
lol internet. posted:The WSUS portion of SCCM. But essentially then for java/flash reader, what you do is grab the latest MSI and run a msiexec upgrade as the login script or group policy? I was completely unaware that you could use the update component for third party software. We decided to stick with WSUS and not tie it into SCCM, as it seemed more flexible in our relatively small environment. As for upgrading flash/java/reader with SCCM, you are correct, I would create a package+program that runs msiexec. At least for the software just mentioned, they all manage their own upgrades pretty cleanly in my experience, ie: I don't need to uninstall the previous version myself before pushing the new version.
|
# ? May 26, 2011 13:23 |
|
quackquackquack posted:I was completely unaware that you could use the update component for third party software. We decided to stick with WSUS and not tie it into SCCM, as it seemed more flexible in our relatively small environment. It seems any company that is SCUP compliant. http://www.microsoft.com/downloads/en/details.aspx?FamilyID=e3eb0cdf-0215-40bf-bb6c-55e7c3202173 Although, I was poking around the adobe site and I could only find catalog files for reader/flash.. nothing to do with their Adobe CS suite.
|
# ? May 26, 2011 16:08 |
|
quackquackquack posted:Yes, but when do you force logoffs for laptop users? Desktops are not an issue, since they are on at night, bu laptop users have to lock their laptops in a drawer at night, or they take them home. You'll have to make that decision likely with management approval. For an example, at my last job laptops were all required to have packages installed by 7am (intentionally just before standard work hours). Notifications were sent out via email and if users logged in when they got to work (around 8am) the package gets installed and they are forced to reboot within 30 minutes - in case they managed to open up anything important. Sometimes all you can do is warn users and it might take a bit of a culture change to get something like this in place. Culture changes certainly require sponsorship from management, the higher the better. The packages were advertized for a few days before any deadline so if they wanted to manually install they could (directions were published in the notification email).
|
# ? May 26, 2011 16:44 |
|
lol internet. posted:It seems any company that is SCUP compliant. They released a new SCUP version (2011) just the other day: http://technet.microsoft.com/en-us/systemcenter/bb741049.aspx Still the same supported packages, but it doesn't require a SQL backend and is supposed to be a lot faster. I just implemented 4.0 about two weeks ago, too. Speaking of SCUP, I'm trying to use it to update Dell server software (OpenManage and Drivers mainly) and it's not detecting anything. Has anyone used it for that? Everything I attempt to deploy comes back as not applicable though the packages will install manually on servers just fine. Adobe's support is limited, and I was pissed when Citrix dropped support for it. Patching Citrix servers sucks.
|
# ? May 26, 2011 16:48 |
|
Office 2010 deployment using GPOs. Has anyone gotten this to work? I am kind of at my wits end because I have done exactly what they say to do at http://technet.microsoft.com/en-us/library/ff602181.aspx but can only get an error code 5 out of the log files (I can't find reference to what error code 5 is). For some reason it seems that MS decided not to include a way to deploy this as an MSI. The way we do it currently for all software is we have a share that has "Everyone" with read access. What it seems like though is that because when this runs as a startup script it isn't running in the context of a user account it never hits our share. We can't do this as a logon script because our users are not admins... If you have succeeded with this please let me know. I want to deploy 2010 to about 700 machines in the next couple months...
|
# ? May 26, 2011 18:26 |
|
LoKout posted:You'll have to make that decision likely with management approval. Yeah, we don't have set start times, people are at work anywhere between 7am and 11pm, and people don't install updates themselves (I have a great picture in my head of a VP who claimed people just had to be told to do it, and his reaction a month later when I showed him the statistics. I think he lost some faith in humanity that day). I agree that management buy in and set policies are the way to go, but Group Policy software installation makes the situation a lot less complex. IT likes it because it happens like magic, no chance of interfering software running. Management likes it because they don't have to chase people around. Staff like it because they don't have to care. The days of updating your own software (other than large packages) are coming to an end. See: Chrome, Firefox 4, IE, Steam games, etc.
|
# ? May 26, 2011 21:38 |
|
demonachizer posted:Office 2010 deployment using GPOs. Error 5 is usually a permissions error, or sometimes 'file not found' in my experience. Post the command you are calling to install Office. When you run it as a startup script, you're running it as the computer account, not the user account, so make sure (iirc) that 'domain computers' have read access to the folder containing your installation files. EDIT: Oh, and PS, 'domain computers' is a member of 'domain users', so you can use that instead of 'everyone' for your NTFS permissions on the share that contains your installation files and catch both logon and startup scripts. quackquackquack fucked around with this message at 22:05 on May 26, 2011 |
# ? May 26, 2011 21:48 |
|
quackquackquack posted:Error 5 is usually a permissions error, or sometimes 'file not found' in my experience. We actually don't have a domain computers group and since we are a part of a university there is no feasible way of getting one as they probably have reasons on their end to not use it. So I tried running it with the following in both the sharing section with read access and under file permissions with the same: Everyone Authenticated Users The computer itself that I am testing with Anonymous Users The code I have used is this from MS: code:
I finally got it to work with: code:
Demonachizer fucked around with this message at 14:20 on May 27, 2011 |
# ? May 27, 2011 14:07 |
|
Can someone explain App-V to me in simple, practical, "This is how you would actively use this technology" terms. I'm really struggling with the marketing speel. Also, am I reading this right, the RDS CALS I already have can be used for App-V? http://www.microsoft.com/windowsserver2008/en/us/licensing-rds.aspx Oh, and why would I use it instead of RemoteApp, which I have had a play with and mostly understand? Swink fucked around with this message at 13:07 on Jun 1, 2011 |
# ? Jun 1, 2011 13:02 |
|
RemoteApp requires access to the server. With App-V you cache the app once and can continue to use it offline. Basically App-V is providing a mechanism for application deployment and management. It works very well for simple software packages. Sequence FoxIt and deploy it to a group of users. No matter which computer that user logs into they will have FoxIt available to use. If you upgrade the package, it automatically updates next time a user runs FoxIt. It doesn't work well for software which requires individual customisation. You can't install Outlook addins, it has to be sequenced in with the full Outlook package. So long as everyone can use the same platform it works well. You can sometimes get by basic compatibility issues by sequencing an application on XP and deploying out to Win7.
|
# ? Jun 2, 2011 10:40 |
|
Does anyone have a suggestion on how to remove a field from AD users? I have an unknown number of users whose website points to a sharepoint site, but we are getting rid of it. I would like to clear it out, but it wasnt added in consistently.
|
# ? Jun 7, 2011 18:58 |
|
Drumstick posted:Does anyone have a suggestion on how to remove a field from AD users? I have an unknown number of users whose website points to a sharepoint site, but we are getting rid of it. I would like to clear it out, but it wasnt added in consistently. Remove the field from the AD schema or just clear it? To clear it write a small batch script with DSMOD and DSQUERY. Look up the name of the attribute you are trying to clear (DSQUERY can help with this) (watch out, IIRC some Server 2003 tools call the same attribute different names. Internet phone number being both iptel and ipphone). In this script i find users who have a pager number and put it in the ipphone field and clear the pager number. quote:SET OUcn = CN=Users,DC=testdomain,DC=local (of course you can do the same in VBscript or powershell much easier and more fault tolerant, so do that instead).
|
# ? Jun 7, 2011 19:29 |
|
Mully Clown posted:
It also offers application isolation. Multiple applications that would normale give DLL conflicts on a (Citrix) server or workstation can now peacefully co-exist. The application is installed to a hidden drive (Q: by default). The way it is usually explained is there is a bubble* that the system cannot see into but the application can look out. Applications launched from inside the virtual "bubble" can see the whole system (and have full control inside this virtual "bubble"). So you can have a application that virtually overwrites some HKLM keys or downgrades a system dll for that application while leaving the real system in sane land. This allows you to keep using very lovely software longer. It allows you to do all kind of fun tricks to keep legacy apps running and allows conflicting apps on the same machine. *=More like a filter really Not sure about outlook plugins but plugins can work virtualised, especially if dynamic suiting is used (it rarely is)
|
# ? Jun 7, 2011 19:42 |
|
Drumstick posted:Does anyone have a suggestion on how to remove a field from AD users? I have an unknown number of users whose website points to a sharepoint site, but we are getting rid of it. I would like to clear it out, but it wasnt added in consistently. Yeah, you could use a script with DSMOD in it to make the field blank, but assuming I understand your question correctly, it is impossible to completely delete a field from an AD schema. You can disable it, but never completely delete it. That's one of the reasons Microsoft makes it more difficult to even get to the schema editor, because you really don't want to mess it up.
|
# ? Jun 7, 2011 20:16 |
|
Drumstick posted:Does anyone have a suggestion on how to remove a field from AD users? I have an unknown number of users whose website points to a sharepoint site, but we are getting rid of it. I would like to clear it out, but it wasnt added in consistently. Powershell would be easy way to do it, I assume you just want to blank the field not remove it from the schema which is an entirely different beast. You could use a quick script like this code:
e: this assumes that the attribute you are trying to search for is indexed for search, if isn't you'd have to rewrite it to just iterate through each user in your domain/ou and check to see if it exists and blank (or just blank it without checking if you are lazy). adaz fucked around with this message at 22:56 on Jun 7, 2011 |
# ? Jun 7, 2011 22:48 |
|
Anyone using SCE to deploy software only to specific groups? I'm wanting to have a setup so I can just drop a computer into a smart group and have it automatically provision the machine for me once I add it to the group. We've got different workflows for different offices and it's starting to become a pain to manage them since I really really hate waiting until everyone goes home and then going to individual machines to install necessary updates. I can't make a GPO, because not everyone has the drat software that needs an update in the first place. Is it possible, or maybe what I mean is advisable to sort a machine OU out into sites and/or groups and departments or does that sort of complexity in your AD structure lead to issues later? I don't know how i'll do the initial sort on 400 machines, but I really want to sort them out by physical location which might be easy since each office is on their own separate VLAN. I'm gonna research the how's, I'm just not sure of the should's here...
|
# ? Jun 8, 2011 15:29 |
|
Oh wow, thank you so much for the help. Yes, I just need it blank, sorry for the confusion. I've gone from limited server/active directory work to overseeing everything. It been a huge learning curve but things are going smoothly. Just need to take care of a lot of clutter the old guy left.
|
# ? Jun 8, 2011 20:31 |
|
what software/devices, if anything, do you guys use to proactively monitor, maintain, and support your networks? particularly interested in multi-site companies. I've been trying to find a cost effective solution to support all the small businesses I deal with - so I've been looking at kaseya, logmein central, zenoss, spiceworks (lol what a joke), etc. any big ones I'm missing out on?
|
# ? Jun 8, 2011 21:19 |
|
Depends on the size of the client - if you're talking actual small businesses, that can be difficult and hard to justify the cost of the automated stuff for the client, in my experience. The only service I have experience with like that is Kaseya, which was kind of crappy but alright.
|
# ? Jun 8, 2011 21:44 |
|
Gyshall posted:Depends on the size of the client - if you're talking actual small businesses, that can be difficult and hard to justify the cost of the automated stuff for the client, in my experience. The only service I have experience with like that is Kaseya, which was kind of crappy but alright. yeah - cost is a real issue. logmein's rescue thing is loving pricey at $1300 per tech per year, but kaseya does seem a little crappy, and 25 machines at $5 per machine per month is more than a yearly seat for the rescue product. blhehh in any case, yeah, I'm not getting businesses to shell out 5k for in house monitoring devices - most organizations I deal with are around 5-15 people large. been doing it by hand - scripts and VNC thusfar, I'm just looking for a way to consolidate the monitoring and support stuff into a single system so I can take on more clients - but isn't gonna put an ultra painful dent in my budget. figured I could use some advice from you enterprise people, but I guess at the enterprise level cost isn't nearly as much of an issue.
|
# ? Jun 8, 2011 23:51 |
|
mindphlux posted:yeah - cost is a real issue. logmein's rescue thing is loving pricey at $1300 per tech per year, but kaseya does seem a little crappy, and 25 machines at $5 per machine per month is more than a yearly seat for the rescue product. blhehh Most of the places I know of use SCCM or some variant thereof, which is pretty much enormous overkill for what you want. Doesn't MS have a new cloud based monitoring/licensing/support system for small business available?
|
# ? Jun 8, 2011 23:59 |
|
Windows Intune is what you're thinking of. I have no idea if that would let you split things up into separate customers or anything, though they are pushing it for partners to resell, so it seems like you would be able to do something like that. Intune is basically Forefront Endpoint Protection (MSE for business) + hardware/software inventory + remote support in one product.
|
# ? Jun 9, 2011 05:09 |
|
lol $11/pc/month you've gotta be kidding me
|
# ? Jun 9, 2011 05:25 |
|
mindphlux posted:lol $11/pc/month Well it includes anti-virus plus windows 7 enterprise licenses in addition to all the rest of the stuff, it's not exactly outrageous. How much are antivirus subscriptions nowadays anyways? $50-60 a year? Hell, it seems cheap to me.
|
# ? Jun 9, 2011 05:29 |
|
mindphlux posted:what software/devices, if anything, do you guys use to proactively monitor, maintain, and support your networks? particularly interested in multi-site companies. I worked for a company that provided remote support to a lot of small clients. All we did was create a firewall rule at each company to allow RDP sessions from the IP address of our company. This allowed us to just use RDP without exposing RDP to the whole internet. We had an RSA secured Citrix site at my office, so if I needed to access any client from somewhere other than my desk I could just log in to Citrix and access them that way. For monitoring I'd recommend looking at Whats Up Gold. I currently use it to monitor a 9 site, 4 data center company. It's pretty good at active monitoring and gathering performance metrics.
|
# ? Jun 9, 2011 15:30 |
|
For my SMB clients I'm using: - ESET for Antivirus - with an exception/open port in the firewall to allow remote management from one console - Remote Desktop with exception to allow traffic from our office only - Pingdom for external down/up time - Postini for mail spooling/email alerts So far this has been enough, my larger clients have a combination of services and SNMP/WMI alerts and monitoring services that we pretty much know any failure or slowdown before it happens.
|
# ? Jun 9, 2011 16:40 |
|
I need to monitor what shares we have that are being backed up by Volume Shadow Copy as it turns out a Sales person deleted several months of work off a share that VSC stopped working on. Does anyone else have to do this? Is there something out there that can be used to do this? My PowerShell script I'm working on isn't doing too well at the moment.
|
# ? Jun 9, 2011 21:31 |
|
|
# ? May 21, 2024 19:32 |
|
adaz posted:Well it includes anti-virus plus windows 7 enterprise licenses in addition to all the rest of the stuff, it's not exactly outrageous. How much are antivirus subscriptions nowadays anyways? $50-60 a year? Hell, it seems cheap to me. I can add clients onto my ESET install at 9 bucks per client per year. No way I'm paying 11 bucks a month.
|
# ? Jun 9, 2011 23:00 |