|
Bedevere posted:I am sorry if soemone hit this over the last 15 pages.... Thanks for answering  I kind of abandoned SUP and I'm back to running Windows updates semi-manually. However, I'm attending a masterclass in Config Manager 2012 Beta 2 this week, with Johan Arwidmark and Kent Agerlund. Looks like there are quite some improvements coming soon. The whole software update deployment can be automated, no more update lists to manually update every month etc.
|
#
?
Oct 20, 2011 18:43
|
|
|
|
| # ? May 19, 2024 06:56 |
|
|
What do you guys do to limit your Help Desks' rights to servers? I would like them to retain some rights, but limit their abilities.
|
|
#
?
Oct 20, 2011 19:26
|
|
|
Kinda depends on the specifics. Role-based administrative groups mostly.
|
|
#
?
Oct 20, 2011 22:29
|
|
|
Bedevere posted:I use the EXE and then command line it: No, that won't work because the installer sucks and extracts the installer to a hard coded (32 bit) path, then reads the path from a system variable to read it, and gets a 64 bit path. The fix was to modify the registry so the key it read was the same as what was hard coded, though now I've figured out how to directly pull the MSI from the installer. And all those options don't work anymore, theytook most of them out of the installer (though there won't be errors if you use them).
|
|
#
?
Oct 21, 2011 03:14
|
|
|
FISHMANPET posted:No.... As I said I missed the boat on the reply, and what you said about the fix (good thing for general use) We have been avoiding newer flavors of java because we have internal specifications. We have been sticking with 1.42_19 and 1.60_22 as those versions play nice together and allow our custom apps to run. Our apps only operate in 32 bit mode via the browser for the foreseeable future, so we have not had to fight with the 64 bit browser and Java stuff. I have both on my admin machine and they made me very angry whenever an update came out as the path issue applied there, causing days of looping upgrade notices and failed installs.
|
|
#
?
Oct 21, 2011 18:40
|
|
|
I'm setting up SPF records for a second email server I just added. My DNS looks like this:code:Now I'm adding a new email server on dev.example.com so my current spf record looks like this: code:My question is, can I just get rid of google's servers and my ISP's servers on the second one and make my SPF record look like this: code:openspf.org has been down for like a week and I usually use their tool.
|
|
#
?
Oct 22, 2011 16:26
|
|
|
Is it possible to restrict local logons only to specific users on a domain using the allow log on locally and deny log on locally policies or NTRights? The problem I'm having is that deny takes precedence over allow, so how can I deny all users except for a few specific users? They're all in the DOMAIN\Authenticated Users and DOMAIN\Domain Users, which are both in the Users via a GPO I don't control. I can just deny all user logons entirely and manually re-enable them when necessary using NTRights, but that's not as elegant as I'd like. edit: Nevermind, I figured it out. I just had to revoke the allow log on locally privilege to Users and add explicit allow log on locally permissions to the specific users. I'm pretty sure I tried that when I was testing at the end of last week, but I was still able to log on so I didn't think that worked. v  v
Megiddo fucked around with this message at 07:51 on Oct 24, 2011 |
|
#
?
Oct 22, 2011 19:40
|
|
|
For those of you in the know for WDS & Windows 7, is it possible to have a sysprepped Win 7 image prompt the user for a CD key the first time it is deployed/run (for use with an OEM key) as opposed to specifying a KMS/MAK key at image build time?
Wicaeed fucked around with this message at 17:08 on Oct 27, 2011 |
|
#
?
Oct 27, 2011 16:30
|
|
|
Wicaeed posted:For those of you in the know for WDS & Windows 7, is it possible to have a sysprepped Win 7 image prompt the user for a CD key the first time it is deployed/run (for use with an OEM key) as opposed to specifying a KMS/MAK key at image build time? I don't know poo poo about WDS but I know MDT can do this and a million other things.
|
|
#
?
Oct 27, 2011 18:19
|
|
|
Wicaeed posted:For those of you in the know for WDS & Windows 7, is it possible to have a sysprepped Win 7 image prompt the user for a CD key the first time it is deployed/run (for use with an OEM key) as opposed to specifying a KMS/MAK key at image build time? My MDT setup prompts for key and pc name for exactly this reason.
|
|
#
?
Oct 28, 2011 00:28
|
|
|
So here's an SCCM problem I can't run away from. I've had this same problem on a Precision T1500, and a Precision T5500. I try and deploy Win 7 x64 to the machine. The WinPE disk sees the network driver, and downloads the image and drivers. Then when it reboots, it fails because it no longer has a network interface. However, after this failure when I reboot the computer it boots into Windows 7 just fine, with networking working. Any ideas what I'm supposed to be doing here?
|
|
#
?
Oct 28, 2011 20:49
|
|
|
Any good book suggestions for in depth technical AD stuff? I mean, I'm not worried about AD concepts/domain configuration and management, but more technical information about the stuff going on under the hood. Mainly for a reference, been doing an increasing amount of AD programming where I'm at, and a good reference would be handy.
|
|
#
?
Oct 28, 2011 21:44
|
|
|
FISHMANPET posted:So here's an SCCM problem I can't run away from. Is it the 64bit boot disk with the 64bit network driver added? and when you said "Then when it reboots, it fails", can you be more specific? Can you post the relevant part of the smsts.log?
|
|
#
?
Oct 28, 2011 21:52
|
|
|
FISHMANPET posted:So here's an SCCM problem I can't run away from. When this happens what does the NIC look like under device manager? Is it possible that the wrong drivers are being installed by PE? On an HP I have I was having a problem with Bluetooth, it turned out that even though it took the bluetooth drivers they were actually the wrong drivers and I had to install another driver for it to work. Windows 7 is pretty good about NIC drivers, so it may see the device is not working correctly and on reboot installs the correct drivers. Although if that's the case you should not be getting the wrong drivers in the first place.
|
|
#
?
Oct 28, 2011 21:54
|
|
|
I've worked with SCCM 2007 for three years, and I'm not considering a job that uses Altiris, but has not really done anything with it. Can anyone compare the two? Or any good sites that compare the two? The new place has Bomgar and is happy with their WSUS, so remote viewing and MS update distribution is not important. The core features required are OS deployment, software deployment (based on AD group primarily), and inventory.
|
|
#
?
Oct 28, 2011 21:59
|
|
|
quackquackquack posted:Is it the 64bit boot disk with the 64bit network driver added? Alright, actually I think one of those reboots isn't a reboot. My task sequence looks like this: Restart in Windows PE Partition Disk 0 Apply Operating System (from original installation source) Apply Windows Settings (sets local admin password and licensing is blank because we run KMS) Apply Drivers (I do a WMI query on hardware type so it only applies the drivers it needs Apply Network Settings (join the domain) Setup windows and ConfigMgr. According to System Status on my server, it completes Apply Network Settings, but it doesn't actually join the domain. From this point on it loses the network adapter, I think during the Setup windows and ConfigMgr, as part of the Win 7 OOBE stuff. I'm rerunning it now without any drivers being applied, and it looks to be working. It just rebooted as part of the Setup windows... step. So I guess I have no loving clue what's going on. Right now this is with a T5500, but I had the same problem with the T1500 and I thought I removed the drive package to no avail. I'd like to gently caress around with it more but this is my student worker's workstation, so I can't keep nuking it endlessly.
|
|
#
?
Oct 28, 2011 22:46
|
|
|
I think Yaos has the right idea. Sounds like an issue with the driver applied in the driver package. What does the log in Panther say about joining the domain? What does smsts.log say? The logs on the server are only so useful when it comes to OSD.
|
|
#
?
Oct 28, 2011 22:54
|
|
|
quackquackquack posted:I think Yaos has the right idea. Sounds like an issue with the driver applied in the driver package. Here's what (I think) is relevant from smsts.log: http://pastebin.com/RxGuuY97 I didn't pull anything out of Panther, though that's a good idea. I assume you mean setupact.log?
|
|
#
?
Oct 28, 2011 23:05
|
|
|
Yeah, that and setuperr.log. Does this look like the issue? It makes sense: http://blogs.technet.com/b/configur...ll-package.aspx But before diving down that rabbit hole, make absolutely sure you are adding the right driver. Also test by removing the WMI query on the driver. I've facepalmed over a bad query before. And I have no clue if this matters (I don't think it does), but I always did: Apply Network Settings Apply Drivers Setup Windows and ConfigMgr
|
|
#
?
Nov 2, 2011 22:03
|
|
|
I have always found checking C:\Windows\inf\setupapi.dev.log for failure messages will lead you to any driver issues. It will also be helpful to know the pci vendorid etc. of your network card.
|
|
#
?
Nov 3, 2011 04:27
|
|
|
This is a stupid question, but it's a bit hard to google. When I nslookup ourdomain.local I get back the IPs of the domain controllers, PLUS x.x.x.0, where x.x.x. is one of our subnets (e.g. 10.10.10.10, 10.10.14.15, 10.10.10.0). I always thought it was weird, but it was like that when I started here and never caused issues, so I let it alone. Now I have a workstation that can't contact a DC until I flush its DNS cache, and after a day it's back to having trouble. When I ping ourdomain.local it's attempting to ping the .0 address. So, the question is: this is not normal, right?
|
|
#
?
Nov 3, 2011 16:08
|
|
|
Erwin posted:This is a stupid question, but it's a bit hard to google. When I nslookup ourdomain.local I get back the IPs of the domain controllers, PLUS x.x.x.0, where x.x.x. is one of our subnets (e.g. 10.10.10.10, 10.10.14.15, 10.10.10.0). I always thought it was weird, but it was like that when I started here and never caused issues, so I let it alone. What does your DNS server look like? It shouldn't have a subnet in there for the root domain. It should only have your DNS servers. Has there been a statically set A record with that odd value? IT Guy fucked around with this message at 17:09 on Nov 3, 2011 |
|
#
?
Nov 3, 2011 17:06
|
|
|
IT Guy posted:What does your DNS server look like? It shouldn't have a subnet in there for the root domain. It should only have your DNS servers. Has there been a statically set A record with that odd value? Nope, not static, it has a timestamp of two years ago, so something caused it besides a manual entry. This date is after I started, so I guess I'll take the blame  edit: but it was updated at that time. I'm almost positive this existed when I started.
|
|
#
?
Nov 3, 2011 18:02
|
|
|
We just got our first Windows 2008 R2 server. All of our other servers are still 2003 R2. I noticed the integrated Windows Backup doesn't seem to suck as much as the 2003 version does. Currently we use Symantec Backup Exec on the 2003 servers. What do you guys recommend for the 2008 server? Is Windows Backup viable now or should I still be using Backup Exec?
|
|
#
?
Nov 9, 2011 16:15
|
|
|
IT Guy posted:We just got our first Windows 2008 R2 server. All of our other servers are still 2003 R2. I noticed the integrated Windows Backup doesn't seem to suck as much as the 2003 version does. Currently we use Symantec Backup Exec on the 2003 servers. What do you guys recommend for the 2008 server? Is Windows Backup viable now or should I still be using Backup Exec? I'd shy away from using multiple products for backup if you can help it, just from a management perspective. If you've got Symantec and are relatively okay with it, stick with it unless you want to shift over to another product completely (over time, obviously). I'm assuming you're talking about a physical server with 2008R2 installed and not a virtual system... We moved to Acronis recently for physical/tape backups (purely a price decision, we were previously using BacupExec 12, which worked decently). I don't hate it and it does what we need for the 2-3 servers we haven't virtualized and handful of workstations that have weird configurations that I never want to reconfigure again, ever. For all virtual backups (90% of the infrastructure), we love Veeam.
|
|
#
?
Nov 10, 2011 03:57
|
|
|
Do any of you use a private DropBox type dealio? I'm looking for solutions that will provide dropbox functionality (cross platform, real time unintrusive sync), but I don't need the versioning (really don't want a Git/source control storage back end). Really all I want is working cross-platform offline folders (local copies sync'ed to our back end). Very great bonus point if it can be accessed outside the local network (VPN, *overHTTP, anything). And LDAP for auth, obviously. evil_bunnY fucked around with this message at 14:26 on Nov 10, 2011 |
|
#
?
Nov 10, 2011 14:08
|
|
|
mute posted:I'd shy away from using multiple products for backup if you can help it, just from a management perspective. If you've got Symantec and are relatively okay with it, stick with it unless you want to shift over to another product completely (over time, obviously). I would love to phase out Backup Exec. For some reason I can't get it to do successful backups for more than 3 months. For example, I'll spend like 2 hours setting it up perfectly to backup a server, it runs successfully for about 3 months and then randomly just stops working. This has happened on 3 different servers. I replace media, setup scratch media, anything I can think of. I'll get it to work for a couple days and then it just fails every backup again. I'm kind of just sick of it. Unfortunately, we will never virtualize anything. Definitely not my decision but my co-workers/boss seem to think that it is "job security" when the executives look in and get intimidated by seeing 15 different physical servers humming along.
|
|
#
?
Nov 10, 2011 14:39
|
|
|
IT Guy posted:Unfortunately, we will never virtualize anything. Definitely not my decision but my co-workers/boss seem to think that it is "job security" when the executives look in and get intimidated by seeing 15 different physical servers humming along. And totally set themselves up for failure. The losses in experience and cost savings is too much not to.
|
|
#
?
Nov 10, 2011 14:45
|
|
|
IT Guy posted:I would love to phase out Backup Exec. For some reason I can't get it to do successful backups for more than 3 months. For example, I'll spend like 2 hours setting it up perfectly to backup a server, it runs successfully for about 3 months and then randomly just stops working. madmaan posted:And totally set themselves up for failure. The losses in experience and cost savings is too much not to. evil_bunnY fucked around with this message at 15:07 on Nov 10, 2011 |
|
#
?
Nov 10, 2011 14:46
|
|
|
Long-shot, but is anyone here using Graphite to aggregate metrics on Windows systems? What are you using to feed data into it?
|
|
#
?
Nov 10, 2011 21:20
|
|
|
Can anyone help me perfect my MDT deployment? The issues I'm having are at the beginning, WinPE prompts me for a timezone, I want to get rid of that. Then right at the end, it prompts for a PC name and product key. If possible I want to be able to enter the PC Name at the very start, and completely skip over the product key. Is that possible to do? My customsettings looks like this: code:
|
|
#
?
Nov 11, 2011 07:10
|
|
|
Misogynist posted:Long-shot, but is anyone here using Graphite to aggregate metrics on Windows systems? What are you using to feed data into it?
|
|
#
?
Nov 11, 2011 09:16
|
|
|
Swink posted:Can anyone help me perfect my MDT deployment? Don't set OverrideProductKey, I believe that MDT is interpreting "YES" to be the actual key, which is obviously not valid. Not sure about the time zone but IIRC there's different formatting of the zone's name between XP and Vista, maybe that's throwing you off?
|
|
#
?
Nov 11, 2011 09:20
|
|
|
evil_bunnY posted:Speaking of metrics, what do you guys use for cross platform metrics acquisition? Edit: I'm writing a metrics daemon called winmetricsd using .NET 4 and the Reactive Extensions to feed WMI perf counter data asynchronously into Graphite. Hopefully I'll have something usable in a few weeks. I'm targeting Graphite initially by implementing the collectd network protocol, but I'm planning on making a future release plugin-based so it can target OpenTSDB and other storage backends. Vulture Culture fucked around with this message at 13:37 on Nov 11, 2011 |
|
#
?
Nov 11, 2011 13:12
|
|
|
Misogynist posted:We've been using Nagios with the PNP4Nagios addon to translate plugin performance data to RRDTool graphs automatically, but we're trying to ditch it because it's impossible to do any meaningful aggregation with it. Unfortunately, this seems to be the least worst option until you get way up into the more expensive commercial monitoring options. Misogynist posted:Edit: I'm writing a metrics daemon called winmetricsd using .NET 4 and the Reactive Extensions to feed WMI perf counter data asynchronously into Graphite. Hopefully I'll have something usable in a few weeks. I'm targeting Graphite initially by implementing the collectd network protocol, but I'm planning on making a future release plugin-based so it can target OpenTSDB and other storage backends. Q: why not just build a Windows WMI collector for OpenTSDB? evil_bunnY fucked around with this message at 14:47 on Nov 11, 2011 |
|
#
?
Nov 11, 2011 14:34
|
|
|
evil_bunnY posted:Sounds baller. Agents suck, but setting up WMI in a mixed environment and getting authentication to actually work right from your collector host sucks more, especially when a team's understanding of Kerberos is "the thing that makes AD logins work." This keeps Kerberos out of the mix entirely. My last rationalization for making it an agent is that the counter you want to use sometimes varies. For example, the CPU and memory usage counters are pretty much worthless on virtualized systems. VMware Tools, however, provides additional performance counters that do the right thing and display the correct information. I like it when things are easy, even if it means more work up front. In the long run, I wouldn't mind if someone extended ESxSNMP to support WMI in addition to SNMP, but that probably won't happen anytime soon. Vulture Culture fucked around with this message at 15:17 on Nov 11, 2011 |
|
#
?
Nov 11, 2011 15:11
|
|
|
IT Guy posted:We just got our first Windows 2008 R2 server. All of our other servers are still 2003 R2. I noticed the integrated Windows Backup doesn't seem to suck as much as the 2003 version does. Currently we use Symantec Backup Exec on the 2003 servers. What do you guys recommend for the 2008 server? Is Windows Backup viable now or should I still be using Backup Exec? Haha, you haven't even tried Server 2008 R2 backup have you It has some STUPID limitations such as: Requiring a dedicated/partition disk to save incremental backups to (ie can't save to network drive) Can't save a backup to same disk you are backing up (Makes sense at first blush, but sucks when combined with the above feature, in short you NEED a second hard drive to do incremental backups.) Cannot save incremential/non-full disk backups to a network shares. A lack of such basic features kill it for me. My boss had to write a script on our Confluence server to run an incremental backup separately for each drive, rename the WindowsImageBackup folder to something else, and then copy it to a network share since you can't save incremental backups to a network location directly. Have fun if you only have a single disk You CAN work around this problem by creating a new VHD for backups and mounting it from a network share, but that's pretty ghetto.
|
|
#
?
Nov 11, 2011 18:04
|
|
|
Wicaeed posted:It has some STUPID limitations such as: You can use iSCSI to make a remote disk look local. There's iSCSI target software from Microsoft that only works with 2008r2 or from KernSafe which works with older Windows and is free for sharing one disk.
|
|
#
?
Nov 11, 2011 18:52
|
|
|
Wicaeed posted:It has some STUPID limitations such as:  The only limitation that has affected us so far is no SMTP notifications. Apparently you need some elaborate VB script to do the notifications for you. IT Guy fucked around with this message at 19:44 on Nov 11, 2011 |
|
#
?
Nov 11, 2011 18:53
|
|
|
|
| # ? May 19, 2024 06:56 |
|
|
How can I set a script that requires elevated privileges to run on every user logoff on Windows 7? This needs to run after all users log off a machine, and nearly all users are limited users, so a simple logoff script via GP will not directly work. I've tried creating a Scheduled Task that is set to "run on local disconnect from user session" in the context of an admin account, but I can't get it to fire. Any ideas?
|
|
#
?
Nov 14, 2011 13:50
|
|