|
FISHMANPET posted:Yeah, don't redirect AppData. Nope, don't redirect the Desktop either. Java has some crazy loving shithole 'feature' I don't remember the specifics of, but it hosed me a couple years ago in my environment. Honestly after using Folder Redirection I'm kind of soured on it, I'm just going with straight roaming profiles now. They're supposed to be faster with Win7 and Server 2008. Something changed in the networking code where it doesn't open a new session for each individual file anymore, just opens one session and transfers the files inside that session. We get a huge performance hit on our roaming profiles due to the thousands of tiny files our users have in our XP environment. FlyWhiteBoy posted:I guess this question best fits here. I have a server with 4 IP addresses because it is hosting 4 HTTPS web sites. The DNS is managed at a higher level so I requested they create 4 A records pointing to each IP address. It will work for a couple hours after they set the records but over time or after a reboot one of the records will be pointing to 4 IP addresses instead of just 1. Any ideas what could be causing the DNS to update and point to 4 IP's instead of just the 1? IIS and Server 2003/8 I assume? Make sure your server isn't registering poo poo for you assuming this is a AD environment and all that. Not terribly familiar with IIS, but wouldn't be surprised if it had the ability to update itself in AD DNS. skipdogg fucked around with this message at 01:48 on Jan 11, 2012 |
#
?
Jan 11, 2012 01:41
|
|
|
|
| # ? May 14, 2024 23:35 |
|
|
Can anyone recommend a decent, simple, and hopefully Exchange/Active Directory integrated trouble ticket system for us? We are a small (15+) person firm with about 8 techs, and we need something simple to use to keep track of all our customers' issues. Outlook + Tasks ain't cuttin' it.
|
|
#
?
Jan 12, 2012 22:20
|
|
|
Gyshall posted:Can anyone recommend a decent, simple, and hopefully Exchange/Active Directory integrated trouble ticket system for us? We are a small (15+) person firm with about 8 techs, and we need something simple to use to keep track of all our customers' issues. Outlook + Tasks ain't cuttin' it. For free? Spiceworks. There are ton of other options if you're willing to pay.
|
|
#
?
Jan 13, 2012 01:42
|
|
|
We currently map two network drives, one in the AD user account as their Home folder (connect blah to \\server\home\username) which only allows them to access it and one via group policy that everyone in the organization can get to, but we use AD groups and Access-based enumeration so they can only see the folders they have rights to. This has been working well for us, but as the data is growing (we have around 8 terabytes of data between the home directories and the shared directories) and we are having trouble copying it nightly between our primary server room and a co-location. We are doing this copy so that if the primary file server were to fail (or we lost that datacenter) we could just point everyone to the backup server and they could keep going. [yes they would lose a day of data, but Management says that is okay $$] We have been using robocopy, which works...but is getting slower and slower as the files get bigger. (some files are 50gb+ each, bottleneck is NOT the network, seems to be the copy process itself) And recently we found that we had some permission inconsistencies after we used the same robocopy command to a new server. So we tried fastcopy, richcopy, and some Rsync for windows forks like Syncrify and Deltacopy. Ideally we would have something that works just like rsync, but on Windows Server 2008R2 and includes reliable copies of ACLs and other NTFS metadata. TLDR version. Anyone have a good windows tool that copies a shitload of data really quick?
|
|
#
?
Jan 14, 2012 02:05
|
|
|
Timdogg posted:We currently map two network drives, one in the AD user account as their Home folder (connect blah to \\server\home\username) which only allows them to access it and one via group policy that everyone in the organization can get to, but we use AD groups and Access-based enumeration so they can only see the folders they have rights to. What didn't you like about RichCopy? If you up the number of threads it can do, it can parse through files and even copy big files pretty quickly.
|
|
#
?
Jan 14, 2012 02:14
|
|
|
Timdogg posted:And recently we found that we had some permission inconsistencies after we used the same robocopy command to a new server. This isn't an answer to your question, but did you do use the /COPYALL switch? If you don't, it doesn't bring all of the NTFS permissions with. You can use /SECFIX to fix them after the fact. As a half-assed answer to your question, how about kicking off multiple robocopies, each handling some part of the folder structure? Most of the time is probably spent comparing files to find changes, so this could speed things up a bit by doing multiple branches concurrently.
|
|
#
?
Jan 14, 2012 05:24
|
|
|
Erwin posted:This isn't an answer to your question, but did you do use the /COPYALL switch? If you don't, it doesn't bring all of the NTFS permissions with. You can use /SECFIX to fix them after the fact. RichCopy lets you just tell it to spawn multiple threads scanning directories and doing compares, multiple threads to copy multiple files, and even multiple threads to copy large files. Takes all the guesswork out.
|
|
#
?
Jan 14, 2012 06:56
|
|
|
Thanks for the replies! With regards to RichCopy, we had some NTFS metadata inconsistencies. Honestly though, we didn't troubleshoot it that much because we were hoping they would be releasing a new version soon as the new author said in this thread "Hello RichCopy users. Thank you for using RichCopy. I apologies I have been away too long. Yes, there is an updated version of RichCopy with synbolic link, few other additional features and bug fixes; however I still need several more weeks in order to have spare time to finalize. I will review all feedback posted on this thread, and try to take into the next release."(http://blogs.technet.com/b/ken/archive/2010/01/20/what-i-was-doing.aspx) Are you using RichCopy to do big transfers from one server to another? We can certainly try it again. Thanks! With regards to robocopy, yeah we were using /COPYALL, although I had never heard of the /SECFIX switch. We will give that a try. I will also post our full command with switches when I get back in to work next week. Any experience with using robocopy with multithreading? http://technet.microsoft.com/en-us/magazine/dd542631.aspx
|
|
#
?
Jan 14, 2012 23:25
|
|
|
Been watching SCCM 2012 videos all afternoon. I need it so bad.
|
|
#
?
Jan 24, 2012 00:43
|
|
|
spidoman posted:Been watching SCCM 2012 videos all afternoon. What should I be most excited about? Maybe I can convince the lead Windows guy to install 2012 fresh when I rebuild the domain rather than trying to preserver our existing setup while I delete the domain and recreate it.
|
|
#
?
Jan 24, 2012 02:32
|
|
|
FISHMANPET posted:What should I be most excited about? Most importantly: it's not beefed up SMS 2003, it's a newly built system (Not just layered on top of Management Console.) Also, built in Endpoint Protection management, improved Software Update process, improved DCM. Client agent settings can now be set per collection. It's also able to do user based deployments, which I'm not that excited about, App-V works far better for that IMO. Lots more, but those are the main things I'm excited about. It's also a ton more user friendly, which is a completely foreign concept for SCCM.
|
|
#
?
Jan 24, 2012 04:08
|
|
|
spidoman posted:Most importantly: it's not beefed up SMS 2003, it's a newly built system (Not just layered on top of Management Console.) Also, built in Endpoint Protection management, improved Software Update process, improved DCM. Client agent settings can now be set per collection. Ugh, the number of times I've deleted a folder in Software Packages instead of deleting a package...
|
|
#
?
Jan 24, 2012 04:21
|
|
|
FISHMANPET posted:Ugh, the number of times I've deleted a folder in Software Packages instead of deleting a package... Oh geez, the terrible memories.
|
|
#
?
Jan 24, 2012 04:31
|
|
|
Or tried to ctrl+click multiple computers in a collection to deploy the client to... (maybe that's not fixed in 2012, I only watched/skimmed the video from a bunch of months ago)
|
|
#
?
Jan 24, 2012 14:16
|
|
|
tl;dr: Help help what do you recommend for keeping a good inventory of your environment? I'm managing about 250 computers in one branch of a company with 10k+ employees. There is no established inventory program in use. I want to establish a good inventory of items in this office. I think if we get something to work well for us, it would be expanded to be used in other offices. I keep thinking that my team and I could just develop an Access database with our own GUI for data input, and that perhaps we could just store the data on a sharepoint database. Then we could run reports on items and I could get snapshots of what our oldest computers are, what's in our storage room, and whatever else my greedy heart wants. Part of me just feels that doing something like this would start out okay, but then would grow to a point where it becomes too big or complicated to be of any good use for us for the long run. I was also thinking that using asset tags with bar codes might be neat just because we could scan those for a quick item look-up, as opposed to just having an inventory item number on a sticker on a machine. Maybe this is me making things too complicated. Thanks in advance for any suggestions.
|
|
#
?
Jan 24, 2012 19:29
|
|
|
Take a look at SpiceWorks. It's free.
|
|
#
?
Jan 24, 2012 21:40
|
|
|
Timdogg posted:I will also post our full command with switches when I get back in to work next week. Any experience with using robocopy with multithreading? http://technet.microsoft.com/en-us/magazine/dd542631.aspx These are the current switches we are using. Any feedback would be appreciated. code:
|
|
#
?
Jan 24, 2012 23:12
|
|
|
skipdogg posted:Take a look at SpiceWorks. It's free. I've played around with Spiceworks a little bit. Do you use it for asset tracking? About 5 years ago we used TrackIT for asset tracking. Besides having a slightly clunky interface at the time it worked out alright for holding information. It seems to me to be more than what we need.
|
|
#
?
Jan 24, 2012 23:30
|
|
|
This might have been answered before, but I'm having a hell of a time finding any decent results. I've got several OUs in AD. A few of those, I've delegated control to some of our lower techs so that they can reset passwords, unlock accounts....basic help line stuff. However, that was ages ago. Does anyone know of a way that I can find the security properties of a given OU so that I can see who has been delegated control into it? Right now, I have no way to audit who has been delegated anything, so I'm stuck just jotting down any changes I make in a TXT file so that I don't forget. Seems like this should be an easy something to find, but damned if I'm able to discover it. Thanks in advance.
|
|
#
?
Jan 25, 2012 03:12
|
|
|
vladimir posted:This might have been answered before, but I'm having a hell of a time finding any decent results. Open Active Directory Users and Computers, click on the View Menu and select Advanced Features. Then right click on the OU and select the Security tab. Click on Advanced in there and you'll be able to find who's been given what. It's still a bit murky to figure out what's what but you should be able to figure it out. It might help to create a test OU so you can see what the defaults look like and that you can test delegation on to see what permissions end up getting changed by what delegations.
|
|
#
?
Jan 25, 2012 03:31
|
|
|
Any good recommendations on where to buy Volume Licensing for MS Office? Or is any reseller as good as the next?
|
|
#
?
Jan 25, 2012 15:43
|
|
|
Denzalo posted:Any good recommendations on where to buy Volume Licensing for MS Office? What industry are you in? The answer for government/education/non-profit is going to be different than the answer for regular businesses.
|
|
#
?
Jan 25, 2012 18:13
|
|
|
GMontag posted:What industry are you in? The answer for government/education/non-profit is going to be different than the answer for regular businesses. Non-profit, it's for a church staff.
|
|
#
?
Jan 25, 2012 18:43
|
|
|
Techsoup is the way to go for smaller places, assuming you qualify. Otherwise any reseller can get you the better prices, again assuming you qualify.
|
|
#
?
Jan 25, 2012 18:49
|
|
|
vladimir posted:This might have been answered before, but I'm having a hell of a time finding any decent results. I don't have a computer to check on at the moment, but I believe I used dsacls to do this. Alo look at http://www.joeware.net/freetools/ who has a bunch of handy AD command line tools.
|
|
#
?
Jan 25, 2012 19:07
|
|
|
Cpt.Wacky posted:Techsoup is the way to go for smaller places, assuming you qualify. Otherwise any reseller can get you the better prices, again assuming you qualify. Unfortunately it looks like we may not qualify for Microsoft products due to not having a "secular community designation that is separate from the church or religious organization".
|
|
#
?
Jan 25, 2012 21:52
|
|
|
Timdogg posted:These are the current switches we are using. Any feedback would be appreciated. For people backing up with Robocopy, I just want to mention what I use, Hobocopy: http://www.howtogeek.com/howto/windows-vista/backupcopy-files-that-are-in-use-or-locked-in-windows/ https://github.com/candera/hobocopy/downloads It is intended to behave exactly the same as Robocopy, but it can also use Shadow Volume Copy so that it can copy files which are in use. It works flawlessly on my Windows 2k3 domain. I use it to back up employee homefolders incrementally to a NAS.
|
|
#
?
Jan 25, 2012 22:14
|
|
|
Anyone want to explain to me how the SCCM database stores client information? If I delete a workstation from SCCM and then re-add it to reimage, it doesn't receive any of the old record's collection memberships, or advertisements (like is supposed to happen.) However, if I check an advertisement report, it has the history of any matching advertisements from the old record. Basically: Client machine receives Software A and B. Client machine record is removed, and then re-added as a new record. Machine is re-imaged. Advertisement report of new client doesn't show Software A or B. New client machine record is set to receive Software A only. Advertisement report of new client machine shows only Software A history. However, it shows the advertisement history of Software A from both the old and new record.<- (This is the weird part.) I am so confused. EDIT: I'm convinced it's a feature and not a bug. But my team isn't buying it because they have to scroll through more history. EDIT 2: Added reimaging step for clarity. Sudden Loud Noise fucked around with this message at 03:49 on Jan 26, 2012 |
|
#
?
Jan 25, 2012 23:49
|
|
|
Are you doing anything to the computer in between deleting and re-adding it? Re-imaging? If I take a machine and re-image it without deleting the computer in SCCM, I will have two computers in SCCM that are named %hostname%. However, %hostname% is not how SCCM determines the uniqueness of a computer. IIRC, it uses the GUID. So an advertisement report will have record of both the old client (name: %hostname%, GUID 1234-etc), and the new client (name: %hostname%, GUID 5678-etc). When it looks through the database of which computers have run the advertisement, it sees GUID 1234-etc and GUID 5678-etc, displays them both, but displays them by %hostname%. However, collection membership (depending on how you add the computer to the collection, of course) is not based on %hostname%, which is why the computer does not show up in the old collections. I've of the opinion that a hostname should only be used on one computer. When that computer goes off to the recycling yard in the sky, the hostname is not reused. I'll even use a new hostname if a computer is getting re-imaged to go to another person. And look into AD-based collection membership if you are not using it already. (kind of unrelated to your post, I'm just street preaching)
|
|
#
?
Jan 26, 2012 02:57
|
|
|
quackquackquack posted:Are you doing anything to the computer in between deleting and re-adding it? Re-imaging? Yeah I should have clarified. I delete the record, create the new record, add it to the imaging collection. I found that just adding the old record to our imaging collection created an obsolete record and added unnecessary time and issues to the rest of our software distribution (AD query collections mostly.) So, I tried deleting the old record then just creating a new one when a computer needs to be reimaged. And sure enough, it fixes all of our issues. However, someone pointed out that the bizareness of the reporting. Right now we're using computer name in our reporting, not the SMSGUID. I figured that it was actually using the SMSGUID like you mentioned, which is why the reporting situation I mentioned is so odd. My only theory: When I don't delete the record before a reimage, I get an obsolete client, which notifies reporting to ignore all of the history of the previous GUID. When I delete the record, create a new one, and then reimage I get no obsolete client. And any advertisements that are linked to the new GUID that match the old GUID are combined in the new report. But I haven't been able to find any documentation confirming or refuting this...
|
|
#
?
Jan 26, 2012 03:45
|
|
|
You're spot on about what is happening, but you're fighting "the way it should be". You can add a criteria to your collections that excludes obsolete computers if you really want them to stop showing up. But they're helpful to keep around for historical reasons. Can you clarify "unnecessary time and issues to the rest of our software distribution (AD query collections mostly.)"? (how's that for a punctuation calamity?)
|
|
#
?
Jan 26, 2012 04:57
|
|
|
quackquackquack posted:You're spot on about what is happening, but you're fighting "the way it should be". You can add a criteria to your collections that excludes obsolete computers if you really want them to stop showing up. But they're helpful to keep around for historical reasons. The issue was originally that our System Group Discovery was setup to occur once every 2 hours. All of our AD queries are setup to check OU's, which can't be populated through delta discovery, so in order to gather OU information we had to set Full System Group Discovery cycles to run at a shorter interval. Continuing the issues with using OUs, this also means that we can't use Delta Discovery in those collections, so we're doing full refreshes every 15 minutes. (This is kinda crucial in the case of our collections setup to set power settings. We were running into issues when a machine would go to sleep before it could receive the power settings, and never finish all of it's software distributions.) I mention these two things because I have a feeling they may be causing database issues that may be creating the new issue. When we re-image a machine without deleting the record beforehand now we're running into issues were neither machine record is getting marked as obsolete, and the new record isn't getting populated correctly into collections. Also, when we use the "make an obsolete" route, we can't track the process of the imaging process in our reports. When we delete the record first we can track the imaging process in our reports, as it goes. Sorry if I haven't answered very clearly. Couple of questions, you said "But they're helpful to keep around for historical reasons." What do you mean by historical reasons? How are you viewing the history of the obsolete records? I only ask because it seems like deleting the record first is actually more efficient at viewing client history even after reimaging. Sudden Loud Noise fucked around with this message at 05:47 on Jan 26, 2012 |
|
#
?
Jan 26, 2012 05:40
|
|
|
Ah ok, I was adding computers to groups, not OUs. What about making shadow groups for each OU? I admit, my experience is primarily with media based deployment (for a variety of reasons it was never worth the time to change after the network finally got upgraded). The machines you are re-imaging - does anything change? Hostname? OS? Hardware? If you look at the old computer record and a new one, how do they differ? I would concentrate on trying to find out why the old computer records are not being marked obsolete. If you're using AD groups to populate your collections, shouldn't having two computer records not matter, they should both land in the collection? That was my experience. The "historical reasons" depends on what you need from reports. If software A failed to install to a computer, but once it was re-imaged, installed fine, I would like to keep the statistics. Although I admit, I don't understand this line: quote:However, it shows the advertisement history of Software A from both the old and new record.<- (This is the weird part.) As a side note, why SCCM for power management over GP? Although I love SCCM, there were a lot of times where GP was the better tool. I never got into using SCCM for power management, so I don't know if that's the case, but I'm curious.
|
|
#
?
Jan 26, 2012 06:40
|
|
|
quackquackquack posted:The "historical reasons" depends on what you need from reports. If software A failed to install to a computer, but once it was re-imaged, installed fine, I would like to keep the statistics. Although I admit, I don't understand this line: Honestly, I didn't know that you could view the client history of the obsolete client (if they're the same computer name.) Where is it? quote:As a side note, why SCCM for power management over GP? Although I love SCCM, there were a lot of times where GP was the better tool. I never got into using SCCM for power management, so I don't know if that's the case, but I'm curious. Apologies, I'm sure this is confusing. It's late.
|
|
#
?
Jan 26, 2012 08:30
|
|
|
spidoman posted:Obsolete computer stuffs... It should be best practice to create some initial collections based on client health, and then base all other collections off these. I've started using Hardware Inventory age as a benchmark, but you can also include a lot of other limiting factors. This way you can have an old client age out pretty quick and limit reports - though you'll have to create additional versions for a lot of them. This would help you out because then you can keep the old SCCM computer accounts around and refer to them if necessary, but ignore them otherwise. I admit, this practice caused me some major headaches. Once I found out this wonder I had to touch all my existing collections. It also slows down collection refresh since you basically have to limit all collections to your healthy one. Pros and cons I guess. I only manage servers in my SCCM world, so the churn isn't very fast. Also it's a pretty small environment.
|
|
#
?
Jan 27, 2012 04:29
|
|
|
LoKout posted:I admit, this practice caused me some major headaches. Once I found out this wonder I had to touch all my existing collections. It also slows down collection refresh since you basically have to limit all collections to your healthy one. Pros and cons I guess. I only manage servers in my SCCM world, so the churn isn't very fast. Also it's a pretty small environment. Yeah, the tough situation we're in at the moment is that we're still in the process of fully implementing of SCCM, and if we cause issues or delays to the wrong people then a ton of our plans get thrown out by higher ups. So imaging quickly is absolutely key at the moment. Honestly the whole situation is an astounding mess, we have no control over the database (SCCM is being run on a cluster), or AD, we have no pre-production environment, we're not allowed to enforce Group Policies, or enforce any software licensing. If someone requests a Developer task sequence that literally requires $20k worth of licensing, and we have proof they don't have that licensing, we are still required to install it. My past job was so much smoother than this one, we actually had control of our environments. Which situation is more common? On topic question instead of ranting: Where is everyone looking to get information from obsolete clients?
|
|
#
?
Jan 27, 2012 06:18
|
|
|
"Obsolete" in SCCM parlance means that there is a second entry that references the same physical computer. You shouldn't need to keep them around for anything.
|
|
#
?
Jan 27, 2012 10:43
|
|
|
Like LoKout, I had a master collection that only showed computers that had reported to hardware inventory in the last 30 days (hardware inventory ran daily, it was a small environment), and also excluded obsolete computers. So under "All Systems", I had "Current Systems". Sometimes I would want to compare the obsolete record with the one that had obsoleted it. This was especially useful in my environment since it was not very locked down, and any IT person could image a system with a deployment DVD. I would look directly at the properties of the computer records, but I don't remember exactly what reports I might have used, and I moved to a new job two months ago where I don't use SCCM. Your situation is unfortunate, spidoman. Access to the DB is not much of a concern (I found), but no access to AD or GP is rough. SCCM works best in concert with with those, not as a standalone.
|
|
#
?
Jan 27, 2012 13:47
|
|
|
spidoman posted:Which situation is more common? Everywhere I've worked I've had complete control over everything, but I don't think I'm the norm. My current job has the most separation, mainly due to political separation of teams from a manager level. I have total control, but I overstep my duties if I do anything to help the Desktop team. Our Desktop team is empowered to have access to things they need to do their job, so they have delegated access to AD so they can create GPOs and use them in concert with SCCM. I recently found out they don't have access to some things, but we'd give them access if they asked. That's a different problem. Your second question: information from obsolete clients can be found in a few reports. I have also extended a few of the built-in reports to limit clients that haven't checked in recently. It's not difficult and the limiting definition can be reused again and again. You could do the same in reverse to pull a report.
|
|
#
?
Jan 28, 2012 01:13
|
|
|
|
| # ? May 14, 2024 23:35 |
|
|
I've been testing out WDS today. With MDT I was able to use OSDComputerName=%SerialNumber% to set the computer name to the serial number. Is that possible to do with WDS? Would running the tests in a VM cause it to fail for lack of a serial number? Right now I have the "second" XML file with "4 specialize" and Windows-Shell-Setup setting ComputerName to %SerialNumber% and the install fails at "Setup is applying system settings" with error "could not parse or process the file for pass [specialize]. The setting cannot be applied for component [Microsoft-Windows-Shell-Setup]". The XML file passed validation.
|
|
#
?
Feb 3, 2012 01:27
|
|