|
By who?
|
#
?
Dec 18, 2013 03:04
|
|
|
|
| # ? May 14, 2024 00:40 |
|
|
lol internet. posted:Anyone ever been audited before? What's the outcome normally? The end result is you guys buying a whole bunch of licenses to become compliant or getting the poo poo sued out of you. Before I moved into IT at my current company Microsoft took us to the woodshed and ended up with us signing an Enterprise Agreement. (This was almost 10 years ago) Currently IBM is requesting to scan our network as they feel we're out of compliance, but we're fine. They're having a hard time coming to terms we stopped using a lot of things we bought a long time ago. We're currently pushing back on allowing the auditors to scan, frankly we have better poo poo to do. The Microsoft audit was worse than it should have been because we couldn't PROVE we were in compliance with some licenses even though we were. We had a mismash of OEM, Open and Select licenses and no one was keeping track of them. Anything we couldn't prove we paid for again.
|
|
#
?
Dec 18, 2013 04:37
|
|
|
lol internet. posted:Anyone ever been audited before? What's the outcome normally? We get audited by Microsoft like every 3 years and the only outcome of it is buying a huge poo poo tonne of missing licenses.
|
|
#
?
Dec 18, 2013 16:03
|
|
|
Heh, pretty much a new IT team. The last team bought licenses for SCOM and installed SCCM. This shouldn't be too bad then. Now I get to play with SCOM. lol internet. fucked around with this message at 04:07 on Dec 19, 2013 |
|
#
?
Dec 19, 2013 03:34
|
|
|
hihifellow posted:Even if you can't get him to do that, at least try to convince him to make the domains subdomains of the main org. Seven separate domains sounds like an administrative nightmare on top of the time wasted keeping them straight. If you do that without fixing the underlying problems I give it like two weeks before everyone is put into the Enterprise Admin group since they can't work as Domain Admins anymore.
|
|
#
?
Dec 19, 2013 09:58
|
|
|
My boss just informed me that we need to provide remote desktop access to a small group of users that will support a particular software suite at all our branches rather than having our help desk deal with it. What is the best way to do this? These users can have absolutely administrative access to any machines except for a whitelisted group. I supposed we'll be giving them local admin on those machines where the software is installed. They also need to be restricted from connecting to any machine that isn't part of the whitelisted group. Should we be using remote desktop or some other software?
|
|
#
?
Dec 20, 2013 15:38
|
|
|
What are the common issues a Windows 7 PC on a domain would have incredibly slow network speeds, while another PC on the same switch would have no problem at all? I'm talking like 10kbs speeds... Basically just copying files from a server over gigabit ethernet. I've tried updating the drivers (happens on different PC's though) and running 'netsh interface tcp set global autotuninglevel=disabled'
|
|
#
?
Dec 20, 2013 17:10
|
|
|
Physical layer issue. The cabling guys that did a recent expansion at one of our offices did a lovely job and I've had a couple drops that function, but were very lovely. Re-terminated them at both ends and they worked fine afterwards.
|
|
#
?
Dec 20, 2013 17:13
|
|
|
Bob Morales posted:What are the common issues a Windows 7 PC on a domain would have incredibly slow network speeds, while another PC on the same switch would have no problem at all? I'm talking like 10kbs speeds... Yeah, as said above. Check the cable going to the port, and if you have any testing equipment, check the run (and check the cable going from the patch panel to the switch).
|
|
#
?
Dec 20, 2013 17:20
|
|
|
LmaoTheKid posted:Yeah, as said above. Check the cable going to the port, and if you have any testing equipment, check the run (and check the cable going from the patch panel to the switch). I initially thought it was a bad PC (were setting up a new one, integrated network card) and we stuck the HD in another identical PC, plugged into the same port, and the files transferred at normal speeds. Happening on more than one port on the same switch. Still check the cable? Bob Morales fucked around with this message at 17:30 on Dec 20, 2013 |
|
#
?
Dec 20, 2013 17:27
|
|
|
Bob Morales posted:I initially thought it was a bad PC (were setting up a new one, integrated network card) and we stuck the HD in another identical PC, plugged into the same prot, and the files transferred at normal speeds. Happening on more than one port on the same switch. No, that sounds like either the network card is bad or the drivers need updating.
|
|
#
?
Dec 20, 2013 17:29
|
|
|
LmaoTheKid posted:No, that sounds like either the network card is bad or the drivers need updating. That's what I thought, plus these are refurbished HP desktop PC's, but fresh out of the box, and maybe that's why there were returned and refurbed. But I've got a tech who's had the same issue on two different laptops. Maybe it's the cable run going to the switch in their cubicle.
|
|
#
?
Dec 20, 2013 17:32
|
|
|
kiwid posted:My boss just informed me that we need to provide remote desktop access to a small group of users that will support a particular software suite at all our branches rather than having our help desk deal with it. What is the best way to do this? These users can have absolutely administrative access to any machines except for a whitelisted group. I supposed we'll be giving them local admin on those machines where the software is installed. They also need to be restricted from connecting to any machine that isn't part of the whitelisted group. Should we be using remote desktop or some other software? Dameware Mini-Remote Control should work too, it's licensed per technician and costs $259 which could be expensive if you've got a lot of technicians, but they offer discounts for buying more licenses. It will do exactly what you want. There's a more expensive version that gives you some AD controls and other cool features in addition to remote control. Best of all it supports pushing installs directly from the software, very nice if you don't have this capability already. http://www.dameware.com/products/mini-remote-control/product-overview.aspx quote:DameWare MRC allows you the flexibility to set permissions for access to remote computers based on roles within your organization. Yaos fucked around with this message at 19:53 on Dec 20, 2013 |
|
#
?
Dec 20, 2013 19:50
|
|
|
From what I heard at Dell is that Microsoft ramped up the self-audit requests a whole lot more this year. And of course we are dealing with a new Dell Windows rep who is telling us what their previous Dell Windows rep is full of poo poo and we are doing things wrong and we need to buy new poo poo, more cals, and probably SPLA. CALs look like our big headache this time around, and the definition of "services to our customers." edit: Does System Center track licensing? Because this time around I'm sure as poo poo buying Kace/Spiceworks/Something to track this garbage instead of an excel spreadsheet.
|
|
#
?
Dec 20, 2013 23:22
|
|
|
It can track installations but not licensing per say. Through SCCM we found out a poo poo ton of people connected their email to phones and since we pay per device CALs and not per user CALs we're on the hook for about another 150 CALs or so.
|
|
#
?
Dec 21, 2013 01:57
|
|
|
GreenNight posted:It can track installations but not licensing per say. Through SCCM we found out a poo poo ton of people connected their email to phones and since we pay per device CALs and not per user CALs we're on the hook for about another 150 CALs or so. Wait. 150 Cals for SCCM? or CALS for exchange? Not following you on this.
|
|
#
?
Dec 21, 2013 05:41
|
|
|
lol internet. posted:Wait. 150 Cals for SCCM? or CALS for exchange? Not following you on this. Exchange CALs. It's way cheaper for us to buy 150 more device CALs than to switch all of our CALs to user CALs.
|
|
#
?
Dec 21, 2013 15:18
|
|
|
We've gone through Microsoft's bullshit SAM Assessment (because, you see, it's not technically an audit), and it was a huge waste of time. Last time they "offered" an "assessment," I tried to convince them it'd be pointless, but off we went anyways. Five conference calls and some reporting later, they agreed that the only outcome of the process was that we had to upgrade one user to a newer version of Visio.
|
|
#
?
Dec 25, 2013 20:27
|
|
|
I would of gotten my boss on the line just to hear me spew out some real nasty venom at microsoft for wasting mine, my bosses, and my organization time.
|
|
#
?
Dec 28, 2013 02:46
|
|
|
I'm new-ish to MDT, but is it normal that a bunch of Windows updates are getting injected into the boot image? I ran Update Deployment Share and the Windows updates I added from WSUS as per this guide (basically just add the WSUSContent directory to a folder under Packages) are getting injected into the WIM I load into WDS for initial boot. I only need the various NIC drivers injected into the boot image so that the machine can access network resources, injecting all of these updates is taking way too long. How can I fix this?
|
|
#
?
Jan 2, 2014 23:13
|
|
|
Karthe posted:I'm new-ish to MDT, but is it normal that a bunch of Windows updates are getting injected into the boot image? I ran Update Deployment Share and the Windows updates I added from WSUS as per this guide (basically just add the WSUSContent directory to a folder under Packages) are getting injected into the WIM I load into WDS for initial boot. I only need the various NIC drivers injected into the boot image so that the machine can access network resources, injecting all of these updates is taking way too long. I'll have to look that over to see what exactly they're having you do. Are you wanting to have the updates applied to the WIM or is just specifying the WSUS server so that once the image has deployed, it will automatically connect to WSUS to download and install the updates good? I use the latter since different OU's have different WSUS rules in our facility.
|
|
#
?
Jan 2, 2014 23:21
|
|
|
TWBalls posted:I'll have to look that over to see what exactly they're having you do. Are you wanting to have the updates applied to the WIM or is just specifying the WSUS server so that once the image has deployed, it will automatically connect to WSUS to download and install the updates good? I use the latter since different OU's have different WSUS rules in our facility. Ideally I could specify which drivers get injected into the boot image so I could select only specific network drivers I've added - I have drivers sorted into folders so I know which is which. Then I'd have the deployment task install the Windows updates that I've added to Packages. This is where I'm at after 30 minutes of MDT regenerating the boot image: 
|
|
#
?
Jan 2, 2014 23:30
|
|
|
Ok, looks like it's downloaded the drivers from Windows updates (Or, WSUS in this case) and trying to inject all of those drivers as well. I'm not entirely sure how to keep it from downloading those, but as far as keeping it from injecting those drivers into the boot image, there's a tab under the Deployment Share properties for Windows PE. Under that, there's a sub-tab for drivers and patches. On mine, I clicked the radio button: Include only drivers of the following types: Include all network drivers in the selection profile and Include all Mass storage drivers in the selection profile. Now, I haven't gone and set a custom profile. It's just using the 'All drivers and packages' profile, but at least now it's only injecting Network and Mass storage drivers instead of everything. The other drivers are later detected/installed during deployment. You may be able to further shave off space by creating a custom profile, I just haven't really had the time to sit down and do it yet.
|
|
#
?
Jan 2, 2014 23:40
|
|
|
So, our users are getting more and more upset by the day that we don't allow them to install Dropbox, Skydrive or Google Drive on company computers (even though there is technically nothing stopping them from using the web based versions). This was mainly because we think the idea of having company files scattered all over a bunch of personal dropbox accounts is kind of hosed up. I've been tasked to find a enterprise alternative to a cloud storage solution that works multi-platform (or windows + ipad/iphone at the least) that gives us a bit of central administration and some control. Can anyone recommend anything? Also, we kind of didn't want to go down the sharepoint road if we don't have to. We just want something simple that isn't going to require a lot of administration.
|
|
#
?
Jan 3, 2014 16:59
|
|
|
Doesn't the corporate version of dropbox allow you to control the users accounts? We're using iDrive for laptops and we figured out any user can access any other users files, we pile as many users onto a 100GB account as we can. We're really just using it for backup but it's cheaper than say, BackBlaze which is $5/month or $60/year, which is a drop in the bucket for a $80k/year employee. Ugh.
|
|
#
?
Jan 3, 2014 17:07
|
|
|
Bob Morales posted:Doesn't the corporate version of dropbox allow you to control the users accounts? Oh sorry, I forgot to mention that we'd like something we can implement ourselves as a "private" cloud type thing.
|
|
#
?
Jan 3, 2014 17:11
|
|
|
TWBalls posted:I'm not entirely sure how to keep it from downloading those, but as far as keeping it from injecting those drivers into the boot image, there's a tab under the Deployment Share properties for Windows PE. Under that, there's a sub-tab for drivers and patches. On mine, I clicked the radio button: Include only drivers of the following types: Include all network drivers in the selection profile and Include all Mass storage drivers in the selection profile. Now I just have to figure out why those updates are causing a FAILURE (5627) error during imaging.
|
|
#
?
Jan 3, 2014 17:19
|
|
|
There's probably half a dozen 'enterprise cloud file storage' apps out there. Box.com and Dropbox Enterprise are two that immediately come to mind. Egnyte I've seen lots of advertising for as well. All 3 of those solutions can do SSO, integrate with AD, etc. They're also going to cost you a chunk of change, in the realm of 5 bucks/user/month. Not too bad if your a small outfit, starts getting cost prohibitive the larger you are. kiwid posted:Oh sorry, I forgot to mention that we'd like something we can implement ourselves as a "private" cloud type thing. Uhhh.... Owncloud has come up a few times in here in the last few months, that's about all I can think of to be honest. skipdogg fucked around with this message at 17:26 on Jan 3, 2014 |
|
#
?
Jan 3, 2014 17:24
|
|
|
kiwid posted:Oh sorry, I forgot to mention that we'd like something we can implement ourselves as a "private" cloud type thing. Our company evaluated a few products and came down to two which were the front runners. Both are hosted locally and can also be used to expose existing SMB shares to internal (AD) users as well as external users and download links. One is called Varonis DatAnywhere and the other was Gladinet Cloud Enterprise. Another product that wasn't evaluated but looks promising is Acronis' ActivEcho and MobilEcho. We also looked at a product from Tonido and decided it wasn't sufficiently mature so skip that one. Oxygen Cloud was dropped because the cost per user was well above what we were willing to pay.
|
|
#
?
Jan 3, 2014 17:39
|
|
|
Arishtat posted:Our company evaluated a few products and came down to two which were the front runners. Both are hosted locally and can also be used to expose existing SMB shares to internal (AD) users as well as external users and download links. One is called Varonis DatAnywhere and the other was Gladinet Cloud Enterprise. Another product that wasn't evaluated but looks promising is Acronis' ActivEcho and MobilEcho. Thanks I'll check these out.
|
|
#
?
Jan 3, 2014 18:21
|
|
|
I haven't used it personally, but I've heard good things about a product called "Egnyte" as an on-premise hosted Dropbox type deal. edit: reading comprehension fail, just noticed skipdogg mentioned it too.
|
|
#
?
Jan 3, 2014 18:25
|
|
|
Arishtat posted:Oxygen Cloud was dropped because the cost per user was well above what we were willing to pay. Also their website is beyond terrible
|
|
#
?
Jan 3, 2014 18:29
|
|
|
Karthe posted:Now I just have to figure out why those updates are causing a FAILURE (5627) error during imaging. "You cannot install updates in cab format (imported from WSUS) in Apply Patches phase during deployment. There is an error during performing task sequence. You can only apply patches in msu format." Maybe that's what's causing those errors?
|
|
#
?
Jan 3, 2014 19:29
|
|
|
TWBalls posted:Are these still the drivers from WSUS or are these now the patches/updates causing this? Someone in the comment section on that page you linked to posted this:
|
|
#
?
Jan 3, 2014 20:34
|
|
|
This is a dumb question but it looks like we may not get network connectivity between two of our sites in time for a project milestone. We have site A which is existing, and site B which we are setting up. We had planned to create a domain controller at site B in the same domain as site A (which already exists). As a total newb trying to plan this out, can we build out the 'same' domain at site B while they are not connected and start to populate it then sync it with site A at a later date? It would be a two way sync - ie different objects in the domain at both sides, there should be no or minimal overlap. I would really, really prefer to not mess around and create problems later, but would need to justify delaying the date to the actual PM (not me) and I don't know enough about this to say either way, but my googling to this point indicates it might be a pain and require exporting/importing and so on.
|
|
#
?
Jan 6, 2014 16:21
|
|
|
You'd be better off creating different sites in AD and having them sync over a VPN until your link can go in, if you create a new domain with the same name as your existing one then as far as I know you won't be able to trust them or join them together in any way. If there really is no overlap between the two sites then you could go down this route but you'd have to call the domains different names and set up a two way trust.
|
|
#
?
Jan 6, 2014 16:43
|
|
|
Thanks - VPN is actually our current plan but the timing on when the firewalls to facilitate this will arrive and can be configured is going to be super tight so just wanted to feel it out.
|
|
#
?
Jan 6, 2014 16:53
|
|
|
Oh right, sorry I assumed you were doing a PtP link and could VPN as a workaround. I wouldn't go to separate domains unless you have a really good reason to - defining sites based on subnet works very well and is sort of what it was created for. I'm assuming you're going to have some sort of internet connectivity at site B for it to be useful so you could probably put something together in software / a VM appliance if the hardware is getting delayed to keep things on track.
|
|
#
?
Jan 6, 2014 17:05
|
|
|
I guess this is the place to ask: Is it possible at all to deploy a sysprepped image from a volume licensed Windows 8/8.1 reference machine to Dell OEM hardware and have it pick up the OEM license? This was supposedly possible with Windows 7 but the changes to OEM activation make it seemingly impossible in Windows 8. I think we are down to either booting up once and using produkey to grab the OEM key before it gets imaged or asking for a higher mak activation limit. Every thing I have read says this is legal and kosher, but perhaps we are just barking up the wrong tree all together?
|
|
#
?
Jan 6, 2014 21:05
|
|
|
|
| # ? May 14, 2024 00:40 |
|
|
We were told to install a KMS server and use that. As long as the OEM desktops have keys on it, it's fine to have them all activate with KMS even if you don't own volume licensing.
|
|
#
?
Jan 6, 2014 21:29
|
|