|
Don't you need a KMS master key to be able to activate them? Or do you?
|
# ? Jan 6, 2014 21:34 |
|
|
# ? May 14, 2024 12:35 |
|
Yes, but we don't have software licensing for KMS but Microsoft gave us a key right below the MAK.
|
# ? Jan 6, 2014 21:37 |
|
They will give you a KMS key if you ask them for it.
|
# ? Jan 6, 2014 21:52 |
|
Got a weird issue with Windows 7 deployment with WDS here. We just started using a 64 bit image. Instead of using a master computer with an image on it, that we brutalize and repeatedly reimage with whatever configurations we need to change, I threw together a hyper-v server. In theory, it seems to work great. I have a couple base images, and snapshots of the various configs I need to deal with. The problem comes when I try to deploy to a 64 bit machine: I create the system in Hyper-V, initially using a local account I create - IT, and run sysprep. I capture the image in WDS, and then reboot the VM. The system goes through the properly configured startup, thanks to my Unattend.XML file. I deploy that (sysprepped) image to a new laptop with WDS. During startup, every single configuration change I make is ignored, and I have to do the regular windows 7 install wizard. <- This is my big wtf moment. It's a 64 bit VM, 64 bit laptop. The sysprep file only has AMD64 configs. Anyways, I have to create a local account to proceed in the wizard, so I make IT2. At this point, I can log on to the laptop with the local account I created before sysprepping the original (IT). IT2, which I just created, won't log in due to login service errors. I can sysprep the system again, using the same Unattend.XML file that's still on the hard drive, and reboot the system. It comes back with all the modifications and specified in the unattend file... Anyone seen something like that before? I'd like to cut out the bullshit steps after doing the sysprep the first time.
|
# ? Jan 6, 2014 23:20 |
|
GreenNight posted:We were told to install a KMS server and use that. As long as the OEM desktops have keys on it, it's fine to have them all activate with KMS even if you don't own volume licensing. Sounds good. We have a huge batch of Dells coming on Wednesday so I might not have time to get this completely set up, but I was told by an MS rep it's fair to use extra MAK activations as long as we pull the key from the bios and keep a record for now. E: Not like ten minutes after posting this I checked one of the PCs we were testing earlier that I imaged using a dummy key and it is now activated with the OEM key. I'm not sure what caused that because it wasn't activated when I left. Master Stur fucked around with this message at 01:57 on Jan 7, 2014 |
# ? Jan 7, 2014 01:24 |
|
Another question. Is Nagios still the go-to monitoring solution? That'll probably be my next project, so I'm wondering where else (if anywhere) I should look?
|
# ? Jan 7, 2014 02:45 |
|
We use Orion which has been pretty awesome albeit expensive. We use it to monitor all our switches, routers, servers, esx hosts, voip and wan connectivity.
|
# ? Jan 7, 2014 02:48 |
|
Orcs and Ostriches posted:Got a weird issue with Windows 7 deployment with WDS here. What are you using to deploy the image? ImageX? MDT? SCCM? I'm assuming you're doing everything manually. You already checked that the components in your unattend are not for x86 architecture. What are you using to make the unattend? WSIM? Maybe have to re-import the catalog from the new disc. You probably did this already if you're seeing AMD64 components. Your login service errors are probably from a corrupt default profile, they sound very familiar. I'll bet the actual accounts are still there. I had this same thing happen when I had a task sequence install a custom IE10 package from IEAK on deploy, but I used the MSI installer instead of the EXE. You'll have to do some deductive reasoning to find out what step is doing this. Maybe you're doing copyprofile=true on an admin profile that has bad customizations. Or maybe you're running sysprep while logged-in as admin and it's trying to copy a profile that's in use. I think it's possble that it's failing to copyprofile and giving up in the middle of the unattend, but I don't know if you're using that setting. If so, try setting it to false and see what happens.
|
# ? Jan 7, 2014 15:53 |
|
Orcs and Ostriches posted:Another question. Is Nagios still the go-to monitoring solution? That'll probably be my next project, so I'm wondering where else (if anywhere) I should look? I'm using Opsview (a Nagios fork), I found it much easier to set up and configure but YMMV.
|
# ? Jan 7, 2014 23:33 |
|
Mr. Clark2 posted:I'm using Opsview (a Nagios fork), I found it much easier to set up and configure but YMMV. Seconding this. Using Opsview and found it pretty straight forward. I am using the free version so I have to go rip the ad frames out of their pages, but it works well enough for me. Moey fucked around with this message at 00:39 on Jan 8, 2014 |
# ? Jan 8, 2014 00:28 |
|
(Crossposting here and the GPO thread) Is there any way to create a GPO for IE compatibility view settings that only applies to a particular IE version (IE11, in this case)? From what I can tell, the Group Policy Preferences settings only let you target IE10 or greater (without making a distinction between IE10 and IE11) and the root\cimv2\Applications\MicrosoftIE WMI namespace was removed after XP. Unless my google-fu is failing me, that means the only way to determine IE version is by grabbing the version number property of iexplore.exe, which seems incredibly hacky. Is there some other option (using MS's native tools) I'm overlooking? Or alternatively, is it possible to add just a subdomain to the compatibility view list? I really just need to have http://bar.foo.com use compatibility mode, but it only seems to let me add *.foo.com to the whitelist. For context, I find myself in an annoying position. Because MS didn't bother testing to see if the Business Portal portion of Dynamics SL 2011 works in IE11, I need to push out a GPO to force time.company.com to use compatibility mode. However, that means that www.company.com is also forced to use IE7 compatibility mode, but it doesn't work properly with anything older than IE8. If I could either have the GPO only apply to IE11, or have it just use compatibility mode for time.company.com, that would solve my problem. chizad fucked around with this message at 01:05 on Jan 9, 2014 |
# ? Jan 9, 2014 00:47 |
|
If you have control over the web server hosting the application then you can send an HTTP header that turns on compatibility mode. http://msdn.microsoft.com/en-us/library/jj676913(v=vs.85).aspx
|
# ? Jan 9, 2014 01:38 |
|
chizad posted:(Crossposting here and the GPO thread) There's a GPO setting for "Use policy list of internet explorer 7 sites". The issue with it is it prevents users from adding their own entries to the compatibiltiy view list. I think it works on any IE8+. e: according to the help text they can add/remove any except the ones in the gpo.
|
# ? Jan 9, 2014 05:58 |
|
potato of destiny posted:There's a GPO setting for "Use policy list of internet explorer 7 sites". The issue with it is it prevents users from adding their own entries to the compatibiltiy view list. I think it works on any IE8+. Yeah, that's the one I'm using right now. The problem is, unless I'm missing something, there's no way to make IE use compatibility mode for just foobar.contoso.com but use the regular rendering mode for https://www.contoso.com and webmail.contoso.com and any other sub domains that aren't explicitly defined in the compatibility view sites list. If you open IE and add webmail.contoso.com to the compatibility view list, it acts like it added it, but when you go back and check it just shows contoso.com, and all sites in the contoso.com namespace are rendered using compatibility view. And if I remember right, you can put whatever you want in the GPO, but the settings don't apply correctly unless you use just contoso.com. Caged posted:If you have control over the web server hosting the application then you can send an HTTP header that turns on compatibility mode. Hmmm, I do, but the application is "in scope" under SOX, so it'd have to go through our change management process. Right now it's not a big enough issue to warrant that extra work IMO, but I'll keep the host header idea in mind in case it's needed in the future.
|
# ? Jan 9, 2014 06:24 |
|
I suppose you could do what we do, and use IE8 forever because our vendors are poo poo
|
# ? Jan 9, 2014 06:42 |
|
I need to evaluate replacing our Citrix farm with a Remote Desktop Services farm. Are there any good resources out there for Server 2012/R2 RDS? So far I've only been finding books written on 2008 R2 RDS. Has the RDS architecture changed all that much from 2008 R2 to 2012 or would most of the 2008 R2 book be applicable? The 2012 tech articles seem to hint that it hasn't because all they list is "whats new in...".
|
# ? Jan 9, 2014 16:59 |
|
I haven't deployed a 2012 RDS yet but just by using 2012 the biggest hurdle is getting people used to Metro.
|
# ? Jan 9, 2014 17:02 |
|
I don't think much has changed to be honest. 2008R2 stuff should mostly be applicable. Make sure it's R2.
|
# ? Jan 9, 2014 20:30 |
|
Two quick questions about WS2012: 1) I am using Windows Server Backup on a new 2012 server that has Hyper-V installed with 3 VM's. I have the backup running daily and it says it completes normally. However when I go into the details beside each virtual machine the status is completed but data transferred says 0kb. Can I assume this is normal and I could restore from this? (All of the drives with the VHD's backup and look good BTW) I would love to test them out but I can't restore these to the 2008 R2 servers we have. 2) How much of a pain is it to rename my DC from dot whatever to dot local? I thought I was a clever boy and matched our external domain suffix to our internal. Turns out I am a dumb gently caress and this causes intermittent DNS issues. Obviously this is my first DC from scratch.
|
# ? Jan 10, 2014 18:35 |
|
don't use .local, just rename your domain to something like AD.DOMAIN.COM RENDOM is a tool you can use to rename the domain. I can't speak to the backup questions, never used it.
|
# ? Jan 10, 2014 18:36 |
|
Probably be easier to build a new DC and migrate the roles over and promote/demote.
|
# ? Jan 10, 2014 18:37 |
|
Snorri posted:2) How much of a pain is it to rename my DC from dot whatever to dot local? I thought I was a clever boy and matched our external domain suffix to our internal. Turns out I am a dumb gently caress and this causes intermittent DNS issues. Obviously this is my first DC from scratch. Source: http://support.godaddy.com/help/article/6935/phasing-out-intranet-names-and-ip-addresses-in-ssls
|
# ? Jan 10, 2014 18:41 |
|
GreenNight posted:Probably be easier to build a new DC and migrate the roles over and promote/demote. Will renaming cause that much of a headache you think? I figured it would but had to ask. Thanks SkippDogg and nexxai for that info, will use dot com if I do end up renaming.
|
# ? Jan 10, 2014 18:49 |
|
All I've heard about renaming a domain is not to do it.
|
# ? Jan 10, 2014 18:51 |
|
Snorri posted:Will renaming cause that much of a headache you think? I figured it would but had to ask. Thanks SkippDogg and nexxai for that info, will use dot com if I do end up renaming. Do you want to take the risk of it all blowing up? Would be good experience to migrate it, and you lessen the risk of disaster.
|
# ? Jan 10, 2014 18:55 |
|
Caged posted:All I've heard about renaming a domain is not to do it. Same
|
# ? Jan 10, 2014 18:56 |
|
Haha point taken, I will work on swapping around my DNS instead.
|
# ? Jan 10, 2014 18:57 |
|
If it's a small baby domain, I would rename it. I wouldn't rename something the size of the domain I manage though.
|
# ? Jan 10, 2014 18:58 |
|
nexxai posted:Do NOT do this. Rename it to .internal.company.com - as of November 1, 2015, you will never be able to get a publicly-trusted SSL cert signed for any PC with a .local hostname as it can't be verified by the CA. Why wouldn't you just have an internal CA at that point?
|
# ? Jan 11, 2014 02:18 |
|
I upgrade our SCCM 2012 to R2, becuase I was really excited about some of the new Powershell Cmdlets. And what a crock of poo poo. Incomplete documentation, wrong documentation, functions that just plain don't do anything. Specifically, get-cmdevice is supposed to return an object to be used with commands like new-cmdevicevariable, but get-cmdevice returns an object of a different type than new-cmdevicevariable expects. new-cmdevicevariable can also use a resourceID, but when you actually use that, it just doesn't do anything. I've actually done the best I can to file a bug on the first issue: https://connect.microsoft.com/Confi...mdevicevariable
|
# ? Jan 11, 2014 04:29 |
|
FISHMANPET posted:I upgrade our SCCM 2012 to R2, becuase I was really excited about some of the new Powershell Cmdlets. Keep us updated on this. We're looking to update to R2 as well but more for Windows 8.1 imaging support.
|
# ? Jan 11, 2014 15:32 |
|
FISHMANPET posted:I upgrade our SCCM 2012 to R2, becuase I was really excited about some of the new Powershell Cmdlets. Thanks for the heads up. My new boss wants me to upgrade my SCCM 12 server this quarter. I've never messed with SCCM cmdlets but I'm working on Powershell in general. Any suggestions on where to read up on using it with SCCM? Also I think it was someone in this thread who suggested "Learn Powershell in 30 Lunches" and just want to echo that its a fantastic book.
|
# ? Jan 11, 2014 15:40 |
|
For me at least, I learn better when I have a problem to solve. So I had a problem: I want to make it easy to install a new Windows Server VM. I had a manual process that involved creating the VM, getting the MAC address, importing it into SCCM, setting some device variables, etc etc. And then I just went down the line and googled furiously. I'll grab the script in its current state and post it when I get to work on Monday.
|
# ? Jan 12, 2014 01:35 |
|
Anyone here familiar with Symantec Altiris as a remediation and IT management solution? I'm just trying to get a grasp on how robust its patching and remediation options are.
|
# ? Jan 12, 2014 06:35 |
|
Maneki Neko posted:Why wouldn't you just have an internal CA at that point?
|
# ? Jan 12, 2014 23:09 |
|
Just setup outlook anywhere and use a single namespace (nameofmailserver.yourdomain.com). you're going to hit this roadblock again (2010) and again (2013). Not troubleshooting those AD DNS issues WILL come back and bite you in the rear end.
incoherent fucked around with this message at 09:10 on Jan 13, 2014 |
# ? Jan 13, 2014 09:03 |
|
Oh yay, someone I can talk SCCM 2012 R2 with. I just spent the last month setting up SCCM at my new company. I've setup 2007 in the past. I thought the Update component would be better, but at the end of the day, it still sucks. A bit more manageable but still overhead as software update groups handles max 1000 updates. Some quick questions I'll dump in the event you might have an answer to: 1. I'm re-imaging a machine. When it gets re-imaged it comes back with the same name as previously. This would be fine if it didn't start installing apps that might be in collections which have mandatory advertisements to them. Any idea? My 2007 setup always just created a new record with a MININT-* hostname, which I was totally fine with. 2. If you set policies via collections\SCCM agent (ie. power management) users are now able to override those changes? 3. Have you successfully got WOL working? How did you go about enabling WOL on the workstations? 4. Are you Apply all updates for OSD? I'm trying to do a build and capture while applying all updates, but it says download 140 updates, then just ends that task. (I know, I should probably look at the logs, but just got the issue when I was leaving for the day.) edit: Non SCCM, but what the gently caress, citrix is so lame and overprice. Can anyone tell me why people still use it? Sure it's super secure, but there's tons of alternatives. We have it in a company of 75 people. Maintenace\Software Assurance for it is like 10,000\year almost. That is absolutely insane when you compare it to other possible alternatives. The whole token poo poo is lame, and pretty annoying. Half the time I forget to bring the token with me. lol internet. fucked around with this message at 03:22 on Jan 14, 2014 |
# ? Jan 14, 2014 03:17 |
|
lol internet. posted:Oh yay, someone I can talk SCCM 2012 R2 with. I just spent the last month setting up SCCM at my new company. I've setup 2007 in the past. I thought the Update component would be better, but at the end of the day, it still sucks. A bit more manageable but still overhead as software update groups handles max 1000 updates. 1. Before you reimage the machine, delete it from SCCM and AD. That will make SCCM detect it as an unknown computer and give it a MININT name. 2. I'd have to look tomorrow but it think you can specify in the client settings if the users can override. 3. This is also something I've wanted to get working. I'm tired of going around and chasing down computers for people who are on vacation to turn them in and let updates install. 4. I do apply all updates with no issue during OSD so yeah, look through your logs. Also don't forget that SCCM lets you do offline servicing of your images now so you can just roll your new improved updates into your image and drastically reduce your imaging time.
|
# ? Jan 14, 2014 04:26 |
|
Why delete from AD? I just delete from SCCM and then I have a vbs file run during the task sequence requesting a computer name. It then auto adds to the domain.
|
# ? Jan 14, 2014 04:30 |
|
|
# ? May 14, 2024 12:35 |
|
I'm not sure why you would want the computer to get a MINIT when you could let it have its actual name. Fun fact, set your install collection to have the OSDComputerName variable. When you run the task sequence it will prompt you for a value for that variable, and then assign the computer that name.
|
# ? Jan 14, 2014 08:44 |