|
You can fix it even more by not running ancient printers that rely on unsigned drivers, it's a really quick way to gently caress your print server up.
|
#
?
Feb 26, 2014 21:01
|
|
|
|
| # ? May 13, 2024 21:33 |
|
|
Caged posted:You can fix it even more by not running ancient printers that rely on unsigned drivers, it's a really quick way to gently caress your print server up. That's a really good point, but in some organizations those who hold the purse strings will only buy new printers when the old ones entirely stop printing. Until then, degradation of quality simply means relocation to a less-worthy department. 
|
|
#
?
Feb 26, 2014 21:26
|
|
|
The art of sabotage whilst looking like a plausible failure is a good skill to possess in those situations.
|
|
#
?
Feb 26, 2014 21:33
|
|
|
I got rid of a lot of old poo poo a few years ago saying they "weren't Windows 7 compatible".
|
|
#
?
Feb 26, 2014 21:39
|
|
|
That was our cue to remove every personal USB printer from people's desks and throw them into the compactor. "Sorry, you can't keep this, it won't work with Windows 7. Best walk a few feet to the large copier."
|
|
#
?
Feb 26, 2014 21:41
|
|
|
dotalchemy posted:You could cut down on the Windows install by running a Core installation, so no GUI, then just managing all the printers via the Print Management MMC. The only issue you'll run into is unsigned drivers, but you can get around that by starting the printer management .cpl from the cmd prompt on the Core RDP session. What really is the benefit of running a core server? Just less poo poo so no random admins can go install stupid poo poo like adobe reader on the server?
|
|
#
?
Feb 27, 2014 03:05
|
|
|
Less attack vectors and less system requirements, but the later doesn't really matter nowadays much.
|
|
#
?
Feb 27, 2014 03:06
|
|
|
lol internet. posted:What really is the benefit of running a core server? Just less poo poo so no random admins can go install stupid poo poo like adobe reader on the server? Adobe Reader and Java are standard installs on all our servers. 
|
|
#
?
Feb 27, 2014 04:52
|
|
|
lol internet. posted:What really is the benefit of running a core server? Just less poo poo so no random admins can go install stupid poo poo like adobe reader on the server? GreenNight posted:Less attack vectors and less system requirements, but the later doesn't really matter nowadays much. This, but also there's fewer Windows Updates for Core, so over time theres not as much bloat on the install - more important for those wanting to minimize footprint on cloud storage / virtual datastores etc.
|
|
#
?
Feb 27, 2014 05:05
|
|
|
In 2008 R2, is there an advanced auditing policy that will audit security options changes in the Local Security Policy? There's options for logging audit policy and user rights assignment changes, but I can't find a way to audit changes to the actual Security Options section.
|
|
#
?
Feb 27, 2014 20:43
|
|
|
Has anyone ever screwed around with Intel's PRO driver level NIC teaming feature? Not Microsoft's OS level one. Does it work as advertised?
|
|
#
?
Mar 2, 2014 18:03
|
|
|
So we just deployed 100+ machines using WDS for the first time and it went very smooth. Now though, we have a remote branch that is too far away to drive too and we had some computers shipped directly to the location. Since they're not going to be able to PXE boot I thought about using a discover image but then they'll still be pulling the install image from our location which isn't going to work. Is there any way to burn the install image to a DVD? Googling has only brought up discover image posts.
|
|
#
?
Mar 5, 2014 14:22
|
|
|
Is there a way to prohibit RDP (Remote Desktop Gateway specifically) sessions from Windows XP clients? I'd be looking to possibly put that rule in place shortly after end-of-life.kiwid posted:So we just deployed 100+ machines using WDS for the first time and it went very smooth. Now though, we have a remote branch that is too far away to drive too and we had some computers shipped directly to the location. Since they're not going to be able to PXE boot I thought about using a discover image but then they'll still be pulling the install image from our location which isn't going to work. Is there any way to burn the install image to a DVD? Googling has only brought up discover image posts. According to this thread (http://social.technet.microsoft.com...=w7itproinstall) you should be able to just convert your WDS install .wim into an .iso using AIK Tools, then just follow the normal procedure for creating bootable USB/DVD media. Another post says that given WinPE boot media, just the .wim would work. babies havin rabies fucked around with this message at 15:37 on Mar 5, 2014 |
|
#
?
Mar 5, 2014 15:27
|
|
|
babies havin rabies posted:According to this thread (http://social.technet.microsoft.com...=w7itproinstall) you should be able to just convert your WDS install .wim into an .iso using AIK Tools, then just follow the normal procedure for creating bootable USB/DVD media. Another post says that given WinPE boot media, just the .wim would work. Yikes, this got me on the right path but everything seems to be for Windows 7. Some of the tools have changed or no longer exist in the Windows 8.1 AIK. The Windows PE USB worked but then required a network share for the install images. I'd rather have these users just plug in a USB key, boot it and walk away for an hour. I ended up getting exactly that by doing this: 1. Export install.wim image from my deployment group on WDS 2. Extract the original Windows 8.1 install media to a folder 3. Replace the sources\install.wim with my exported file 4. Modified my answer file for WDS so it works with a DVD/USB boot then put it in the root\autounattend.xml 5. Used imgburn to create an ISO of this folder 6. Used rufas to create a bootable USB of this ISO I tested it on multiple machines and it's working great.
|
|
#
?
Mar 5, 2014 22:01
|
|
|
Anyone here good with AD CS? Hit a little bit of a snag today and am trying to get it sorted out. Back story: Old coworker installed AD CS on an older domain controller so he could get some AD authentication using SSL\TLS. Once was realized what he did, that role (and IIS) were removed from the domain controller. A standalone root ca for our domain was built and seems fine handing out most certs. We are retiring the older domain controller that had AD CA installed, so I need to point this sign on service at the new DC. Whenever I request a cert from the DC (pointing towards the root ca for the domain), I get the following error. certutil -ping also craps out. When using the gui though, I do see the correct root ca in there as the server I am requesting from. Edit: Both servers are 2012  
Moey fucked around with this message at 02:44 on Mar 6, 2014 |
|
#
?
Mar 6, 2014 01:05
|
|
|
kiwid posted:Yikes, this got me on the right path but everything seems to be for Windows 7. Some of the tools have changed or no longer exist in the Windows 8.1 AIK. The Windows PE USB worked but then required a network share for the install images. I'd rather have these users just plug in a USB key, boot it and walk away for an hour. I ended up getting exactly that by doing this: Another (easier) option is just to use MDT, create a Media share and an .iso will be made for you automatically that you can load on a DVD/USB.
|
|
#
?
Mar 6, 2014 01:22
|
|
|
Hadlock posted:Has anyone ever screwed around with Intel's PRO driver level NIC teaming feature? Not Microsoft's OS level one. Does it work as advertised? Works as advertised. You can do like 7 different teaming methods. The UI has been slow as poo poo for me on some servers. You need to follow the instructions carefully: for instance, configure the switch for LACP before configuring the team if you're doing LACP.
|
|
#
?
Mar 6, 2014 04:06
|
|
|
dox posted:Another (easier) option is just to use MDT, create a Media share and an .iso will be made for you automatically that you can load on a DVD/USB. Is it really that easy? I tried a couple of times and never got it to work. Granted, people were pestering me with other stuff every time I tried, but it still didn't seem quite that easy.
|
|
#
?
Mar 6, 2014 12:55
|
|
|
The Diddler posted:Is it really that easy? I tried a couple of times and never got it to work. Granted, people were pestering me with other stuff every time I tried, but it still didn't seem quite that easy. Yeah I have basically zero real Windows Admin experience (up until recently) but after spending a weekend tinkering with MDT 2013 and watching technet videos, it really is that simple. Import OS, Create task sequence, go to Media, create it and you're done. Obviously more customization is possible with an unattend and more steps in your sequence but it is fairly breezy once you figure it out. If you need any help feel free to PM me here or on IRC- I'd love to help (and learn more!)
|
|
#
?
Mar 6, 2014 15:27
|
|
|
I migrated our WDS/MDT setup to a new server and I'm having an issue with task sequences missing when trying to image / sysprep + capture. I can PXE boot fine into the deployment wizard when using VMWare player, but our OS task sequences are missing, so I can't deploy and image or sysprep and capture. It works fine when booting to physical hardware. Any ideas?
|
|
#
?
Mar 6, 2014 16:50
|
|
|
TheDestructinator posted:I migrated our WDS/MDT setup to a new server and I'm having an issue with task sequences missing when trying to image / sysprep + capture. This is a bit of a shot in the dark, but do the VM's have their NIC set as vmxnet3? If yes, try setting it as E1000 instead. The image that WDS uses to stage from doesn't have the vmxnet3 drivers afaik.
|
|
#
?
Mar 6, 2014 19:57
|
|
|
dotalchemy posted:This is a bit of a shot in the dark, but do the VM's have their NIC set as vmxnet3? If yes, try setting it as E1000 instead. The image that WDS uses to stage from doesn't have the vmxnet3 drivers afaik. vmxnet3 is much better than E1000 though, solved some issues we were having like excess CPU overheard. vmxnet3 does need tools installed first though. vvvv Good point, I misunderstood. CLAM DOWN fucked around with this message at 20:05 on Mar 6, 2014 |
|
#
?
Mar 6, 2014 20:02
|
|
|
I don't think he was advocating leaving it as E1000, but it's useful to see where the issue lies.
|
|
#
?
Mar 6, 2014 20:03
|
|
|
CLAM DOWN posted:vmxnet3 is much better than E1000 though, solved some issues we were having like excess CPU overheard. vmxnet3 does need tools installed first though. But tools doesn't exist in the Windows environment that WDS PXE boots to, thus you need to have a supported vNIC adapter type on the VM for purposes of doing the initial build. Once you get the system built, you can install tools and switch to vmxnet3, but if you want Ethernet connectivity from within your WDS build environment then you need to either inject the vmxnet3 driver into the WIM boot image or you need to use one of the E1000 cards.
|
|
#
?
Mar 6, 2014 20:05
|
|
|
Right now I'm using the E1000. I'll inject the VMXNET3 driver and see if that does the trick.
|
|
#
?
Mar 6, 2014 21:01
|
|
|
TheDestructinator posted:Right now I'm using the E1000. I'll inject the VMXNET3 driver and see if that does the trick. Yeah, if you're already on E1000, adding vmxnet3 to the boot image won't help you. I'm not familiar with non-SCCM boot images and their functionality - can you get to a command prompt and do some basic network tests etc, to see if you can ping out and ping into it / get telnet connectivity through to WDS on the relevant ports etc?
|
|
#
?
Mar 6, 2014 22:14
|
|
|
I checked at a command line and can ping our WDS/MDT server just fine. Here's what the deployment wizard looks like: There should be two additional task sequences (both of which show when booting to barebones or refreshed hardware) for OS install and sysprep / capture. I'm using a bridged connection in VMware Player, since it won't pull the boot image if I use NAT.
|
|
#
?
Mar 6, 2014 23:28
|
|
|
I'm not familiar with WDS outside of it's implementation within SCCM - are you applying any deployment criteria to the task sequence, such as "only available where vendor == HP" or something? I don't know if MDT without SCCM is capable of doing things like that, but it's all I can think of.
|
|
#
?
Mar 6, 2014 23:42
|
|
|
Just figured out the issue. I accidentally set the VM as 32-bit and didn't have virtualization enabled on the BIOS physical machine and VM. WDS was detecting the architecture as 32-bit and wasn't showing task sequences that use a 64-bit image. I do have another general question for SCCM experts. I've got an interview for an SCCM engineer / architect position next Tuesday. To date, I've only really set up SCCM in a lab environment, but have been using it in some capacity since 2007 (SMS2003). Does anyone have any good crash courses or reference material for SCCM 2012 that I can use to cram? I think I can talk my way into the job but I'm definitely inexperienced from a troubleshooting perspective. I really want to get away from helpdesk/desktop support and focus solely on admin and engineering.
|
|
#
?
Mar 6, 2014 23:49
|
|
|
Moey posted:Cert poo poo Ended up getting this sorted out today. The Cert Publishers group didn't have rights in any of the right OUs...
|
|
#
?
Mar 7, 2014 01:07
|
|
|
babies havin rabies posted:Is there a way to prohibit RDP (Remote Desktop Gateway specifically) sessions from Windows XP clients? I'd be looking to possibly put that rule in place shortly after end-of-life. You could force RDPv8/UDP but that also means you will likely need to roll out the appropriate KB and client for all the other Windows versions.
|
|
#
?
Mar 7, 2014 02:04
|
|
|
TheDestructinator posted:~sccm cheating!~ http://technet.microsoft.com/en-us/virtuallabs/ -- Find the System Center 2012 R2 labs  Other than that, not really any good resources that I can think of for crash-courses, but basically, study how to do the following... - Be able to talk about OSD / Task Sequences in decent detail - Troubleshoot package deployment failures - Configure security scopes - Difference between WQL and SQL, along with creating queries and dynamic collections - Be able to describe the different site roles, and the difference between Central Administration Site and Primary Sites. Conceptually, there's not a huge deal of difference between SMS 2003 and SCCM 2007 / SCCM 2012, but there are significant differences in terms of feature set - 75% of that is just poo poo that existed in SMS that's been expanded upon. http://weikingteh.wordpress.com/2013/09/04/comparison-of-sms-2003-vs-sccm-2007-vs-sccm-2012/
|
|
#
?
Mar 7, 2014 02:07
|
|
|
IMO learning how to make everything possible into an application instead of a package is one of the big SCCM 2012 skills Also learn how to make dynamic collections using queries, collection inclusion/exclusion and collection limiting. I tend to use queries as building blocks and then assemble them into more specific collections with inclusion and limiting
|
|
#
?
Mar 7, 2014 03:58
|
|
|
Thanks for the recommendations guys, these technet labs are definitely helpful. This might be the wrong thread for this, but I want to make sure I've got the right info when I'm negotiating salary. What sort of salary range would be appropriate for an SCCM Desktop Engineer? I'd assume anywhere from $85-100k depending on experience level in the northeast US (Philly area). Is this unreasonable for a Desktop Engineer? TheDestructinator fucked around with this message at 21:16 on Mar 7, 2014 |
|
#
?
Mar 7, 2014 20:56
|
|
|
TheDestructinator posted:Thanks for the recommendations guys, these technet labs are definitely helpful. Totally depends on experience, company size, and whereever the hell this "tri-state" area is. I'm in Vancouver BC and you wouldn't get NEARLY that much here.
|
|
#
?
Mar 7, 2014 20:58
|
|
|
I mentioned this in the "poo poo that pisses you off daily" thread but I'd like some more input. Our DNS is scavenging valid records. I think it has something to do with our DHCP server; clients can update their own DNS entries with an ipconfig /registerdns (usually) but the DHCP server can't. I did get a DNS entry to populate by doing an ipconfig /release and /renew on a client but I think it was doing the DNS entry itself. DHCP is set to do secure and unsecure updates, and to do DNS updates if the client requests it, but according to the logs it has always failed to do a DNS update when it tries. I think this is because it doesn't have any credentials set for DNS updates, but it was working at some point in the past and I don't think anyone really changed anything in regards to DNS updating. DHCP lives on a single server 2003 VM (getting upgraded to 2008r2 when the DC's get upgraded, happening in roughly two months), DNS lives on two server 2003 VM's (and is also getting upgraded to 2008r2 at the same time). It's not scavenging all records, though. Anything that can't update its own record (WAPs, switches, printers, so on) gets scavenged, some clients get scavenged (mix of win7 and winXP), no servers get scavenged (thank loving god). We kind of fixed it in one area by rebooting the switch stack but I expect in two weeks when the records are out of their refresh intervals things will start dropping again. Intervals are currently 7 days for DHCP, 7 days/7 days for dns no-refresh/refresh.
|
|
#
?
Mar 8, 2014 02:37
|
|
|
CLAM DOWN posted:vmxnet3 is much better than E1000 though, solved some issues we were having like excess CPU overheard. vmxnet3 does need tools installed first though. CLAM DOWN posted:Totally depends on experience, company size, and whereever the hell this "tri-state" area is. I'm in Vancouver BC and you wouldn't get NEARLY that much here. I got my initial SCCM experience there, and they were paying me 45k/year. This was not just administration, I set it up from scratch and scaled it across multiple remote offices. Obviously didn't stick around their that long because I knew I was getting the shaft. lol internet. fucked around with this message at 02:58 on Mar 8, 2014 |
|
#
?
Mar 8, 2014 02:56
|
|
|
lol internet. posted:I got my initial SCCM experience there, and they were paying me 45k/year. This was not just administration, I set it up from scratch and scaled it across multiple remote offices. Obviously didn't stick around their that long because I knew I was getting the shaft. Pretty typical for Vancouver IT, salaries are all on the low end with a super high cost of living 
|
|
#
?
Mar 8, 2014 03:10
|
|
|
lol internet. posted:I got my initial SCCM experience there, and they were paying me 45k/year. This was not just administration, I set it up from scratch and scaled it across multiple remote offices. Obviously didn't stick around their that long because I knew I was getting the shaft. What else were you doing though? If you were purely responsible for implementing and looking after an SCCM deployment, then I'd say that's not an unreasonable salary. If you had other duties and responsibilities, then yeah, that's kinda poor, but if I were in the market for an SCCM administrator who would only run and develop SCCM, I'd probably be offering around the same (SoCal here).
|
|
#
?
Mar 8, 2014 05:10
|
|
|
|
| # ? May 13, 2024 21:33 |
|
|
dotalchemy posted:What else were you doing though? If you were purely responsible for implementing and looking after an SCCM deployment, then I'd say that's not an unreasonable salary. If you had other duties and responsibilities, then yeah, that's kinda poor, but if I were in the market for an SCCM administrator who would only run and develop SCCM, I'd probably be offering around the same (SoCal here). I was doing Tier 1/2 support and sysadmin stuff + on call with almost no compensation (1 week = 1 day off) The initial IT folk ghosted computers instead of OSD. Those computers happen to have the SCCM client installed.. so.. started having a ton of conflicts which pushing out software or doing a mandatory OS deployment.
|
|
#
?
Mar 8, 2014 16:44
|
|