|
lol internet. posted:Hmmm at my old place.. perhaps it was the guy who set it up did a poo poo job but all I can say is the support in my experience is horrible. It's literally straight to India. I've had to contact support twice, and while it was a little slow in response, my issues did get resolved. They dogfood their own product for their support cases, and development is pretty rapid with a new build every 3 weeks which ois pretty rare for enterprise software. The Standard version of ServiceDesk was just made free so its at least worth checking out.
|
#
?
Apr 6, 2014 05:58
|
|
|
|
| # ? May 14, 2024 03:23 |
|
|
Jadus posted:They dogfood their own product for their support cases
|
|
#
?
Apr 6, 2014 08:24
|
|
|
MC Fruit Stripe posted:What does this mean? "Dogfooding" is when a company runs their own product internally so their employees can use it, be familiar with it, test it, and help improve it.
|
|
#
?
Apr 6, 2014 08:26
|
|
|
The action itself makes sense to me, but like so many buzzwords, I can't even draw a parallel to dogfood. 
|
|
#
?
Apr 6, 2014 08:49
|
|
|
It's a shortened version of "eat your own dog food"
|
|
#
?
Apr 6, 2014 10:17
|
|
|
I have a handful of users with redirected folders, whats the best way to move thier folders from the current location to a DFS share? Can I just update the target location in the GPO or do I have to move the files first?
|
|
#
?
Apr 7, 2014 07:45
|
|
|
Swink posted:I have a handful of users with redirected folders, whats the best way to move thier folders from the current location to a DFS share? Robocopy the folders to the DFS share, deny write/modify on the old folders, and update the GPO. Make sure you tell robocopy to copy all attributes so it keeps NTFS permissions.
|
|
#
?
Apr 7, 2014 11:53
|
|
|
I've always gotten away with just updating the redirection GPO and letting the move happen by itself.
|
|
#
?
Apr 7, 2014 21:30
|
|
|
I'm paranoid since it's an actual move and not a copy, plus that option can break rather easily; redirecting documents on Win7 will fail if the source documents folder is missing, while the event log says everything redirected successfully. Pulled my hair out over that one for a while.
|
|
#
?
Apr 7, 2014 23:10
|
|
|
Hadlock posted:I need a way to OCR images (screenshots) that are dropped in a folder and output a text file. Or some other scriptable fashion. I did that once by installing Abbbyy FineReader and using AutoItScript to watch the folder for PDFs and OCR anything that appeared in it. I then used VBA in Word to search for keywords and split the original PDF into a bunch of smaller ones. It was for a hospital so they could put a pile of paper on the scanner and have it magically appear in their information system. IIRC everything up to starting the VBA macro worked as a service but eventually we had to dedicate a VM so it could be logged in all day.
|
|
#
?
Apr 9, 2014 20:48
|
|
|
Trying to block user GPO in one OU. (XenApp Servers) This possible at all? Block Inheritance on the OU seems to only block the computer policies and not the users. (ie. deployed printers)
|
|
#
?
Apr 10, 2014 02:46
|
|
|
User GPOs are applied on the user object, not the computer object, so unless the user object is in the xenapp OU the blocked inheritance doesn't apply. Set a policy on the xenapp servers OU that enables loopback processing and then set the mode to Replace, it will prevent user policies from being applied.
|
|
#
?
Apr 10, 2014 02:56
|
|
|
hihifellow posted:User GPOs are applied on the user object, not the computer object, so unless the user object is in the xenapp OU the blocked inheritance doesn't apply. Set a policy on the xenapp servers OU that enables loopback processing and then set the mode to Replace, it will prevent user policies from being applied. Thanks, that did it.
|
|
#
?
Apr 10, 2014 22:26
|
|
|
Is there any way to give a user the ability to start, stop, and reboot a virtual machine in server 2012 Hyper-V? Also maybe even restore from a set snapshot. I was messing with the authorization manager and figured out how to create a user that can only do those functions but they have access to every virtual machine. I am not sure how to make it apply to only one virtual machine.
|
|
#
?
Apr 10, 2014 23:56
|
|
|
I've Googled around but can't really find a solid answer. We use Spiceworks for our internal ticketing system. However, if an external user emails our help desk email address somehow, spiceworks will create a ticket. Is there any way to limit Spiceworks to only generate tickets from internal domains? If not then the best way to solve this is to probably setup a transport rule on Exchange to drop email from external users, yes? External users should never be sending to this address.
|
|
#
?
Apr 14, 2014 16:00
|
|
|
How are those emails getting into Spiceworks? Is it monitoring a mailbox, is it using a custom email address that's the member of a DL?
|
|
#
?
Apr 14, 2014 20:09
|
|
|
kiwid posted:I've Googled around but can't really find a solid answer. You can restrict it quickly to only members of the domain, if you like. Exchange Console -> Recipient Config. -> Mailbox -> <username> -> properties -> mail flow settings -> message delivery settings > properties -> and check 'require that all senders are authenticated'. Anybody (or anything) that isn't logged in won't be able to send email to this address.
|
|
#
?
Apr 14, 2014 20:16
|
|
|
Caged posted:How are those emails getting into Spiceworks? Is it monitoring a mailbox, is it using a custom email address that's the member of a DL? Yeah it's monitoring a mailbox which should only be known to internal recipients but some of our users must be telling external vendors to email it for certain things. EoRaptor posted:You can restrict it quickly to only members of the domain, if you like. Exchange Console -> Recipient Config. -> Mailbox -> <username> -> properties -> mail flow settings -> message delivery settings > properties -> and check 'require that all senders are authenticated'. Anybody (or anything) that isn't logged in won't be able to send email to this address. Perfect, exactly what I wanted. Thanks.
|
|
#
?
Apr 14, 2014 20:57
|
|
|
What's the current best practice for naming new active directory domains? I've been using client.local just out of muscle memory but I think I remember reading that it's got drawbacks and I should be using a subdomain of my client's registered domain name. I haven't really run into any problems or anything, but that doesn't mean it won't happen.
|
|
#
?
Apr 15, 2014 01:27
|
|
|
It's been discussed in the Ticket and Bitch threads and I believe the consensus was subdomain.company.com I believe this was the latest discussion. TWBalls fucked around with this message at 02:20 on Apr 15, 2014 |
|
#
?
Apr 15, 2014 02:08
|
|
|
We use corp.company.com but ad.company.com works as well. You can still have the netbios short name be company. Any subdomain works really.
|
|
#
?
Apr 15, 2014 02:45
|
|
|
Thanks guys.
|
|
#
?
Apr 15, 2014 20:28
|
|
|
Bit late: I only use .local for completely private/segregated/non-public domains or test/lab environments, there was some reason I did that but have since forgotten.
|
|
#
?
Apr 15, 2014 20:33
|
|
|
Either it was to try and crash Mac OS X or you followed some old rear end poo poo guide by MS. That's my two cents.
|
|
#
?
Apr 15, 2014 20:35
|
|
|
Riso posted:Either it was to try and crash Mac OS X or you followed some old rear end poo poo guide by MS. Honestly, either could be true.
|
|
#
?
Apr 15, 2014 20:36
|
|
|
Uhhh, okay, I'm having a real brain fart here: I set up a lab on my ESXi host consisting of just one machine right now, 2012R2 running as a domain controller. I want to kill password complexity enforcement since I'm just labbing poo poo up: - Created a GPO called "Password Complexity Policy", whose only settings are: -- Computer Conf\Policies\Windows Settings\Security Settings\Acct. Policies\Passwd. Policy\ -- Password must meet complexity requirements: Disabled -- Minimum password length: 1 character When I audit it, I see my domain listed under "The following sites, domains, and OUs are linked to this GPO", Enforced is set to Yes, Link Enabled is Yes. I ran gpupdate /force, etc. Even restarted the machine. Yet when I hit ctrl-alt-del on the DC and go to change MYDOMAIN\Administrator's password to just "pass" or something, I get the old "Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain." It's almost embarrassing to ask this because it's literally AD 101, but what the hell am I doing wrong? I know I can just add the password complexity stuff to the "Default Domain Policy", but I'm trying to keep everything separate. Is this some kind of no-no?
|
|
#
?
Apr 16, 2014 23:54
|
|
|
Sorry for the doublepost. Ran RSOP and it showed that the password policy was in effect, so it must have been one of the other policies loving my poo poo up. I dumbed everything down to 0 passwords remembered, no password aging, no min time before pw change and one of those worked. Guess I should have run RSOP before I outed myself as an idiot.
|
|
#
?
Apr 17, 2014 00:33
|
|
|
The guys in my position prior to me didn't really have a system for cataloging software licenses beyond "copy of receipt in disc case maybe with username scribbled on it" and I'd like to fix that. Would a KeePass DB separated by program, subdivided by user be a decent way to do it, or is there something better out there for a 20ish-user operation with a bunch of Adobe keys floating around?
|
|
#
?
Apr 17, 2014 20:19
|
|
|
redstormpopcorn posted:The guys in my position prior to me didn't really have a system for cataloging software licenses beyond "copy of receipt in disc case maybe with username scribbled on it" and I'd like to fix that. Would a KeePass DB separated by program, subdivided by user be a decent way to do it, or is there something better out there for a 20ish-user operation with a bunch of Adobe keys floating around? Even a common spreadsheet would be better than that.
|
|
#
?
Apr 17, 2014 20:22
|
|
|
Whatever you do, make sure you stick with it. There's nothing more maddening than trying to find an Office key in our spreadsheet where all new purchases are supposed to be cataloged and WELP.. To be honest I think a spreadsheet is more what you're looking for too. Keypass will do it, but it's way too overkill for just a simple key-value store.
|
|
#
?
Apr 18, 2014 00:41
|
|
|
I do it with a spreadsheet. Doesn't need to be fancy, just accurate.
|
|
#
?
Apr 18, 2014 02:21
|
|
|
Real enterprises just wait for the audit to come around and true-up then. 
|
|
#
?
Apr 18, 2014 16:14
|
|
|
That's what we do. We got rid of all our 2000 and 2003 servers this week because  AUDIT
|
|
#
?
Apr 18, 2014 16:35
|
|
|
I'm not sure if this is the right thread or if I should go revive the group policy thread that's been idle for a few months. Anyways, I have a set of three 2012 servers at three different sites. One site is the "corporate" location which is the hub of the VPNs. All sites can speak to corporate and generally they can't speak directly with each other. For some reason even though the domain was entirely set up on the corporate server and the others added later, one of the remote sites has ended up becoming the "master". Worse, we were unaware of the DFS-R change made in 2008R2 which fucks up replication if the machine loses power. A few months back the corporate office had a few power failures and we lost replication on SYSVOL. Somehow it didn't cause any trouble until earlier this week, when some new laptops were deployed. These computers worked fine in our office (which has VPN links to all of these sites) but not actually at the intended site, which is a remote location that does not yet have its own DC and depends on corporate. We had deployed other PCs to this site between replication failing and now, so I'm not sure what changed. Long story short, I've tried forcing replication with "dfsrdiag syncnow", I've tried non-authoritative resyncs, and I've even demoted the DC entirely and reinstalled ADDS using a different location for NTDS and SYSVOL. The sysvol folder on this machine is remaining empty. No errors appear in the Event Log, we have the initial 4614 both when I did the resync and when I reinstalled AD entirely, but beyond that I only have a few 5106s that associate with when I've run the "syncnow" command. Part of me wants to just browse to the SYSVOL share on the good server and copy that over, but something tells me that'll break things even worse.
|
|
#
?
Apr 18, 2014 19:55
|
|
|
By master, do you mean one of the satellite DC's has become the FSMO holder? This will tell you how to transfer the roles if that is the case. Also Sites and Services has the options to initiate replication to/from DCs; it will not be instantaneous but if it hasn't happened within half an hour to an hour (depends on link speed and so on) then you have replication issues and it's time to start diving in to event logs.
|
|
#
?
Apr 18, 2014 20:27
|
|
|
Yes, the FSMO is what I meant. I have found that, but don't plan on doing anything about it until I have the SYSVOL problem resolved as it doesn't seem to be a major problem in and of itself. Basically I don't want to transfer FSMO to a "broken" DC that may end up getting blown away in the next week if it can't be solved another way. From what I've seen the Sites and Services replication option seems to replicate AD itself, but doesn't impact the sysvol. That is to say it successfully updates changes like the ADSI edits required for Microsoft's forced replication procedures, but no DFSR-related log entries are generated when I do that. I have waited a few hours with no change. When I run "dfsrdiag syncnow /rgname:"Domain System Volume" /partner:<good server> /time:1 /verbose" it shows up in Event Viewer as a pair of 5016 events, first notifying that the replication mode on the connection to the partner changed from "Obey Configured Schedule" to "Replicate Now" and then a minute later changing back. Both the "domain" and "sysvol" folders under the selected "SYSVOL" folder on the problematic server remain empty. I'm contemplating going out to the site and giving this a try on Monday if I don't come up with something better over the weekend. http://technet.microsoft.com/en-us/library/cc816857(v=ws.10).aspx
|
|
#
?
Apr 18, 2014 20:53
|
|
|
redstormpopcorn posted:The guys in my position prior to me didn't really have a system for cataloging software licenses beyond "copy of receipt in disc case maybe with username scribbled on it" and I'd like to fix that. Would a KeePass DB separated by program, subdivided by user be a decent way to do it, or is there something better out there for a 20ish-user operation with a bunch of Adobe keys floating around? What I do is this: Purchase/invoice/licensing documents are scanned to PDF and archived in case I ever need to know anything and I don't want to go through accounting's physical treasure trove of poo poo. A spreadsheet recording all purchases and it's original intent/owner. I never update any changes since I may have to explain three years later why I bought X or Y or to provide some breadcrumbs. Physical media/licenses get the name of current system/user and updated when changes are made. I recommend CD binders, those license slips fit nicely in those. This also the disaster recovery method in case the spreadsheet where I store the licenses gets outdated or gets hosed up. Another spreadsheet of current environment so I don't have to pull out the physical media. This is where you start having problems with other co-workers forgetting to make updates after changes. Anything super sensitive like VLSC accounts and keys go into keepass since we don't want everyone knowing our volume license keys and leaking them to pirate bay. The system has worked for 14 years for me and covered my rear end many times. Especially since any company I work for doesn't want to buy a real software management solution.
|
|
#
?
Apr 20, 2014 17:53
|
|
|
Is it possible to use an autounattend.xml file with sysprep to JUST specify a product key for a 2012R2 system? I've got an MSDN key for 2012R2 and I'd like to create an OVA template for our devs to use. I sysprep generalize my template image before exporting the OVA, but it asks for the key every time they import, obviously. I know it's an option for autounattend.xml, but I'm not sure if it's possible for it to be the ONLY option in autounattend. Every time I try it's giving me errors during OOBE. Quite frankly I'm just kind of tired of trying since it takes me forever to export the OVA so I'm going back to google/forums rather than trial and erroring 30-minutes at a time. some kinda jackal fucked around with this message at 04:04 on Apr 24, 2014 |
|
#
?
Apr 24, 2014 00:35
|
|
|
I haven't imaged like that before, but I know you can edit down your unattend.xml to just one setting if you really want. You should use WSIM from the ADK, of course. Push F1 and you'll get really nice docs that describe each setting and where they're supposed to go during the setup process (oobe, etc).
|
|
#
?
Apr 24, 2014 06:17
|
|
|
|
| # ? May 14, 2024 03:23 |
|
|
Martytoof posted:Is it possible to use an autounattend.xml file with sysprep to JUST specify a product key for a 2012R2 system? So this is 100% based on Google searching, I haven't done it myself. But it looks like you could use packer-windows to generate Vagrant boxes that contain your MSDN license key and won't need to prompt the devs for it. And Vagrant owns, I am a big supporter of its use for dev environments. Windows guest support requires a plugin currently but will be a first class citizen in Vagrant 1.6 which is due out in the next month or two. You may need Ruby and/or Linux experience to build the VM image (a "box" in Vagrant terminology), like I said I haven't used this particular project. I've only used Vagrant with Linux. But it appears to be an option. If nothing else maybe you can look at what they've done to support injecting keys and copy that for your needs. From the packer-windows readme: quote:Product Keys Docjowles fucked around with this message at 07:51 on Apr 24, 2014 |
|
#
?
Apr 24, 2014 07:45
|
|
