|
I'm a terrible person and like share level permissions...I find them easier to manage. You can do it either way, but the generally more accepted 'better practice' is to do 'Full Control' on the Share permission and lock things down with NTFS permissions.
|
# ? Jul 23, 2014 22:12 |
|
|
# ? May 30, 2024 13:48 |
|
Riso posted:I use Authenticated Users on the shares so people have to have a valid domain account and then apply the permissions on NTFS directly. I guess it doesn't matter either way, just make sure your NTFS permissions are setup properly. It sure pisses me off when people apply actual permissions in both places. Edit: Yes skipdogg, you are a terrible person.
|
# ? Jul 23, 2014 22:15 |
|
orange sky posted:So, I'm switching people over from Office 2003 to 2013 (365) through SCCM and there's a problem with the file association, prompting users for choosing which program to use when they open an Office file. This happened in my test workstation, and I'm wondering if there's some script I can deploy that changes the file associations to a set executable, or which registry I should be looking at. My Google-Fu seems to be failing me since every registry change / command I've seen in Google ended up not working. Thanks a lot in advance. Try building a new msi on a computer that had 2003 installed that you then upgraded to 2013 and set the correct defaults to. Whichever program you use to build the msi should capture the registry changes and apply them on install the next time you use it.
|
# ? Jul 23, 2014 22:38 |
|
skipdogg posted:You can do it either way, but the generally more accepted 'better practice' is to do 'Full Control' on the Share permission and lock things down with NTFS permissions. Not only is this the "better practice", microsoft conditions admins in their documentation. They phrase it as "IT professionals hate this, and despite designing the software that should do this task far more elegantly, we're telling you you should set it to everyone and configure the NTFS permissions."
|
# ? Jul 23, 2014 23:36 |
|
BaseballPCHiker posted:Try building a new msi on a computer that had 2003 installed that you then upgraded to 2013 and set the correct defaults to. Whichever program you use to build the msi should capture the registry changes and apply them on install the next time you use it. For Office I would very strongly recommend to handle all of this in your transform. This is the supported method for handling all of this and can do pretty much anything you need it to. I've been burnt by capturing changes in the past (as in complete work stoppage for all users at a bank until a fix could be deployed). Don't be that guy!
|
# ? Jul 23, 2014 23:53 |
|
I'm not sure if this is the right thread but we just deployed Lync through O365 and everything is going great as long as you are not an Android user. It looks like only our users with Android devices are having issues connecting through the app. Win8 and iOS phones are just fine. The only thing we can find is issues with autodiscover but can't figure out why it's Android only. Had anyone else had this issue?
|
# ? Jul 23, 2014 23:54 |
|
https://testconnectivity.microsoft.com/ Test your lync configurations here.
|
# ? Jul 24, 2014 00:13 |
|
Moey posted:Never had to do this before, but it looks like it is just a registry push. Yeah so apparently if you choose User ODBC it fills in both x32 and x64 where as if you do System it only does x64. User works just fine.
|
# ? Jul 24, 2014 00:14 |
|
BaseballPCHiker posted:Try building a new msi on a computer that had 2003 installed that you then upgraded to 2013 and set the correct defaults to. Whichever program you use to build the msi should capture the registry changes and apply them on install the next time you use it. Holy moly don't capture Office into an MSI, especially not when deploying with SCCM. Run setup.exe with the /admin flag to generate a transform.
|
# ? Jul 24, 2014 00:17 |
|
FISHMANPET posted:Holy moly don't capture Office into an MSI, especially not when deploying with SCCM. Run setup.exe with the /admin flag to generate a transform. I'm new at administering SCCM so I'm interested to know why you wouldn't want to do that? I haven't yet with Office but can't you just make a program in SCCM and enter in your account license and use msiexec to run the installer?
|
# ? Jul 24, 2014 16:10 |
|
Capturing an install into an MSI (as opposed to using an included MSI installer) is waaaaay at the bottom of the list of ways you want to use to install software, well after "find a different vendor." Apparently when using GPO to deploy software, it had to be an MSI (I don't know, I've never used GPO) but SCCM doesn't have that requirement. Capturing an MSI has all sorts of problems because you don't know if what you're capturing is just what you installed, or other system changes as well. Using built in tools to manage an install is a much better idea. For example, if you want to change a setting in your installer. Making a transform for the Office installer means you just have to run setup.exe /admin again and change your transform. Capturing the MSI requires reinstalling the software and recapturing.
|
# ? Jul 24, 2014 16:40 |
|
So I have a sort of frustrating issue that I've been unable to research a solution to, and am hoping someone might have some ideas. One of my client sites is a k-12 school, and they're very serious about having their internet access be "safe". So they're using a default search engine called "Kidrex", which is a rebranded custom Google Search site. This gives them everything they want. However, the problem is that the kids can still go to Google directly, and even with SafeSearch turned on, both Google Images and the auto-complete will give them what the school considers to be "inappropriate" results. If we block Google, then Kidrex stops working as it relies on Google for its search results. My thought was to simply block Google Images and then disable the autocomplete function, but for the life of me I cannot find a way to actually disable the feature. Google Instant can be blocked, but there doesn't seem to be a way to stop the autocomplete. My boss has reached a point of wanting to outright abandon Google for their site and look into a move to Bing. Is there another alternative? Lights fucked around with this message at 16:46 on Jul 24, 2014 |
# ? Jul 24, 2014 16:42 |
|
Kaninrail posted:So I have a sort of frustrating issue that I've been unable to research a solution to, and am hoping someone might have some ideas. I've seen this before. Instead of coming up with a respectable solution, the school decided to create their own cert for Google and all hell broke loose. I would recommend taking a look at OpenDNS.
|
# ? Jul 24, 2014 16:53 |
|
FISHMANPET posted:Capturing an install into an MSI (as opposed to using an included MSI installer) is waaaaay at the bottom of the list of ways you want to use to install software, well after "find a different vendor." Apparently when using GPO to deploy software, it had to be an MSI (I don't know, I've never used GPO) but SCCM doesn't have that requirement. Capturing an MSI has all sorts of problems because you don't know if what you're capturing is just what you installed, or other system changes as well. Good to know. I've been using included MSI installers whenever possible because it's just one less step for me. Is it appropriate then to build your own MSI for something like a simple program that then needs a custom batch file ran after the install or should you create a package that runs one program then in advanced properties click to run another program first and just have it deploy itself piece by piece? This whole system has been new to me and I'm trying to learn on the fly as part of a whole department overhaul. Been trying to educate myself through the latest CBT Nuggets series on the 70-243 exam and SCCM 2012 SP1 Mastering the Fundamentals book. Any other good training recommendations?
|
# ? Jul 24, 2014 17:22 |
|
This has been making the rounds, for those of you maintaining 2003+2012 R2... http://blogs.technet.com/b/askds/ar...ontrollers.aspx
|
# ? Jul 24, 2014 18:20 |
|
BaseballPCHiker posted:Good to know. I've been using included MSI installers whenever possible because it's just one less step for me. Is it appropriate then to build your own MSI for something like a simple program that then needs a custom batch file ran after the install or should you create a package that runs one program then in advanced properties click to run another program first and just have it deploy itself piece by piece? I learned with CBT and a lot of test packages send to a test laptop. If something isn't working, learn which logs you need to check and where to find them (server or client?). Speaking of logs, use the SCCM log parser (CmRcViewer) whenever possible. It makes it much easier to spot the errors then slogging through a text doc. For deploying Office, do a setup.exe /admin then save the MSP file in the "updates" folder of the source. When you create the package, use the following for the Command Line code:
When it comes to creating a deployment, I like to do separate packages and then have dependencies. It makes it easier to troubleshoot where in the chain of events something goes wrong if it doesn't work. Just my opinion though.
|
# ? Jul 24, 2014 18:44 |
|
Kaninrail posted:My boss has reached a point of wanting to outright abandon Google for their site and look into a move to Bing. Is there another alternative? What gateway firewall are they using? Most modern UTM firewalls can do some sort of "Safe Search enforcement" or something along those lines to satisfy that.
|
# ? Jul 24, 2014 20:21 |
|
Sacred Cow posted:I learned with CBT and a lot of test packages send to a test laptop. If something isn't working, learn which logs you need to check and where to find them (server or client?). Speaking of logs, use the SCCM log parser (CmRcViewer) whenever possible. It makes it much easier to spot the errors then slogging through a text doc. Yeah you almost always should use setup.exe /admin when customizing Office installs for deployment. That will launch OCT and you can customize any settings you want end-users to have when their systems receive Office. Save as an MSP file, save to the Updates folder of the extracted Office installation. I personally don't use the /adminfile command to call the custom MSP file and I don't modify the setup.xml file. The install looks at the Updates folder, sees the service pack files and the msp file and just automatically applies all of it during the install. I had problems when trying to manually specify MSP files using /adminfile to call either a local location or a network share. Created a little more work when building and customizing but it works. Always try to use included MSI installers because they have the functionality you need already built-in. Use /? on the MSI file to see what commands are available (which are universal for the most part) or if it already has an MST (transform file) then that's a good starting point. Some self-extracting EXE files that use InstallShield can also be customized (if an MSI is unavailable.) Try setup.exe /? or setup.exe /R to run a recorded install which will generate a custom ISS file. A lot of programs will also have their own customization utilities as well like Adobe applications. Adobe has an application that can build customized MSI/MST files for Reader, Flash, etc. Microsoft has a utility called Orca which can handle MSI/MST files.
|
# ? Jul 24, 2014 20:29 |
|
incoherent posted:This has been making the rounds, for those of you maintaining 2003+2012 R2... We got hit with this, fun thing is even when all your 2003 DCs are gone the DCs themselves can still hose their keys when resetting their passwords. Been a few months since I disabled computer account password resets on the DCs...
|
# ? Jul 24, 2014 22:04 |
|
Can anyone recommend software for finding/cleaning up duplicate files on a file server (Server 2003)?
|
# ? Jul 24, 2014 22:45 |
|
Roughly how lovely is Server 2008? I never hear anything about it.
|
# ? Jul 25, 2014 05:08 |
|
thebigcow posted:Roughly how lovely is Server 2008? I never hear anything about it. It's the Vista server OS. Use R2.
|
# ? Jul 25, 2014 05:11 |
|
CLAM DOWN posted:It's the Vista server OS. Use R2. Definitely use R2. Why not 2012 R2 though?
|
# ? Jul 25, 2014 14:25 |
|
Enabled some power settings through Computer Configuration > Preferences > Control Panel Settings > Power Options > Power Plan > Properties and now it seemed to of removed the option to hibernate on Windows 7 machines. Any ideas? Edit: Nevermind, apparently it's the hybrid sleep option. lol internet. fucked around with this message at 15:53 on Jul 25, 2014 |
# ? Jul 25, 2014 14:53 |
|
Crossposting from another thread, does anyone have any idea what I can do? I've designed good flows but they don't work because the KSC sucks quote:So, I've been trying to uninstall McAfee and deploy Kaspersky through SCCM and Kaspersky Security Center and I'm running into a wall here. Too many restarts needed, even if I had wake on lan it'd be really hard to do it. KSC, now that's something I hate right there. gently caress, what a headache. Filters don't work on machines and it starts a task and just hangs there all day and I have no idea what the hell is really going on - I just wish it'd go well
|
# ? Jul 26, 2014 11:20 |
|
orange sky posted:Crossposting from another thread, does anyone have any idea what I can do? I've designed good flows but they don't work because the KSC sucks What are you replacing it with? Most of the current Enterprise AV Suites will detect and remove the other suites. System Center Endpoint Protection for example this although my goole-gu is failing me this morning when trying to find the list of supported 3rd party AV suites it can remove.
|
# ? Jul 26, 2014 15:28 |
|
Zaepho posted:What are you replacing it with? Most of the current Enterprise AV Suites will detect and remove the other suites. System Center Endpoint Protection for example this although my goole-gu is failing me this morning when trying to find the list of supported 3rd party AV suites it can remove. Uninstalling McAfee with KSC doesn't work, leaves a lot of stuff from McAfee behind. So that was out of the question. I'm uninstalling with SCCM, restarting afterwards. Then, I'm deploying kaspersky agent and endpoint client with KSC. Then when that's all done and ok I put the clients on the 2nd group, for database updates and a virus scan. But guess what, I can't know for sure that McAfee really is deleted, restarts sometimes don't work, Kaspersky sometimes doesn't start up after installing (creating a situation where the subsequent restarts don't work), Kaspersky locks up because of.. who knows?.... drat. orange sky fucked around with this message at 17:57 on Jul 26, 2014 |
# ? Jul 26, 2014 17:54 |
|
orange sky posted:I'm uninstalling with SCCM, restarting afterwards. Are you trying to use an app/package to do the uninstall/cleanup/install? Have you considered using a Task Sequence? It should be able to survive the multiple reboots that you were referring to before.
|
# ? Jul 26, 2014 20:19 |
|
What is the preferred way to setup a file server, do you guys share out the root folder and control all sub folders via NTFS permissions or do you share out each folder as a separate share? For example: pre:Data --> Accounting --> Brokerage --> Executive --> Human Resources --> IT --> Operations --> President --> Production --> Public --> Shipping kiwid fucked around with this message at 01:54 on Jul 28, 2014 |
# ? Jul 28, 2014 01:47 |
|
kiwid posted:What is the preferred way to setup a file server, do you guys share out the root folder and control all sub folders via NTFS permissions or do you share out each folder as a separate share? Using your case, I share out all subfolders so I'd have 10 shares there. Quotas set on each share root as well.
|
# ? Jul 28, 2014 01:50 |
|
10 different shares in that case, and then say if under Human Resources you needed a 'Payroll' folder, you can secure that with NTFS from other HR folks. That's a scenario we have. We have a HR share that like a dozen folks have access to, and then payroll only 3 folks can get to that data.
|
# ? Jul 28, 2014 01:57 |
|
We have users who "float" between departments or need access to more than one so we share out the root as a DFS share then use ABE and NTFS to control which subfolders the users see and have access to.
|
# ? Jul 28, 2014 02:33 |
|
hihifellow posted:We have users who "float" between departments or need access to more than one so we share out the root as a DFS share then use ABE and NTFS to control which subfolders the users see and have access to. That's pretty much what we do, too.
|
# ? Jul 28, 2014 06:27 |
|
I work in a healthcare environment and I foresee getting more and more requests to send confidential info by email. It appears that Outlook supports using certificates to encrypt emails. It seems like I'll have to purchase certs so that recipients don't get annoying pop-ups, and the recipients will also need their own certs. We're likely going to be corresponding with numerous other organizations so exchanging our own CA certs won't work. The alternative I'm trying to avoid is one of those lovely web portals where you don't encrypt the email but instead send an email saying there's a new message and a link to login to the portal. Is this the best course to take? Any pitfalls to watch out for? Any good certificate vendors that make buying and managing lots of individual certs easier?
|
# ? Jul 28, 2014 19:35 |
|
Cpt.Wacky posted:The alternative I'm trying to avoid is one of those lovely web portals where you don't encrypt the email but instead send an email saying there's a new message and a link to login to the portal. This is what all the medical record companies do. (AIG only method of digital document delivery) you're going to have to get everyone in the room and train, there is no easy out from this.
|
# ? Jul 28, 2014 19:48 |
|
I have a question about adding a server to a domain. We have a file server with a few people using local accounts on the server, if I add the server to the domain will they still be able to access their files over the network using their local accounts? I'm pretty sure they can but I just want to make sure before I destroy myself. Thanks!
|
# ? Jul 28, 2014 19:51 |
|
Yaos posted:I have a question about adding a server to a domain. We have a file server with a few people using local accounts on the server, if I add the server to the domain will they still be able to access their files over the network using their local accounts? I'm pretty sure they can but I just want to make sure before I destroy myself. Thanks! Probably think about migrating them to AD accounts or groups, but yeah local accounts will still work just fine on a domain.
|
# ? Jul 28, 2014 19:55 |
|
I think the only potential gotcha would be if previously auth attempts were made with the assumption that local was the default domain to logon to, and depending on things they could try and auth as DOMAIN\User instead of LOCAL\User, but if you're explicitly being LOCAL\User you should be fine.
|
# ? Jul 28, 2014 19:58 |
|
Thanks for the answers. They are only local users because they were already local users, they'll be on AD soon enough. They'll probably be the first on the domain so I can get rid of these local accounts. Gotta get everything setup though. Edit: All this worry for nothing. Nobody is actually using the server yet. Edit 2: Spoke too soon, 26 connections. Yaos fucked around with this message at 21:21 on Jul 28, 2014 |
# ? Jul 28, 2014 20:16 |
|
|
# ? May 30, 2024 13:48 |
|
incoherent posted:This is what all the medical record companies do. (AIG only method of digital document delivery) you're going to have to get everyone in the room and train, there is no easy out from this. Is there an industry name for this type of product? Are there any that don't suck?
|
# ? Jul 28, 2014 22:06 |