|
Yeah just raise it, it'll be fine. All it really does is extend the schema.
|
# ? Aug 25, 2014 23:12 |
|
|
# ? May 14, 2024 02:47 |
|
Raising the domain to 2008 + level provides amazing quality of life things such as: - DFS replication - DFS Access Based Enumeration (ie. have one drive map for all your users and use NTFS permissions to restrict access and visibility for sub folders) - Being able to delete/demote domain controllers from AD users and computers snapin (ie. no dcpromo for removal) - Service accounts - Better security logging There is basically no reason not to do this, and your old 2000/2003/2008/2008 r2 servers will work with the updated schema et el.
|
# ? Aug 25, 2014 23:22 |
|
I've never done this kind of thing before and I'm studying for the MCSA exam, does this sound like a reasonable upgrade path? Current setup is SiteA-DC01, SiteA-DC02, SiteB-DC01, SiteB-DC02. All 2003 virtual machines. I'm thinking of spinning up 4 2012R2 server core machines. Take snapshots of SiteA-DC01 and SiteB-DC01, place SiteA-DC02 and SiteB-DC02 on an isolated virtual switch. If something goes really wrong, we can use them to bring everything back. I'll add two 2012 machines to replace the DC02's. They'll be added using the AD account for the old ones and get the same IP addresses. Next, install AD DS services and DNS. This should extend the schema to 2012R2, but won't upgrade the functional level, not sure what the difference is. Make SiteA-DC02 the Primary Domain Controller. I'm not sure how Schema masters, etc. work. Shut down the DC01's. Now all online Domain Controllers are 2012R2's running at the 2003 level (with a 2012R2 schema?) Raise the functional level to 2012R2. Join the other two 2012R2 servers to the domain to replace the old ones. Am I on the right track?
|
# ? Aug 26, 2014 00:23 |
|
cross posting as im strugglingSquirrelGrip posted:I am a moron who agreed to take over a small managed service team that provides basic monitoring and reactive support for sharepoint.
|
# ? Aug 26, 2014 00:48 |
|
Dr. Arbitrary posted:I've never done this kind of thing before and I'm studying for the MCSA exam, does this sound like a reasonable upgrade path? Never snapshot a 2003 2008 domain controller.
|
# ? Aug 26, 2014 04:50 |
|
SquirrelGrip posted:cross posting as im struggling I think just use kaseya
|
# ? Aug 26, 2014 18:24 |
|
Nitr0 posted:Never snapshot a 2003 2008 domain controller. Is 2012 R2 more snapshot friendly for a DC? I'd still be hesitant.
|
# ? Aug 26, 2014 18:26 |
|
You'll need to get familiar with the restoration process for a domain controller (both authoritative and non). Of all the things microsoft is stickler about, its domain controller consistency.
|
# ? Aug 26, 2014 18:53 |
|
CLAM DOWN posted:Is 2012 R2 more snapshot friendly for a DC? I'd still be hesitant. It's snapshot aware.... it really doesn't take long to deploy a DC, not sure why it's a thing but it is. http://blogs.technet.com/b/keithmay...pro-vmware.aspx I've taken snapshots of 2003 and 2008 DC's but they never ever touch the production network, they go into an isolated testing network.
|
# ? Aug 26, 2014 18:59 |
|
You can snapshot them, just don't expect to roll back cleanly.
|
# ? Aug 26, 2014 19:02 |
|
edit: nevermind
ZetsurinPower fucked around with this message at 16:19 on Dec 8, 2014 |
# ? Aug 26, 2014 20:50 |
|
Gyshall posted:Raising the domain to 2008 + level provides amazing quality of life things such as: I don't think it does this automatically, though. I'm going to follow this guide once I get rid of old FRS errors (caused by restoring the DC from backup).
|
# ? Aug 27, 2014 21:34 |
|
Correct, you need to configure the Sysvol and Netlogon shares to use DFS, but if you have things like remote offices it can be a bandwidth lifesaver.
|
# ? Aug 27, 2014 21:48 |
|
I am locking down a couple of laptops with deep freeze. I will be redirecting "my documents" to a thawed partition so they can save files, but I want to lock down the desktop so they can't save there and call in super pissed off when their dumb spreadsheet vanishes. Apparently setting the desktop folder to read-only is not enough. Is there an easy way to get this done? We do it on our virtual desktops using group policy (I believe, I didn't do it myself), these are standalone laptops not on a domain. Thank you for any help.
|
# ? Aug 27, 2014 23:14 |
|
I don't know off the top of my head, but are there local policies you can apply to enact the same as the group policies? e: There are also a couple of problems that can arise by restricting too much write-access to the local user folder. I've experienced Office completely making GBS threads itself, for one. There might be some amount of responsibility on the user not to gently caress themselves over, no matter how hard you lock the system down. Orcs and Ostriches fucked around with this message at 23:22 on Aug 27, 2014 |
# ? Aug 27, 2014 23:20 |
|
NevergirlsOFFICIAL posted:I think just use kaseya I have come to the realisation that we will be building our own monitor
|
# ? Aug 28, 2014 03:23 |
|
Question about o365 licenses. If our users are licensed for the full office suite. Would it be a problem (from a MS standpoint) if I just installed the software on their computers using the media from the VLSC site? (So they don't have to login with their o365 account on the computers.)
|
# ? Aug 28, 2014 03:26 |
|
That's how we were told to deploy it onto RDS - buy one Office Pro Plus seat to get access to the media and install it. The license is with the user so the idea is that they 'bring it with them' when they log in.
|
# ? Aug 28, 2014 08:15 |
|
Trying to update GPO definitions and when I copy it to C:\Windows\PolicyDefinitions it says cannot overwrite for some of the admx files. Why's this? edit: Nevermind should of been copying it to sysvol. lol internet. fucked around with this message at 15:38 on Aug 29, 2014 |
# ? Aug 29, 2014 15:19 |
|
Greg Jackson posted:Is there an easy way to get this done? We do it on our virtual desktops using group policy (I believe, I didn't do it myself), these are standalone laptops not on a domain? Everything you can do in group policy you can also do in local policy. Run rsop.msc on one of the virtual desktops to see what policies are set.
|
# ? Aug 29, 2014 23:40 |
|
Greg Jackson posted:I am locking down a couple of laptops with deep freeze. I will be redirecting "my documents" to a thawed partition so they can save files, but I want to lock down the desktop so they can't save there and call in super pissed off when their dumb spreadsheet vanishes. My guess is that you've set permissions on the "all users" desktop folder, which doesn't prevent them from writing the desktop folder in the user's own profile. I have some experience with DF. You could redirect the user desktop folders to the live partition if you want them to just have their way. Or use Data Igloo to redirect entire profiles. But I have never actually used that, as we're trying to get rid of DF. Personally, I think it's enough to just take away admin access if you can. DF is a pain to work with for reasons like this, and not worth it for anything but public facing PCs.
|
# ? Aug 30, 2014 02:15 |
|
Thanks for the responses, guys.peak debt posted:Everything you can do in group policy you can also do in local policy. Run rsop.msc on one of the virtual desktops to see what policies are set. The thing is that I think they redirected to a network folder with restricted domain permissions and that's why nobody can write files to the desktop. There are no network folders on these laptops.. maybe I could redirect to a folder with restricted ntfs permissions and different ownership.. Demie posted:My guess is that you've set permissions on the "all users" desktop folder, which doesn't prevent them from writing the desktop folder in the user's own profile. Nope I was working with their desktop folder. It wouldn't allow me to change ownership of the folder because it was inheriting permissions. I basically gave up. quote:I have some experience with DF. You could redirect the user desktop folders to the live partition if you want them to just have their way. Or use Data Igloo to redirect entire profiles. But I have never actually used that, as we're trying to get rid of DF. Yeah, I've tested this before but if their whole user profile is writable they can do everything: change visual theme, fill the desktop with random files, pick up user-level malware. What I've currently settled on is redirecting "my documents" to a thawed partition and giving the warning "save files to the D: drive or they will disappear. Do not save files to the desktop." quote:Personally, I think it's enough to just take away admin access if you can. DF is a pain to work with for reasons like this, and not worth it for anything but public facing PCs. It's fitting our needs for desktops really well but laptops need too much freedom which is why I'm struggling
|
# ? Aug 30, 2014 16:45 |
|
So I'm at a loss here with getting Office 2013 to install as part of our lite touch deployment. I've got the application imported into SCCM. Ran the setup.exe /admin to make sure it installs silently without any user notice and gets our correct license key. It shows up as an option and seems to install without any problems but when the computer boots up it's just not there. I've checked the SMSTS.log and dont really see anything that would indicate and error but I guess I could copy the log to here. I did have the source files up on a network share that didnt have the correct read rights which I fixed, and I did notice that someone earlier had built a Lync stand alone installer using the same setup.exe /admin options file which I had to delete to get mine working. The strange thing is that the installer does work, if you go into the software center you can install it and run it fine as a user.
|
# ? Sep 2, 2014 15:12 |
|
Looking at secpol.msc, I know that if a policy has a computer icon that means that that specific policy is being controlled by a GPO. When you assign a user to the permission to log on as a service through a GPO, does it overwrite or add to the existing permissioned users that can hold that privilege?
|
# ? Sep 3, 2014 01:50 |
|
BaseballPCHiker posted:So I'm at a loss here with getting Office 2013 to install as part of our lite touch deployment. I've got the application imported into SCCM. Ran the setup.exe /admin to make sure it installs silently without any user notice and gets our correct license key. It shows up as an option and seems to install without any problems but when the computer boots up it's just not there. I've checked the SMSTS.log and dont really see anything that would indicate and error but I guess I could copy the log to here. I did have the source files up on a network share that didnt have the correct read rights which I fixed, and I did notice that someone earlier had built a Lync stand alone installer using the same setup.exe /admin options file which I had to delete to get mine working. The strange thing is that the installer does work, if you go into the software center you can install it and run it fine as a user. Did you add a step to the task sequence to install the App? If it's showing up available to be installed in software center, it would seem like the TS hasn't even tried to install it. Also, make sure there is an Apply Updates step or 2 after all apps have been installed. It helps make sure things are really really patched when you're done.
|
# ? Sep 3, 2014 20:23 |
|
Sorry if this has been asked before. I've been tasked with adding windows into our environment and like a good *nix admin I immediately want to throw config management on them. How is puppet on windows?
|
# ? Sep 4, 2014 01:08 |
|
jaegerx posted:Sorry if this has been asked before. I've been tasked with adding windows into our environment and like a good *nix admin I immediately want to throw config management on them. How is puppet on windows? I've heard not very good, we're supposed to be testing it here in the coming months though. It looks like it has basic config management, but nothing remotely as powerful as MS tools. Can you use AD/SCCM/SCOM/SCORCH?
|
# ? Sep 4, 2014 01:16 |
|
Maybe Powershell DSC as well? Honestly I have 0 experience with it, but I've heard it's supposed to be quite neat.
|
# ? Sep 4, 2014 02:07 |
|
Wicaeed posted:Maybe Powershell DSC as well? The Powershell 5.0 preview DSC stuff is rad, I've been playing around with it.
|
# ? Sep 4, 2014 02:10 |
|
I have a friend that works at MS, and he keeps harping on Puppet with DSC.
|
# ? Sep 4, 2014 02:13 |
|
Zaepho posted:Did you add a step to the task sequence to install the App? If it's showing up available to be installed in software center, it would seem like the TS hasn't even tried to install it. I had that checked and the apply updates. I got it working but can't for the life of me figure out what difference this would've made. So the application which I tested and installed fine through software center wouldnt work during my lite touch deployment. So on a whim I made it into a package and added it to the install apps task sequence. Totally works fine now. Why it wouldnt work as an application but works as a package is beyond me. It's using the same source files and installer.
|
# ? Sep 4, 2014 15:31 |
|
BaseballPCHiker posted:I had that checked and the apply updates. I got it working but can't for the life of me figure out what difference this would've made. So the application which I tested and installed fine through software center wouldnt work during my lite touch deployment. So on a whim I made it into a package and added it to the install apps task sequence. Totally works fine now. Why it wouldnt work as an application but works as a package is beyond me. It's using the same source files and installer. SCCM 2012 SP1 or 2012 R2? There is a bug in SP1 that apps don't apply properly during task sequence installs. It's fixed in one of the CUs but the client is the non CU version during a TS and you have to take a bunch of steps to update it to make it work right. It's a bit fuzzy since it's been a while since I messed with that but i recall it being a lot of time and effort to get working. The short story is R2 is better.
|
# ? Sep 4, 2014 17:47 |
|
Supposedly Chef has really been going all-in on Windows/DSC support but I don't use it myself so I can't confirm. Doesn't really help if you're a Puppet shop anyway. Honestly most of the config management tools come from *nix-land with Windows support poorly shoehorned in. I tend to agree with CLAM DOWN, see how far native tools like Group Policy can take you. Then if they're not enough, look at SCCM if you can get a budget for it. I'd only look at Puppet as a last resort.
|
# ? Sep 4, 2014 22:39 |
|
How boned am I, trying to get .NET 3.5 onto a Server 2008 RTM Core server? I'm trying to get the AppAssure agent installed on a production file server, which I think is bundled with .NET 4 and obviously errors out. 3.5 should work (I think) but I can't get it to install. Even downloading the full package, I get an error on installation: code:
code:
code:
Mierdaan fucked around with this message at 01:07 on Sep 8, 2014 |
# ? Sep 7, 2014 18:22 |
|
The .NET Framework is a component of Sever 2008/2008 R2. You have you use DISM to install it: 32-bit: DISM /online /enable-feature /featurename:NetFx3-ServerCore-WOW64 64-bit: DISM /online /enable-feature /featurename:NetFx3-ServerCore Number19 fucked around with this message at 21:55 on Sep 7, 2014 |
# ? Sep 7, 2014 21:53 |
|
Number19 posted:The .NET Framework is a component of Sever 2008/2008 R2. You have you use DISM to install it: DISM looks like it was included with Win7/Server2008R2 - I don't seem to have it installed on this Server 2008 RTM box. I'll try downloading the WAIK and installing it - thanks. edit: can't install the WAIK due to not having .NET 2.0 installed Mierdaan fucked around with this message at 01:56 on Sep 8, 2014 |
# ? Sep 8, 2014 01:09 |
|
Oh that's right 2008 is different. I skipped that one entirely so I keep forgetting how different 2008 and R2 are. According to this post: http://social.msdn.microsoft.com/Fo...orum=netfxsetup that error seems to indicate some form of OS corruption. That post is talking about Vista though and it might be different on 2008. Number19 fucked around with this message at 02:07 on Sep 8, 2014 |
# ? Sep 8, 2014 02:01 |
|
Mierdaan posted:The Windows component could not be configured because of an error: 1168 "Element not found." (Command line: "OCsetup.exe NetFx3 /quiet /norestart")[/code] I hav never touched Server 2008, but I know that on 2008 R2 and above, the actual file content for the .Net feature is on the CD. With that kind of error code, I think it's complaining that i can't find those files. If you install using DISM, the command line should direct it to the \sources\sxs\ folder on the disc. I don't know why MS does this, but you're not the first person to be frustrated by it. If you're only having trouble with this one server, try installing it as a Windows feature through the control panel. It will probably ask for the disc.
|
# ? Sep 8, 2014 13:46 |
|
Does anyone know why Crystal Reports would run successfully for as long as I can remember but when I changed the format today to PDF now ALL of my reports fail due to a "Database Connector Error", regardless of format?
|
# ? Sep 8, 2014 22:07 |
|
|
# ? May 14, 2024 02:47 |
|
TheEffect posted:Does anyone know why Crystal Reports would run successfully for as long as I can remember but when I changed the format today to PDF now ALL of my reports fail due to a "Database Connector Error", regardless of format? It's a garbage program made by garbage humans? Don't know if this is the case, but any time I need to interact with it I get violently ill from frustration.
|
# ? Sep 8, 2014 22:23 |