|
i want to die small business snipe 2011
|
#
?
Apr 27, 2015 18:06
|
|
|
|
| # ? May 30, 2024 23:20 |
|
|
OK hi I want to remove this folder redirection without users losing any of their files. I want the files to stay on their local machines, and I want them to be removed from the server. Actually I don't care if they get removed from the server I just don't want any problems when I turn this server off. What's the best way to do what I want to do? Can I just disable this GPO?
|
|
#
?
Apr 28, 2015 02:05
|
|
|
NevergirlsOFFICIAL posted:OK hi AFAIK you need to change a setting on that thing that lists the path and the rest of what you have set up should move things to the new location. This can blow up on you if everyone has a million files on the server and logs in at the same time, if they don't have enough local disc, etc etc etc. Also I haven't messed with that in an age so don't take my advice.
|
|
#
?
Apr 28, 2015 03:08
|
|
|
I did it by removing the gpo. It worked for most but some started throwing error on login that the network location that used to store the files was unavailable. I recreated the user profiles for the affected users.
|
|
#
?
Apr 28, 2015 04:28
|
|
|
I don't like these answers 
|
|
#
?
Apr 28, 2015 13:20
|
|
|
NevergirlsOFFICIAL posted:I don't like these answers Look into the GPO itself. For each folder being redirected open up the properties and look for the following:  Make sure the "Redirect the folder back to the local userprofile location when policy is removed" is selected. This should migrate the info back to their local profiles. If it's a lot of content the login could take a looong time.
|
|
#
?
Apr 28, 2015 15:06
|
|
|
NevergirlsOFFICIAL posted:I don't like these answers Test it first
|
|
#
?
Apr 28, 2015 15:09
|
|
|
Gyshall posted:Test it first Yeah, take a test user already affected by the policy and filter them out. See what happens.
|
|
#
?
Apr 28, 2015 15:12
|
|
|
If you have to, you can also split up the affected staff into two security groups. Add some of them to the new group, remove them from the old, and only apply the new policy to them. That way, if a handful of users does break, it's not the entire org at once. Once that group is settled, add a few more users. It's important to turn on the 'redirect to local profile' setting and leave it that way for a while though. You need to make sure everyone's had a chance to log on and get the setting update. It's a bit of an administrative hassle, but probably safer. In my experience, that setting is pretty robust, so I don't foresee any big problems. Orcs and Ostriches fucked around with this message at 15:55 on Apr 28, 2015 |
|
#
?
Apr 28, 2015 15:52
|
|
|
Our company has a legacy Sharepoint site being used for department drives (accessed via browser) from before my time and very sloppily implemented. Our network is entirely Windows 8.1 laptops, not on a domain (our only apps are browser based, no need for anything more complicated). I just want to be able to map those Sharepoint sites as network drives for the few people who use them, and be able to administrate permissions effectively. I've followed guides on mapping as a network folder, but the finder constantly forgets that it has the credentials to open the folder, so the user has to specifically log into Internet Explorer and click the "Open in [Windows] Explorer" for the folder to stay open for a new session. What's the best practice for a situation like this? I'm imagining if I can just hold out for Windows 10, I can upgrade everyone to that, they can log into the laptops with their O365 login, and then the mapped drives might stay authenticated. I'm seeing some scripts like https://office365drivemap.codeplex.com/ and some more polished looking jank like http://www.thinkscape.com/Map-Network-Drives-To-Office-365-OneDrive/ but I was wondering if anyone here has accomplished something like this.
|
|
#
?
Apr 28, 2015 18:45
|
|
|
We recently had one of our buildings lose connection to the rest of the buildings. When that happened they also lost connection to the dhcp server and none of the computers that were booted during the downtime would connect to the local domain controller or do much of anything. Our buildings are all on one campus and we have 1 giant WAN to work with. I was thinking about running DHCP on our other domain controllers but I'm not sure if that's going to cause major issues or not. I don't anticipate the link going down again but would rather not have managers breathing down my neck if something goes wonky again. Is that a sane idea or am I just asking for trouble if I do that?
|
|
#
?
Apr 28, 2015 18:57
|
|
|
pyrofreak421 posted:We recently had one of our buildings lose connection to the rest of the buildings. When that happened they also lost connection to the dhcp server and none of the computers that were booted during the downtime would connect to the local domain controller or do much of anything. Our buildings are all on one campus and we have 1 giant WAN to work with. I was thinking about running DHCP on our other domain controllers but I'm not sure if that's going to cause major issues or not. I don't anticipate the link going down again but would rather not have managers breathing down my neck if something goes wonky again. Is that a sane idea or am I just asking for trouble if I do that? I would portion out your DHCP pool so your one location draws half from one server and your other location draws from the remaining. When your systems do a DHCP request it should hit the closest server (which should be local). Both sites would still be able to communicate and it's not the end of the world if it leases from the far end since it should still be on the same subnet. If your WAN goes down it'll rely on the local DHCP server to get an address so when it comes back up it should be business as usual. If you do your reservations correctly you'll never have a conflict either.
|
|
#
?
Apr 28, 2015 19:02
|
|
|
Hoping I can find a solution to a rather unique issue I've got. I work for an MSP, and we have one customer who has a very strict set of guidelines on patching for a couple of their servers, which is preventing us from going to a 100% automated solution for them. Every MS patch cycle, I have to manually turn off the task scheduler service on one server, and can't turn it back on again until the second server is done patching. The first server is doing some automated SQL database inserts into the second server, and there's a chance of corruption is it tries to do that if the server reboots after patching. The patching is done Friday nights (thankfully just once a month,) from midnight to whenever it gets done, usually around 3 AM. I'm sick of having to stay up till 3 AM to manually turn that service back on. What would be the easiest way to automate getting that back on? I don't mind being up till midnight-ish to manually turn it off, and then if need be run some sort of script that basically looks at the other server and when it's done patching and has rebooted, goes "OK, turn task scheduler back on." I'm curious as to how to get it to "notice" the server is done patching...the one thing I can think of off the top of my head (bear in mind I'm new to IT,) is for some sort of script to ping the server, and to turn the task scheduler back on after it gets a response after previously NOT getting a response. In other words, it would be responding to a ping normally when patching, but then timeout when it starts rebooting, so then when it comes back online and responds to the ping again, THAT'S the trigger to turn the service back on (or maybe wait another five minutes for the OS to complete boot up and turn it on.) Another option is to throw caution to the wind and say, "Well, the odds of the patching not being done by 4:30 AM are slim, so just create a script to turn it back on at 4:30 AM."
|
|
#
?
Apr 28, 2015 19:24
|
|
|
Are you downloading the patches or wsus/windows update? I would set a powershell script to check the patch (via its kb) is installed and then turn on scheduled task on the other machine in the same script.
|
|
#
?
Apr 28, 2015 19:48
|
|
|
Some patch management software can issue pre and post patching commands. Before patching <do x> after patching <do y> . Are you using some software to patch or is this manual?
|
|
#
?
Apr 28, 2015 19:57
|
|
|
skipdogg posted:Some patch management software can issue pre and post patching commands. Before patching <do x> after patching <do y> . Are you using some software to patch or is this manual? Yeah, we use Kaseya as our platform to do basically everything. It DOES have pre and post-patch procedures, but according to our in-house Kaseya expert, it can't do what I'm asking. As far as he knows, there's no post-patch procedure we can make in Kaseya that will check in on the patch status of the OTHER server. Which I find possibly dubious, but he's the one with the most training in it...and I've never had any "formal" training in Kaseya, just what he's passed along to me.
|
|
#
?
Apr 28, 2015 20:09
|
|
|
I'm not familiar with Kaseya, but could it do something like: Task 1: Pre: Stop task scheduler on SERVER1 Task: Patch SERVER2 Task 2: Task: Patch SERVER1 Post: Start task scheduler
|
|
#
?
Apr 28, 2015 23:12
|
|
|
m.hache posted:Look into the GPO itself. For each folder being redirected open up the properties and look for the following: ok noice
|
|
#
?
Apr 29, 2015 00:29
|
|
|
Orcs and Ostriches posted:If you have to, you can also split up the affected staff into two security groups. Add some of them to the new group, remove them from the old, and only apply the new policy to them. That way, if a handful of users does break, it's not the entire org at once. Once that group is settled, add a few more users. It's important to turn on the 'redirect to local profile' setting and leave it that way for a while though. You need to make sure everyone's had a chance to log on and get the setting update. yeah I'll prob do this thank you
|
|
#
?
Apr 29, 2015 00:30
|
|
|
BaseballPCHiker posted:http://tobiefysh.blogspot.co.uk/2015/04/do-you-have-lync-2013-client-deployed.html Thanks for the heads up on this one. That's kind of a big change to the user experience for them to sneak through.
|
|
#
?
Apr 29, 2015 08:16
|
|
|
I just added a Windows 8.1 VM in order to use RSAT. We're otherwise Windows 7. Remote desktop isn't working, even though the GPO that works for Windows 7 is being applied. In System Properties I can see "Allow remote connections to this computer" is selected and greyed (i.e. GPO is definitely applied). When I try RDP I just get "This computer can't connect to the remote comptuer". I can ping and browse \\VMname\c$ no problem. Has something changed? (Windows is fully updated)
alanthecat fucked around with this message at 13:26 on Apr 29, 2015 |
|
#
?
Apr 29, 2015 11:55
|
|
|
Update, I spun up a Windows 10 Technical Preview, and I can confirm the Azure Active Directory Cloud Join works on a basic level. An O365 admin or user can join to the cloud, then anyone in the organization can log into the PC with their O365 email and password and it'll make them a profile. None of the SSO features seem to be implemented at all yet, I still had to sign into Office and I can't figure out how to map SharePoint as a drive. If you log into the Azure AD portal, you can click a user and see which devices they have joined. There is a button to remotely disable the device but it doesn't seem to function yet. I think you can still lock someone out by changing their password but I'd have to experiment to see if there's any cached credentials.
|
|
#
?
Apr 29, 2015 14:28
|
|
|
alanthecat posted:I just added a Windows 8.1 VM in order to use RSAT. We're otherwise Windows 7. Remote desktop isn't working, even though the GPO that works for Windows 7 is being applied. In System Properties I can see "Allow remote connections to this computer" is selected and greyed (i.e. GPO is definitely applied). When I try RDP I just get "This computer can't connect to the remote comptuer". I can ping and browse \\VMname\c$ no problem. Has something changed? (Windows is fully updated) More of a server 2012 thing but try the following commands in Powershell to make sure everything is enabled: Enable-NetFirewallRule -DisplayGroup "Remote Desktop" set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
|
|
#
?
Apr 29, 2015 15:24
|
|
|
alanthecat posted:I just added a Windows 8.1 VM in order to use RSAT. We're otherwise Windows 7. Remote desktop isn't working, even though the GPO that works for Windows 7 is being applied. In System Properties I can see "Allow remote connections to this computer" is selected and greyed (i.e. GPO is definitely applied). When I try RDP I just get "This computer can't connect to the remote comptuer". I can ping and browse \\VMname\c$ no problem. Has something changed? (Windows is fully updated) It depends which way you're going. If you want to RDP into a Win8/2012+ puter from your Win7 desktop, you have to go into the win8 VM's firewall settings and disable security on remote desktop protocol rules. That's the only way I have found to make it work. If it's the opposite, then make sure the firewall rules are added to the win7 PC. Demie fucked around with this message at 15:27 on Apr 29, 2015 |
|
#
?
Apr 29, 2015 15:25
|
|
|
In the Remote tab on the System Properties on the Win 7 box, do you have 'Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)" checked? This will prohibit connecting to that machine unless you have an updated RDP client that is using the newer auth protocols. For example, the old version of the Mac RDP client won't work with Windows 8 or Server 2012 so you have to use the updated RDP client from the App Store.
|
|
#
?
Apr 29, 2015 18:01
|
|
|
Zero VGS posted:Update, I spun up a Windows 10 Technical Preview, and I can confirm the Azure Active Directory Cloud Join works on a basic level. An O365 admin or user can join to the cloud, then anyone in the organization can log into the PC with their O365 email and password and it'll make them a profile. This poo poo makes me so excited, field laptops and the such have always been a pain for us.
|
|
#
?
Apr 29, 2015 18:13
|
|
|
TWBalls posted:I'm not familiar with Kaseya, but could it do something like: I've been looking, but haven't found anything like this in their procedure options, yet. It seems all their procedure tasks/steps are limited to only doing things on the machine the agent is on. Affecting another machine, even when it also has an agent on it, doesn't seem possible. Edit: Went to the forums for kaseya and got an answer...it involves TWO procedures...one to start/stop a service, and another procedure to call that procedure on the other machine. DrBouvenstein fucked around with this message at 19:37 on Apr 29, 2015 |
|
#
?
Apr 29, 2015 18:26
|
|
|
Server 2012 R2, during a CIFS authentication session, why is tcp/80 being used in the middle of the series of tcp/445 packets?
|
|
#
?
Apr 29, 2015 19:07
|
|
|
socialsecurity posted:This poo poo makes me so excited, field laptops and the such have always been a pain for us. I'm still trying to figure out what to do for our company since we don't have Azure and would love some ideas.
|
|
#
?
Apr 30, 2015 03:15
|
|
|
Sheep posted:I'm still trying to figure out what to do for our company since we don't have Azure and would love some ideas. I still really like Direct Access on server 2012 R2 with Windows 8.1 clients. For the overwhelming majority of the time, it just works. Being able to sit down with any internet connection that allows HTTPS outbound and just be on the internal network as if I was in the office is priceless. We still have anyconnect through our ASA for backup traditional VPN in case the DA box goes down (I didn't bother to cluster it since we're small and it's not critical for the majority of our users) but I haven't had to use that in probably a year or more. I can talk to servers as if i was in the office, i get patches, software deployments and can change my AD password. It all just works for us.
|
|
#
?
Apr 30, 2015 16:37
|
|
|
Zaepho posted:I still really like Direct Access on server 2012 R2 with Windows 8.1 clients. For the overwhelming majority of the time, it just works. Being able to sit down with any internet connection that allows HTTPS outbound and just be on the internal network as if I was in the office is priceless. We still have anyconnect through our ASA for backup traditional VPN in case the DA box goes down (I didn't bother to cluster it since we're small and it's not critical for the majority of our users) but I haven't had to use that in probably a year or more. I can talk to servers as if i was in the office, i get patches, software deployments and can change my AD password. It all just works for us. Direct Access is the poo poo, if you have the Windows licensing to use it which sadly most of your customers do not we are lucky if they have pro half the time. I really wish they would reduce the reqs to use it.
|
|
#
?
Apr 30, 2015 17:46
|
|
|
What are the requirements? Just Server 2012 + Win 8 Enterprise right?
|
|
#
?
Apr 30, 2015 18:00
|
|
|
I'm setting up a Sharepoint farm but I'm getting stuck with this user that's a domain admin and needs permissions to create computer objects. In ADUC I'm selecting advanced, user properties, security, advanced. In the Permission Entry I'm selecting add, choosing the same user but there isn't an option for Create Computer Objects. I think I might have given that to this user before but I don't understand why it wouldn't show up?
|
|
#
?
Apr 30, 2015 18:08
|
|
|
Tab8715 posted:I'm setting up a Sharepoint farm but I'm getting stuck with this user that's a domain admin and needs permissions to create computer objects. In ADUC I'm selecting advanced, user properties, security, advanced. In the Permission Entry I'm selecting add, choosing the same user but there isn't an option for Create Computer Objects. I think you're looking for delegation not security. Right Click an OU (or the domain itself), choose Delegate Control and walk through the wizard.
|
|
#
?
Apr 30, 2015 18:10
|
|
|
Jeoh posted:What are the requirements? Just Server 2012 + Win 8 Enterprise right? Yeah, but the issue as I understand it is that enterprise is VLK only or something like that and thus harder to come by (yearly subscriptions or something like that?) for smaller companies, like us. It's been a while since I spoke with a Microsoft Licensing Specialist, the existence of which points to just how ridiculous Microsoft licensing is. If they just made it available in Pro then we'd be gold. As it is I don't even know what to do with the 80-odd laptops we've got floating around, right now it's a mess.
|
|
#
?
Apr 30, 2015 18:41
|
|
|
CLAM DOWN posted:Server 2012 R2, during a CIFS authentication session, why is tcp/80 being used in the middle of the series of tcp/445 packets? Anyone have any ideas? I'm completely stuck.
|
|
#
?
Apr 30, 2015 18:43
|
|
|
Potato Salad posted:" I guess in operation CommVault does a standard OS level file copy of these files within the same drive. In our case from J: to J:. (I'm not the backup guy so this is all secondhand). If I do a drag and drop in the GUI of these same files it's pretty fast for the big files, and then when it gets to all the tiny files the speed nosedives. " Yeah so it turns out the backup guy is a poo poo. This got dumped onto me from another guy who was going on leave, with the backing of managers, so I assumed due diligence had been done and that we were having an actual problem. Turns out we're running unreleased Commvault code in an experimental configuration. Nobody is doing this (whatever "this" is) on the scale we are. And the backup guy never told anybody this. He told me, I told my/our manager, manager asked him, backup guy said everything was fully supported to manager, then finally in a meeting we had yesterday the backup guy admitted to our manager and a director that this was unreleased code in an experimental configuration. So we all dropped the hammer on him and said "this is your problem reengineer your system." Also Commvault is doing this all single threaded which is why it's so incredibly slow. He was having a hard time understanding the problem with all the tiny files. "But the SAN was only showing 16 IOPS!" Yes you idiot, it's because of all the overhead in opening and closing a file. I straight up told him that I thought it was baffling that Commvault had engineered their product this way (tiny files, single thread) because it was guaranteed to perform poorly. So we're ordering a couple 1.2TB SSDs and mirroring them.
|
|
#
?
Apr 30, 2015 21:35
|
|
|
Sheep posted:Yeah, but the issue as I understand it is that enterprise is VLK only or something like that and thus harder to come by (yearly subscriptions or something like that?) for smaller companies, like us. It's been a while since I spoke with a Microsoft Licensing Specialist, the existence of which points to just how ridiculous Microsoft licensing is. Enterprise is volume-licensing only, but isn't quite how it used to be. Enterprise used to only be available with software assurance, but last year it was changed to be a separate license. Which is pretty great for people who don't update since it's less expensive to get those Enterprise features, but it's more expensive initially to get any of the Software Assurance features since Pro-only SA was discontinued.
|
|
#
?
Apr 30, 2015 23:21
|
|
|
CLAM DOWN posted:Anyone have any ideas? I'm completely stuck. I assume you're sniffing the traffic? If it's during the initial connection windows may be attempting a WebDAV connection first
|
|
#
?
Apr 30, 2015 23:31
|
|
|
|
| # ? May 30, 2024 23:20 |
|
|
theperminator posted:I assume you're sniffing the traffic? I am (I'm running tcpview, procmon, etc, as well), and that was my assumption at first too. But WebDAV isn't installed on the server, and the feature/component isn't on this workstation either. I tried fooling around with the network provider order too, no effect.
|
|
#
?
Apr 30, 2015 23:37
|
|