|
mewse posted:I'm not sure, you can get pro plus as OEM? Herp. License gal says no.
|
#
?
Aug 6, 2015 18:02
|
|
|
|
| # ? May 29, 2024 14:58 |
|
|
It looks like phone activation is an option when the old machine running proplus dies and you can't recover the key. https://social.technet.microsoft.com/Forums/en-US/25e780d5-720f-462f-8387-218d1f17d85c/how-to-transfer-office-2013-license-information Edit: Same licensing coworker is under the strong impression that ProPlus is available only under volume licensing. What's going on in your case specifically? If it is indeed proplus, the volume license key ought to work -- unless the customer didn't keep a copy on hand. Potato Salad fucked around with this message at 18:09 on Aug 6, 2015 |
|
#
?
Aug 6, 2015 18:05
|
|
|
There's a bug in R2 that causes applications to fail frequently in an OSD, which was fixed in one of the CUs. We weren't able to install the CU because ~reasons~ so for all the software that goes on every computer (browsers, java, flash, adobe, etc) the packager had to make both a package and application for each version. For deploying flash specifically, can you set it to run outside maintenance windows only when a user is logged out? Or is that just a package thing? In my last job when I was involved in deploying software that's what we settled on for quite a few of the "routine" pieces of software, especially the ones that were browser plugins. Also won't flash still install if a browser is open, and only require a reboot? I don't know it's been so long since I've packaged flash or even installed it manually myself. But gently caress, yeah, there's so many little things in SCCM where as a sysadmin I think it should work one way and a bunch of software engineers thought it should work another way and I have to wonder how they expect us to use the feature. Maybe it's a way that makes sense, but it has to be explained first...
|
|
#
?
Aug 6, 2015 18:06
|
|
|
Potato Salad posted:It looks like phone activation is an option when the old machine running proplus dies and you can't recover the key. We have volume licensing for our shop, but if we configured this laptop initially, we would have installed 2010. Our VL dashboard doesn't show keys for the organization this laptop came from, unfortunately. I don't know if the person who bought the 2013 license might have set up their own volume licensing.
|
|
#
?
Aug 6, 2015 18:13
|
|
|
Are you sure that's not ProPlus deployed through an Office 365 Enterprise license? Edit: Using shared computer activation. Where the license lives in the user profile? Thanks Ants fucked around with this message at 18:38 on Aug 6, 2015 |
|
#
?
Aug 6, 2015 18:35
|
|
|
FISHMANPET posted:There's a bug in R2 that causes applications to fail frequently in an OSD, which was fixed in one of the CUs. We weren't able to install the CU because ~reasons~ so for all the software that goes on every computer (browsers, java, flash, adobe, etc) the packager had to make both a package and application for each version. Modern osd + software deployment is secretly my endgame for getting everything up to date. Goal is for Win10 to be our first deployment in a year or two.
|
|
#
?
Aug 6, 2015 18:41
|
|
|
CLAM DOWN posted:As this is the enterprise thread so we're talking enterprise and corporate environments, the reasons why you should not deploy a 1 week old OS to an enterprise are: I installed it on my own machine, I didn't roll it out to the company, I didn't say I wanted to roll it out ........ and I didn't have the intentions to rolling it out to the company anytime soon. I installed it to try it out. I don't see the big deal. lol internet. fucked around with this message at 19:42 on Aug 6, 2015 |
|
#
?
Aug 6, 2015 19:38
|
|
|
Thanks Ants posted:Are you sure that's not ProPlus deployed through an Office 365 Enterprise license? The org it came from doesn't have O365 enterprise. Maybe shared computer activation? I formatted the drive so any info in the user profile is gonzo
|
|
#
?
Aug 6, 2015 19:46
|
|
|
lol internet. posted:I installed it on my own machine, I didn't roll it out to the company, I didn't say I wanted to roll it out ........ and I didn't have the intentions to rolling it out to the company anytime soon. You didn't specify that, and this is the enterprise thread so my assumption was fair. Enjoy trying it out then I guess.
|
|
#
?
Aug 6, 2015 19:56
|
|
|
I don't see why I would of had to, all I asked was if RSAT worked on Windows 10 which would of made no sense to install it on end users machines.
|
|
#
?
Aug 6, 2015 20:02
|
|
|
FISHMANPET posted:
When creating an Application you can set the "User Experience" > "Logon requirement" to "Only when no user is logged on". Since Flash updates are an MSI file, the Application wizard will automatically created the package with the correct switches and detection method. Its how I've been deploying all of these zero day patches the past few weeks. Last time I deployed it, the Flash plugin and ActiveX versions did not require a reboot but the Windows Update version for Windows 8.1 did.
|
|
#
?
Aug 6, 2015 20:21
|
|
|
FISHMANPET posted:But gently caress, yeah, there's so many little things in SCCM where as a sysadmin I think it should work one way and a bunch of software engineers thought it should work another way and I have to wonder how they expect us to use the feature. Maybe it's a way that makes sense, but it has to be explained first... This is why I'm transitioning out of SCCM administration. It's just so completely frustrating to work with. I feel like %90 of time is spent researching some crazy weird error or problem and it ends up being an issue because of some old never heard of feature or rule.
|
|
#
?
Aug 6, 2015 21:15
|
|
|
Potato Salad posted:Edit: Same licensing coworker is under the strong impression that ProPlus is available only under volume licensing. What's going on in your case specifically? If it is indeed proplus, the volume license key ought to work -- unless the customer didn't keep a copy on hand. ProPlus is Volume License, Professional is OEM for 2013. If it's 2013, no key finder will work as far as I know. Hunt down your Microsoft rep and have them run a license report on the business, they will find it. I could write an effort post on how I've attempted to manage Office licensing for various small sized businesses but oh god it's so awful I think I'll spare y'all the pain.
|
|
#
?
Aug 7, 2015 00:18
|
|
|
Well aside from how loving screwy 2013 licensing is, I made some phone calls and found out that it was likely pirated so that was great
|
|
#
?
Aug 7, 2015 00:31
|
|
|
Potato Salad posted:OEM license? What I do for things like this is create a global condition and use powershell with get-process to search for the app process that will block my install and then do a true / false return. In the application just add that custom condition as a requirement and have it only fire if it returns whatever condition means that process isn't running. Requirements get checked before anything else happens with the app so odds are fairly low that you'll blow anything up. I do that exact process for our flash, reader, outlook add-ins, etc installs and it works well aside from being a little slow to deploy to those people that never shut down their applications. Otherwise yeah you're stuck with doing the install when no account is logged in or interacting with the user session to close the blocking process.
|
|
#
?
Aug 7, 2015 02:07
|
|
|
Ok, so the AD RAP for my client is done and it was great. The PFE liked to talk, I'm a nerdy dude and enjoy yaking about IT (as this thread will attest) but this guy just wouldn't shut up at times. I was pretty funny actually.. so the very senior manager from the client who was liaising with us on this is a very strong woman. Very strong, her LinkedIn is a who's who of the big end of Aussie businesses and she's an ex storage engineer so she prides herself on also being technical. It's generally known not to gently caress around with this woman, if she asks you something you answer directly and professionally and keep your opinions beyond that to yourself. So anyway, the survey was such a disaster for this client.. I had to answer so many of the big questions like 'Do you have DR?' with negative responses that I got a little worried that I didn't have the whole picture. So I rang this manager and asked her to come in and go through the survey with me and the PFE, to make sure the recommendations we'd end up making weren't totally off base. So she comes in and sits down in the room I've prepared, the first thing she says is 'ok guys, I'm time restricted. Let's get on with it'. Now.. this translates to 'don't waste my time with menial poo poo, I've carved an hour out of a crazy schedule for you.. don't make me regret it'. This bloody PFE starts just unloading the full technical background and Microsoft history behind the first alert item. The manager turns to me and gives me an eyebrow raised look, an alarm goes off in my head and I gently suggest that we understand this and lets move on. The next 30 mins is almost comical as the PFE starts crapping on, I'm cutting him off where I can and summarizing what he's saying (but I can't everywhere, he knows more about AD than I do) and I can just see this manager getting increasingly pissed. In the end, I managed to pretty much take control and get what we needed in the shortest amount of time possible. After she'd gone I said to the PFE 'That was good, but let me advise you.. if you start talking about informationals in the final meeting on Wednesday.. it will not end well for you'. We became good mates through the engagement and laughed about it when it left, not a single informational in the final report! I also got a few great takeaways from the engagement which I'll write a post about a bit later. He referred to the internal MS network quite a bit and told me a number of details of how they do this inhouse, which is always cool because how MS runs their own AD is pretty drat interesting.
|
|
#
?
Aug 7, 2015 02:28
|
|
|
I need to allow 2 remote office managers the right to unlock and reset passwords for users since they're in Europe and I sleep like a rock (no matter how loud I set my alerts I sleep right through them). I remember a while back there's a way to set up a MMC snap in that automatically goes to the proper OU and save it as a standalone file. Does anyone know what I'm talking about here? My google skills arent showing anything. Sorry If I'm being vague here. E: nevermind, found it, it's Taskpad. Matt Zerella fucked around with this message at 15:11 on Aug 7, 2015 |
|
#
?
Aug 7, 2015 15:08
|
|
|
Taskpad is just a limited view of ADUC, you'll still need to makes sure permissions are correct so they can only change passwords on the appropriate users and nothing else.
|
|
#
?
Aug 7, 2015 15:23
|
|
|
FISHMANPET posted:Taskpad is just a limited view of ADUC, you'll still need to makes sure permissions are correct so they can only change passwords on the appropriate users and nothing else. Yep, just did that. Now the question is, do I need to install RSAT on the target machines. I think I do?
|
|
#
?
Aug 7, 2015 15:28
|
|
|
Yup, you'll need RSAT as well.
|
|
#
?
Aug 7, 2015 15:30
|
|
|
FISHMANPET posted:Yup, you'll need RSAT as well. Annnd it's already on their machines because I set this up a year ago and they ignored my initial email asking them when a good time to train them on it is. Ah, this is the life.
|
|
#
?
Aug 7, 2015 15:31
|
|
|
http://software.dell.com/products/password-manager/
|
|
#
?
Aug 8, 2015 05:08
|
|
|
What's everyone's take on the pin number thing for unlocking Windows 10 machines? Allegedly it is supposed to be as secure as a password because it can only be used on the specific device instead of from anything. One of the guys that I cloud joined to Azure AD forgot his 4 digit pin like 5 minutes after he entered it. The good news is he could still use his email/password to log into the PC so I didn't have to drop what I was doing and reset him. I mean, it's an interesting shift from Microsoft, but then again a an Exchange-joined smartphone is a bit more likely to be lost/stolen and pin numbers have satisfied most MDM policies so far.
|
|
#
?
Aug 8, 2015 17:41
|
|
|
What's up guys, I'm just sitting here, watching SCCM upgrade. Fun fact, the CMTrace tool highlights lines on red if they have words like "error" or "failure" in them instead of doing something smarter (which probalby isn't neccesary). I'm guessing SCCM itself takes this design into account when generating files (or the CMTrace tool was designed around SCCM) but it's fun to watch the upgrade log in CMTrace because lines like these show up as red despite not actually being an error:quote:INFO: SQL Server script: Create object v_wolcommunicationerrorstatus quote:INFO: Drop SqlObjs Round: 0 end, success: 52, Failed: 0
|
|
#
?
Aug 8, 2015 18:28
|
|
|
FISHMANPET posted:What's up guys, I'm just sitting here, watching SCCM upgrade. Fun fact, the CMTrace tool highlights lines on red if they have words like "error" or "failure" in them instead of doing something smarter (which probalby isn't neccesary). I'm guessing SCCM itself takes this design into account when generating files (or the CMTrace tool was designed around SCCM) but it's fun to watch the upgrade log in CMTrace because lines like these show up as red despite not actually being an error: I had fun watching quote:Stopping SQL services quote:SQL services successfully stopped quote:ERROR CANT CONTACT SQL SERVER
|
|
#
?
Aug 8, 2015 18:53
|
|
|
BangersInMyKnickers posted:Mostly you're running the risk of the server being rooted and used as a springboard in to the rest of the network. Assuming its in the dmz and the other systems in there are also running a software firewall with a good config then propagation shouldn't be too easy. You could install something to try to trick an admin to give up their credentials and then go wild on the network. If I compromised a 2003 webserver in the dmz, first thing I would do it dump the SAM database and run it through OPHcrack to get the pass to the local admin account off the old LM hashes that are probably still there and then assuming that user/pass is used on a bunch of systems try hopping around from there. Hmmm... So you're saying these public facing web servers should be in a DMZ.... interesting
|
|
#
?
Aug 9, 2015 03:28
|
|
|
Potato Salad posted:Everything I'm reading about application vs package deployment points to application catalog deployments lacking the ability to start installation upon winlogon -- as is possible in gpo or sccm package deployment. Being somewhat new to the sccm 2012 scene, I'm left scratching my head a little regarding precisely why. Packages and applications both would install at the same time in my experience. The difference is that Packages are 2007 style, and are better for OS deployment, as they are much simpler and more reliable. Applications are dynamic, and are better for deploying to multiple OSes/languages/architectures, and you can do versioning/updates/prerequisites. It's better to deploy Applications to PCs that are already running the client. And they have detection rules. Packages could just run without any regard to whether the software is already on the PC. The SCCM client does things on its own schedule. It will pull the user policy sometime after winlogin, and it will pull the machine policy sometime after the PC has finished booting. I push very few Packages outside OSD, but I don't see how they would install right away. The client has to get a policy on its own schedule before it knows what to do. It's not like GP, where the OS is designed to pull the policy the fist chance it gets. So if you hypothetically needed apps to install immediately after the PC talks to AD, or immediately when the user logs in, then you might have to use GP. FISHMANPET posted:There's a bug in R2 that causes applications to fail frequently in an OSD, which was fixed in one of the CUs. We weren't able to install the CU because ~reasons~ so for all the software that goes on every computer (browsers, java, flash, adobe, etc) the packager had to make both a package and application for each version. Right, this has been "best practice" ever since 2012 RTM and I don't expect it to change; in spite of various promises.
|
|
#
?
Aug 9, 2015 21:44
|
|
|
To run updates on a Server 2012R2 Core installation, I'm calling a VB script in c:\windows\system32\en_US\sconfig.vbs with sconfig Sconfig works great from the built-in shell (running cmd or PS), or from remote desktop, but it fails in a remote powershell session. Anyone have any ideas why?  Here's the full script on Pastebin: http://pastebin.com/vinw2kWM I'm getting two errors- Before any output: pre:"sconfig : ERROR: The system was unable to find the specified registry key or value.
+ CategoryInfo : NotSpecified: (ERROR: The syst...y key or value.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError"pre:"C:\Windows\System32\en-US\sconfig.vbs(326, 1) Microsoft VBScript runtime error: Input past end of file" pre:OptionSelection = Wscript.StdIn.ReadLine Any ideas? No experience with VB but I thought that the problem might be the use of (Shell).StdIn.Readline instead of something like Read-Host. It works using Powershell locally but not via Enter-PSSession. e: It seems like the recommended workaround to run remote updates in 2012R2 Core is a new module called PSWindowsUpdate. Updating is the only thing in sconfig that I would do often anyway so it's probably preferable to hacking up a language I don't understand. Thanks for looking. Roargasm fucked around with this message at 17:51 on Aug 10, 2015 |
|
#
?
Aug 10, 2015 17:25
|
|
|
Anyone have any recommendations for a high-security, free VNC that I can use to remote into PCs on a LAN on Windows 10? On Windows XP I used to use the Shadow command. I was looking at TightVNC, but I was reading that any user can nab the TightVNC password DEC-encrypted hash from the registry, run it in a website, and get the cleartext password from it. We have a couple pranksters here that have taken control of other people's laptops on occasion and even though some people have local admin rights I'd still rather not have them thinking they can extend that to the PCs of others. Edit: Nevermind, I'm jetlagged and forgot that normal Windows RDP works perfectly fine for provisioning laptops remotely, and Skype for Business will let me share a session for supporting users. Zero VGS fucked around with this message at 15:41 on Aug 11, 2015 |
|
#
?
Aug 11, 2015 14:22
|
|
|
It's Patch Tuesday which means it's time to start drinking: https://technet.microsoft.com/library/security/MS15-080quote:This security update resolves vulnerabilities in Microsoft Windows, Microsoft .NET Framework, Microsoft Office, Microsoft Lync, and Microsoft Silverlight. The most severe of the vulnerabilities could allow remote code execution if a user opens a specially crafted document or visits an untrusted webpage that contains embedded TrueType or OpenType fonts.
|
|
#
?
Aug 11, 2015 18:51
|
|
|
Number19 posted:It's Patch Tuesday which means it's time to start drinking: https://technet.microsoft.com/library/security/MS15-080 Speaking of patching, is there a good solution that you folks advise for managing patches on remote computers? For in house stuff, WSUS fits my needs, but we have a ton of laptops floating around that do not connect back to our network too often.
|
|
#
?
Aug 11, 2015 18:57
|
|
|
Number19 posted:It's Patch Tuesday which means it's time to start drinking: https://technet.microsoft.com/library/security/MS15-080 I hate my life
|
|
#
?
Aug 11, 2015 18:57
|
|
|
CLAM DOWN posted:I hate my life At least there's no known exploits but I suppose that doesn't mean much in this day and age.
|
|
#
?
Aug 11, 2015 19:02
|
|
|
Moey posted:Speaking of patching, is there a good solution that you folks advise for managing patches on remote computers? For in house stuff, WSUS fits my needs, but we have a ton of laptops floating around that do not connect back to our network too often. something like solarwinds n-able
|
|
#
?
Aug 11, 2015 19:03
|
|
|
So I'm sure like one other person in the world cares about this, but if you make an AppV package out of the SCCM 2012 R2 SP1 CU1 console and AppV 5 SP3, make sure you turn on PVAD or else the console will be broken in weird ways.
|
|
#
?
Aug 11, 2015 19:06
|
|
|
Number19 posted:At least there's no known exploits but I suppose that doesn't mean much in this day and age. MS15-081 (Office) and MS15-085 (Windows USB vuln) are under active attack according to Dustin Childs who I completely trust on this stuff 
|
|
#
?
Aug 11, 2015 19:26
|
|
|
CLAM DOWN posted:MS15-081 (Office) and MS15-085 (Windows USB vuln) are under active attack according to Dustin Childs who I completely trust on this stuff I'm shoving all the criticals out the door today. I guess I'll toss in 085 as well for good measure.
|
|
#
?
Aug 11, 2015 19:28
|
|
|
NevergirlsOFFICIAL posted:something like solarwinds n-able Thanks. I'll look into it!
|
|
#
?
Aug 11, 2015 19:28
|
|
|
Moey posted:Speaking of patching, is there a good solution that you folks advise for managing patches on remote computers? For in house stuff, WSUS fits my needs, but we have a ton of laptops floating around that do not connect back to our network too often. SCCM with Internet Based Client Management with bonus features for everything else internal and external. or... Intune i guess? for MS solutions.
|
|
#
?
Aug 11, 2015 20:06
|
|
|
|
| # ? May 29, 2024 14:58 |
|
|
Any directory synchronization experts about? I have a bunch of objects that are stuck in the AD Filtered Connectors without flow updates but I have no idea why or what the gently caress that means? The objects don't have any invalid or missing required attributes, correct OUs are selected and other similar objects synchronize correctly.
|
|
#
?
Aug 12, 2015 00:38
|
|
