|
I was thinking of a GUI browser Yeah in powershell from the commandline it's just like test-path "HKLM:software\microsoft\currentversion\odbc" And whatever We have some legacy app that has to interact with the desktop for some goddamned reason and apparently I was nominated by our software vendor to be their unpaid QA engineer for their installers (and they refuse to support anything besides WS2003, even after July 15th - and we jumped ship from 2003 long ago so welp) so I end up on the machines a lot poking around the registry Then this cranky old lady comes around and complains I don't always close the registry and something might get changed So like, yeah I just want to connect to a remote hive, if the registy can do that, fantastic, but there's got to be something better than regedit. Tabbed view GUI or whatever would be neat.
|
# ? Sep 24, 2015 05:02 |
|
|
# ? May 30, 2024 14:10 |
|
babies havin rabies posted:I haven't been able to find anything that consistently appears in the event logs. One laptop was generating errors regarding one GP object, but this was the one that I removed from that and all other GPOs and it was still affected. What about he "always wait for the network at startup" GPO option? You can try turning that on and see what happens. I guess also make sure the wifi subnet is defined in AD Sites and Services, but I really don't see why that would make a difference with DCs only at the main office. It's not like it's trying to route to a remote DC over WLAN or something weird you might see at a place with multiple sites.
|
# ? Sep 24, 2015 05:41 |
|
What is different between the WiFi and Ethernet networks? What is the firewall/VPN device you're using? ASAs? What is different between the conversation a client has with a DC on Ethernet and when on WiFi? Try to think of every single difference, regardless of how inconsequential you might think it is. Post back with results. Regedit connects to remote hives. It's an advanced GUI application. If you don't want to use it because it doesn't have tabs or something, then you can go and look at 3rd party solutions. But what you're asking for is a native feature of Windows. edit: oh hi thread I've been busy, but I'm back. Lets do some IT
|
# ? Sep 24, 2015 07:58 |
|
JBark posted:What about he "always wait for the network at startup" GPO option? You can try turning that on and see what happens. I think I've tried that GPO option already, but I'll have to check the ticket to be sure at this point. Tony Montana posted:What is different between the WiFi and Ethernet networks? What is the firewall/VPN device you're using? ASAs? What is different between the conversation a client has with a DC on Ethernet and when on WiFi? Try to think of every single difference, regardless of how inconsequential you might think it is. Post back with results. Actually, the problem stopped. In fact, it stopped at roughly 10pm last night. After I finished a movie I rebooted some PCs from home to see if the behavior was different off-hours, and everything was fine. Then, everything was fine today. On all sites/subnets. I didn't change anything, either. I'm on vacation all next week. Read-only mode. https://www.youtube.com/watch?v=OHQh-xtWcAw babies havin rabies fucked around with this message at 22:49 on Sep 24, 2015 |
# ? Sep 24, 2015 22:02 |
|
Curious, what's everyone experience with modifying intra/inter AD Replication timing? I've asked a few a people and the overwhelming response I've got is " that will use a lot of bandwidth!" and I've replied well how much exactly? The kicker is no one is able to give me specifics and I'm really pushing towards just putting down 5 minutes for everything because it seems like a good number and there's nothing bandwidth intensive using our intra-site links. Thoughts?
|
# ? Sep 30, 2015 05:40 |
|
Tab8715 posted:Curious, what's everyone experience with modifying intra/inter AD Replication timing? lowest replication can go is 15 minutes though, unless we're talking about different stuff. We have 5000+ devices in our environment and have no issues, we have 5 different sites defined as well.
|
# ? Sep 30, 2015 23:55 |
|
When applying GPO on a Site basis (properly defined) does it only apply computer based GPOs or will it also do user ones? I'm trying to change how we deploy printers based on what one of our offices you log into from.
|
# ? Oct 1, 2015 18:29 |
|
LmaoTheKid posted:When applying GPO on a Site basis (properly defined) does it only apply computer based GPOs or will it also do user ones? Hey vape buddy. You can deploy printers either way. I have some that we deploy to "domain computers", don't that apply only to users on a specific user group, a couple that apply to specific users, and one or two that deploy to computers in a specific OU (you could do this one for a site is imagine). It's all determined by what you set when you click the " deploy this printer with group policy " thing in server manager.
|
# ? Oct 1, 2015 19:33 |
|
I think the general rule of thumb for printer gpo's is to make them computer config changes instead of users configs whenever possible. That way you dont have as long of login time for users when starting up.
|
# ? Oct 1, 2015 19:44 |
|
Gerdalti posted:Hey vape buddy. You can deploy printers either way. I have some that we deploy to "domain computers", don't that apply only to users on a specific user group, a couple that apply to specific users, and one or two that deploy to computers in a specific OU (you could do this one for a site is imagine). BaseballPCHiker posted:I think the general rule of thumb for printer gpo's is to make them computer config changes instead of users configs whenever possible. That way you dont have as long of login time for users when starting up. Thanks guys, got the GPOs all set up to deploy to computers, not users and all through the "Sites" section. Our travelers are going to be really happy and I just eliminated the "how do I get the printer here" email I get every month.
|
# ? Oct 1, 2015 19:54 |
|
Someone tell me I'm wrong, if you soft-delete a user in Office 365 it also removes their mailbox permanently?
Gucci Loafers fucked around with this message at 16:20 on Oct 5, 2015 |
# ? Oct 5, 2015 16:10 |
|
I had my RAP consult last Friday with the PFE. He certainly knew a lot of stuff, but it was really the kind of stuff that I should be able to find in documentation, and not rely on a PFE for. Part of the analysis was just a whole list of error status codes that occurred with some unknown frequency. The RAP dashboard includes some information about what each specifically means, but there's no central documentaiton on what they all mean, or maybe which ones I should be looking out for in the future. Also, the reasoning for their importance seemed kind of circular to me. The fact that we were approaching these errors from an error code perspective rather than, for example, from the angle of failed deployments made it seem like we were error hunting for error hunting sake rather than error hunting to solve problems. As we went through them, we went too quickly to learn anything about any particular error. It was pretty much just "run this query to see all the errors" and then "ok onto the next one." I even asked him what the point of all this error code hunting was, since most (all?) of these errors were errors that would manifest themselves when someone tried to do something. I don't need a report of every time an application install failed on any client, the person making and/or deploying that application would care, and they can already get that information via the console. And when I brought that up the PFE and our TAM talked about getting other people access to the RAP dashboard which seemed to kind of miss the point. I guess there was just a lot more emphasis on detecting transient problems with applications and deployments and the like, rather than systemic issues with the configuration of the environment. I also would have liked some WMI/Powershell/TSQL/Whatever queries I could easily run to find <item with bad quality X> instead of hoping the report includes that information It seemed like a lot of this process existed to make us want to continue paying money to participate in this process. I guess I can't blame Microsoft for wanting to make money. But there is some good stuff in the report about misconfigurations on site systems so that at least gives me something to dig into.
|
# ? Oct 5, 2015 16:35 |
|
Tab8715 posted:Someone tell me I'm wrong, if you soft-delete a user in Office 365 it also removes their mailbox permanently? You can restore the user from the deleted users list in the portal. It brings the mailbox contents back.
|
# ? Oct 5, 2015 16:43 |
|
So I want to bounce an idea off people smarter than me to see if this would work. I'm at a school division, we have most of our services hosted in our office server room, but we have small NAS boxes hosting SMB shares at all the schools for their file access. They're way end of life and are probably going to start dropping soon. All of our sites are connected with at least a 25Mb WAN, with a bigger pipe at our office. I want to replace the lovely NAS boxes with a better solution, so my plan was to have: A big DFS file server at our main office, and eventually also at a secondary server room to host all the files/shares. Every school will have a small windows server running BranchCache for, well, caching purposes. Does this seem workable? Should there be anything else I'm looking at? Any other ideas? Any concerns that might pop up? Thanks,
|
# ? Oct 6, 2015 17:53 |
|
You have any specifics about the nature of the shares? How much data at each site? Total? How often does it change? How frequently does it get accessed? What you have should be workable with your WAN link, but not ideal. What about a main DFSR box at main office and site specific folders replicated to site servers instead of relying on branch cache?
|
# ? Oct 6, 2015 19:32 |
|
Each site has roughly 1-2TB, mostly on the low end, but teachers are huge packrats and many have stuff sitting there untouched since 2002 or so. This is my reasoning behind just caching what's used, because I imagine 90% of their files aren't touched year to year. I'm sitting on roughly 10TB of data altogether. It ranges from word/powerpoint/document files, to large multimedia files. Checking through my bigger sites, our current file server claims there are around 100 files open right now, which is probably pretty typical average usage. Most of them look like read accesses that won't require much of a write, if any. The R/W files are generally office formats. It'll spike of course when students get into the labs and are all working on documents, but they'll be pretty lightweight in general. Another important thing I forgot to mention - only the office has an ISP connection, so each site's WAN link carries much more traffic than just this. I'd have to be wary of any sort of extra replication traffic using those connections as I'd want to minimize what's going through them during the day. Site specific replication seems like it would work. I think I was leaning on minimizing hard drive space required, but that's a pretty trivial cost next to the cost of the server hardware even. I'm not sure it's as flexible as to be ideal, since we have a decent number of staff members that work from multiple sites and so would be accessing files from a distant file server. However, this isn't worse than the current situation so it's likely not a problem.
|
# ? Oct 6, 2015 20:37 |
|
As long as it's not PST files or Access databases or something like that, I don't see why it wouldn't work. Again, it really depends on your rate of change and I suppose if you are sharing Internet, the bandwidth usage on that. Also not knowing how many users you have on those 25 Mb/s pipes, it is hard to make a recommendation. For me, I would spring for a DFS copy in each location, or at least in each location that the data is accessed. Storage is so cheap these days, 10 TB is nothing. Maybe each branch does not need the same data, only the branch and the HQ. I would also look at why you have to have internet traffic coming back to the main office. If it's for web filtering I would find another solution. If it is because those are dedicated point-to-point connections I would question the reason for not having them be internet connections and doing a VPN back.
|
# ? Oct 7, 2015 04:26 |
|
Orcs and Ostriches posted:Another important thing I forgot to mention - only the office has an ISP connection, so each site's WAN link carries much more traffic than just this. I'd have to be wary of any sort of extra replication traffic using those connections as I'd want to minimize what's going through them during the day. What? How do you do site-site VPNs without an ISP connection.
|
# ? Oct 7, 2015 05:04 |
|
Methanar posted:What? Sounds like he has point to point WAN connections, not VPNs.
|
# ? Oct 7, 2015 05:11 |
|
Like an MPLS.
|
# ? Oct 7, 2015 13:14 |
|
Methanar posted:What? Most K-12 schools / hospitals / libraries, etc. in Alberta are connected together with a fibre network run by the government. Each site has a VPN connection back to our office connected to the same network. Outside of a few government hosted services, no outside network access is provided through it. It's also all funded by the government at the level of service we have, and free is good when working in education and our perpetually slashing budgets. Internet Explorer posted:As long as it's not PST files or Access databases or something like that, I don't see why it wouldn't work. Again, it really depends on your rate of change and I suppose if you are sharing Internet, the bandwidth usage on that. Also not knowing how many users you have on those 25 Mb/s pipes, it is hard to make a recommendation. For me, I would spring for a DFS copy in each location, or at least in each location that the data is accessed. Storage is so cheap these days, 10 TB is nothing. Maybe each branch does not need the same data, only the branch and the HQ. I would also look at why you have to have internet traffic coming back to the main office. If it's for web filtering I would find another solution. If it is because those are dedicated point-to-point connections I would question the reason for not having them be internet connections and doing a VPN back. I don't think a full replica at each site will fly. There's fairly little data that needs to be shared between sites, aside from the few users that bounce site to site. Site based replication seems to be the best compromise so far. And yeah, 10TB worth of hard drives are cheap, but a quarter million to put NetApps at each school to hold those drives, and the idea's not going to work. Sharing replication data and Internet traffic (as well as other internal traffic like network services and internally hosted services) shouldn't be a problem at most sites. Only a couple places are running into bandwidth problems now, so the bit of replication traffic added to their pipes shouldn't have a major effect, especially if they're only replicating or caching files their site needs.
|
# ? Oct 7, 2015 16:03 |
|
How much bigger is the bigger pipe at the office? What is your budget for liquor for the first day when nothing is cached?
|
# ? Oct 7, 2015 16:36 |
|
thebigcow posted:How much bigger is the bigger pipe at the office? What is your budget for liquor for the first day when nothing is cached? We have about 70/70 at the head office. And it's not going to be a one-night roll-over, so my liquor consumption will be unchanged.
|
# ? Oct 7, 2015 16:44 |
|
Are people still generally using folder redirection & roaming profiles? We're starting to bump across more and more apps that having issues with redirected app data folders (despite the fact that we've been doing it forever and as far as I was aware it was a pretty common thing). If you moved away, how was the transition? It's been nice not having to worry at all about anything that lives on anyones desktop/laptop.
|
# ? Oct 7, 2015 19:24 |
|
App Data was always the one thing I didn't redirect, I let that roam. It usually wouldn't get very big, so it wasn't a huge problem, and programs get mad when more than one instance is accessing the same data at once.
|
# ? Oct 7, 2015 19:27 |
|
Orcs and Ostriches posted:Most K-12 schools / hospitals / libraries, etc. in Alberta are connected together with a fibre network run by the government. Each site has a VPN connection back to our office connected to the same network. Outside of a few government hosted services, no outside network access is provided through it. It's also all funded by the government at the level of service we have, and free is good when working in education and our perpetually slashing budgets. Then like I said, for data only needed at a branch do just that branch and the HQ. Maneki Neko posted:Are people still generally using folder redirection & roaming profiles? We're starting to bump across more and more apps that having issues with redirected app data folders (despite the fact that we've been doing it forever and as far as I was aware it was a pretty common thing). I never redirect appdata either, too many problems with apps and that folder is normally more talkative than most, so a roam lightens that a bit. It really depends on your situation, but assuming you were redirecting appdata and are moving to roaming, you shouldn't have too many problems. Are you using non-persistent desktops? If so, then it will download each time and I would do a quick inventory to make sure no one has huge appdata folders. If not then it's just the first time they log into a machine and shouldn't be too bad unless users move around frequently.
|
# ? Oct 7, 2015 19:40 |
|
Maneki Neko posted:Are people still generally using folder redirection & roaming profiles? We're starting to bump across more and more apps that having issues with redirected app data folders (despite the fact that we've been doing it forever and as far as I was aware it was a pretty common thing). We just redirect Desktop and Documents. Music, Videos, Pictures follow the Documents redirection. At that, we don't worry about anything anyone saves onto their local storage. If it does, they're SOL.
|
# ? Oct 7, 2015 19:55 |
|
I think I did everything but AppData and MyGames. AppData was recomended by the long archived "how to make your roaming profiles not suck thread." MyGames because who the hell needs games data, and it was useful from a deskside support angle to always have a folder that the logged on user had access to but was local to the machine so that local admin could work with it.
|
# ? Oct 7, 2015 20:09 |
|
FISHMANPET posted:I think I did everything but AppData and MyGames. AppData was recomended by the long archived "how to make your roaming profiles not suck thread." MyGames because who the hell needs games data, and it was useful from a deskside support angle to always have a folder that the logged on user had access to but was local to the machine so that local admin could work with it. You are the reason I lost my minesweeper highscores!
|
# ? Oct 7, 2015 22:47 |
|
For whatever reason (maybe it's the default in Enterprise media) the "Games" feature wasn't enabled in our install image. There were actually a few people that very sheepishly asked if they could get solitaire installed on their computers for when they're on their breaks. My boss actually asked me to enable it on all new machine installs. I certainly didn't care if Solitare was installed, nor did my manager. Sadly I never did actually make that the default on all new machines, but the people that did ask got the explanation that it wasn't a choice, just a default that we'd left alone, and then I happily installed the feature on their machines.
|
# ? Oct 7, 2015 22:53 |
|
From what I remember, it's an Enterprise default to not include it.
|
# ? Oct 7, 2015 22:55 |
|
Maneki Neko posted:Are people still generally using folder redirection & roaming profiles? We're starting to bump across more and more apps that having issues with redirected app data folders (despite the fact that we've been doing it forever and as far as I was aware it was a pretty common thing). As everyone said, AppData can gently caress up a lot of things, it was redirected at one of my previous places and it would do all sorts of crazy poo poo, such as if someone was logged into two computers at once, Firefox would refuse to open on the second computer because it was "already in use", among other anomalies. Pro-tip, if you have Office 365, each licensed used gets 1tb of OneDrive storage. Assuming none of your individuals hard drives are larger than 1tb, what you can do is install OneDrive for Biz, reboot, go into the user profile folder, highlight "Desktop, Documents, Pictures, Videos" etc, except AppData, then drag them all into the OneDrive for Business folder. Now every file the user has is automatically backed up the moment is it created or rewritten, and they can look up the complete version history on the O365 portal. I have 500+ users set up this way and it's great. Word/Excel/Powerpoint save their files to OneDrive for Biz by default, but this covers absolutely everything doc on their PC, with the sole exceptions of Outlook Signatures and Sticky Notes which Microsoft stupidly buries in App Data. Plus, if you ever have to reimage their PC or give them a new one, just reinstall OneDrive for Biz, repeat the folder drags, and poof the Desktop is back. It's like a ghetto redirection. Sharepoint which OneDrive for Biz runs on can sometimes have weird sync issues but I'll take it to being responsible for a file server any day.
|
# ? Oct 8, 2015 00:26 |
|
Tab8715 posted:Curious, what's everyone experience with modifying intra/inter AD Replication timing? ok sorry, been busy. 15 mins is the minimum inter-site replication interval, while intra-site is 'pull' meaning DC will flag they've got a change and it's replication partners will pull it pretty much immediately. Inter-site is compressed, reducing WAN link traffic but increasing CPU cycles while intra-site is not.. obviously your LAN links are bigger than your WAN so that's why this makes sense. As for the volume of bandwidth used.. anyone saying OMG BANDWIDTH is someone that can be safely ignored for this and probably anything else technical. As I said, the inter-site communication is compressed and unless you're taking about a directory of hundreds of thousands of users with a follow-the-sun helpdesk making huge changes constantly.. it's just not an issue. Think about what we're actually talking about here, Active Directory is a database. A highly optimized database in a text format, highly compressed traversing over custom built communications channels. What is far more bandwidth intensive is some shitlord putting some media file in SYSVOL because 'hey it replicates to every site! why use dropbox?!' and using AD replication to copy poo poo that it was never designed for. Your group policies, the scripts, the ADM files.. everything else that lives in SYSVOL is tiny and again is compressed and these kinds of data respond very well to compression. What doesn't respond so well is a pile of image files marketing want on all sites for the corporate background or whatever. Put one in there, fine, the current one and distribute it via GPO.. but clean out the old ones. Do not give access to non-technical people to dump whatever they like in there. This is the doco to read and get familiar with. 15 mins is usual in actual real networks. Modern WAN links handle this just fine and that's for some big corporations I've worked. edit: oh god no, not roaming profiles. Just redirect OS features via GPO like people have mentioned. Issue users with business grade laptops (which means it has a docking station and a port, that's why a MacBook whatever is not business grade) and they just take their PC wherever they go. Dual monitors and nice mouse and kb at work, pick up lappie and take it into a meeting or take it home (to perhaps another docking setup). That's how HP did it internally, gently caress trying to make Windows happy between installations. Does new Windows (8 or 10) fix this with the signing in thing and storing your profile or part of it in the cloud? Perhaps.. I'd bet on something not working right though. Tony Montana fucked around with this message at 07:13 on Oct 8, 2015 |
# ? Oct 8, 2015 07:09 |
|
What do you have against Roaming Profiles in TYOOL2015?
|
# ? Oct 8, 2015 14:34 |
|
Give me an example of your implementation of roaming profiles. I've never seen it work right, and I've seen a lot of troubleshooting lost on it. The wiki page has a list of common dramas, and there are plenty more than what is listed there. VDI is the more modern approach, but even then.. Windows is a client rich architecture. It was a conscious decision in the creation of the OS, there was a point where they thought shall we just say gently caress it and make IE the OS and write all the apps in Java and then it runs on anything, anywhere. Things like 365 are coming full circle now, with the power of HTML5 and modern computers being able to churn complex webcode.. but Windows will offer a richness (which means resources, libraries, things developers can use to make fast and slick applications) that webapps can't. So when you're virtualising the desktop, can't we just do whatever you're going to do in a webapp with cloud storage anyway? As for 'worrying about what is on people's desktops'.. that's why you redirect and have professional staff.. which is usually what enterprise means. We just dont give a poo poo about what's on someone's desktop.. it's part of their job to keep their work in a safe place. If they lose data because they're dumb, we just articulate all the nice infrastructure and policies and documentation in place for not dumb people and then it's just not our problem anymore. Don't get caught worrying about what every user might do with their work - your job is just to provide them the means to work properly and if they set it all on fire that's not your fault. Tony Montana fucked around with this message at 14:58 on Oct 8, 2015 |
# ? Oct 8, 2015 14:53 |
|
Tony Montana posted:VDI is the more modern approach, but even then.. Windows is a client rich architecture. It was a conscious decision in the creation of the OS, there was a point where they thought shall we just say gently caress it and make IE the OS and write all the apps in Java and then it runs on anything, anywhere. Things like 365 are coming full circle now, with the power of HTML5 and modern computers being able to churn complex webcode.. but Windows will offer a richness (which means resources, libraries, things developers can use to make fast and slick applications) that webapps can't. So when you're virtualising the desktop, can't we just do whatever you're going to do in a webapp with cloud storage anyway? I've never worked in a place that didn't give people assigned computers so I haven't used roaming profiles since I was administering computer labs in college, but folder redirection is a good and nice thing that works pretty well.
|
# ? Oct 8, 2015 15:06 |
|
Also lol if you just expect everyone to not be pants on head stupid. Have you ever actually worked anywhere?
|
# ? Oct 8, 2015 15:33 |
|
Which RAP did you do? You fail to mention the scope of the entire engagement. I worked at Wendy's once, does that count? Tony Montana fucked around with this message at 15:42 on Oct 8, 2015 |
# ? Oct 8, 2015 15:39 |
|
It was an sccm rap. We have a pretty unique environment (which I hate and am trying to change) where the team that administers SCCM doesn't really use it much, it's basically SCCM as a service to other departments. And we have a very loose relationship with those departments. The main group that does the majority of desktop support is at least in our same IT organization, but I think the lowest manager we have in common is the CIO. And then there's the academic departments with their own IT staffs, the University president is our lowest common manager there. So basically I don't care if a deployment is failing to run, or some content can't distribute, or whatever, unless it's a sign of some systemic issue with the environment and not just people that I have no relationship with being dumb (it's usually people being dumb).
|
# ? Oct 8, 2015 15:55 |
|
|
# ? May 30, 2024 14:10 |
|
Zero VGS posted:As everyone said, AppData can gently caress up a lot of things, it was redirected at one of my previous places and it would do all sorts of crazy poo poo, such as if someone was logged into two computers at once, Firefox would refuse to open on the second computer because it was "already in use", among other anomalies. I'm truly shocked this works for you... I would never recommend doing this, or really anything with OneDrive to anyone.
|
# ? Oct 8, 2015 16:56 |