|
My company has a great process for setting up new virtual machines, but occasionally I have to do a physical server install (Cisco UCS) and I've been hating my life. The problem is installing all the updates. I'm not quite understanding the technet articles, but it seems like there should be a way to preinstall all the patches or something into the .iso, and maybe even add drivers. All the dism stuff refers to .wim files which I think are just for pxe installs. Is there an idiot guide to this somewhere? I feel like I'm missing an important piece of the puzzle.
|
#
?
Nov 6, 2015 00:54
|
|
|
|
| # ? May 14, 2024 08:31 |
|
|
MF_James posted:I'm getting conflicting information when googling for this stuff so here goes... I had to go through this before - we changed an Intranet page to actually render properly in newer browsers, and the public IE compatibility list didn't know that the page it thought should run in this mode didn't exist any more. If you control the web servers then send the X-UA-Compatible header which will override whatever IE wants to do with the page: https://msdn.microsoft.com/en-us/library/jj676913(v=vs.85).aspx
|
|
#
?
Nov 6, 2015 01:12
|
|
|
Dr. Arbitrary posted:My company has a great process for setting up new virtual machines, but occasionally I have to do a physical server install (Cisco UCS) and I've been hating my life. The part of the Windows ISO that's outside the WIM doesn't really do much. How Windows installs work is that there's a bootstrapper. That one can be started by launching setup.exe, from the boot sector of the DVD or from a PXE server. All that bootstrapper does is partition the disk, maybe backup an old installation then unpack the WIM file like a ZIP archive onto the hard disk. Then it'll make the hard disk bootable, and reboot. From then on, the bootstrapper has done its duty and will never be used again, all the later stuff like installing drivers etc is done by executables inside the WIM. You could technically boot from the Windows DVD into recovery mode, then start the command line, then use fdisk and format to prepare the disk, then "dism /apply-image" to write the WIM file to the hard disk and do the same thing as the Windows installation by hand. That's why you need to include custom drivers or updates into the WIM file.
|
|
#
?
Nov 6, 2015 17:57
|
|
|
Dr. Arbitrary posted:My company has a great process for setting up new virtual machines, but occasionally I have to do a physical server install (Cisco UCS) and I've been hating my life. Wait why don't you do a pxe install?
|
|
#
?
Nov 6, 2015 17:58
|
|
|
So Windows File Server Deduplication works really well. It's actually saving roughly 50%, or 1.1TB of that 2.19TB disk, according to the volume info in the server manager. I was expecting like 10% dupe across the drive, so that kinda blew me away. I'm left wondering if there's a more accurate way to see roughly what a folder is currently using, but that might not even really be relevant.
|
|
#
?
Nov 6, 2015 18:14
|
|
|
NevergirlsOFFICIAL posted:Wait why don't you do a pxe install? I think that'd be a good idea. I've implemented it in a lab environment at my previous job. In the meantime, I'm trying to come up with an improvement to the process that I can implement immediately.
|
|
#
?
Nov 6, 2015 21:21
|
|
|
Orcs and Ostriches posted:So Windows File Server Deduplication works really well. What the hell are you/users storing on there?
|
|
#
?
Nov 6, 2015 21:37
|
|
|
Dr. Arbitrary posted:My company has a great process for setting up new virtual machines, but occasionally I have to do a physical server install (Cisco UCS) and I've been hating my life. You can download a shitload of WIM files and pack them all into an install ISO that you can then use to do this sort of thing and vastly reduce the 200 updates required from an unpatched original disc.
|
|
#
?
Nov 6, 2015 21:42
|
|
|
Moey posted:What the hell are you/users storing on there? Bullshit, mostly. Frankly some of the people here are retarded. Every year some of them will make a new folder named, for example, 2015. They'll copy everything into that folder, and start the next year with everything current. So that 2015 folder contains a 2014 folder that contains a 2013 folder, etc. The previous year's 2014 folder is the same clusterfuck. I know a lot of people make their own copy of shared documents that go untouched forever. Teacher A puts something useful into the shared folder, so Teachers B-G all make a copy for their own as well. After doing a quick file audit I've noticed no shortage of full length pirated movies as well. I'm going to strongly push to flat out delete this crap, both because I don't think we should be stashing people's hordes, and because I don't think Superbad[2007].720p.mp4 is necessary to have in a school. It looks like a half dozen or so are also passing the same pirated 1.5GB copy of Rio as well. Getting huge dedupe savings there at least. It also looks like we're being used as a backup service for more than a few users, even if it's not all downloaded stuff. The former I don't care much about, but I'm compiling data now to put forward an argument that we don't really need to be storing copyrighted material, nor should be we storing their home garbage. This is the first look we've had at peoples' files as long as I've been here, and I'm barely scratching the surface at some of this stuff. Until now we've had no amount of auditing or logging, and this stuff is starting to cause problems and cost money.
|
|
#
?
Nov 6, 2015 22:09
|
|
|
Thanks Ants posted:I had to go through this before - we changed an Intranet page to actually render properly in newer browsers, and the public IE compatibility list didn't know that the page it thought should run in this mode didn't exist any more. sadly we do not control the site and it's highly unlikely we will be able to ask them for any sort of change, we're stuck fixing it on our end.
|
|
#
?
Nov 8, 2015 00:35
|
|
|
Orcs and Ostriches posted:So Windows File Server Deduplication works really well. It does but be careful many backup products don't like it. Datto or anything using Shadowprotect can't back it up at all. Veeam can only get your files back if you install Veeam on Windows Server 2012.
|
|
#
?
Nov 8, 2015 03:42
|
|
|
Learned today that ConfigMgr vNext will be out by the end of the year. Also a new ring of WIn 10 will be released this month. Current versions of SCCM 2012 will support the RTM and this November ring, but for future rings you'll need vNext. And with a new ring of Windows ever ~4 months will come a new release of ConfigMgr. But they've built in some updating tools into the console to make it easier on us all. Also, new version numbers instead of the current word salad. They'll be year plus month. So if vNext is released in December, it'll be 1512. Ugh my brain hurts from taking in all this information.
|
|
#
?
Nov 10, 2015 06:28
|
|
|
FISHMANPET posted:Learned today that ConfigMgr vNext will be out by the end of the year. Also a new ring of WIn 10 will be released this month. Current versions of SCCM 2012 will support the RTM and this November ring, but for future rings you'll need vNext. And with a new ring of Windows ever ~4 months will come a new release of ConfigMgr. But they've built in some updating tools into the console to make it easier on us all. I forsee a great division of organizations never upgrading past Win8/SCCM12 and those on vNext/10. More so than the typical feet dragging in the enterprise.
|
|
#
?
Nov 10, 2015 12:48
|
|
|
10 has better device lock down features, but yeah from a nuts and bolts standpoint, win 8.1 and win 10 are very similar. So there's little incentive to upgrade due to software. Plus it's 7 years to end of extended support still. Probably in three or four years the vnext/win10 ecosystem will be stable enough to think about converting over to for large corporations. Our company just brought on some contractors to smooth over the conversion to win 10 but the early adopter trial isn't scheduled to start for at least another year. And we're barely 2,000 employees. Probably 65% of employees are running Windows 7 enterprise still.
|
|
#
?
Nov 10, 2015 12:59
|
|
|
Is there some common policy used to open up administrative shares on all domain computers for some stupid reason? A brand-new Lenovo laptop that I haven't even join to the domain can hit E$ on our file server and C$ on my deskop. I'm logged in as LENOVO. What the flying gently caress did someone enable? And to follow that up, what's a good domain security auditing tool. Ugh.
|
|
#
?
Nov 11, 2015 20:17
|
|
|
Bob Morales posted:Is there some common policy used to open up administrative shares on all domain computers for some stupid reason? that's not normal imho good luck
|
|
#
?
Nov 11, 2015 20:24
|
|
|
Bob Morales posted:Is there some common policy used to open up administrative shares on all domain computers for some stupid reason? Just out of curiosity has this Lenovo been formatted at all? Or is it a stock off the shelf business laptop from them with the pre-installed OS and everything else?
|
|
#
?
Nov 11, 2015 20:37
|
|
|
Yeah that's super not normal. I'm not sure if those share permissions can be changed to be honest, I would look in Active Directory and make sure someone didn't add everyone to the Domain Admin, Administrators, or other highly privelaged group. Then check and see who has local admin permissions on the box, maybe a GPO is adding something to the local admin group. fake edit According to a KB "...are only accessible to accounts with Administrator, Backup Operator, or Server Operator privileges on the particular machine" So I would go from there.
|
|
#
?
Nov 11, 2015 20:39
|
|
|
BaseballPCHiker posted:Just out of curiosity has this Lenovo been formatted at all? Or is it a stock off the shelf business laptop from them with the pre-installed OS and everything else? Fresh out of the box X1
|
|
#
?
Nov 11, 2015 21:04
|
|
|
Hadlock posted:10 has better device lock down features, but yeah from a nuts and bolts standpoint, win 8.1 and win 10 are very similar. So there's little incentive to upgrade due to software. Plus it's 7 years to end of extended support still. Probably in three or four years the vnext/win10 ecosystem will be stable enough to think about converting over to for large corporations. Our company just brought on some contractors to smooth over the conversion to win 10 but the early adopter trial isn't scheduled to start for at least another year. And we're barely 2,000 employees. Probably 65% of employees are running Windows 7 enterprise still. I suspect Win 10 is going to have higher early uptake than previous upgrades. The OSD process is getting more reliable to automate deployments, and VSM is enough of a reason alone for most organizations to take the plunge.
|
|
#
?
Nov 11, 2015 23:05
|
|
|
There's a Win 10 LTSB (Long Term Servicing Branch) that's supported for 10 years (5 years of normal, 5 years of extended) that can be deployed and managed by current versions. But it will be missing some features, though they're probably not business critical (Cortana, App Store, Edge). So if people really want to stick with that old fashioned "forklift every 5 years" model, they're welcome to screw themselves. I was in a session with Michael Niehaus where he showed a graph with two models of os deployment cycle. The traditional, where every 3 or 4 years you have this huge lift of deploying new machines and testing all your applications, or spread that work out and basically be doing it continuously with the new branches every 4 months. They're predicting the same amount of work either way, but you can either concentrate it at the expense of other IT work, or spread it out and just make it part of the normal workflow.
|
|
#
?
Nov 11, 2015 23:15
|
|
|
Bob Morales posted:Is there some common policy used to open up administrative shares on all domain computers for some stupid reason? That totally happens if the usernames and passwords of your local administrator accounts match.
|
|
#
?
Nov 11, 2015 23:17
|
|
|
So, KB3097877....
|
|
#
?
Nov 13, 2015 00:15
|
|
|
Are you loving kidding me. Good thing our loving department that manages SCCM stays on top of vetting patches before distribution. Oh wait, they don't 
|
|
#
?
Nov 13, 2015 03:27
|
|
|
It's cool and good that MS fired all those QC people.
|
|
#
?
Nov 13, 2015 03:54
|
|
|
I already know everyone's take on SCCM/SCOM but does anyone work with FIM/MIM on a regular basis? How is it?
|
|
#
?
Nov 13, 2015 04:59
|
|
|
So do you guys just push out MS patches literally the day they're released? We do our patching through RMM tool (continuum) and they delay for at least two weeks unless it's like super duper critical.
|
|
#
?
Nov 13, 2015 15:35
|
|
|
NevergirlsOFFICIAL posted:So do you guys just push out MS patches literally the day they're released? We do our patching through RMM tool (continuum) and they delay for at least two weeks unless it's like super duper critical. Nope. I have 3 users in my test bed. France, UK, USA. They get the updates auto approved. If I don't hear anything I check in the middle of the month and approve. For servers I use my AV definitions VM to test. We're a small shop so that's really all I can do. Still lovely that MS fired all those QC people.
|
|
#
?
Nov 13, 2015 15:39
|
|
|
No way. My patch timeline is: 48 hour cooling off period to wait for the tech sites to report problems with patches + 2 days approve patches for test users. I have a small subset of users across different groups we roll out patches to first. +7 days if no one in test group reports any issues patches are approved for all users. It avoids issues like this
|
|
#
?
Nov 13, 2015 16:43
|
|
|
skipdogg posted:It avoids issues like this I deploy mine exactly like this. Works well.
|
|
#
?
Nov 13, 2015 19:00
|
|
|
I spent my morning watching a bunch of documentaries about government surveillance and all the evil things microsoft has ever done. So when I started playing with SCOM and saw this option I thought it was funny. 
|
|
#
?
Nov 15, 2015 00:32
|
|
|
Ars Technica posted:Windows 10 November Update mysteriously pulled, as concerns about bugs grow. Clean installs of the new version of Windows 10 are no longer possible. http://arstechnica.com/information-technology/2015/11/windows-10-november-update-mysteriously-pulled-as-concerns-about-bugs-grow/ Welp.
|
|
#
?
Nov 24, 2015 15:56
|
|
|
Boss Is moving us to 10 in February. I'm not looking forward to it.
|
|
#
?
Nov 24, 2015 23:53
|
|
|
Swink posted:Boss Is moving us to 10 in February. FWIW I just did the 8.1->10 upgrade on my laptop this morning while joined to the domain and it was flawless, except for video drivers. What azpect are you not looking forward to, user training? Everything else should carry forward from 7 easily, special snowflake applications excepted of course.
|
|
#
?
Nov 25, 2015 00:19
|
|
|
Swink posted:Boss Is moving us to 10 in February. Word of advice, bake Classic Shell into the deployment.
|
|
#
?
Nov 25, 2015 00:42
|
|
|
Zero VGS posted:Word of advice, bake Classic Shell into the deployment. Pfft, we gave regular old Windows 8 to people and they got used to that.
|
|
#
?
Nov 25, 2015 00:47
|
|
|
I'm doing the migration. I haven't even looked at what deployment looks like on 10 yet. The upgrade process is nice but breaks our app. Some machines were built in 2011 and are carrying so much cruft in the registry that some apps won't launch. Nor can they be reinstalled. Half our apps aren't supported on 10 yet. This includes a crapload of office addins (we're doing office2016 at the same time) 7 is solid and mature. The environment here is super stable, help desk tickets are low. There's no need to move yet. Lastly, we're gonna be using Surface3/4s firm wide. They have their own issues. It's not that I don't like change, but I'm the guy who's going to be doing everything including copping the poo poo when stuff isn't as stand as it was this year. Perhaps I just don't want to do it. Perhaps I'm lazy. Edit: I'm sure part of it is that I busted my rear end migrating us from XP > 7 and didn't get the recognition I feel I deserved.
|
|
#
?
Nov 25, 2015 02:25
|
|
|
If you buy a single volume license of Windows 10 (costs like $80 from any VAR) you gain reimaging rights for all your PCs. Then you can image Win 10 Build 1511 to any of them, and input their Win7/8 key (or use Produkey to pull it from the BIOS if it is bound to that). That'll activate it them. If you're doing Office 2016 just make sure you install the 32-bit version if you want all your plugins to work. Make sure your System Reserved partitions are at least 500mb or all future updates will fail. If it's all Surface 3/4 that's not so bad; those are all 14nm Intel chips so they're snappy enough and have great battery life, and at least you know all the hardware will be supported by Windows 10, which isn't always the case with Dell/HP stuff.
|
|
#
?
Nov 25, 2015 03:02
|
|
|
|
| # ? May 14, 2024 08:31 |
|
|
Oh you bet your rear end I'm imagining them. Incidentally, anyone have any good resources for MDT and win10? I just need to know what's different from imaging 7.
|
|
#
?
Nov 25, 2015 06:31
|
|