|
Is there a definitive answer from Microsoft on whether or not a DC that is also a DNS server should be using itself as the primary DNS server? I feel like this is one of those "well it was a problem in Windows 2000" things around the DNS island problem that people have held onto forever and the internet (in it's normal fashion) is just full of conflicting articles and people arguing.
|
# ? Nov 25, 2015 18:31 |
|
|
# ? May 14, 2024 23:17 |
|
Zero VGS posted:If you buy a single volume license of Windows 10 (costs like $80 from any VAR) you gain reimaging rights for all your PCs. Then you can image Win 10 Build 1511 to any of them, and input their Win7/8 key (or use Produkey to pull it from the BIOS if it is bound to that). That'll activate it them. This is not compliant. You cannot image machines that shipped with 7/8/whatever and use the re-imaging rights to image them to Windows 10 Pro/Enterprise. The licensing requirement is that the machine that you are imaging has the same exact version and edition of Windows. So if you buy new machines with Windows 10 Pro OEM, you can image them with Windows 10 Pro VL. I've been down this road at least a dozen times with various clients and your rear end will be handed to you during a SAM engagement if you are not careful... you'll want to keep your proof-of-ownership of the machines that you re-image so you can prove that they came with the same OEM edition. Also, I'm not sure where the hell you are getting $80 Windows 10 VL... sounds very sketchy as that is cheaper than an OEM copy. e: I misread exactly what you were doing, but essentially you're just upgrading OEM machines to Windows 10 and using their OEM 7/8 key... which means you never needed the Windows 10 VL key to do "re-imaging" because you're not imaging at all, and not using that key to activate a Windows 10 VL copy of Windows. I'd still be careful if an audit comes your way. Swink posted:Oh you bet your rear end I'm imagining them. Incidentally, anyone have any good resources for MDT and win10? Here are some good customizations for Windows 10 OSD-- most of everything else stays the same. Just make sure to make new Task Sequences for 10 after upgrading MDT. Maneki Neko posted:Is there a definitive answer from Microsoft on whether or not a DC that is also a DNS server should be using itself as the primary DNS server? I feel like this is one of those "well it was a problem in Windows 2000" things around the DNS island problem that people have held onto forever and the internet (in it's normal fashion) is just full of conflicting articles and people arguing. The loopback address should be configured as the 2nd/3rd DNS server. dox fucked around with this message at 19:06 on Nov 25, 2015 |
# ? Nov 25, 2015 18:59 |
|
dox posted:Here are some good customizations for Windows 10 OSD-- most of everything else stays the same. Just make sure to make new Task Sequences for 10 after upgrading MDT. Yes, this, it's still what microsoft recommends. You do have multiple DCs up that you can use as DNS servers.. right........... right?
|
# ? Nov 25, 2015 19:13 |
|
dox posted:This is not compliant. You cannot image machines that shipped with 7/8/whatever and use the re-imaging rights to image them to Windows 10 Pro/Enterprise. The licensing requirement is that the machine that you are imaging has the same exact version and edition of Windows. So if you buy new machines with Windows 10 Pro OEM, you can image them with Windows 10 Pro VL. I've been down this road at least a dozen times with various clients and your rear end will be handed to you during a SAM engagement if you are not careful... you'll want to keep your proof-of-ownership of the machines that you re-image so you can prove that they came with the same OEM edition. It's what the 1st Party Microsoft Licensing Specialist told me I could do, in writing. Because 7/8 OEM are both eligible for a free in-place upgrade, and upgrading makes them Genuine Windows 10 Pro OEM, he said I'm fine to clone this way but I should have COA stickers for any PC that doesn't have the OEM key baked into the BIOS. I mean technically if I was going to be 100% hunkey-dorey, I think I would take the pre-existing Win 7/8 machine, install a clean copy of Win 10 Fall Update, punch in the serial number so that it obtains a Digital Entitlement, and *then* clone the thing to Win 10 VL, but forensically I'm not even sure if anyone can tell the difference there and it saves me another hour of work on each PC. I did misspeak, the $80 license was the one I just got to allow one special snowflake the ability to run a Windows 10 VM inside of Windows 10, because he demands local admin for testing powershell commands, so I'm putting him in a sandbox to do it. The one Windows 10 VL was $200. By the way, this is an excerpt from Microsoft's Windows 10 Licensing Guide: Microsoft posted:Windows 10 Pro Upgrade License See that last line? I actually went and pointed this whole quote to the Microsoft licensing representative at Microsoft, and asked him to explain exactly what the "implications" are and his answer was "no idea". Thanks buddy.
|
# ? Nov 25, 2015 23:35 |
|
Zero VGS posted:See that last line? I actually went and pointed this whole quote to the Microsoft licensing representative at Microsoft, and asked him to explain exactly what the "implications" are and his answer was "no idea". Thanks buddy. Yeah that has been my experience-- a bit of mixed bags. I still do think that you need the "Windows 10 Pro Upgrade license" for each machine that you upgrade.
|
# ? Nov 26, 2015 16:33 |
|
I finally dove into setting up WDS at my work. They have a bunch of clonezilla images that I will eventually setup, but for now I am looking to be able to pxe boot into which ever one I need. I setup a menu but for the love of god cannot figure out how to get it to boot into clonezilla. WDS and clonezilla are both setup on the same windows 2008 server. Anyone have any tips on doing this? As of now whenever we need an image off of clonezilla I have to stop the WDS service.
|
# ? Nov 27, 2015 08:58 |
|
I could use a sanity check. I've just started using SCCM 2012 R2 and I'm setting up a deployment of Office 2013 Pro Plus (Office 365). I've setup the App, it includes 2 deployments. Deployment Type 1) The actual 2013 installer. This one works and installs by itself, but does not get rid of 2010. - Uses a file system Detection check on Outlook.exe existing in the correct folder to make sure it succeeds. Deployment Type 2) Another "installer" that runs "setup.exe /uninstall ProPlus /config uninstall.xml" that uninstalls ProPlus 2010. - I can't come up with a detection method for this one. - This one has #1 as a dependency, so it should only run once #1 is done. Does this make sense? What "detection method" should I use for #2? I don't see a way to set up a "does not exist" detection for success method. They're both in the same "Application", so when someone installs it, 2013 should install, and then it runs the 2010 uninstaller. I'm probably doing something absolutely stupid here. Should I have created an "Office" app in which: Deployment Type 1) Installer/Uninstaller for 2010 supersceded by Deployment Type 2) Installer for 2013 Would that uninstall 2010 and install 2013? Be gentile, I've been using SCCM for all of a week and a half now. My first task was deploying Adobe Acrobat DC for Creative Cloud, and I managed to pull that off by Googling forever.
|
# ? Dec 1, 2015 00:10 |
|
I'm not sure if this is the right thread, but it's worth a shot I guess: We have a client who has a 2012 R1 server running IIS which we manage. They regularly ask us to fiddle with the config for them as a result. Today I get one such ticket and try to RDP to the server only to find that the administrator account is apparently disabled. Not intentionally either as that's pretty much our only login for the system. Just to clarify, I'm very much not a Windows guy and I normally defer this sort of stuff to the guy who is, but he's busy rolling out some new public facing systems and dealing with the migration fallout. So, what can I do to reactivate the administrator account? I can't think of anything (or find anything on Google) that doesn't involve needing to take the server down, which given that this hosts a number of their websites I want to avoid at all costs.
|
# ? Dec 1, 2015 00:44 |
|
Gerdalti posted:I could use a sanity check. I've just started using SCCM 2012 R2 and I'm setting up a deployment of Office 2013 Pro Plus (Office 365). I'm not near my computer but you should be able to have it look at the "version" of Outlook.exe to check that it's greater then 14. I thought Office 2010 was installed in a folder called Office 14 in the Program Files\Microsoft Office directory. I may be wrong. Also wouldn't you want to uninstall 2010 first then install 2013?
|
# ? Dec 1, 2015 00:49 |
|
Sacred Cow posted:I'm not near my computer but you should be able to have it look at the "version" of Outlook.exe to check that it's greater then 14. I thought Office 2010 was installed in a folder called Office 14 in the Program Files\Microsoft Office directory. I may be wrong. That's right, 2010 goes in "Office 14" and 2013 goes in "Office 15". My thought was to get a good 2013 install on their machine before uninstalling 2010. That's probably just me having "new software" jitters though, and I should just man up, do it, run my tests and then deploy.
|
# ? Dec 1, 2015 00:51 |
|
Sacred Cow posted:
Having the sccm check that the installation of 2013 was successful before removing 2010 is probably a good idea to cover your rear end. At least if the deployment fails halfway through, the users have the old version of office instead of no office.
|
# ? Dec 1, 2015 00:52 |
|
Methanar posted:Having the sccm check that the installation of 2013 was successful before removing 2010 is probably a good idea to cover your rear end. That was my thought too, but I'm scrapping it. Just setup an Office 2010 Application and configured superscedence with uninstall. I'll do enough testing that it shouldn't be a huge issue.
|
# ? Dec 1, 2015 01:26 |
|
Methanar posted:Having the sccm check that the installation of 2013 was successful before removing 2010 is probably a good idea to cover your rear end. That makes perfect sense. I usually test the poo poo out of my deployments before they go live. In the case of Office upgrades I make a deployment of the old version "Available" if the user has some custom plugin that doesn't play nice with the new version or the deployment goes sideways.
|
# ? Dec 1, 2015 01:35 |
|
Also I might be talking out of my arse but I think if you install Outlook 2013 and Outlook 2010 is installed already, it moves the offline cache across instead of downloading the mailbox contents again.
|
# ? Dec 1, 2015 12:54 |
|
I always try to detect Windows Installer versions as I find them to be more reliable overall. That way I don't have to keep track of file paths and can usually get my detection rule working without having to do a trial install of the software.
|
# ? Dec 2, 2015 00:19 |
|
Number19 posted:I always try to detect Windows Installer versions as I find them to be more reliable overall. That way I don't have to keep track of file paths and can usually get my detection rule working without having to do a trial install of the software. Ditto. I've had way more look detecting install versions than with any other method. Plus once you do finally nail down the detection rule it will work on %99 of all computers in your environment.
|
# ? Dec 2, 2015 14:59 |
|
Does anyone use Chef/Puppet/Ansible in their windows environments? Been looking into toying around with something like that in the future. Still at a loss if those tools provide any functionality for auto provisioning a server (might be missing the point). I started moving up a little bit at my job which is a windows web hosting environment. Everything is painfully manual. Our provisioning for every new signup involves loading a 2012 iso to the VM and installing windows, updates, plesk, etc.
|
# ? Dec 3, 2015 00:57 |
|
Is there a reason even imaging or cloning is not an option? Long has Plesk been automated at essentially level with the right tools.
|
# ? Dec 3, 2015 01:36 |
|
Potato Salad posted:Is there a reason even imaging or cloning is not an option? Long has Plesk been automated at essentially level with the right tools. Still learning Windows in this aspect but I believe that has something to do with needing a unique GUID if/when we move any systems into AD. I'm most likely wrong there. Edit: Seems after a little poking around, MDT might be suitable for this? Is there a way to get variable data into that sequence such as a hostname for example? poxin fucked around with this message at 01:55 on Dec 3, 2015 |
# ? Dec 3, 2015 01:39 |
|
What are you using to host VMs? Pretty much any of them will have built-in templating. And honestly, what's the name of your company? So I can stay far, far away.
|
# ? Dec 3, 2015 01:58 |
|
Internet Explorer posted:What are you using to host VMs? Pretty much any of them will have built-in templating. And honestly, what's the name of your company? So I can stay far, far away. No offense taken there. We have a mix of Hyper-V and KVM. Just trying to make it more bearable while I'm here.
|
# ? Dec 3, 2015 02:20 |
|
poxin posted:Still learning Windows in this aspect but I believe that has something to do with needing a unique GUID if/when we move any systems into AD. I'm most likely wrong there. MDT + PowerShell is a powerful combination if you're looking to do it for free. Check out Deployment Bunny and Deployment Research for some good examples on how to automate OSD for both servers and workstations. If you want to spend money or have a Microsoft Enterprise Agreement you can use SCCM but that might be overkill if you're only looking for OSD. Chef, Puppet etc are more for configuration management deployment and enforcement across a large server infrastructure. Its not what you're looking for if you're setting up one or two individual servers for each client.
|
# ? Dec 3, 2015 03:14 |
|
MDT + other tools are great, but Microsoft has a built-in tool called "Sysprep" that is able to perform the work needed for a system to technically be supported after cloning / deployment actions. For your purpose, you would get a template / parent VM to a state you like for deployment, run sysprep with your desired settings (there are lots and lots of articles on what you can have this do), and shut the VM off. Clone this VM when you want to set poo poo up, and when the new VMs wake up, they run the final stages of sysprep that make them each unique enough for AD's purposes. I'm really simplifying the process, but, well, it really can be that simple. You can set up MDT or whatever else and get automation going, but this would be your quickest, highest bang-for-your-buck (effort), most immediately-available option.
|
# ? Dec 3, 2015 03:47 |
|
Thanks for the information. We do have access to SCCM with our agreement, just not sure I want to throw myself out there to take on a project like that. Considering my limited knowledge in this area as well. It's probably not be a terrible idea for our managed servers for the likes of windows updates, etc.
|
# ? Dec 3, 2015 03:53 |
|
SCCM is GREAT, and it WILL advance your career if you have to work with MS in the future, but it's commonly stated that with SCCM you're "building a railroad to deliver pizza." It's a lot of work. I wouldn't personally dick around with SCCM+MDT if I only had to provision a VM a day or something. I'd just clone with sysprep Up to you
|
# ? Dec 3, 2015 04:06 |
|
So, speaking of SCCM, I've run into an errant, infrequent issue with imaging. I have a task sequence that I use for deployment of new laptops. No big deal; always works perfectly. About a month ago; we had a singular laptop that wouldnt work for whatever reason, troubleshot it indefinitely, but ultimately wrote it off as it was out of warranty anyways. Today, we're trying to re-image a laptop, and the same problem has cropped up. Task sequence has been tried to deployed in two ways: - An available advertisement to a collection where we drop the computer to be imaged - A required advertisement to "unknown computers". (and deleted the entry of the old laptop in SCCM). Both fail. SCCM 2012 R2 SP2 CU On the computer to be imaged, we get the following: code:
code:
Steps I've taken: - Fully removed the previous computer object from SCCM / AD (tried to drop into the first collection for deployment first, but that failed so deleted it second) - WQL query to verify no duplicate MAC or GUID objects exist - Recreated task sequence - Created new boot image, pushed it to DP, and assigned to the new task sequence - Updated DP and verified boot image is available - Verified all other laptops I have available for testing PXE boot just fine The only common thread I can find is they have both been imaged multiple times; but I'm finding no duplicate objects in SCCM. Any ideas before I throw in the towel and give MS a call? Walked fucked around with this message at 13:56 on Dec 3, 2015 |
# ? Dec 3, 2015 13:52 |
|
This sounds vaguely familiar and I'm trying to look through my notes to see what I did to fix this in the past. You said you did run a wql query to make sure that it wasn't hiding out somewhere under an old pc name or something? Have you tried right clicking and clearing out the required PXE deployments for whatever collection it happens to be in, do that and just wait 15-20 minutes and see if that makes a difference. Also check the SMSPXE.log and see if you can find anything on that device. Not in the database, or duplicate, something will usually show in there.
|
# ? Dec 3, 2015 14:54 |
|
BaseballPCHiker posted:This sounds vaguely familiar and I'm trying to look through my notes to see what I did to fix this in the past. You said you did run a wql query to make sure that it wasn't hiding out somewhere under an old pc name or something? Have you tried right clicking and clearing out the required PXE deployments for whatever collection it happens to be in, do that and just wait 15-20 minutes and see if that makes a difference. Have done that (clearing advertisements); and the SMSPXE log is in the post; nothing except the whole "looking for boot image"
|
# ? Dec 3, 2015 15:04 |
|
Walked posted:Have done that (clearing advertisements); and the SMSPXE log is in the post; nothing except the whole "looking for boot image" poo poo my bad I skipped over that. Anything relevant in the SMSTS.log file or does it fail before anything really shows up in there? Otherwise, and I know this is a lovely dumb "fix", you could probably honestly just have it sit powered off and try to image it again in like 30 days or something and it would probably work because thats just how SCCM roles. One last thought, is this a one off laptop? It's possible you might have to change your detection rules if it is. I know with Lenovo's for example computers can have the same base model name/number but be different "versions" and that we would need to create different detection rules for them.
|
# ? Dec 3, 2015 15:16 |
|
BaseballPCHiker posted:poo poo my bad I skipped over that. Anything relevant in the SMSTS.log file or does it fail before anything really shows up in there? Otherwise, and I know this is a lovely dumb "fix", you could probably honestly just have it sit powered off and try to image it again in like 30 days or something and it would probably work because thats just how SCCM roles. Nothing relevant in SMSTS; doesnt even get to the point of having that to look at (fails before we even get the boot image even downloading). The previous problem laptop did indeed start working after 30+ days of sitting; but I dont have that time luxury with this one, and due to the fact we're a development house there is a strong disincentive to have stand-alone builds done by hand. It's not a one-off laptop, and was previously imaged using SCCM successfully. I may give MS a call to see if there's a way to force this thing forward in the meantime; we do have some remaining incidents available at least.
|
# ? Dec 3, 2015 15:22 |
|
I would try generating boot media, either as an ISO to burn to disk, or directly to a USB drive, and boot from that. If nothing else, you'll have some semblance of an smsts log file because you'll be booted into winpe for sure. Also, really dumb question, but the boot image it's looking for (29) is enabled for pxe and shows up in your reminst share, right? FISHMANPET fucked around with this message at 16:41 on Dec 3, 2015 |
# ? Dec 3, 2015 16:37 |
|
FISHMANPET posted:I would try generating boot media, either as an ISO to burn to disk, or directly to a USB drive, and boot from that. If nothing else, you'll have some semblance of an smsts log file because you'll be booted into winpe for sure. Physical media worked, so that's something - thanks! And yes, the image (29) is available, shows up, etc - in fact I JUST got done imaging another laptop off the same boot image, from the same task sequence, deployed to the same collections. Very frustrating. $5 says after this install from physical media finishes up, that it'll work via PXE miraculously. That, or after the next round of SCCM maintenance tasks run on Saturday.
|
# ? Dec 3, 2015 17:13 |
|
Is that image enabled for PXE deployment like in this picture? It sounds like this computer has only one task sequence advertised to it, or only task sequences that have the FIS00029 boot image. Other computers have additional task sequences with different boot images, and those different boot images are enabled via PXE. On those other computers, when booting, it boots to one of those other images, you select your FIS2000D task sequence, and then it downloads the FIS00029 boot image from the distribution point share and stages it locally and runs the task sequence correctly. On this problem laptop that FIS00029 boot image is not available via PXE and no other task sequences with a different boot image are offered to it, hence the failure. If the FIS00029 is enabled for PXE, you can also check at \\10.10.10.10\reminst\SMSImages and make sure there's a FIS00029 folder in there. And sorry if you've already done all of this, PXE booting is a complicated house of cards and it can be really easy to overlook something in the process.
|
# ? Dec 3, 2015 18:24 |
|
FISHMANPET posted:Is that image enabled for PXE deployment like in this picture? Yes the PXE deployment tick box is indeed checked. It is indeed in \\10.10.10.10\reminst\SMSImages What's really fun: once the install completed as booted from physical media, I rebooted, tried a PXE boot, and it initialized just fine - with zero changes in SCCM in the time between the first image, and second PXE attempt. Basically, I think it has something to do with SCCM having stale records of these laptops someway, somehow - because the two systems that have had this in common is they were both SCCM clients, both inactive state, and both disconnected from the domain for 60days (yay developers hoarding old hardware "just in case") Once they've been installed manually (first we did a from a Windows CD, second laptop we did an boot CD and imaged from SCCM) - they both work just fine via PXE again. It's really the strangest thing. I have a spidey-sense that if I had let this one sit, after deleting the inactive computer from SCCM, and letting it do it's own housekeeping, that it'd start working again after a week or two. Definitely not an issues with the PXE image being available/deployed/etc.
|
# ? Dec 3, 2015 18:45 |
|
Walked posted:two systems that have had this in common is they were both SCCM clients, both inactive state, and both disconnected from the domain for 60days (yay developers hoarding old hardware "just in case") Use the maintenance task to Nuke the client flag on crap that hasn't sent a heartbeat in a couple weeks (beyond the max vacation time) and the limits on AD Discovery to not discover machines that haven't logged in for a similar period of time. Keeps your deployments and crap a LOT cleaner. Machines that magically return will re-register and continue on like normal so no major issues there (unless you're using a lot of packages and aren't handling if things are installed of not in some fashion. Don't use packages if you can do it as an App).
|
# ? Dec 3, 2015 18:53 |
|
Is there any way in Group Policy / Registry to whitelist a bunch of applications so they can be installed without Admin elevation? I want to OK a bunch of software certificates like Citrix/Cisco so people can install meeting software without us typing the admin password, but we only have Windows Pro, so enterprise stuff like Applocker isn't an option.
|
# ? Dec 7, 2015 19:16 |
|
edit: moving to the regular Windows thread.
|
# ? Dec 8, 2015 02:01 |
|
Zero VGS posted:Is there any way in Group Policy / Registry to whitelist a bunch of applications so they can be installed without Admin elevation? I want to OK a bunch of software certificates like Citrix/Cisco so people can install meeting software without us typing the admin password, but we only have Windows Pro, so enterprise stuff like Applocker isn't an option. I understand (but have never done) Publishing Software https://technet.microsoft.com/en-us/library/cc783635%28v=ws.10%29.aspx means that users can go into add/remove programs and install it. but they won't be able to update it I don't think. and of course you have to actually put the software in there. What we did is just let users request local admin for their individual workstations using LAPS.
|
# ? Dec 8, 2015 03:33 |
|
Zero VGS posted:Is there any way in Group Policy / Registry to whitelist a bunch of applications so they can be installed without Admin elevation? I want to OK a bunch of software certificates like Citrix/Cisco so people can install meeting software without us typing the admin password, but we only have Windows Pro, so enterprise stuff like Applocker isn't an option. If you have an SCCM setup you could publish those applications to your application catalog and then people could go there and download and install them without having to put in tickets to get admin rights. If you don't have SCCM I think most of those webex type installers have MSIs that you can crack open and play around with. If you find the msi's you could just push them out with a GPO and have them install that way.
|
# ? Dec 8, 2015 16:48 |
|
|
# ? May 14, 2024 23:17 |
|
NevergirlsOFFICIAL posted:What we did is just let users request local admin for their individual workstations using LAPS.
|
# ? Dec 8, 2015 17:32 |