|
LmaoTheKid posted:loving finally. CLAM DOWN posted:ugh why is this not on WSUS Just manually import it. They give you the steps how to. Also if /r/sysadmin is to be believed it also includes the win10 notification. If you don't have this blocked yet, do so.
|
# ? May 17, 2016 23:30 |
|
|
# ? May 21, 2024 18:26 |
|
incoherent posted:Just manually import it. They give you the steps how to. Also if /r/sysadmin is to be believed it also includes the win10 notification. If you don't have this blocked yet, do so.
|
# ? May 17, 2016 23:45 |
|
anthonypants posted:Uh, it makes sense that it isn't on WSUS because they want you to apply it to your base image instead of installing Windows and then applying patches. I could significantly reduce the space WSUS takes up if it was on there.
|
# ? May 18, 2016 02:52 |
|
Thank god they finally released this! I dont know what took them so long. As far as WSUS goes I know this probably isnt the preferred way to manage it but I just blow it away and start fresh once the update catalog reaches a certain size. At some point I should look and see if its possible to point it to an outside sql database but that seems like more effort than its worth.
|
# ? May 18, 2016 15:39 |
|
I haven't jumped to full blown SQL for wsus, but I HAVE been doing the suggested "unofficial" maintenance on the database. https://gallery.technet.microsoft.com/scriptcenter/6f8cde49-5c52-4abd-9820-f1d270ddea61. Much more responsive.
|
# ? May 18, 2016 17:09 |
|
incoherent posted:I haven't jumped to full blown SQL for wsus, but I HAVE been doing the suggested "unofficial" maintenance on the database. Fixed link. https://gallery.technet.microsoft.com/scriptcenter/6f8cde49-5c52-4abd-9820-f1d270ddea61 I'll give this a shot sometime soon.
|
# ? May 18, 2016 17:14 |
|
Also more wsus talk: You can get surface driver\firmware from wsus now https://blogs.msdn.microsoft.com/beanexpert/2016/03/25/surface-3pro-4book-updates-available-in-wsus/
|
# ? May 18, 2016 17:20 |
|
thebigcow posted:https://blogs.technet.microsoft.com/windowsitpro/2016/05/17/simplifying-updates-for-windows-7-and-8-1/ And when they say everything, they also mean the updates you might not want. LIke "uprade to 10" and all the sales data gathering updates.
|
# ? May 18, 2016 17:49 |
|
incoherent posted:I haven't jumped to full blown SQL for wsus, but I HAVE been doing the suggested "unofficial" maintenance on the database. By the way, even if you use a dedicated SQL server, WSUS still suffers from that stupid superseded update database problem.
|
# ? May 19, 2016 11:33 |
|
I realize this is a bit of a stretch, but has anyone else had massive issues with slowness and lag in apps after the May patch Tuesday? We rolled out updates on Tuesday night and now we're getting reports of really slow apps, long network access times, and just general slowness. We've got Windows 7 64-bit with Office 2013. Outlook is pointed to Office365 for Exchange, but everything else is local. I pushed out updates via SCCM, and everything seemed to go well, but now we're getting loads of problem reports, and I can't find anything that points to a single update. Anyone have ideas, or has anyone else seen the same thing? Apologies is this is the wrong thread, but it seemed appropriate.
|
# ? May 20, 2016 16:51 |
|
What updates did you specifically approve? Nothing in the wsus mailing list indicated regression in patches, a sly re-release for a .net update but that's about it.
|
# ? May 20, 2016 20:02 |
|
Troubleshooting Windows Performance is like looking for a needle in a stack of needles especially when it's not one process that's not hanging up the whole system.
|
# ? May 20, 2016 22:09 |
|
We pretty much pulled down everything in the May bulletin list. We've got a case open with MS to help us figure out what's going on too. We can't find any network issues, so we're hoping we can pinpoint something specific that got installed that's causing problems.
|
# ? May 20, 2016 22:57 |
|
Tab8715 posted:Troubleshooting Windows Performance is like looking for a needle in a stack of needles especially when it's not one process that's not hanging up the whole system. I've had a WMI query consume all CPU on a server so bad it had to be restarted. Did you know all WMI queries show up under a single process run by the local system account? Good luck finding out who or what ran the query! I've since learned how to turn on WMI logging in the event log.
|
# ? May 20, 2016 23:32 |
|
Funzo posted:We pretty much pulled down everything in the May bulletin list. We've got a case open with MS to help us figure out what's going on too. We can't find any network issues, so we're hoping we can pinpoint something specific that got installed that's causing problems. Have you patched servers yet? I've seen a bunch of people mention that DNS broke on some of their AD servers after the latest updates, could cause some of the problems you are describing if a bunch of DNS servers are no longer responding. Fix mentioned on this page: https://support.microsoft.com/en-us/kb/2647170
|
# ? May 23, 2016 08:28 |
|
Hopefully I'm not beating a dead horse but is it supported to completely virtualize all Domain Controllers for an entire forest/domain? I'm 99% confident with answering yes but the lack of any official Microsoft documentation makes me a little and some of the previous virtualization engineers I've worked with have recommend against.
|
# ? May 23, 2016 19:36 |
|
Tab8715 posted:Hopefully I'm not beating a dead horse but is it supported to completely virtualize all Domain Controllers for an entire forest/domain? Yes. When is comes to domain controllers the most reliable environment and quickest recovery times are the only things that matter.
|
# ? May 23, 2016 19:41 |
|
Is there a fundamental difference between Windows 10 Hyper-V and Windows Server Hyper-V aside from things like FT / HA? I bought an Intel Nuc for a home lab. Low and behold I can't add additional ethernet drivers without hacking Windows Server. I just want to run VMs on an independent VLAN with the least amount of managerial overhead.
|
# ? May 24, 2016 01:35 |
|
thebigcow posted:https://blogs.technet.microsoft.com/windowsitpro/2016/05/17/simplifying-updates-for-windows-7-and-8-1/ If you run it on an endpoint, it takes foreeeever. Probably just about as long as just running Windows Update.
|
# ? May 26, 2016 17:00 |
|
So, advanced SCCM restore question. Someone maliciously deleted a task sequence and it would be nice to get it back. We don't back up the task sequences per se (but we may soon!) but we do backup the database nightly. My first thought was to dig into the database and find the database field etc etc. I found a TS_TaskSequence table, but it has the entire task sequence stored in a giant encrypted string called Sequence. I haven't found any info on how to decode that, so that's a dead end. So my second thought is use the database backup to restore to a test instance and export it there. This is a triple whammy because in addition to solving my current problem, it lets me test our backups and also gives me practice restoring from backup. My problem with restoring from backup is I can't find information on restoring to a new instance rather than replacing my supposedly failed production instance. My current environment works just fine, I don't want to overwrite it or anything, I just want to restore it to a new site code. All the stuff I've found talks about restoring into your production instance, which I don't want.
|
# ? May 26, 2016 21:19 |
|
FISHMANPET posted:So, advanced SCCM restore question. Clone your sccm server and isolate it. Do the restore you are afraid to do, check and see if the results are as desired. Why would someone delete a task sequence? Did he delete the task sequence or the folder it was stored in? Sickening fucked around with this message at 21:25 on May 26, 2016 |
# ? May 26, 2016 21:23 |
|
I'm not even entirely sure how I would isolate it. It would need access to a domain controller to function I would think and once it's talking to a domain controller all bets are off I'd think. But it wouldn't have rights to write to the System Management container so what would the downsides be to having duplicate Site codes. As to why, just a lot of drama I guess. I run SCCM for a University, and we basically provide it as a service to departments. So I get a call from a guy saying that a coworker maliciously deleted his task sequence. So we are all children or something I guess.
|
# ? May 26, 2016 21:28 |
|
Tab8715 posted:Is there a fundamental difference between Windows 10 Hyper-V and Windows Server Hyper-V aside from things like FT / HA? It will be fine to use. Personally, getting your feet wet with powershell is going to set you up for long term success and begin you on your journey of not relying on the GUI. Also, this dude already did the heavy lifting for you http://somedownti.me/server-2012-r2-core-and-hyper-v-on-intel-nuc/
|
# ? May 27, 2016 01:51 |
|
FISHMANPET posted:I'm not even entirely sure how I would isolate it. It would need access to a domain controller to function I would think and once it's talking to a domain controller all bets are off I'd think. Are these all virtual? If so, restore whatever you need to an isolated environment.
|
# ? May 27, 2016 02:48 |
|
Here's some useful information about virtualizing Domain Controllers. It'll help you understand what the problem is not only with virtualizing DCs, but why snapshot restoration on DCs can be a bad idea. It'll also help you understand replication a bit better: https://technet.microsoft.com/en-us/library/hh831734.aspx Important line from the link above: quote:Beginning with Windows Server 2012, AD DS virtual domain controllers hosted on hypervisor platforms that expose an identifier called VM-Generation ID can detect and employ necessary safety measures to protect the AD DS environment if the virtual machine is rolled back in time by the application of a VM snapshot. GPF fucked around with this message at 18:41 on May 27, 2016 |
# ? May 27, 2016 18:39 |
|
Okay goons, I guess this is the best place to ask, if not point me to where I need to go. I am having some odd certificate errors and it's starting to get a bit frustrating. I imaged a computer with a fresh W10 image and put it on my corporate network like a good little monkey. However, it was having issues with the certificates installed by Websense (barf) to be able to use the internet. However, I figured off the corporate network, I wouldn't have issues. I was wrong, they're worse. At least on the Corp network it will allow me to "go to the page" after hitting advanced. At home it blocks basically everything. I've already compared the certs to a known good working W10 machine. They show the https strike through but it doesn't block the pages themselves. The certificates are all exactly the same. Does anyone have any idea what would cause one computer to not pull the certs correctly and one to work fine? Same build, everything. I'll give as much info as I can without giving out too much about the corporate network, to answer questions.
|
# ? May 31, 2016 14:29 |
|
Gothmog1065 posted:Okay goons, I guess this is the best place to ask, if not point me to where I need to go. If you'are seeing the real certificates, maybe your root cert store is corrupted or there's a domain policy wiping it out or something silly like that.
|
# ? May 31, 2016 20:16 |
|
Is there a way for organisations to run those MITM SSL inspection boxes that doesn't also make them liable if for instance you were online banking and your details got stolen? Or do the sorts of places who want to inspect everything that their staff are doing have a blanket "no personal stuff on work computers" policy?
|
# ? May 31, 2016 20:18 |
|
Thanks Ants posted:Is there a way for organisations to run those MITM SSL inspection boxes that doesn't also make them liable if for instance you were online banking and your details got stolen? Or do the sorts of places who want to inspect everything that their staff are doing have a blanket "no personal stuff on work computers" policy?
|
# ? May 31, 2016 20:21 |
|
Moey posted:Are these all virtual? So I'm just thinking out loud here, someone stop me if I'm totally misunderstanding what I'm talking about. Basically, I'm trying to figure out what "isolated" means in this context. I have SQL backups, so I'd standup a new DB server (easy), restore the DB backup to that server (also easy) and standup another server to be my new "site server" (still easy). Then I do a site restore and say I've manually restored the database and point it at the new DB. I know it's going to use my same production site code. I would not give it permission to publish to Active Directory. We don't do any boundary based site assignment, so I don't think there would be any way for a client to think that this new instance is what it should talk to. Is there any more way I can isolate it? I don't think I can remove it from the domain, which is the only other "isolation" I can think of. I guess I could jack up the firewall and block all traffic except my connection to it? That seems a bit overboard. Anything I'm missing here?
|
# ? May 31, 2016 22:53 |
|
Restore a DC and the database servers but connect them to a virtual switch that isn't physically connected to your network. This way you get the full AD environment but there's no chance of it interfering with prod.
|
# ? May 31, 2016 23:08 |
|
wyoak posted:Are certs for all HTTPS sites showing as Websense certs? If so, Websense is MITM'ing the traffic, so you've gotta have whatever the Websense root CA is in the trusted roots on the workstation (and be aware that Websense can steal your infos). As for not working at home - if it's a proxy, maybe the proxy isn't accessible from home. Or CRL checking is enabled and the CRL isn't available from outside the corporate network. Or other scenarios. Yes, they're all Websense certs, and I have the proper root cert in trusted. The odd thing is it only happens on specific installs (IE: The ones I've done from an approved image). I'm going to take the laptop and side by side it with a working one. Also, it seems to affect /all/ certs, even for things like exchange. Even installing the exchange certs (and website certs) they continue to throw the errors. I'm still wondering if it has something to do with the fact I've imaged the laptop from a satellite location and not the main location. I figured this wasn't going to be something easy to fix without direct access to the network.
|
# ? Jun 1, 2016 00:33 |
|
Quick and potentially silly question: Since dedupe on Windows Server requires NTFS and will not work on REFS, can you get around this by hosting an NTFS-formatted VHD on a REFS volume? This way you could do dedupe within the VHD, and still benefit from mirroring and data healing provided by REFS. I tried it (on Windows 10) and it seemed to work fine, but I don't know if something is bound to bite me in the rear end in production. Any thoughts?
|
# ? Jun 1, 2016 08:18 |
|
Trying to make automated OS refreshes work in a strict 802.1x environment is a gigantic pain in the rear end It doesn't help that our network engineer is out the door in 2 weeks and gives zero fucks about pending deadlines.
|
# ? Jun 1, 2016 13:29 |
|
Hi Jinx posted:Quick and potentially silly question: I wouldn't be surprised if it took a significant iops hit. ReFS is designed to be the go-to file system for hyper-v especially after what they're doing to it in 2016.
|
# ? Jun 2, 2016 02:37 |
|
Have any of you ever used the MAP Toolkit to inventory VMware environments? It supposedly does it but I'm not sure how. It doesn't require SSH to the hosts, but I don't see how it could gather the data out of the vCentre server.
|
# ? Jun 2, 2016 02:41 |
|
It pulls from an api in vcenter. e: same one that things like veeam uses. incoherent fucked around with this message at 02:50 on Jun 2, 2016 |
# ? Jun 2, 2016 02:44 |
|
Well cool. Thanks!
|
# ? Jun 2, 2016 02:50 |
|
HP's Device Manager is so good and easy to use. I remotely captured a gold image and then deployed it to 5 devices like nothing. The only thing I really noticed was missing was multicast for pushing the images. Why did I ever put myself through SCCM for imaging. Is it normal for thin clients with an embedded version of Windows to come with Windows Update locked down stock from the OEM? I thought it was weird at first but I guess it makes sense with the write filter preventing anything from ever changing anyway. I called HP about it and the guy told me HP strongly recommends to leave WU off and if you allow Windows Updates to Windows 8 Embedded it stops being an embedded version and somehow becomes a full OS, I've never heard of anything like that before and I know we have Embedded POS editions with WU and nothing weird happening. Is W8E special regarding this or was the guy just full of poo poo.
|
# ? Jun 2, 2016 03:06 |
|
|
# ? May 21, 2024 18:26 |
|
Funny, I've been setting up HP device manager for our potential thin client deployment and I've found it chock full of sharp edges
|
# ? Jun 2, 2016 03:13 |