|
I was excited until I read that Device Manager is exclusively for thin clients.
|
# ? Jun 2, 2016 03:13 |
|
|
# ? May 28, 2024 15:57 |
|
Has anyone had any experience with deploying software printers through a GPO or startup script? I've got these drat software printers that just do not want to play nicely. All of the other printers in the company work fine through GPOs but I cant get these to install correctly with the right settings. They're some drat crystal reports print overlays that work through an ancient cobol monstrosity of a program. I'm ready to just give up at this point and have helpdesk install them manually when needed. EDIT: The answer was a good old fashioned batch script. I can add it to the end of my task sequence or just have the helpdesk guys comment out what printers they dont need and run it once. An imperfect fix but a workaround nonetheless. BaseballPCHiker fucked around with this message at 16:38 on Jun 2, 2016 |
# ? Jun 2, 2016 15:34 |
|
I use a domain administrator account called simply "Administrator." Apparently Windows 10 thinks this is the built-in administrator account and won't let me run apps when logged in. Is there a way to lift this restriction? I tried Googling but only found stuff about enabling the built-in admin account.
|
# ? Jun 2, 2016 17:14 |
|
Weedle posted:I use a domain administrator account called simply "Administrator." Apparently Windows 10 thinks this is the built-in administrator account and won't let me run apps when logged in. Is there a way to lift this restriction? I tried Googling but only found stuff about enabling the built-in admin account. ....rename that domain admin account? How are you auditing who is using it and performing what actions if it's just called "Administrator"? Common accounts used for admin purposes are not a good idea.
|
# ? Jun 2, 2016 17:25 |
|
Weedle posted:I use a domain administrator account called simply "Administrator." Apparently Windows 10 thinks this is the built-in administrator account and won't let me run apps when logged in. Is there a way to lift this restriction? I tried Googling but only found stuff about enabling the built-in admin account. Are you specifying the account is a domain admin like domain\administrator
|
# ? Jun 2, 2016 17:44 |
|
Weedle posted:I use a domain administrator account called simply "Administrator." Apparently Windows 10 thinks this is the built-in administrator account and won't let me run apps when logged in. Is there a way to lift this restriction? I tried Googling but only found stuff about enabling the built-in admin account.
|
# ? Jun 2, 2016 19:20 |
|
Methanar posted:Are you specifying the account is a domain admin like domain\administrator Yes. anthonypants posted:secpol.msc -> Local Policies -> Security Options -> User Account Control Admin Approval Mode for the Built-in Administrator account Thanks!
|
# ? Jun 2, 2016 19:47 |
|
welp, don't throw out that "convenience update" just yet http://www.theregister.co.uk/2016/06/01/vmware_says_windows_7_update_breaks_networking_tool/
|
# ? Jun 2, 2016 20:27 |
|
What's best practice on getting rid of Windows 10 default apps, removing them from the wim or through GPO? Removing them from the wim has proven to be quite the problem.
|
# ? Jun 6, 2016 22:51 |
|
ElGroucho posted:What's best practice on getting rid of Windows 10 default apps, removing them from the wim or through GPO? Removing them from the wim has proven to be quite the problem. e: Or, maybe you can't, and you'll have to run those PowerShell commands before you capture the image. anthonypants fucked around with this message at 23:11 on Jun 6, 2016 |
# ? Jun 6, 2016 23:08 |
|
I think most people use a variation of this scriptcode:
|
# ? Jun 7, 2016 13:35 |
|
I might bother doing this if our users weren't local admins
|
# ? Jun 8, 2016 14:23 |
|
Don't forget that all that poo poo might reinstall itself once the Anniversary Update comes to town.
|
# ? Jun 8, 2016 16:05 |
|
anthonypants posted:Don't forget that all that poo poo might reinstall itself once the Anniversary Update comes to town. I'm pretty sure this is a new build and cannot be installed via Windows Update or WSUS.
|
# ? Jun 8, 2016 16:08 |
|
GreenNight posted:I'm pretty sure this is a new build and cannot be installed via Windows Update or WSUS.
|
# ? Jun 8, 2016 16:12 |
|
anthonypants posted:All the insider builds are available on Windows Update, and the November Update/1511 is on WSUS, so I don't know why you think this one would be different. Yeah I'm an insider, but you have to specifically choose to be one, the November Update has never gotten autoloaded on any computer that I've used, I had to manually update it. I use WSUS all the time at work and I don't see 1511 available for it. Enterprise only maybe? We're Pro.
|
# ? Jun 8, 2016 16:14 |
|
GreenNight posted:Yeah I'm an insider, but you have to specifically choose to be one, the November Update has never gotten autoloaded on any computer that I've used, I had to manually update it.
|
# ? Jun 8, 2016 16:17 |
|
anthonypants posted:You need to apply KB3095113 to your WSUS server first. Thank you very much.
|
# ? Jun 8, 2016 16:22 |
|
What do you guys do when one person in one department needs to access a single folder 3 levels deep in some other department? SALES_DUDE wants to access S:\Engineering\Products\Drawings\Foobartron v2 Pain in the butt. Or like the HR intern needs all the folders in the Human Resources folder, but not the Payroll folder. And as a bonus, one person in Accounting needs access to NONE of the folders in the Human Resources folder, except the Payroll folder.
|
# ? Jun 8, 2016 19:31 |
|
Bob Morales posted:What do you guys do when one person in one department needs to access a single folder 3 levels deep in some other department? e: or a mapped drive, but that is a BAD solution that leads to Problems
|
# ? Jun 8, 2016 19:47 |
|
anthonypants posted:S:\Shortcut to Foobartron v2.lnk => \\server\share\Engineering\Products\Drawings\Foobartron v2\ Really want to get these people to understand we're not the FBI and we don't need or poo poo locked down so much.
|
# ? Jun 8, 2016 19:55 |
|
I'd just go for List Folder Contents, or some permission fuckery (Access Based Enumeration plus explicit permission on folder objects leading to the location). Either way it sucks.
|
# ? Jun 8, 2016 20:03 |
|
Shortcut City is, imo, a better destination than Mapped Drives Junction or Custom Permissions Sinkhole, and that's the only thing I can think of apart from moving the Foobartron v2 folder somewhere else, or just granting them blanket permissions to the parent folder/s. Speaking of network share permissions, what's the best way to audit permissions on a folder structure? I'm not interested in quotas or anything right now, I just want to know what security groups have control over what folders. I hope there's a tool I can do this with, because I'm not looking forward to writing a PowerShell script for it, but I will if I have to.
|
# ? Jun 8, 2016 20:08 |
|
anthonypants posted:Shortcut City is, imo, a better destination than Mapped Drives Junction or Custom Permissions Sinkhole, and that's the only thing I can think of apart from moving the Foobartron v2 folder somewhere else, or just granting them blanket permissions to the parent folder/s. http://www.cjwdev.com/Software/NtfsReports/Info.html
|
# ? Jun 8, 2016 21:35 |
|
Bob Morales posted:What do you guys do when one person in one department needs to access a single folder 3 levels deep in some other department? Honestly it's not a quick answer but if sales need to access something buried in an share for engineering then either that share is defined wrong or that person isn't sales. Like if sales want to present a render of a product then that render isn't a technical drawing and is likely in the wrong place. Alternatively, https://technet.microsoft.com/en-GB/library/hh831717.aspx
|
# ? Jun 8, 2016 21:57 |
|
Bob Morales posted:What do you guys do when one person in one department needs to access a single folder 3 levels deep in some other department? This is a massive pain in NTFS world and any time I got a request like that I offered to do a shared folder on an org-wide share with the access rights they wanted instead. Fortunately they all said okay instead of being stubborn.
|
# ? Jun 8, 2016 23:26 |
|
Certainly someone has tried this before, but I can't find documentation on anyone's attempt to do this. I want to make an SSD with an installation of Windows 10 on it that I can just shift from computer to computer. In reality, I have maybe 10 common hardware configs, so even if I could create an installation that works with these 10 configs, that'd be enough. I don't really understand the whole process, but my plan (which includes a lot of MAGIC right now) would be this: 1. Create my 'master' installation with a bunch of different hal.dlls from my common configs. 2. Somehow point the installation to the correct hal.dll file depending on what hardware I want to start it on with Bcdedit. 3. ??? 4. I now have one universal installation of Windows I can just float around the office as I need. Is The Dream™ even possible? Has someone done this before?
|
# ? Jun 9, 2016 00:07 |
|
I don't even think Windows To Go supports multiple hardware configs.
|
# ? Jun 9, 2016 00:14 |
|
Thanks Ants posted:Honestly it's not a quick answer but if sales need to access something buried in an share for engineering then either that share is defined wrong or that person isn't sales. Like if sales want to present a render of a product then that render isn't a technical drawing and is likely in the wrong place Preach it brother.
|
# ? Jun 9, 2016 00:18 |
|
Question about SCCM 2016 and SCCM vNext. What really is the benefit of one over the other? - When "SCCM 2021" releases, vNext can automatically upgrade I through the update package so there would be no need for a side by side upgrade between major releases going forward? - SCCM vNext will have a more aggressive upgrade cycle? - SCCM vNext will support Windows 10 in place upgrade? Why can't SCCM 2012 do this with a CU update from MS? Strangely information seems to be all over the place on this.
|
# ? Jun 9, 2016 02:18 |
|
vNext is just the code name for the next version. System Center 2016 is just going to be a branding thing, the product is just going to be 1607 (I'm assuming 2016 everything is dropping with the Anniversary edition of Windows 10 on July 29, including Server 2016, Server 2016, Windows 1607, SCCM 1607, etc etc) and a part of the System Center 2016 suite. So that answers the first two questions, there's no comparison between the two products because they're the same product. As for the third, they're not doing it because they don't want you running Configuration Manager 2012 R2 SP1 CU2 LOL4, they want you running the current whatever reason. Unless I'm wrong about everything, this is the vibe I got from MMS 2015 in November but I didn't go to MMS 2016 because it was last month so all my hot takes from Microsoft Insiders are out of date.
|
# ? Jun 9, 2016 05:25 |
|
hihifellow posted:This is a massive pain in NTFS world and any time I got a request like that I offered to do a shared folder on an org-wide share with the access rights they wanted instead. Fortunately they all said okay instead of being stubborn.
|
# ? Jun 9, 2016 09:15 |
|
Oh my loving god I've been having this problem for two days and I don't know what else to do. I have two VMs in Hyper-V, one is MDT another is a normal VM to install Windows 10. I created an ISO using MDT, and booting it up I always get this poo poo: Always. I have tried changing and removing credentials from bootstrap.ini and customsettings.ini, tried changing virtual switches, tried everything (yes, always after regenerating the ISOs and replacing them). This is really pissing me off, nothing usually takes me this long to get through. E: I called it SRVSCCM01 but it's an MDT server. orange sky fucked around with this message at 10:42 on Jun 9, 2016 |
# ? Jun 9, 2016 10:38 |
|
I've got a service that keeps getting stopped and disabled. I found out the trigger is when group policy updates. Anyone know any policies that would do that? There's just a zillion of GPOs to look through and nothing seems to match.
|
# ? Jun 9, 2016 17:21 |
|
orange sky posted:Oh my loving god I've been having this problem for two days and I don't know what else to do. So dumb question, but does the user you're using have access to the share? Are you defining it properly in your bootstrap.ini? Looking at how I've got mine setup, I made an account local to the machine, and it's in the Users group on the machine. The Users group has read access to my Deployment Share. In Bootstrap.ini I have: code:
|
# ? Jun 9, 2016 17:41 |
|
Dr. Arbitrary posted:I've got a service that keeps getting stopped and disabled. I found out the trigger is when group policy updates. Well sounds like you've got a GPO that sets that service as disabled. Pick whatever OU in GPM you're having issues with and start looking at the details of each GPO and ctrl-f for the service you're looking for. You created your own policies, we can't tell you what is doing it.
|
# ? Jun 9, 2016 18:53 |
|
Or run GP modeling / GP results in Group Policy Management. Or gpresult /h on the server you are troubleshooting.
|
# ? Jun 9, 2016 20:20 |
|
FISHMANPET posted:vNext is just the code name for the next version. System Center 2016 is just going to be a branding thing, the product is just going to be 1607 (I'm assuming 2016 everything is dropping with the Anniversary edition of Windows 10 on July 29, including Server 2016, Server 2016, Windows 1607, SCCM 1607, etc etc) and a part of the System Center 2016 suite. So that answers the first two questions, there's no comparison between the two products because they're the same product. Thanks for clarifying some things up. With SCCM 2016 being able to run in the cloud, any idea if PXE services would somehow work through the cloud VM?
|
# ? Jun 9, 2016 21:02 |
|
MF_James posted:Well sounds like you've got a GPO that sets that service as disabled. Pick whatever OU in GPM you're having issues with and start looking at the details of each GPO and ctrl-f for the service you're looking for. You created your own policies, we can't tell you what is doing it. What's crazy is that it's not a normal service like the spooler, it's a custom one. My understanding is that with group policy, you have to go out of your way to specifically disable services. I don't see it in the GPOs, it's really twisting my brain up. Maybe some devious architect made a policy to disable this service years ago on the off chance that we'd one day buy this product, install it and *trap sprung!*
|
# ? Jun 9, 2016 21:26 |
|
|
# ? May 28, 2024 15:57 |
|
Dr. Arbitrary posted:What's crazy is that it's not a normal service like the spooler, it's a custom one. Do you have a test environment experiencing the same problem? Disable GPOs 1 at a time, or all at once and see what happens.
|
# ? Jun 9, 2016 21:30 |