|
Local policies would be an interesting possibility. I think they'll still show up as failed on the report though (or as applied and not working), but it sounds like new machine policies are straight up not appearing. Probably a corrupt sysvol, and I lied I have seen that before. Pretty sure I started over when I ran into it.
|
|
#
?
Oct 12, 2016 19:20
|
|
|
|
| # ? May 15, 2024 18:11 |
|
|
Well, he DOES have other (non 2008) systems that pull that same policy just fine, although I've never dealt with corrupted sysvol so I'm not sure of the exact behavior, I would assume NOTHING would be able to read from the folder/subfolders that were affected though.
|
|
#
?
Oct 12, 2016 19:34
|
|
|
Not sure this is happening here because I don't know what is being done on the server to verify the policies but if you run-as under an account which has logged in interactively in the past, it will process policies from the time of last interactive logon and not update them.
|
|
#
?
Oct 12, 2016 19:48
|
|
|
Looks like it's a singular policy causing the issue, at least for now. Only the 2008 SP2 servers are citing an error (specifically, a permissions issue). All other server types (2003, 2008 R2, etc.) are perfectly fine. Was hoping for a silver bullet like a KB to fix some weird 2008 SP2 specific problem, but it doesn't look like that's the case for now. An example server passes everything perfectly in modeling with no modifications, as well. Wrath of the Bitch King fucked around with this message at 03:54 on Oct 14, 2016 |
|
#
?
Oct 14, 2016 03:38
|
|
|
That's odd. I don't think I've ever seen a single bad GPO cause GPOs to stop processing.
|
|
#
?
Oct 14, 2016 04:33
|
|
|
Internet Explorer posted:That's odd. I don't think I've ever seen a single bad GPO cause GPOs to stop processing. Neither have I. And only for a specific flavor of Windows Server.
|
|
#
?
Oct 14, 2016 04:42
|
|
|
Internet Explorer posted:That's odd. I don't think I've ever seen a single bad GPO cause GPOs to stop processing. Well...unless it's the 1000th gpo to be applied.
|
|
#
?
Oct 14, 2016 04:42
|
|
|
It's Windows, anything could happen tbf
|
|
#
?
Oct 14, 2016 04:45
|
|
|
I've had that happen, the policy was in the middle of the order and *edit* correction, the policy was corrupted after the last time someone modified it, every policy would process up to that one, then GP crapped out so nothing after processed.
MF_James fucked around with this message at 05:11 on Oct 14, 2016 |
|
#
?
Oct 14, 2016 05:09
|
|
|
Dumb question, anybody know the secret to uninstalling through msiexec for a program that needs an uninstall key? So far I've got code:
|
|
#
?
Oct 14, 2016 16:41
|
|
|
Query for the key using Powershell and feed it to the MSI. Something I typically do: code:Just bear in mind win32_product is a huge pile of poo poo as far as registry classes go. You can alternatively use win32reg_addremoveprograms but in my experience it isn't as encompassing.
|
|
#
?
Oct 14, 2016 16:55
|
|
|
I didn't know about win32_product, that's handy:code:
|
|
#
?
Oct 14, 2016 17:01
|
|
|
The problem with using win32_product or wmic is that they both utilize msiexec to function; take a look at your application event log the next time you either query the former or use the latter to execute an uninstall. Every product on the machine will have a reconfiguration event, flooding the log. Like I said, you can use win32reg_addremoveprograms to get around this, but the data isn't there as consistently. Your other option is to crawl the Uninstall registry to look for what you want, which is the best way really but not helpful in a pinch. There are a few PS scripts out there that will do exactly that for you, taking into account WOW6432Node and everything.
|
|
#
?
Oct 14, 2016 17:09
|
|
|
Wrath of the Bitch King posted:Query for the key using Powershell and feed it to the MSI. Groovy, this helps. Used this plus adding AUK=uninstallpw at the end and it worked.
|
|
#
?
Oct 14, 2016 17:34
|
|
|
Reddit style ranting about the new MS monthly rollups They put out two packages for each of the updates for Windows and .NET Framework, one that's security-only updates and one that's security updates and quality of life improvements. That's fine, but they do overlap each other and they're pretty big, so test groups that get autoapproved updates are downloading double what's necessary, but whatever. The naming scheme is a mess though The .NET updates have sane names that are pretty clear on what does what: code:code:
|
|
#
?
Oct 14, 2016 18:46
|
|
|
Internet Explorer posted:I'd point at a corrupted sysvol as well. Not sure if this would relate, but do keep in mind there is a local cache of GPOs, maybe an issue with the template you are using? https://macgyveritblog.wordpress.com/2014/01/27/recreate-the-local-group-policy-cache-in-windows/ That write-up points to "C:\ProgramData\Microsoft\Group Policy\History (Windows 7 / Server 2008)" but the only local policy location I've seen existing/in use before is "C:\Windows\System32\GroupPolicy". I guess it may be different on some machines/local networks.
|
|
#
?
Oct 16, 2016 03:18
|
|
|
History is a hidden folder.
|
|
#
?
Oct 16, 2016 04:40
|
|
|
Is there anything that a non-admin user can do in terms of monitoring performance of an RDP session? The backstory is that I have some users who are complaining of poor performance of their remote desktop sessions, but they aren't connectivity problems - just things like the session becoming unresponsive. Network traffic running outside the RDP session over the same network and Internet connection continues without issue. I suspect that the company providing this hosted desktop service, to give it a title that is far too grand, aren't resourcing their servers properly. The nature of the issue means I can't get them to provide the stats that would show their systems performing poorly, since they aren't going to incriminate themselves like that. Is there anything better I can use than perfmon monitoring IOPS, RAM and disk queue usage? Presumably this displays the stats of the remote desktop server rather than any session-specific data? If there's a way of getting the Remote Desktop client to log connectivity issues then that would also be helpful.
|
|
#
?
Oct 17, 2016 21:34
|
|
|
That's an interesting question. On the RDP client itself, you have the connection signal bars next to the pin/lock buttons. That would be useful for the end user themselves. I also try to tell users to click the Start button when they are experiencing problems, that helps pin down app issues versus session issues. If you can go the Perfmon route, check for Current TCP RTT, Current UDP RTT, Current TCP Bandwidth and Current UDP Bandwidth. While that would include network traffic issues, if the server is under heavy load you'll see fluctuation there. It sounds like you have admin to the Windows server, but not the underlying virtual infrastructure? If that's the case, you can use a tool like Login VSI to help pin very specific performance issues. One of the very first things I check when I am troubleshooting performance issues on virtual servers that I don't manage is to check Task Manger to see how many Sockets / Cores a VM has. Way too many people who you'd hope would know better give VMs way too many cores. This is made worse on hosts that power RDS servers or any other multi-user environment due to the number of threads. If a VM has over 4 vCPU in an RDS environment, they better have a very good reason (like 1 VM per physical host). It looks like there is also an API for querying basic host performance stats for a VM using VMware Guest Tools. Here is a python implementation of it... I haven't used it before, but this seems somewhat interesting. https://github.com/dagwieers/vmguestlib I'd be interested to hear other people's thoughts.
|
|
#
?
Oct 17, 2016 23:14
|
|
|
The only access to the remote desktop host is as a user logging into their profile - it's a whole virtual desktop/hosted Exchange deal provided by a third party and they are adamant there are no performance issues with their environment that would cause 3-5 second pauses across every user on the system at the same time. If it was my own systems then that would be enough for me to start looking at the host as the cause of the issue, but the burden of proof needs to be higher than that when you are dealing with a provider that doesn't really want to acknowledge an issue.
|
|
#
?
Oct 17, 2016 23:18
|
|
|
Well, a good portion of my advice would still apply. Are all of your users remoting in from the same internet connection? Is it possible you're experiencing packetloss to the host?
|
|
#
?
Oct 17, 2016 23:23
|
|
|
I've put half the users on a different provider and they are seeing the same issues at the same time. I'll take a look at the various perfmon options and see if we can correlate the drops in performance with people experiencing issues. Hopefully we will find something that triggers it and then get to the point where we can reliably break the service.
|
|
#
?
Oct 17, 2016 23:28
|
|
|
I've been stuck on this for a while, hoping someone else has the critical missing piece of information. Setting up L2TP/IPSec VPN on a 2008R2 host. The host is behind the FW (ASA5505), I've configured UDP 500, 1701, 4500 as well as gre, esp & ah to pass through the firewall successfully. I can authenticate using Windows Creds, as well as receive a valid IP address from the DHCP pool. When looking at ipconfig I get the address 10.102.131.x, a subnet mask of 255.255.255.255 and a default gateway that is just empty. It does however pick up the correct DNS servers, from both the local site and the remote one. From the client I can't ping the RRAS server, or any other computer, from the RRAS server I can't ping the client. Do I have to add static routing to RRAS? What did I miss?
|
|
#
?
Oct 22, 2016 01:21
|
|
|
Did you intend to have a /32 network size?
|
|
#
?
Oct 22, 2016 01:41
|
|
|
SeaborneClink posted:I've been stuck on this for a while, hoping someone else has the critical missing piece of information. The VPN subnet should be something not in your primary LAN network, it should also be an actual pool and not a /32. Have the default gateway be the VPN server which has a route to your real lan.
|
|
#
?
Oct 22, 2016 01:48
|
|
|
wyoak posted:I didn't know about win32_product, that's handy: As mentioned before, win32_Product is a dangerous object. It shouldn't be used in a production environment outside of a change window. It's great for using to find the key, one time, and then recording it for future use, but don't get in the habit of using it all the time.
|
|
#
?
Oct 22, 2016 01:52
|
|
|
SeaborneClink posted:When looking at ipconfig I get the address 10.102.131.x, a subnet mask of 255.255.255.255
|
|
#
?
Oct 22, 2016 01:57
|
|
|
Just curious, anyone looking at doing large scale migrations to Windows 10? So far my testing with the in-place upgrade process looks really good, but I'm wondering if there are any gotchas that people have encountered.
|
|
#
?
Oct 22, 2016 17:33
|
|
|
Wrath of the Bitch King posted:Just curious, anyone looking at doing large scale migrations to Windows 10? So far my testing with the in-place upgrade process looks really good, but I'm wondering if there are any gotchas that people have encountered. Not large scale, but our testing from Windows 7 upgrades have given us issues with webcams and our F5 VPN client. The webcam thing is specific to Win10 1607 and MS knows about it.
|
|
#
?
Oct 22, 2016 17:36
|
|
|
In place upgrades are definitely better than they were before, but I've seen too many issues in the handful of home use machines I've done it to to consider it for business use.
|
|
#
?
Oct 23, 2016 00:19
|
|
|
Wrath of the Bitch King posted:Just curious, anyone looking at doing large scale migrations to Windows 10? So far my testing with the in-place upgrade process looks really good, but I'm wondering if there are any gotchas that people have encountered. I would never do an in place upgrade for a business/enterprise setup. Either push a new image down to do an overwrite install or do a machine swap. You should have user data centralized already, and this eliminates the risk of a failed upgrade causing productivity issues or profile corruption.
|
|
#
?
Oct 23, 2016 00:48
|
|
|
Seen a few small to medium size businesses do it. The thought of an enterprise rollout using in place upgrades makes my butthole pucker. Edit: I'd put the gently caress it, gotta reimage rate at about 30%
|
|
|
#
?
Oct 23, 2016 00:48
|
|
|
It's going to be either in-place upgrade or a reimage with USMT. Our field techs bitch relentlessly whenever they have to do anything remotely resembling work, so the transition has to be as seamless as possible. We don't have any user libraries or directories redirected, it's all held locally. Policy is that if you have something important you keep it on the SAN, but I'm sure you all know how that one goes.
|
|
#
?
Oct 23, 2016 00:56
|
|
|
Any chance any ADFS claims experts here? I am working with Azure ACS using Azure AD as the identity provider. I need to pass http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name in the form of CONTOSO\USERNAME to the relying party trust but I really don't know how to create a transformation rule if that's even possible? Not even sure where to start researching\digging.
|
|
#
?
Oct 23, 2016 04:36
|
|
|
Has anyone here used Advanced Threat Analytics? I'm setting up a lab to test it and learn how to use it, but in a lab environment there's no activity and so there's also no suspicious activity (and so I won't be able to really see it in its full extent). Is there a dummy traffic generator that will simulate some kind of threat?
|
|
#
?
Oct 24, 2016 15:43
|
|
|
orange sky posted:Has anyone here used Advanced Threat Analytics? I'm setting up a lab to test it and learn how to use it, but in a lab environment there's no activity and so there's also no suspicious activity (and so I won't be able to really see it in its full extent). Is there a dummy traffic generator that will simulate some kind of threat? Look at the Microsoft Ignite sessions, I went to a number of them with live demos that will probably give you some inspiration: https://myignite.microsoft.com/videos?q=advanced%20threat%20analytics This one in particular I remember showing some good stuff: https://myignite.microsoft.com/videos/2775
|
|
#
?
Oct 24, 2016 17:42
|
|
|
Maneki Neko posted:Look at the Microsoft Ignite sessions, I went to a number of them with live demos that will probably give you some inspiration: Thanks. This'll come in handy since I'm going to a Microsoft Workshop on security in Israel, they might get into some deep dive stuff and I want to know the basics so I'm not caught off guard and look like a fool. E: To follow up on this, TRY ATA. This is such an awesome tool. It honestly doesn't even look like something that came from Microsoft. orange sky fucked around with this message at 14:14 on Oct 25, 2016 |
|
#
?
Oct 24, 2016 18:46
|
|
|
I have what is probably a very basic question but I am not the most technically knowledgeable person in the world so here I am Software1 was migrated to a new server Software2 has 5 instances on different servers (so 6 servers here) Software 2 also has a service that exports data to a share on Software1's server Before the migration all was well and it worked After the migration, despite share permissions being identical, it stopped working I looked at the services and they were running as local system account, so my initial solution was to try giving the computer object of software2's 5 servers write access to the share - it worked The long term solution - create a locked down service account for the service and give that permissions So the point of the post - I didn't know you could give computer objects share permissions in that way - given that it is apparently uncommon is there some kind of security flaw in not thinking of as to why you might not do this?
|
|
#
?
Oct 25, 2016 22:41
|
|
|
angry armadillo posted:I have what is probably a very basic question but I am not the most technically knowledgeable person in the world so here I am
|
|
#
?
Oct 26, 2016 06:23
|
|
|
|
| # ? May 15, 2024 18:11 |
|
|
I have a small network where ~8 users share one big folder. They constantly rename the subfolders and get an error because someone else still has a file or subfolder open. It's easy for me to go into computer management and see who it is, but they need to do this themselves(without loggin into the server of course). Anyone ever dealt with this? Some sort of addon like wholockme?
|
|
#
?
Oct 26, 2016 21:54
|
|
