|
Number19 posted:A quick heads up for anyone with WSUS: you might not be able to sync with Microsoft Update right now if you have the Upgrades classification selected. Turning it off makes syncing function again. It must have something to do with the Creator's Update. I see they didn't learn their lesson after the Anniversary Update.
|
#
?
Apr 11, 2017 21:32
|
|
|
|
| # ? May 30, 2024 23:23 |
|
|
I checked and saw that it'd been failing, so I unchecked Upgrades, ran a sync, gave it a bit, rechecked Upgrades, ran it again, and it succeeded. 
|
|
#
?
Apr 12, 2017 01:21
|
|
CLAM DOWN posted:Thanks for the input everyone, yeah I had no illusion that any form of DFS could work here. Peerlink is an unwieldy piece of trash. I know someone else reccomended it, but words cannot express how much I hate it. If you're expecting it to replace DFS you are going to be disappointed.
|
|
|
#
?
Apr 12, 2017 01:45
|
|
|
Just for the record, I didn't recommend it.
|
|
#
?
Apr 12, 2017 05:45
|
|
|
Finally. http://myitforum.com/myitforumwp/2017/04/12/administrative-templates-for-windows-10-creators-update-now-available/
|
|
#
?
Apr 12, 2017 15:49
|
|
|
GreenNight posted:Finally. Had a Microsoft Sales Rep meeting not long ago (prior to the release of Creators Update.) One of the issues I raised was the need to constantly monitor, modify and upgrade the organization's Group Policy system every time a major Windows 10 update comes out. I had asked what Microsoft's plans were to address this or at least make it more seamless/sensible. All I received in return were some shrugs, a response of "I'll ask our engineers", followed by no actual answers. My opinion? If you're in an organization that relies heavily on Group Policy for managing Windows, you might as well hire a person dedicated solely to managing it (even if Microsoft does recommend using Provisioning instead of Group Policy.)
|
|
#
?
Apr 12, 2017 20:51
|
|
|
Yeah it sucks balls. I hate it. Same with updating SCCM all the loving time for a new build of Windows 10. Latest SCCM doesn't even support 2008 R2 as a server, even though EOL is not for another 3 years.
|
|
#
?
Apr 12, 2017 21:12
|
|
|
GreenNight posted:Latest SCCM doesn't even support 2008 R2 as a server, even though EOL is not for another 3 years. im sorry, what?
|
|
#
?
Apr 12, 2017 22:57
|
|
|
I too am distraught over Microsoft not supporting their fourth most recently released server OS in one specific product.
|
|
#
?
Apr 12, 2017 22:58
|
|
|
Potato Salad posted:im sorry, what? I don't think that's true, we're on whatever v1600 number the latest CB is and supporting 2008 R2 just fine. Unless I misunderstood that post.
|
|
#
?
Apr 12, 2017 22:59
|
|
|
I think their post meant that you can't install SCCM on 2008R2, and I'd believe that.
|
|
#
?
Apr 12, 2017 23:06
|
|
|
FISHMANPET posted:I too am distraught over Microsoft not supporting their fourth most recently released server OS in one specific product. it was more, "Hey if this is true, goddamn it wasn't communicated"
|
|
#
?
Apr 12, 2017 23:23
|
|
|
anthonypants posted:I think their post meant that you can't install SCCM on 2008R2, and I'd believe that. Ohh, yes, that definitely makes sense, why would you build a new server on 2008 R2 anyways?!
|
|
#
?
Apr 12, 2017 23:26
|
|
|
CLAM DOWN posted:Ohh, yes, that definitely makes sense, why would you build a new server on 2008 R2 anyways?! No, but if your current install is on 2008 R2 and all you want to do is update to 1703, you can't. That's what I'm annoyed about.
|
|
#
?
Apr 13, 2017 00:53
|
|
|
Can you have concurrent WSUS and SCCM instances on a domain?
|
|
#
?
Apr 13, 2017 00:54
|
|
|
Yes. This is a bit oversimplified, but SCCM is just a big management panel for a bunch of tools that were boxed together and / or that you can bring in yourself. SCCM thus has WSUS integration, which really just means that SCCM can manage a WSUS server. You're going to need wsus on your network. Once wsus is built, you can direct endpoints to it with gpos or the CM client, so pick one. Managing how endpoints seek patches with sccm has some big helpful features over doing so with gpos. For starters, it's easier to track / report on which system did what and when with a little upfront work in sccm. Second, you can approve/deny patches on multiple wsus servers from sccm's interface, simplifying your life a bit. Potato Salad fucked around with this message at 01:38 on Apr 13, 2017 |
|
#
?
Apr 13, 2017 01:30
|
|
|
Does that make sense? You can have any number of wsus servers. It's up to you to tell each client in your environment which wsus server to use.
|
|
#
?
Apr 13, 2017 01:33
|
|
|
Okay, so if you want 1703 but your SCCM server is 2008R2, you can just put the WSUS role on one of your 2012R2 servers and point your Windows 10 boxes to that WSUS server.
|
|
#
?
Apr 13, 2017 02:23
|
|
|
Speaking of patching, does anyone use ManageEngine for server patching? The desktop team uses it for, well, desktops, and we're considering it for servers; we need something with a bit more granularity and reporting capability than WSUS. If yes what is good/bad about it?
|
|
#
?
Apr 13, 2017 02:36
|
|
|
Potato Salad posted:Yes. Ugh! I hate this interpretation. SCCM leverages some features of WSUS but PLEASE do not try to use WSUS and SCCM in your environment. That's a recipe for heartache. The WSUS server used by the SCCM Software Update Point should never be manipulated by a human as it is intended to only be a slave of SCCM. If you go in and Approve Updates as you would normally do in WSUS you will be very unhappy with the behavior if you expect SCCM to control things as well. In fact pretend that WSUS isn't even there. It's a prerequisite and little more.
|
|
#
?
Apr 13, 2017 03:46
|
|
|
Errr, yes, sorry. I do not actually log into wsus anymore. Sorry for the poor choice of description / phrasing. I've been handling ancient oracle EBS fuckery with Tape Backup For No Good Reason Client, and go-to oracle man is not available. I am currently speaking English on a new second language basis. Potato Salad fucked around with this message at 04:03 on Apr 13, 2017 |
|
#
?
Apr 13, 2017 03:52
|
|
|
We have SCCM and WSUS, but we don't have them connected, at all. We use SCCM for imaging and AV, nothing else.
|
|
#
?
Apr 13, 2017 03:53
|
|
|
GreenNight posted:We have SCCM and WSUS, but we don't have them connected, at all. so you have SCCM installed and clients deployed but you're using WSUS separately for patching? I'm confused because this sounds entirely backwards from every single experience I've had with SCCM implementations on my own and with customers. Patching is pretty much the first priority in every case (once, the customer really really needed software inventory and patching was secondary to that).
|
|
#
?
Apr 13, 2017 04:05
|
|
|
poo poo yeah. We even have Shavlik for 3rd party patching and PDQ Inventory for inventory!
|
|
#
?
Apr 13, 2017 04:07
|
|
|
GreenNight posted:poo poo yeah. We even have Shavlik for 3rd party patching and PDQ Inventory for inventory!
|
|
#
?
Apr 13, 2017 04:11
|
|
|
GreenNight posted:poo poo yeah. We even have Shavlik for 3rd party patching and PDQ Inventory for inventory! please stop hurting my brain
|
|
#
?
Apr 13, 2017 04:13
|
|
|
I can get using PDQ in smb or even enterprise but you're lax on validation. Those environments don't really scream SCCM to be though. SCCM for only SCEP and imaging sounds...expensive. Wait, PDQ inventory but not PDQ deploy, another deployment system.... Potato Salad fucked around with this message at 04:17 on Apr 13, 2017 |
|
#
?
Apr 13, 2017 04:14
|
|
|
If you have those kind of dollars to throw at AV, don't fool around in the SCEP kiddie pool. Get yourself a Palo Alto solution and actually protect your poo poo.
|
|
#
?
Apr 13, 2017 04:18
|
|
|
Potato Salad posted:I can get using PDQ in smb or even enterprise but you're lax on validation. Those environments don't really scream SCCM to be though. In the case where it was their top priority, they were planning to replace a bunch of stuff with SCCM but they had an immediate software Inventory/licensing need that build the entire business case for deploying SCCM. One of those odd cases where IT knew what they wanted and the tool they wanted they just had to justify it with one of their (actual) secondary priorities. That was an interesting project from a SoW/Milestone vs actual expecations standpoint.
|
|
#
?
Apr 13, 2017 04:18
|
|
|
SCCM comes with our enterprise licensing. We paid for the other tools, not specifically for SCCM. So it was basically "free" for us. We got rid of Zenworks and Sopho's when we put in SCCM. I'm not joking when I tell you we only use it for imaging and AV. We have no deployment packages in it, no updates, no inventory, nothing.
|
|
#
?
Apr 13, 2017 12:32
|
|
|
Also if you are on v1507 of Windows 10 and not Enterprise, welp.. http://windowsitpro.com/windows-10/windows-10-version-1507-servicing-scheduled-end-09-may-2017
|
|
#
?
Apr 13, 2017 12:34
|
|
|
anthonypants posted:Okay, so if you want 1703 but your SCCM server is 2008R2, you can just put the WSUS role on one of your 2012R2 servers and point your Windows 10 boxes to that WSUS server. No, your site server can't be 2008 R2 and I'd imagine none of your site systems can be 2008 R2 either. It's not a WSUS thing, it's the whole suite. You can still support 2008 R2 and even 2008 vanilla clients with 1702, you just can't use them as site systems.
|
|
#
?
Apr 13, 2017 13:42
|
|
|
FISHMANPET posted:No, your site server can't be 2008 R2 and I'd imagine none of your site systems can be 2008 R2 either. It's not a WSUS thing, it's the whole suite. We're on 1610 and have a whole whack of 2008 R2 Distribution Points. I can't speak to other site system roles, but being a DP works fine.
|
|
#
?
Apr 13, 2017 16:23
|
|
|
GreenNight posted:Also if you are on v1507 of Windows 10 and not Enterprise, welp.. We started our Windows 10 upgrade at v1511 thankfully due to all the initial problems with v1507. I'm just about to push through v1607 next week and I'm holding my breath that my successful deployment tests were a positive omen for the rest of the fleet...
|
|
#
?
Apr 13, 2017 17:47
|
|
|
FISHMANPET posted:You can still support 2008 R2 and even 2008 vanilla clients with 1702, you just can't use them as site systems. I think 2008 R2 is still supported as a distribution point and one other thing but yeah, pretty much nothing else.
|
|
#
?
Apr 13, 2017 17:50
|
|
|
PUBLIC TOILET posted:Had a Microsoft Sales Rep meeting not long ago (prior to the release of Creators Update.) One of the issues I raised was the need to constantly monitor, modify and upgrade the organization's Group Policy system every time a major Windows 10 update comes out. I had asked what Microsoft's plans were to address this or at least make it more seamless/sensible. All I received in return were some shrugs, a response of "I'll ask our engineers", followed by no actual answers. My opinion? If you're in an organization that relies heavily on Group Policy for managing Windows, you might as well hire a person dedicated solely to managing it (even if Microsoft does recommend using Provisioning instead of Group Policy.) As far as microsoft is concerned, I think group policy is dead. Their vision is a generic OS with application and security settings handled by intune. But yeah, the same registry settings do different things from one update to the other. It can be maddening. And there's not clear visibility and documentation to the same extent there was in windows 7, but that may just be a matter of maturity.
|
|
#
?
Apr 13, 2017 18:07
|
|
|
AreWeDrunkYet posted:As far as microsoft is concerned, I think group policy is dead. Their vision is a generic OS with application and security settings handled by intune. Umm what? This seems like a really bizarre statement to make. Isn't it more likely that teams are not talking to each other effectively and updates are causing group policy bugs and less likely that Microsoft is abandoning group policy?
|
|
#
?
Apr 13, 2017 18:32
|
|
|
Sickening posted:..... Isn't it more likely that teams are not talking to each other effectively and updates are causing group policy bugs and less likely that Microsoft is abandoning group policy? You're assuming those teams even still exist after all the layoffs.
|
|
#
?
Apr 13, 2017 18:58
|
|
|
stevewm posted:You're assuming those teams even still exist after all the layoffs. Lets assume nobody at Microsoft is working on group policy anymore. That seems more likely.
|
|
#
?
Apr 13, 2017 19:01
|
|
|
|
| # ? May 30, 2024 23:23 |
|
|
Sickening posted:Umm what? This seems like a really bizarre statement to make. Isn't it more likely that teams are not talking to each other effectively and updates are causing group policy bugs and less likely that Microsoft is abandoning group policy? Just the impression I've been getting lately from what the sales engineers are focusing on, I don't think it's an official position or anything. But if they're redirecting resources to the point that they're not maintaining the product it's effectively the same thing.
|
|
#
?
Apr 13, 2017 19:03
|
|