|
You may have to create your exception GPO as a Computer policy and use loopback processing to have it work when applied to a user, though there's a performance hit involved and I'd see if any better options come along before doing that.
|
# ? Dec 27, 2019 14:59 |
|
|
# ? May 28, 2024 14:22 |
|
Just a reminder if you enable loopback processing it affects all GPOs and not just the one with the loopback setting.
|
# ? Dec 27, 2019 16:12 |
|
GPO loopback is the devil. We have one instance that requires it (pooled nonpersistent VDI) and it’s the bane of my existence.
|
# ? Dec 29, 2019 02:28 |
|
Just curious what everyone's doing with laptops/roaming profiles? We currently are using redirected folders and once the laptops are off the network there are some serious issues for laptop users as of course their system is looking for their folder redirection. Are you guys actually even using roaming profiles? Or just local profile and tell users to make sure they save to network drives via VPN?
|
# ? Jan 5, 2020 20:40 |
|
OneDrive pretty much solved this for us The only time we used folder redirection or roaming profiles was in our call center environment, which had no assigned seating We never did folder redirection for laptop users.
|
# ? Jan 5, 2020 22:05 |
|
Roaming profiles is dead for us as we just give people laptops, I think if we had shift workers I'd look at VDI before I considered roaming profiles. Windows 10 and the OneDrive known folder redirection covers off the situation where people leave things on their desktop and then lose or break their computers.
|
# ? Jan 5, 2020 22:22 |
|
Roaming profiles, just don't. Redirection should be keeping a local copy and a copy on the server, so when you are offnet it shouldn't matter, but when you connect to the network again it updates the server with your new/changed files.
|
# ? Jan 5, 2020 22:23 |
|
We’re using folder redirection and UEV (which is causing more issues then it fixes) and in the process of moving everyone to OneDrive known folder redirects. Our VPN has more issues with the DFS-N where the folders live then the redirection itself. My company is a call center too so we’re having to test OneDrive conditional access before rolling out to them but laptops are definitely a nightmare for any kind of local server based redirection. One thing to keep in mind if you’re switching from local to OneDrive is the transition will fail if there are any local OneNote files. Don’t know why but it will.
|
# ? Jan 5, 2020 22:23 |
|
Look into DirectAccess if you can't use OneDrive for all data for some reason.
|
# ? Jan 6, 2020 04:12 |
|
Don’t you need win10 ent for one drive licensing or is it included in 365 now?
|
# ? Jan 6, 2020 04:52 |
|
It’s always been a part of o365
|
# ? Jan 6, 2020 05:21 |
|
DirectAccess needs an Enterprise license, OneDrive is just an Office 365 feature. There might be some features that only work with an E3/E5 plan but I never use the Business-tier subscriptions so I don't know.
|
# ? Jan 6, 2020 12:24 |
|
Thanks. We have old school Office 2016/2019. No 365 and not Ent for OS.
|
# ? Jan 6, 2020 13:51 |
|
lol internet. posted:Just curious what everyone's doing with laptops/roaming profiles? My company has the same issue with folder redirection, but only on first sign in. As long as you sync up once on first login the issue generally doesn't return. At one point I knew exactly what the problem was, but that hasn't been my job for long enough that I've entirely forgotten what caused it. That being said, no roaming profiles. All corporate devices are forced through a VPN, even on campus.
|
# ? Jan 6, 2020 17:32 |
|
GreenNight posted:Thanks. We have old school Office 2016/2019. No 365 and not Ent for OS. You could setup Always-On VPN, it runs on Win 10 Pro and is about as seamless as DirectAccess. Device tunnels are restricted to the Enterprise SKU but user tunnels have been sufficient in most cases at my company.
|
# ? Jan 6, 2020 17:44 |
|
wyoak posted:You could setup Always-On VPN, it runs on Win 10 Pro and is about as seamless as DirectAccess. Device tunnels are restricted to the Enterprise SKU but user tunnels have been sufficient in most cases at my company. We use AnyConnect and drives auto map so it's not difficult.
|
# ? Jan 6, 2020 17:47 |
|
OK, I'm wondering if anyone else is seeing problems with their Windows Server 2016 systems and long reboots. I can find lot's of general griping about updates being "slow" on 2016 but I'm talking about something that's started happening recently and it's got some pretty narrow symptoms that I can identify. Wondering if I should open a support case. Basically, if I reboot a Sever 2016 system twice in a relatively short period of time (I've seen it with an hour and a half between reboots) the second reboot will take about an hour to actually happen. It has something to do with the Delta Compression that Windows does for the cumulative updates. The system doesn't actually power off during this hour, and the console just has the helpful "Getting Windows ready Don't turn off your computer" spinner. The machine is still basically on during this time, so our monitoring hasn't caught it. But you can't connect to it with remote desktop and potentially if it's running some services I think they'd be off. But i can connect to the admin share, which is why I can see that the CBS.log file is freaking out with messages like this: code:
code:
|
# ? Jan 8, 2020 19:28 |
|
That's one I would open a support case with MS on. They're going to have the trace tools to figure out what the hell is going on there.
|
# ? Jan 8, 2020 20:35 |
|
Procexp shows it being NTVDM.exe. I cleared out the printers via GUI, and I pruned anything I could find in the registry. I must be missing something in the registry though, but my Google-Fu hasn't turned up anything else. Printers in the [print setup...] dialog show up as code:
Ugh. HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Devices -- dumb me. Thanks in advance. Djimi fucked around with this message at 21:14 on Jan 8, 2020 |
# ? Jan 8, 2020 21:02 |
|
When I ran a terminal server on 2003/2008 with print redirection support years ago, this was just the behavior it had with the print redirect object getting orphaned at disconnect/log-off. Didn't cause a problem with our applications, so we just let that number keep incrementing in to the hundreds. I suspect you're going to need to schedule some manner of cleanup scheduled script to purge them out.
|
# ? Jan 8, 2020 21:13 |
|
Has anyone received Win7 extended support keys yet, or any info about how they can/need to be deployed? I've got hundreds on order and since it's Win7 I'm fearing that it'll be "dispatch tech," to each one.
|
# ? Jan 8, 2020 23:59 |
|
You get an activation exe that you run that makes the system eligible to receive continued updates.
|
# ? Jan 9, 2020 00:13 |
|
Thanks, we haven't gotten ours yet. That'll be fairly easy to deploy then. I wonder how it'll work for us, we bought a subset of another business units' larger purchase. Probably have to keep meticulous track of the number. I only had to buy 200 out of maybe 10x that on the order, I think they were expecting to receive a sheet of keys. Oh well, cheaper and easier than getting those machines on 10.
|
# ? Jan 9, 2020 02:40 |
|
Concerning RDP printing.. After setting up and running multiple RDP farms, I always turn to this: https://www.terminalworks.com/remote-desktop-printing for printing purposes instead of using the built in printer redirection. It is super easy to setup, has a simple and cheap licensing scheme, and just always works. Default setup installs a "TSPrint" printer on the server side..(can be renamed) Anything printed to this printer automagically spits out on the client's default printer.
|
# ? Jan 9, 2020 14:58 |
|
charity rereg posted:Thanks, we haven't gotten ours yet. That'll be fairly easy to deploy then. I may end up managing a thousand or so extended support machines. Hurrah !
|
# ? Jan 9, 2020 15:07 |
|
Just curious, for the extended support people, are these machines running programs that require Windows 7, or are these a bunch of office machines for which there's not the organizational inertia to upgrade?
|
# ? Jan 9, 2020 16:11 |
|
I've ordered 3 extended support licenses for 3 PCs where we're not going to use a vendor's application after this year. They want $3000 to install their software on each windows 10 box, so we're going to play $50 to Microsoft instead since we're dropping their product anyway.
|
# ? Jan 9, 2020 17:11 |
|
ItBreathes posted:Just curious, for the extended support people, are these machines running programs that require Windows 7, or are these a bunch of office machines for which there's not the organizational inertia to upgrade? Column A, Column B Of our 200 ~90 or so are clinical devices and our $13,000/unit x-ray sensors don't work well in Windows 10. In order to not segment the clinical environment we're leaving every computer in that silo on Win7. Providers do not like technical change, and they will freak at a split environment, and we're mid school year so will keep it homogeneous for the students. We're also changing a lot of how that area operates so they'll be getting new SSDs and more RAM in the summer, so we'll just get them all at once in a weekend project. Or not, it's stupid cheap for us, even if it doubled in cost. A few of them are lab machines attached to equipment, one of which costs $75,000 to upgrade the license to Windows 10 (!!) The remaining we just didn't have time to get to. They're either due for a hardware refresh and the time wasn't there, or the machines are fine or we just didn't hit - we're a tiny team for such a large school and one of my techs was on maternity from Oct -> Next Tue. Dell also cannot ship Intel systems with any reliability right now due to the chip shortage, so that really nailed us as well. I just got an order I placed on 11/21 on Jan 3rd. 100% of our administration, finance, financial aid, etc. folks are migrated. It's just research labs, clinical PCs, and some admin folks in the labs area. It was $11 a key for us, so we did some math and realize it would cost less than 2 new Optiplexes (not to mention the needed OT) to just buy a bunch of keys and give the project a very long tail. It also lets us split the cost across 2 years' budget (our fiscal is 6/31) medical + higher education is probably the worst combination of fields. bus hustler fucked around with this message at 20:23 on Jan 9, 2020 |
# ? Jan 9, 2020 20:16 |
|
I really thought it would have been more expensive than that.
|
# ? Jan 9, 2020 20:46 |
|
Year 1 is going to run $10-15 a seat in education, I heard private sector is closer to 40. Those prices will rises sharply on year 2 and be absurd by year 3. This is your one year grace period to upgrade, don't expect it again.
|
# ? Jan 9, 2020 21:41 |
|
$50 (I think) for private sector, I have at least one client that is going that route because they are going to sell their business in like 6 months and their machines are old poo poo with 3GB of RAM.
|
# ? Jan 9, 2020 21:58 |
my secret getting powershell scripts to run at startup via gpo under computer? I've had it only fire once in like 7 reboots in a test OU.
|
|
# ? Jan 10, 2020 14:00 |
|
BangersInMyKnickers posted:Year 1 is going to run $10-15 a seat in education, I heard private sector is closer to 40. Those prices will rises sharply on year 2 and be absurd by year 3. This is your one year grace period to upgrade, don't expect it again. As a SLED'er, probably should have gotten a bunch of these for random rear end machines that are now problem points.
|
# ? Jan 11, 2020 00:12 |
|
gently caress on-prem exchange, gently caress essentials and quadruple gently caress cheap clients that will not pay for a second public IP. I spent so much loving time trying to get remote web workplace (aka RD gateway) to run from a different port only to find out you can't and there's a dumb roundabout way to have both running on 443. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-essentials-sbs/jj200172(v=ws.11)?redirectedfrom=MSDN I didn't want to gently caress with exchange because that would mean touching a fuckton of devices manually.
|
# ? Jan 14, 2020 07:01 |
|
ItBreathes posted:Just curious, for the extended support people, are these machines running programs that require Windows 7, or are these a bunch of office machines for which there's not the organizational inertia to upgrade? Both ! I have systems running $2 million dollar MRI machines that are on 7 or even XP. We don't have an upgrade path for the software, and replacing the $2 million dollar instrument would also involve demoing part of the ground floor to get the goddamn things out. Extended support is a rounding error in that equation.
|
# ? Jan 14, 2020 09:20 |
|
We have one of those computers too. It manages a $100k printer. I was actually able to install the software and get it to run on Windows 10 32-bit with a lot of fidgeting with compatibility settings, security policies and UAC, but the manufacturer won't support it. So we just spent the 200 bux to get the extended security updates from Microsoft for that one machine. That'll give us another three years breathing room. Hopefully it'll be someone elses problem by then! That being said, it was truly the best of OSs Almost made it 10 years. Goodbye sweet prince.
|
# ? Jan 14, 2020 14:19 |
|
I have an HP laptop with Window 7 Enterprise and I have no loving idea how to a) find the product key and b) upgrade it to Win 10. I got it 5.5 years ago and I vaguely recall that it came with Win 8 Pro with some kind of academic volume license which offered the option to "downgrade" to 7 Enterprise, which I took since 8 was such a shitshow. The key sticker on the bottom faded to illegibility long ago. ShowKeyPlus shows the following: Installed Key: MAK key not available OEM Key: 2HN.. etc., presumably a valid 25-character key OEM Description: Win 8.1 RTM Professional OEM:DM Windows Media Creation tool can apparently be convinced to upgrade to 10 by running: MediaCreationTool1909.exe /Eula Accept /Retail /MediaArch x64 /MediaLangCode en-US /MediaEdition Enterpris ... but it won't accept that OEM key. I suppose I'm just out of luck?
|
# ? Jan 15, 2020 05:57 |
|
I think you’d need to put Windows 8.1 on, let it activate from the key stored in the BIOS and then do a Windows 10 upgrade if that’s still a thing. Been ages since I used a Windows client that wasn’t 10 so I’m very rusty.
|
# ? Jan 15, 2020 08:58 |
|
mllaneza posted:Both ! I have systems running $2 million dollar MRI machines that are on 7 or even XP. We don't have an upgrade path for the software, and replacing the $2 million dollar instrument would also involve demoing part of the ground floor to get the goddamn things out. Extended support is a rounding error in that equation. Yeah we have one of those too, we have a cone beam machine that is the only one that will fit in the space. Replacing it not only costs $250k+ but would require us to shut down the clinic and bring in structural engineers to remove a wall in order to buy a new one. Like I still think this is the difference between "really really big office" and "enterprise" - the costs for even 3 years of support on a lot of this stuff are rounding errors to us. We are the 3rd largest employer in the state, a high tax/benefit one at that. Even $1000/machine is not a deterrent as long as we get most of the low hanging fruit. The medical school proper is looking to hire 50 new IT headcount next year at $100k+ fully loaded cost. bus hustler fucked around with this message at 13:08 on Jan 15, 2020 |
# ? Jan 15, 2020 12:58 |
|
|
# ? May 28, 2024 14:22 |
|
Now that W7 is mostly migrated, I need a way to get any remaining W7 laptops on the domain out of the woodwork. What's a GPO I could hit W7 systems with that would cause a situation that would be annoying enough that the users will have to give us a call, but is remotely reversible (so no breaking the NIC) once I can get their info down and a promise to bring their laptops to HQ?
|
# ? Jan 19, 2020 06:21 |