|
Submarine Sandpaper posted:No, for a spell chrome would install itself in app data if it was ran without admin privileges. Dunno if it still works Ouch. I think I'll let those users tell on themselves in this case.
|
#
?
Jul 20, 2021 17:47
|
|
|
|
| # ? May 28, 2024 18:34 |
|
|
Arishtat posted:It sounds like Windows Update isn't able to gracefully suspend BitLocker, but is proceeding with the update which then pisses off the TPM's integrity check and results in the 'Inaccessible Boot Device' BSOD. There are a couple of ways to deal with this but how you go about it depends on the capabilities of the client's network infrastructure. For a small client your best bet would be to schedule Windows Updates and push a pre-update script which suspends BitLocker temporarily, runs the update(s), and then a post script which re-enables BitLocker. The devices need fully decrypting for this to happen. Interestingly, it's only my clients who run a mortgage pricing program that have this problem. Although it makes no sense to me that it would affect windows update, it seemingly is. I am advising them to manually suspend Bitlocker from control panel at the moment. The client just uses share point, so unless I can get them on intune or similar, I don't have GPO or easy management for scripts and update scheduling. There might be a way to do this via local policy though, so I'll investigate
|
|
#
?
Jul 21, 2021 10:46
|
|
|
Does anyone know if it's possible to get SQL Server to authenticate against RADIUS? Every single blog post online talks about getting RADIUS to log to SQL, which is absolutely not what I want. Which implies that the answer is no, it's not possible. But it might be?
|
|
#
?
Jul 21, 2021 22:17
|
|
|
I don't think so. The only 2 authentication modes I'm aware of are Windows Authentication and SQL Authentication. No way I'm aware of to point MS SQL at anything else.
|
|
#
?
Jul 21, 2021 22:29
|
|
|
I can't find anything either, and it doesn't look like SQL Server has any concept of pluggable authentication modules or such. You either supply a login/password for SQL Server Authentication, or you supply a Kerberos ticket for Windows Authentication. Now, you could perhaps find something that can supply you a Kerberos ticket via Radius authentication, but that does of course add another step.
|
|
#
?
Jul 21, 2021 22:37
|
|
|
Toshimo posted:I don't know if this is sort of too narrow for this thread, but I'm setting up an SCCM application with a requirement that Chrome be present on the targets, so I set it up via Global Condition. However, the basic Global conditions only allow for checking a single file, and we've got an environment where Chrome could be in the x86 or regular Program Files directories. I have the choice whether to set up a single Global Condition with a short PowerShell script to check both places, or to set up 3 standard conditions, 1 for each location and 1 that checks the existential presence of the other two. I feel like the latter is easier to follow for less-technical folks following and is the least likely to ever encounter an issue later on if things change, but the former doesn't clutter up the console with 3 conditions for 1 app. Is there a Best Practice for this sort of thing? Does one make more logical sense than the other? When you set multiple application requirements they are taken as AND statements and all need to be true for the install to proceed so you can't put three mutually exclusive conditions on the same app. You'll need a create one based on the results of a script that checks all the possibilities. Or maybe query the registry or WMI looking for the install. And remember, when you use a script for a global condition or detection method it considers any standard output as successful so you need to do proper error checking and only have some Write-Host output for exactly what you're looking for.
|
|
#
?
Jul 22, 2021 01:43
|
|
|
Caf posted:When you set multiple application requirements they are taken as AND statements and all need to be true for the install to proceed so you can't put three mutually exclusive conditions on the same app. You'll need a create one based on the results of a script that checks all the possibilities. Or maybe query the registry or WMI looking for the install. I don't follow this at all. The solution I went with was:
Not using any script whatsoever. I opted for this because the underlying PowerShell inside the application is only going to check those 2 places for what it's doing anyway, so any non-standard installs aren't going to work. I'd rather have people tell on themselves if they've got some weird config and can't see the installer in Software Center, than let them try to install and fail. It worked through all our testing, so I don't see any reason it would fail in PROD, but I guess we'll find out on Saturday.
|
|
#
?
Jul 22, 2021 02:11
|
|
|
If condition #3 is the only one that is actually assigned to the application as a requirement then that will work fine. I'm just saying that if you tried to set both 1 and 2 as requirements it wouldn't work because you can't set them as OR statements (and I have seen people try to do that and not understand why their app won't install on any device). And if you only care about those two explicit locations then your method is fine but that wouldn't fly at my place and I would need to script detection of Chrome wherever it happened to be installed.
|
|
#
?
Jul 22, 2021 02:50
|
|
|
Caf posted:If condition #3 is the only one that is actually assigned to the application as a requirement then that will work fine. I'm just saying that if you tried to set both 1 and 2 as requirements it wouldn't work because you can't set them as OR statements (and I have seen people try to do that and not understand why their app won't install on any device). And if you only care about those two explicit locations then your method is fine but that wouldn't fly at my place and I would need to script detection of Chrome wherever it happened to be installed. Yeah, I've only got condition #3 assigned to the application. And, I guess, it's very much a philosophical stance on how we treat the user devices. We just don't support non-standard configurations for most stuff, because it would be a nightmare to deal with at that scale. So, either you are using the approved Chrome application deployment, or you don't get serviced.
|
|
#
?
Jul 22, 2021 03:27
|
|
|
What are some options for pushing HEVC/HEIF or whatever compatibility out? (Apple image format) Apparently downloading the HEIF codec from the Windows store doesn't help, and HEVC is 99 cents.
|
|
#
?
Aug 2, 2021 12:14
|
|
|
Kinda hesitant to reply, but, any luck with the "HEVC Video Extensions from Device Manufacturer?" free one on the MSFT Store?
|
|
#
?
Aug 5, 2021 21:48
|
|
|
Tapedump posted:Kinda hesitant to reply, but, any luck with the "HEVC Video Extensions from Device Manufacturer?" free one on the MSFT Store? Microsoft seems like they broke/killed that somehow towards the end of last year I think? Hopefully the new store fixes this, because specifically this HEIC/HEVC thing is a giant pain in the rear end in the current model where things require microsoft accounts, etc. etc.
|
|
#
?
Aug 6, 2021 00:22
|
|
|
Bob Morales posted:What are some options for pushing HEVC/HEIF or whatever compatibility out? (Apple image format) Also looking for an answer on this.
|
|
#
?
Aug 6, 2021 00:44
|
|
|
Maneki Neko posted:Microsoft seems like they broke/killed that somehow towards the end of last year I think? It's still there, you just need a key from one of the partnered manufacturers to download it now. If you find a copy of the .appx you can sideload it, and it will still update through the store.
|
|
#
?
Aug 6, 2021 00:50
|
|
|
OK, I don't mess with Windows Server much at all anymore, but do the latest releases that omit a year ONLY come in a Core installation to add a GUI to later?
|
|
#
?
Aug 13, 2021 00:56
|
|
|
The Semi-Annual Channel (that's the official name for those releases) doesn't support a GUI period. They're also only supported for 18 months, so they're intended for a fairly specific use case which is totally different from the Long Term Servicing Channel releases.
|
|
#
?
Aug 13, 2021 02:33
|
|
|
The Semi-Annual Channel for Windows Server is also being discontinued with Server 2022 so it’s probably not worth it to look into using it
|
|
#
?
Aug 13, 2021 05:00
|
|
|
Aha, thank you. So really, it's Server 2019 that's the primary "full featured' release, and it's getting a proper replacment with 2022? What a weird detour this other business was, then.
|
|
#
?
Aug 13, 2021 17:09
|
|
|
AlternateAccount posted:Aha, thank you. So really, it's Server 2019 that's the primary "full featured' release, and it's getting a proper replacment with 2022? What a weird detour this other business was, then. That's right. 2016, 2019, and the upcoming 2022 are the LTSC versions of Windows Server. The other ones were part of an attempt to use Windows Server for some sort of container stuff and I don't think it caught on enough for them to continue. Windows Server container images are still going to be a thing, but they will be based off 2022 going forward. I think that they are trying to move the Windows Server container stuff to Azure now, where they can manage the updates and such. Those other versions had all sorts of rules like they could only run server core, or something they called Nano Server. Like the other poster said, they had very narrow use cases. e: for reference in terms of Widows Server to Windows 10 feature set mapping: Server 2016 = Windows 10 1607 LTSC Server 2019 = Windows 10 1809 LTSC Server 2022 = Windows 10 21H2 LTSC (supposedly) This is mostly useful to know what the UI looks like and such. Avoid 2016 like the plague if you can since it has the Windows 10 1607 updates servicing which is extremely slow. Number19 fucked around with this message at 20:12 on Aug 13, 2021 |
|
#
?
Aug 13, 2021 20:06
|
|
|
Microsoft recently announced that there will also be a Windows 11 LTSC... In a couple years. I guess it makes since with the current LTSC schedule since W11 is a continuation of W10. LTSC 2019 and earlier can't install Windows Terminal and some of the newer server management tools. Hopefully they'll be supported in LTSC 2021. Microsoft has also repeatedly warned that some Office 365 features won't work on LTSC builds, but to my knowledge that's never actually happened.
|
|
#
?
Aug 13, 2021 20:41
|
|
|
You don't want to install LTSC branches on desktops, the official word is that Windows 10 LTSC is for, like, aircraft control computers. I think there are some technical limitations why certain apps won't work on LTSC, but also I think it's a ploy by Microsoft (that I happen to agree with) to make LTSC as painful to use as possible, otherwise every enterprise would just install LTSC and do big fleet-wide upgrades every 5 years like they did with XP/Vista/7/8/ etc instead of sticking with the rolling releases. But that's just on the desktop side, servers, vast majority are LTSC, and the SAC failed to take off so much that they're just ditching it entirely apparently.
|
|
#
?
Aug 13, 2021 21:20
|
|
|
Eh, I know that's what Microsoft says but I think the use case for desktop LTSC is a bit broader than that. I use it for kiosks, locked down exam PCs, and some student labs where I still need to set up thick images with tons of specialized software. Never had any issues with it in those cases. I agree that it shouldn't be used for workstations or general purpose PC labs. I did have it briefly installed on my gaming PC just to see what using it on a home machine would be like. I switched back to the continuous branch a month later because Game Pass came out for W10 and most the games wouldn't run on anything older than 1903.
|
|
#
?
Aug 14, 2021 04:03
|
|
|
LTSC on desktops works 100% fine. The only real issue is that sometimes CPU support can lag.
|
|
#
?
Aug 15, 2021 22:19
|
|
|
You can now remove passwords from Microsoft accounts: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/introducing-password-removal-for-microsoft-accounts/ba-p/2747280
|
|
#
?
Sep 15, 2021 20:46
|
|
|
Here’s a fun one. We have an employee with the surname “Null.” When his name syncs to AD from another system, AD dutifully marks it down as the variable $null and empties the field. Then everything that syncs from AD onward…welp.
|
|
#
?
Oct 19, 2021 18:37
|
|
|
Neat I don’t think that’s AD itself doing that though.
|
|
#
?
Oct 19, 2021 18:57
|
|
|
The Fool posted:Neat I’m sure it’s tied into some integration not passing values around properly, but it’s not my problem to fix. I’m just enjoying being an observer on the ticket comments.
|
|
#
?
Oct 19, 2021 19:16
|
|
|
Those are the best kinds of problems.
|
|
#
?
Oct 19, 2021 19:19
|
|
|
Dirt Road Junglist posted:Here’s a fun one.
|
|
#
?
Oct 19, 2021 20:27
|
|
|
I don't care, we had someone who's email was shart@company.com and it always made me laugh.
|
|
#
?
Oct 19, 2021 22:05
|
|
|
Someone here is pushing for a second NIC in every Windows server (virtual or physical), for management purposes So if you wanted to run RDP, WMI, etc you'd use NIC #2 and IP address #2 The normal user functions for that server like file or print service or whatever that server is for, would go through NIC #1 How terrible of an idea is this? I can't find any upsides.
|
|
#
?
Oct 22, 2021 19:49
|
|
|
what the gently caress? why?
|
|
#
?
Oct 22, 2021 19:54
|
|
|
big "i removed all the whitespace from our codebase" energy
|
|
#
?
Oct 22, 2021 19:55
|
|
|
Potato Salad posted:what the gently caress? why?
|
|
#
?
Oct 22, 2021 19:56
|
|
|
Sounds like someone heard of a management vlan but didn’t quite get it
|
|
#
?
Oct 22, 2021 19:57
|
|
|
So a compromised machine can bridge between your management and production networks? Cool
|
|
#
?
Oct 22, 2021 19:57
|
|
|
wyoak posted:Sounds like someone heard of a management vlan but didn’t quite get it Basically My reply was WE HAVE A FIREWALL LETS USE IT
|
|
#
?
Oct 22, 2021 20:06
|
|
|
Mix up government requirements, consultants, and people who don't know how networks work, and what do you get!?
|
|
#
?
Oct 22, 2021 20:09
|
|
|
I mean having a second NIC for redundancy isn't the worst but, yeah, just for management purposes is stupid.
|
|
#
?
Oct 23, 2021 21:03
|
|
|
|
| # ? May 28, 2024 18:34 |
|
|
Yeah but a second virtual nic doesn’t make any sense.
|
|
#
?
Oct 24, 2021 02:19
|
|