|
FISHMANPET posted:You don't want to install LTSC branches on desktops, the official word is that Windows 10 LTSC is for, like, aircraft control computers. I think there are some technical limitations why certain apps won't work on LTSC, but also I think it's a ploy by Microsoft (that I happen to agree with) to make LTSC as painful to use as possible, otherwise every enterprise would just install LTSC and do big fleet-wide upgrades every 5 years like they did with XP/Vista/7/8/ etc instead of sticking with the rolling releases. I manage ~1500 LTSC systems. Instrument control machines, mass spectrometers, MRIs, plate reader robots, liquid chromatographs (we've got someone who figured out how to do 2D liquid chromatography). And that number is going up as the Win7 systems get migrated. All pets, no cattle.
|
# ? Oct 24, 2021 05:48 |
|
|
# ? May 23, 2024 23:24 |
|
GreenNight posted:Yeah but a second virtual nic doesn’t make any sense. ohhh I didn't see that, I thought i meant adding a second physical NIC and then using that for management purposes for the hosts/vms. Both things are dumb though.
|
# ? Oct 24, 2021 21:04 |
|
Counterpoint: LTSC on desktops is fine and good, and there are no hidden catches or gotchas. The only real stumbling block is that as a release gets old, it’s CPU support will lag behind releases and it will flip out on newer kit.
|
# ? Oct 25, 2021 05:36 |
|
Please don't use LTSC.
|
# ? Oct 25, 2021 06:40 |
|
Internet Explorer posted:Please don't use LTSC. If your use case can not tolerate automatic updates, it shouldn't be running Windows 10 desktop edition and probably shouldn't be running Windows at all. wolrah fucked around with this message at 18:48 on Oct 25, 2021 |
# ? Oct 25, 2021 18:45 |
|
wolrah posted:Seeing LTSC means someone somewhere has chosen to use Windows wrongly. Yes, it works. But you know what also "works"? Half the bullshit that everyone here has seen when they walk into a new job and make this face: Do future you a favor and save us all a "I hate this job" post; don't do this.
|
# ? Oct 26, 2021 00:32 |
|
Note that Microsoft doesn’t actually give many concrete reasons not to use it. I don’t want to die on this hill but other than hardware support, there’s not much reason it will ever cause you an issue.
|
# ? Oct 26, 2021 00:40 |
|
it's literally the "nuclear option" operating system. As in, nuclear subs.
|
# ? Oct 26, 2021 00:47 |
|
Just off the top of my head, you're not going to get access to the Windows Store and you're going to make Azure AD Hybrid Join a lot more of a pain in the rear end. I'd argue that there's no good reason to use it outside of the already discussed very specialized use cases.
|
# ? Oct 26, 2021 00:52 |
|
About once a year, someone yeets into a call with the Windows client team and says, "Hey, have you thought about LTSC?" We don't even have a prepared statement for them, unless you count, "everyone goes off mute simultaneously and groans into their microphones while our product owner says 'NO'" to be a statement.
|
# ? Oct 26, 2021 01:25 |
|
AlternateAccount posted:Note that Microsoft doesn’t actually give many concrete reasons not to use it. As I understand it, non LTSC versions of Office will Soon :tm: no longer run on Windows 10 LTSC. This means no connecting to O365 services from Office on those desktops. Microsoft's statements have long been if it's a user's "daily driver" machine LTSC is not appropriate. I would expect them to get more "forceful" about this as time goes on.
|
# ? Oct 26, 2021 15:18 |
|
wolrah posted:If your use case can not tolerate automatic updates, it shouldn't be running Windows 10 desktop edition and probably shouldn't be running Windows at all. Ask me about vendor Linux systems. I was hands on with a Fedora 10 system earlier this month.
|
# ? Oct 26, 2021 16:53 |
|
I was guilty of putting LTSB/LTSC on workstations when Win10 first came out. A lot of my unwillingness to use the normal builds was a misunderstanding of how the shorter-term-supported releases would be supported: I thought we'd be doing the equivalent of a "service pack" update to the OS twice a year. And given how temperamental some of the software we run is, it sounded like a recipe for bi-annual scheduled-unscheduled outages. But yeah, that's not the support cycle on the releases. Once the department had time to dig into it we realized you can still stay on a short-term build for a good long time, and we got to switching. Fortunately you can do in-place upgrades of LTSC to standard editions without the need to re-install the OS. And the new builds have caused far fewer side-effects and software glitches than I expected.
|
# ? Oct 26, 2021 23:50 |
|
Is it possible to add a Microsoft 365 account to a local group via unattend file? Edit: that probably could've been clearer. I mean an Azure AD user in an enterprise setting. Toast Museum fucked around with this message at 18:59 on Nov 3, 2021 |
# ? Nov 3, 2021 18:55 |
|
Not 100% certain what you’re asking, but I think you at minimum need azuread p1 and to set up group write-back
|
# ? Nov 3, 2021 18:59 |
|
Sorry, I'm running on a couple hours of sleep. Basically, I'm trying to find a way to compensate for deficiencies in an MECM task sequence that I'm not in a position to change. By the end of the task sequence, the target computer has been reformatted and mostly configured, but it's not domain-joined, and the only available accounts are the built-in Administrator account and an unused local standard account. Since the "add a work or school user" option appears to be unavailable from these accounts, I'm supposed to manually run sysprep to trigger the OOBE. During the OOBE, I sign in with Azure AD credentials, from which I can add other users as needed. I'm not interested in going through the OOBE manually every time, so I've made an unattend file. The only part of the OOBE that I haven't been able to automate away yet is that initial AzureAD sign-in.
|
# ? Nov 3, 2021 22:14 |
|
Just to make sure I understand what you're asking, Azure AD Hybrid Join, or normal Azure AD Join? Azure AD user, or hybrid user that is also in AD?
|
# ? Nov 3, 2021 22:43 |
|
Internet Explorer posted:Just to make sure I understand what you're asking, Azure AD Hybrid Join, or normal Azure AD Join? Azure AD user, or hybrid user that is also in AD? Hybrid Identity* for users, non-hybrid Azure AD Join for the computers in question. *In case that term is narrower than I realize, what I mean is that users are synced between on-prem AD and Azure AD via Azure AD Connect.
|
# ? Nov 4, 2021 00:33 |
|
Toast Museum posted:Hybrid Identity* for users, non-hybrid Azure AD Join for the computers in question. Yeah, sorry, I couldn't remember the term for that. So I am pretty sure you can do what you're asking. I assume you don't need these laptops on the domain, so legacy AD just kind of exists for backend infrastructure and you're not using Kerberos auth for anything? I'm having a hard time wrapping my head around your use case, but yes, you should be able to do it. This article mentions Azure AD users specifically. https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-localusersandgroups
|
# ? Nov 4, 2021 05:38 |
|
all your users should be sync'd between your prem AD and Azure ad. You might be thinking about white-glove (now called pre-provisioning) autopilot. Basically takes your unattend.xml and puts it the cloud. (That is, if you have a tpm 2.0 chip and your devices are enrolled into intune...which you should do for all your AzureAD devices) Full zero-touch provisioning and no need to login at OOBE.
|
# ? Nov 4, 2021 06:03 |
|
Internet Explorer posted:Yeah, sorry, I couldn't remember the term for that. So I am pretty sure you can do what you're asking. I assume you don't need these laptops on the domain, so legacy AD just kind of exists for backend infrastructure and you're not using Kerberos auth for anything? I'm having a hard time wrapping my head around your use case, but yes, you should be able to do it. This article mentions Azure AD users specifically. incoherent posted:all your users should be sync'd between your prem AD and Azure ad. You might be thinking about white-glove (now called pre-provisioning) autopilot. Yeah, the use-case seems weird because the situation is kinda dumb.
|
# ? Nov 4, 2021 14:03 |
|
Anyone every gotten this weird error when importing an application into SCCM? “Specify a valid UNC path and a compressed (.zip) file with read permission for importing.” I already checked the permissions and if the file got mangled but it all looks good but it all seems good to go. Our whole team is stumped by this.
|
# ? Nov 6, 2021 17:22 |
|
Seeing some extra information in the sign-in audit logs in Azure AD which is very nice to have now Not sure how long it's been like this for, but having the context is welcome.
|
# ? Nov 9, 2021 16:47 |
|
Woof Blitzer posted:Anyone every gotten this weird error when importing an application into SCCM? Isn't that the normal prompt for importing an application? I'm no expert, but that's the same thing I see. Compare to the create new application operation where you'd point to an msi file.
|
# ? Nov 9, 2021 17:01 |
|
Thanks Ants posted:Seeing some extra information in the sign-in audit logs in Azure AD which is very nice to have now I really, really miss having Azure AD for identity. Going from having it to not is like taking a step back to the stone age.
|
# ? Nov 9, 2021 17:03 |
|
I briefly looked at Google Cloud Identity and
|
# ? Nov 9, 2021 17:07 |
|
Is there a definitive need to use Microsoft's name servers with your Azure AD tenant configuration or is it more of a convenience feature for managing DNS within the Azure portal? Currently, DNS is handled via Network Solutions, but I'm wondering if there's a need for their name servers to make AAD/Intune work better in some way.
|
# ? Nov 9, 2021 21:47 |
|
Not really unless there is a windows admin center plug-in for azure dns zones or something. Dns is dns.
|
# ? Nov 9, 2021 22:05 |
|
No need to use them, but Azure DNS is cheap and more than likely better than whatever Network Solutions does.
|
# ? Nov 9, 2021 22:25 |
|
2008 \ R2 is getting an extra ESU year (if you're in azure, that is!). What a dangle of a fuckin carrot.
|
# ? Nov 10, 2021 22:21 |
|
What's the first things to check with DHCP leases not showing up in DNS? Same server, it's an AD setup. We have Cisco WiFi AP's, they were in there but a bunch were missing. I removed the leases, A and PTR records and restarted them all, they all got new leases but no DNS records were created. I made sure all the obvious settings for the scopes to register dns were set, but no luck. The other scopes with workstations and phones work just fine.
|
# ? Nov 17, 2021 00:43 |
|
Does the Windows DHCP server still need to have a service account defined to do the DNS updates?
|
# ? Nov 17, 2021 00:50 |
|
Bob Morales posted:What's the first things to check with DHCP leases not showing up in DNS? Same server, it's an AD setup. Is it just one device? Have you tried running "ipconfig /registerdns"? Have you tried restarting the DNS service (on the one server, not on the DNS server) or the server itself? Is there an existing, corrupt DNS entry for the device in the DNS server?
|
# ? Nov 17, 2021 01:05 |
|
Thanks Ants posted:Does the Windows DHCP server still need to have a service account defined to do the DNS updates? Yes
|
# ? Nov 17, 2021 02:26 |
|
Wizard of the Deep posted:Is it just one device? Have you tried running "ipconfig /registerdns"? Have you tried restarting the DNS service (on the one server, not on the DNS server) or the server itself? Is there an existing, corrupt DNS entry for the device in the DNS server? I removed all the entries that existed It's a whole subnet of devices (it's own dhcp scope) The other scopes work fine Can't run ipconfig on an access point
|
# ? Nov 17, 2021 12:32 |
|
Thanks Ants posted:Does the Windows DHCP server still need to have a service account defined to do the DNS updates? I checked a bunch of other non-domain devices, and then I created a dhcpupdate service account. this must have been it because now they are showing up. I saw this yesterday, but figured it wasn't it because the devices were in DNS before I started messing with it. I wonder if they were static records? Why would the MSP create static records for devices that get DHCP addresses?
|
# ? Nov 17, 2021 13:59 |
|
Bob Morales posted:I removed all the entries that existed Does the switch the device is connected to have that VLAN configured? Is the port a trunk port or an access port configured with the wrong VLAN?
|
# ? Nov 17, 2021 14:09 |
|
GreenNight posted:Does the switch the device is connected to have that VLAN configured? Is the port a trunk port or an access port configured with the wrong VLAN? They were getting the right addresses in the right scope and on the right vlan, they just weren't registering in DNS. Working now, just bouncing all the AP's so my LibreNMS doesn't have any more red lights
|
# ? Nov 17, 2021 14:24 |
|
What is the point or the difference of the LDAP feature role in windows server vs AD Directory Services? AD DS is built upon the LDAP protocol so regular LDAP binds work directly to AD. I tried googling but didn't find much to really tell me the difference.
|
# ? Dec 11, 2021 06:00 |
|
|
# ? May 23, 2024 23:24 |
|
Are you referring to Active Directory Lightweight services? That is a standalone LDAP role that is seperate from Active Directory. It allows you build a directory service independent of Active directory but use all the code that's active directory and LDAP friendly, say if you wanted a custom schema and attributes and didn't want to mess with Active directory. (spoiler: don't mess with active directory schema!) Mostly used as an identity store to not keep usernames and passwords in your SQL database. Can be used as a identity source for AD FS. Also can sync data from Active Directory.
|
# ? Dec 11, 2021 06:17 |