|
Zero VGS posted:Log into the admin account, open GPEdit User Configuration, then you can set local group policy for that account. You can do fun things like removing the desktop and task bar so all they can do is ctrl-alt-delete to log back out. Or just make a group policy to launch a login script that can't be interrupted which logs them back out. I haven't done it since Windows XP so I'm not sure what the best practice is these days. The login script is how I do it for our service accounts which need a static password but should never be logged in to. Just a batch file with "shutdown /l /f" works pretty well; it doesn't even get to a desktop before it's already logging off.
|
#
?
Aug 21, 2015 21:40
|
|
|
|
| # ? May 28, 2024 12:16 |
|
|
hihifellow posted:The login script is how I do it for our service accounts which need a static password but should never be logged in to. Just a batch file with "shutdown /l /f" works pretty well; it doesn't even get to a desktop before it's already logging off. Cool. That's the approach i think I'm going to take. SCCM question: I have an OSD task sequence for PXE that, I'll deploy with no time constraints and all works 100%. Eventually, random clients will get stuck at "configuration manager is looking for policy" during PXE boot. A quick delete deployment and re-deploy of the task sequence fixes it. Any ideas? It's not a huge hurdle but it would be nice to not have to re-deploy whenever it decided to stop working.
|
|
#
?
Aug 21, 2015 22:02
|
|
|
My printer deployment GPOs are currently linked to OUs that contain users of a site. I'd like to link the GPOs to AD sites instead to cover printer mapping for visiting employees. Is this going to bite me in the rear end in any way, as long as my AD sites and services is correct? Will async GPO processing make it take two logins or something?
|
|
#
?
Aug 21, 2015 22:22
|
|
|
e: nvm
Roargasm fucked around with this message at 22:57 on Aug 21, 2015 |
|
#
?
Aug 21, 2015 22:53
|
|
|
Walked posted:Cool. That's the approach i think I'm going to take. The best way to troubleshoot that issue is to look at the "smsPXE.log" on the server hosting the PXE service. Most of the time it's because the computer I want to image isn't in the right collection but that sounds like a completely different issue.
|
|
#
?
Aug 21, 2015 23:33
|
|
|
Sacred Cow posted:The best way to troubleshoot that issue is to look at the "smsPXE.log" on the server hosting the PXE service. Most of the time it's because the computer I want to image isn't in the right collection but that sounds like a completely different issue. Not really helpful; sadly: code:code:Frustrating; we'll see when it breaks again and if I can correlate it with any actions in SCCM. Walked fucked around with this message at 01:05 on Aug 22, 2015 |
|
#
?
Aug 22, 2015 00:58
|
|
|
Swink posted:Can you show me how you partition the disk for the recovery partition + OSDisk? Even just the xml would start me in the right direction. So we installed Bitlocker per the instructions, loaded the Bitlocker MOF files into SCCM to get the hardware inventory reporting and set variables to enable/disable Bitlocker on the Task Sequence during the image/reimage. It's just a straight 100% partition on the disk. Once the computer completes imaging it gets added to the domain and a group policy actually turns on the encrypting portion, escrows the recovery key and encrypts the drive while booted into Windows. You can't cancel/stop it and if you restart the computer while it's going it just picks up as soon as Windows is loaded again. Note: This happens after the computer is imaged and finished out of OSD. I guess you could call it post-provisioning for Bitlocker. Here's a great article on how to encrypt the drive during OSD. After thinking about it I think this might be what you are asking for: http://www.windows-noob.com/forums/...nager-2012-sp1/ The other hurdle is you need to make sure your devices have TPM chips on them and are cleared and activated in the BIOS before trying this. Otherwise the bitlocker recovery key won't get escrowed in AD and you will be frustrated. johnnyonetime fucked around with this message at 02:06 on Aug 22, 2015 |
|
#
?
Aug 22, 2015 02:03
|
|
|
johnnyonetime posted:Here's a great article on how to encrypt the drive during OSD. After thinking about it I think this might be what you are asking for: Just a note here, this significantly increases the time that it takes to complete an OSD, BUT your drive is already encrypted. Not an issue per-se but something to at least consider/be cognizant of.
|
|
#
?
Aug 22, 2015 19:30
|
|
|
When I was experimenting with BitLocker during deployments I found that it generally added about 30 minutes to the build time to encrypt the drive. That was if it was still just sitting on the workbench not being used. If an impatient user grabbed it and started working with it they would notice a poorer performance and it would take about 2 hours depending on their usage. This was with i5 2.4 Ghz 8Gb of RAM and SSD's. I also went out of my way to try and interrupt the process to see if it would fail to store the encryption keys in AD. Even if I pulled the power and battery mid encryption and then yanked the drive it would boot back up and start right where it left off with the keys in AD.
|
|
#
?
Aug 24, 2015 14:49
|
|
|
So... Do you guys know of a solution that allows tenant to tenant migration of Office 365, OneDrive and Sharepoint? It'll be a merge, some users exist in the old and some exist in both of the tenants. Any ideas?
|
|
#
?
Aug 25, 2015 09:02
|
|
|
loving kill yourself would be my answer
|
|
#
?
Aug 25, 2015 15:25
|
|
|
Metallogix(sp?) for Sharepoint. Has anyone successfully setup SSO with Office 365 where when I goto login.microsoftonline.com I don't enter in any credentials and I'm instantly logged in? I've gone through KB 2535227 and 2461628. I'm still getting a prompt 
|
|
#
?
Aug 25, 2015 15:32
|
|
|
orange sky posted:So... Do you guys know of a solution that allows tenant to tenant migration of Office 365, OneDrive and Sharepoint? It'll be a merge, some users exist in the old and some exist in both of the tenants. Any ideas? We've used MigrationWiz for tenant to tenant, but that only covers email. I'm not aware of, or have used anything that covers OneDrive and Sharepoint as well. We didn't migrate either of those when we moved tenants. There seems to be a few services that offer it though, I would see if they can do a PoC with you before you write a big check.
|
|
#
?
Aug 25, 2015 15:51
|
|
|
Tab8715 posted:Metallogix(sp?) for Sharepoint. I don't know if this is much of a hint at all, but if you install Windows 10, and join the device to Azure AD Cloud Join, then log in with your O365 email and password into the laptop, all of microsoftonline.com/office.com sites will auto-login with SSO when you use the Edge browser. What has me stuck is that when I do that, the local office apps like Word/Excel are all automatically logged in as well, yet Outlook (desktop) still requires manual setup every time.
|
|
#
?
Aug 25, 2015 16:12
|
|
|
skipdogg posted:We've used MigrationWiz for tenant to tenant, but that only covers email. I'm not aware of, or have used anything that covers OneDrive and Sharepoint as well. We didn't migrate either of those when we moved tenants. There seems to be a few services that offer it though, I would see if they can do a PoC with you before you write a big check. MigrationWiz does have sharepoint tool now.
|
|
#
?
Aug 25, 2015 16:12
|
|
|
Zero VGS posted:I don't know if this is much of a hint at all, but if you install Windows 10, and join the device to Azure AD Cloud Join, then log in with your O365 email and password into the laptop, all of microsoftonline.com/office.com sites will auto-login with SSO when you use the Edge browser. Are you able to apply GPOs via Azure AD?
|
|
#
?
Aug 25, 2015 16:25
|
|
|
Tab8715 posted:Are you able to apply GPOs via Azure AD? No, device management is usually handled by intune.
|
|
#
?
Aug 25, 2015 16:50
|
|
|
Alright, thanks guys, we'll look into all those solutions. It's for a client, but we're probably gonna overbudget the hell out of the project, since it's such a huge hassle.
|
|
#
?
Aug 25, 2015 18:48
|
|
|
We've had a somewhat similar thing with Dropbox, and Dropbox is offering to simply subsume existing accounts @ourorganization and re-direct control to us. Will MS do something similar?
|
|
#
?
Aug 30, 2015 22:23
|
|
|
Anyone set up an NDES/SCEP server in Server 2012 R2?
|
|
#
?
Aug 31, 2015 20:56
|
|
|
I'm a non-DBA helping figure out some DBA type tasks. I'd like to setup a centralized performance logging database for SQL Server performance counters of the server. (e.g. disk queue length, processor utilizations, etc) Ideally put into a database where we can generate reports or query based on time to correclate when an issue is reported by users/developers. Documentation on approach to this seems kinda thin; there's some info about using perfmon and piping it to a text file or CSV and importing it; and a few articles about using ODBC connections to write to a database, but those seem out of date and perhaps a bit inelegant. Any pointers? Happy to put forward a product that will do this for us. We dont need hyper-granular information, nor a ton of performance counters (in fact we've had no issues on that front, I'm just trying to help be proactive).
|
|
#
?
Aug 31, 2015 23:13
|
|
|
Walked posted:I'm a non-DBA helping figure out some DBA type tasks. Any decent general system monitoring solution should so at least most of this. Assuming MSSQL and a windows environment, take a look at System Center Operations Manager (SCOM) and specifically the SQL Management Pack for Health Monitoring as well as some general performance monitoring. You can also add pretty much anything else you might want to monitor into it (Additional Perf Counters or logging wait types for instance).
|
|
#
?
Aug 31, 2015 23:17
|
|
|
Zaepho posted:Any decent general system monitoring solution should so at least most of this. Assuming MSSQL and a windows environment, take a look at System Center Operations Manager (SCOM) and specifically the SQL Management Pack for Health Monitoring as well as some general performance monitoring. You can also add pretty much anything else you might want to monitor into it (Additional Perf Counters or logging wait types for instance). Cool; we do use SCOM for relatively basic (all things considered) monitoring - I just havent investigated how heavily I can monitor and report on SQL performance counters; I'll put that on the agenda for review this week.
|
|
#
?
Aug 31, 2015 23:21
|
|
|
Anyone know of any Windows software that is freeware for corporate use which can split/merge pages from a PDF?
|
|
#
?
Sep 2, 2015 19:43
|
|
|
Zero VGS posted:Anyone know of any Windows software that is freeware for corporate use which can split/merge pages from a PDF? What kind of use scenario? End user friendly? Automated command line? There's a couple open source options out there, not sure how end user friendly they are.
|
|
#
?
Sep 2, 2015 19:59
|
|
|
I used java-based PDFsam at my last job because they had no money, the user interface sucks but it works
|
|
#
?
Sep 2, 2015 20:09
|
|
|
mewse posted:I used java-based PDFsam at my last job because they had no money, the user interface sucks but it works That or pdftk seem like the only options
|
|
#
?
Sep 2, 2015 20:19
|
|
|
What exactly do I need to do to configure a seamless SSO O365/Azure AD experience? I've got Dirsync(AADConnect), ADFS 3.0 and logging in as synchronized users on domain joined workstations. ADFS is added into the intranet sites, a variety of O365 URLs in trusted sites and Use Windows Credentials in the Intranet Zone. What I'm a little confused about is if it possible and how to configure a "seamless" SSO experience. With my current configuration if you goto login.microsoftonline.com you're still prompted for your username at least once then it's cached but you still need to click on your username. What I want to have happen is no credentials prompts and it seems that with smartlinks this is possible? Tab8715 posted:What exactly do I need to do to configure a seamless SSO O365/Azure AD experience? Update: I got the smartlinks working but does anyone know how to do the website part? Gucci Loafers fucked around with this message at 14:47 on Sep 8, 2015 |
|
#
?
Sep 3, 2015 00:57
|
|
|
Fuuuuuck. I was hired a year ago as a sysadmin. The guy previous to me only was there a couple months, but he decided that everyone should have Windows 7 Enterprise since we had license keys for it in Microsoft VLSC. They installed Win7Ent on 60 workstations. We aren't even using any of the features. Now we are going through a Microsoft SAM audit and discovered we never had licenses for them. We are going through the process of downgrading all the workstations back to Pro, but Microsoft is telling us this: quote:You have indicated that this product would be removed. Uninstalling a product is not an approved means of gaining a compliant status. To remedy this shortfall an order must be made. Please place an order within the next 2-3 weeks. Are we stuck with buying $17K of Windows 7 Enterprise licenses? Should we get some legal experts involved or make a good faith effort to explain that a former employee made a huge mistake?
|
|
#
?
Sep 3, 2015 20:46
|
|
|
Consult a lawyer yeah. We have a licencing compliance guy and then he reports to the legal department. Sounds like their revenue department is just turning the screws on you and in reality the $17K is probably cheaper than the lawyer's fees. But that's just a wild rear end guess.
|
|
#
?
Sep 3, 2015 21:20
|
|
|
The outcome is probably not good, but reach out to one of those Microsoft Licensing consulting firms. A quick consultation might help clear things up.
|
|
#
?
Sep 3, 2015 21:30
|
|
|
Everyone's singing Satya's praises because of his 'new Microsoft '. If he unfucks licensing he will achieve God status.
|
|
#
?
Sep 4, 2015 04:49
|
|
|
A VLSC account that has software assurance gets 150 to 1000 "activations" for every MS product under the sun, on even for products you don't license. I probed my rep on it and she told me it's OK to use activations for educational reasons though  I hear the audit process sucks, good luck!
Roargasm fucked around with this message at 05:15 on Sep 4, 2015 |
|
#
?
Sep 4, 2015 05:05
|
|
|
Swink posted:Everyone's singing Satya's praises because of his 'new Microsoft' Really? Got any specifics?
|
|
#
?
Sep 4, 2015 11:49
|
|
|
Tony Montana posted:Really? Got any specifics? The stock jumped once Balmer left and Staya came in. He's also pushing a bigger focus on Cloud Services and its going well.
|
|
#
?
Sep 4, 2015 15:10
|
|
|
Stock always moves in a big management move like that, and it was Balmer leaving so everyone is going to bet on that. We all know sweaty gifs and numerous other public images that guy put forth, while Billy managed to build the company from the ground I don't ever recall him looking that stupid. Every major vendor is focused on cloud. O365 was before Staya, things like Azure have been ramping up for a long time. The Surface is certainly a thing.. MS making hardware and having a bite of the Apple pie (ha!). But specifically what has Staya done for MS? I'm just interested to know, I would have thought it's pretty early to be commenting on yet.
|
|
#
?
Sep 4, 2015 15:35
|
|
|
Tequila25 posted:Fuuuuuck. There's different software assurance deals that instantly give those computers valid Enterprise Licenses for 7/8/10. If you subscribe to the licenses then the subscription runs out, you still have the rights to all Windows versions that have been out since the time your subscription ends. The catch is the minimum term for it is a year. Basically I think in practice you pay something like $110 per workstation over the year, buy the billing can be spread out a bit better than just eating your poo poo sandwich all at once. If you use Office 365 or Intune there's ways to bundle software assurance with either of those. I can't believe I'm actually recommending this bullshit to anyone but if you're already caught with your pants down then this is likely the easiest way out. Microsoft makes a huge chunk of their money from auditing/threatening/litigating so don't take them lightly.
|
|
#
?
Sep 4, 2015 16:20
|
|
|
Tony Montana posted:Stock always moves in a big management move like that, and it was Balmer leaving so everyone is going to bet on that. We all know sweaty gifs and numerous other public images that guy put forth, while Billy managed to build the company from the ground I don't ever recall him looking that stupid. Azure and the rest of their cloud portfolio predate him as CEO, sure. But he was a senior executive in the cloud and server divisions for a long time before ascending to CEO. So it's probably fair to say that a lot of how those businesses developed and played out came from his leadership. And I'm sure their success is a large part of how he got the nod for promotion. I'm personally pretty excited about their apparent willingness to embrace things like open source, and more modern system administration practices and tools like PowerShell, DSC, SSH access (!), and Server Core. Again, most of those surely predate him as CEO. But they came out of teams he oversaw. No clue how that translates into profits or share price, but that's not what Swink said.
|
|
#
?
Sep 4, 2015 17:27
|
|
|
Yeah ok, and I knew all that. It's more this idea of the magic new CEO and his 'new Microsoft' but what you're saying is just the solid hardworking company man that finally made it to the top job story that we all already know. What I was asking Swink was to back up his statement about Satya as the CEO.. because from what I'm seeing it's more what you've said. What 'new Microsoft'? It's been here the whole time still being your servers and your workstations and probably a chunk of your cloud as well. Powershell is sweet but there was an official MS scripting language for administration before it, with a ton of support and it's still widely used (yeah you guys know I was going to get that in somewhere, hehe) and good system administrators were as proficient with it as modern ones are with PS. There was a command line interface too. Yeah it's ancient stinking poo poo compared what the PS stack is becoming, but it was the 90s man, there is nothing new about the idea itself.
|
|
#
?
Sep 4, 2015 17:53
|
|
|
|
| # ? May 28, 2024 12:16 |
|
|
Zero VGS posted:There's different software assurance deals that instantly give those computers valid Enterprise Licenses for 7/8/10. If you subscribe to the licenses then the subscription runs out, you still have the rights to all Windows versions that have been out since the time your subscription ends. I thought the same thing because that's how it USED to work. You get your Win7 Pro from the OEM and a Win 7 Software Assurance license and boom, legal for Win7 Enterprise. They changed that poo poo recently. There's now an Enterprise Upgrade license you have to buy, and you can get it with SA or no SA. Best case scenario he's going to have to buy 60 Windows 10 Enterprise Upgrade licenses that will take his Win7 Pro OEM licenses to Windows 10 Enterprise, which then will have downgrade rights to cover Win7 Enterprise. Those from the little I've been able to find run about them run about 300 bucks a pop. I can't even find the SKU without Software Assurance, although it supposedly exists. I do like your idea of leveraging some of the new cloud per user licensing models, I know we're moving to ECS and licensing basically everything on a per user basis. Makes things easier.
|
|
#
?
Sep 4, 2015 17:56
|
|