|
Noel posted:Use "Apply Driver Package" instead of "Auto Apply Drivers". Better to have control over what is happening. Just an addendum to that - a task sequence works well for practically everything but you should only use it for those packages you can't install silently. And if you really want to get into things then you can look at repackaging any installers that won't do silent installs. On that note if you're a coder and you don't allow silent installs you can go get hosed you egocentric prick.
|
#
?
Aug 10, 2010 05:40
|
|
|
|
| # ? Apr 25, 2024 11:33 |
|
|
marketingman posted:On that note if you're a coder and you don't allow silent installs you can go get hosed you egocentric prick. Now, now. If we're going to start a packaging hate rant, you're going to have to listen to my stories about a 16 bit setup.exe that quits after spawning additional processes as the logged on user - regardless of the fact that it was launched as SYSTEM. And an AdminStudio before/after snapshot capture package? Doesn't give the same result as installing it from the exe. But yeah, every package in SCCM is a silent install. I guess I didn't think of doing it any other way.
|
|
#
?
Aug 10, 2010 12:47
|
|
|
Trinitrotoluene posted:Does anyone have any good recommendations or suggestions for mass administration over a hundred seperate domains on completely seperate networks? Dyscrasia posted:I would love a better way to go about this too. I have just been doing GPO push installs for Reader, Flash and Java. Misogynist posted:There's a huge number of multi-tenant management products out there for managed service providers. Kaseya, N-Able, Level Platforms and ManageEngine are the most popular that I'm aware of, though I haven't used any personally, being a Linux admin that does not work for an MSP. I'm just going to put in a quick plug for MaaS360 by Fiberlink. It's a "cloud-based" laptop, desktop, and Blackberry management solution. No infrastructure or CapEx and it handles patching/updating (OS, 3rd party apps, and AV), hardware and software inventories, security policy enforcement/auto remediation, compliance reporting (AV, FW, DE, DLP, Malware), connection reporting (type, length, data in/out, VPN reporting), etc. It does all of this over any IP connection, so no need to even have the users on the LAN or VPN.
|
|
#
?
Aug 10, 2010 15:09
|
|
|
KenMornignstar posted:I dont know what the budgets are for everyone out there (mine is smalllllll) but we are using a KASE setup right now (Dell let me borrow it for free for 30 days to dick with it). Can you give a bit more in-depth review of it overall? how do you feel it is speed wise (the web interface). What do you think of the helpdesk it has? How easy was it to deploy? Anything else I am missing here! What is imaging like? Also do you happen to know anything about their version of virtualization? is it just re-branded version of some other companies software? Thanks!
|
|
#
?
Aug 10, 2010 19:52
|
|
|
I'm very interested in the Kase review also, if you don't mind.
|
|
#
?
Aug 11, 2010 00:43
|
|
|
We setup a Kaseya server as we're a managed IT provider. It's been a dream for most tasks, especially things like AV and Microsoft patch management. I'm having a bit of a pain in the rear end time with non-MS software, though, specifically pushing out updates for things like Adobe Flash. Our end users almost invariably have no admin privileges, which is nice, but lately we've hit the snag of Adobe Flash requiring 10.1 to work on most websites. Cue us getting regular calls from users bitching about not having admin rights. Now by pairing Kaseya with Ninite Pro and some scripting, I managed to make a script that deploys the 200k Ninite installer and auto-installs/updates everything silently. The problem is that lately it's been too silent; I think it's failing deployments (I can only tell whether the Ninite EXE actually got to the computer and executed; beyond that I have no record) and it also means I still have to babysit the drat thing (running it each time Adobe releases a new Flash). What I'd ideally like to do is give users only enough privileges so they can upgrade Flash if they need to, like if they have the right registry key/file permissions kind of thing. Failing that, a working method for deploying via Kaseya. Group Policy will be a colossal pain both because there are 20 servers to do this on, and because some companies have computers that essentially never check in (because the servers are in Vancouver and they're in Halifax, for example, and no there's no budget for VPN routers but thanks for asking).
|
|
#
?
Aug 12, 2010 21:25
|
|
|
Noel posted:Use "Apply Driver Package" instead of "Auto Apply Drivers". Better to have control over what is happening. As far as I can tell it just copied everything from the driver source folder onto the local machine and lets XP sift through the pile for the right infs. I noticed that if I'd watch my task sequence it would download stuff like DellTouchpad.exe, which I know isn't in my dekstop driver package. No more problems since putting each driver package in its own folder. Now, am I stupid, or are intel 64 bit storage drivers a pain in the rear end? I'm getting a new machine going with Win 7, and even though I don't need SATA drivers to do the install, I'd still rather install the actual Intel SATA drivers than use the generic Windows ones. So I download the driver, extract it, and there's no .inf or txtsetup.oem file in the drive package. If I run the installer on the machine it installs a driver and it shows up as being used for the disk controllers, but I can't figure out how to add it into the driver package. I shouldn't have to execute a silent install of the package in my TS to get this to work. C'mon, this is intel, they know better! E: And I think I figured it out myself. I had to get the F6 drivers from Intel, instead of the installer. FISHMANPET fucked around with this message at 00:11 on Aug 13, 2010 |
|
#
?
Aug 13, 2010 00:01
|
|
|
What do large Microsoft shops do for printing? The setup I've inherited has about 150 printers on two file/print servers, with most printers having a different driver on each server. For example, a department's HPLJ4050 might have the 4050 PCL5e driver on server 1, and the HP universal driver on server 2. My first instinct is a shiny new 3-node (virtualized) print cluster, but print clustering is supported only for failover, not load balancing. Is this really the pinnacle of Windows print-serving technology these days? There's got to be a better way.
|
|
#
?
Aug 13, 2010 02:29
|
|
|
echo465 posted:What do large Microsoft shops do for printing? We manage just fine with a single virtual Server 2008 print server and about 40-60 printers. There's definitely some driver hell, but it handles the load just fine. If you're going to be dealing with 150 printers then I suppose one virtual print server with a single failover would work okay. If you're paranoid about a driver install you can always make a snapshot before you install it (if you decide to take the virtualization route.)
|
|
#
?
Aug 13, 2010 03:06
|
|
|
COCKMOUTH.GIF posted:We manage just fine with a single virtual Server 2008 print server and about 40-60 printers. There's definitely some driver hell, but it handles the load just fine. If you're going to be dealing with 150 printers then I suppose one virtual print server with a single failover would work okay. If you're paranoid about a driver install you can always make a snapshot before you install it (if you decide to take the virtualization route.) How do you guys install your drivers? We've got a CUPS server that shares the printers to Windows clients via SAMBA, and we just browse to the share from a Windows machine, and install the drivers onto each printer on the server. Then when a client adds the printer, it downloads the driver. This whole thing sucks for some reason, and we're not adverse to the idea of throwing the printers on our Windows file server. What's the best way to deal with print drivers in Windows?
|
|
#
?
Aug 13, 2010 05:30
|
|
|
univbee posted:We setup a Kaseya server as we're a managed IT provider. It's been a dream for most tasks, especially things like AV and Microsoft patch management. I'm having a bit of a pain in the rear end time with non-MS software, though, specifically pushing out updates for things like Adobe Flash. Our end users almost invariably have no admin privileges, which is nice, but lately we've hit the snag of Adobe Flash requiring 10.1 to work on most websites. Cue us getting regular calls from users bitching about not having admin rights. Long time SA lurker, first time I decided to create an account. You can publish any agent procedures to your Kaseya user portal. These can be available on custom tabs and your users can just click 'Run Now' and the procedure will execute by the agent, which is running as the system account. I think this will get you exactly what you want, and you can even have special groups setup to publish different sets of procedures (software deployment, maintenance, etc) for different groups of machines. Just look at System -> Live Connect and System -> Machine Roles to check out how you configure this stuff. Ninite rocks. I need to write some procedures that leverage it, the work those guys have done is impressive. You could write some Kaseya procedures to verify the registry keys / files that would be associated with the software a ninite EXE is supposed to install, and then at least run a Script Log report to see which systems didn't seem to get the software they were supposed to. I won't hijack the thread too badly especially since I do work for Kaseya, but you can check out our new community site and look in the scripts section to see my posted procedures for silently updating Java, Flash and Adobe. Hope that helps  Ben
|
|
#
?
Aug 22, 2010 02:11
|
|
|
Welcome to the forums Ben. Don't sign your posts. I posted back on the first page about using WPKG to manage software installation and updates. One thing I said I didn't like was the reporting. I just saw on the WPKG mailing list a better way to do reporting. Create a package definition that always runs and copies the WPKG xml (containing what is installed and which revision) back to a network share: code:
|
|
#
?
Aug 22, 2010 23:39
|
|
|
gently caress Java. That's all I have to say.
|
|
#
?
Aug 23, 2010 17:54
|
|
|
FISHMANPET posted:gently caress Java. So what the gently caress Java. I'm trying to install 32 bit Java on a 64 bit Win 7 machine, because of course we still have 32 bit browsers. It looks like Java is making GBS threads itself because the MSI basically drops a zip file into the JRE directory, and then extracts it. But it just sits spinning its wheels forever, because I think it's looking in C:\Program Files, and not C:\Program Files (x86) for its Zip file. gently caress man, I don't even know. Jesus, I've slipped so far into the rabbit whole. Apparently there's a packing committee on campus, just for packaging software? FISHMANPET fucked around with this message at 23:44 on Aug 23, 2010 |
|
#
?
Aug 23, 2010 23:27
|
|
|
I use the msi on a 32-bit OS with WPKG so it "just works". You might find some useful information on the WPKG wiki: http://wpkg.org/Java#Alternate_Java_6_.28JRE.2FSDK.29_Installer_.28seems_very_complicated.29 Software management is one place that Windows really sucks compared to Linux and BSD.
|
|
#
?
Aug 24, 2010 00:26
|
|
|
FISHMANPET posted:So what the gently caress Java. I'm trying to install 32 bit Java on a 64 bit Win 7 machine, because of course we still have 32 bit browsers. It looks like Java is making GBS threads itself because the MSI basically drops a zip file into the JRE directory, and then extracts it. But it just sits spinning its wheels forever, because I think it's looking in C:\Program Files, and not C:\Program Files (x86) for its Zip file. Packaging software is the single most difficult part of creating zero touch images. Most common apps already have silent install options, but some stuff, including most internal apps I've come across are an absolute nightmare.
|
|
#
?
Aug 24, 2010 01:27
|
|
|
Nomex posted:Packaging software is the single most difficult part of creating zero touch images. Most common apps already have silent install options, but some stuff, including most internal apps I've come across are an absolute nightmare. Amen. The amount of testing alone... And even software that is "easy" to distribute, like Adobe products. Dreamweaver is just not going to install if you happen to have a windows explorer window open and are moving your mouse at the same time (error 7!). Or patches ignoring the REBOOT=REALLYFUCKINGSUPPRESSGODDAMNIT flag.
|
|
#
?
Aug 24, 2010 01:52
|
|
|
FISHMANPET posted:So what the gently caress Java. I'm trying to install 32 bit Java on a 64 bit Win 7 machine, because of course we still have 32 bit browsers. It looks like Java is making GBS threads itself because the MSI basically drops a zip file into the JRE directory, and then extracts it. But it just sits spinning its wheels forever, because I think it's looking in C:\Program Files, and not C:\Program Files (x86) for its Zip file. 32 bit java on 64-bit Windows is definitely a pain. There is an issue with the Java installer running in the 64-bit command shell. I spent a good bit of time searching around for an easy solution (I actually got it working by extracting the msi manually but that sucks). Many hours spent in regmon and filemon... not very fun. I have resolved the problem by modifying a registry key used by the SYSTEM account that initiates the silent Java install. I took a screenshot of my own Kaseya script/procedure for deploying Java where you'll see the registry key I had to set for the installer and how I leverage it: http://files.kaseya.com/sftp/javaupdate.png The key you need to change: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18\ProfileImagePath Typically, it has a value of "%systemroot%\system32\config\systemprofile", data type reg_sz. For the 32-bit Java installer to work silently when run as a SYSTEM account on a 64-bit machine, it can be set to "%systemroot%\syswow64\config\systemprofile". I'd recommend changing it back to the original value once the install completes. Hopefully Sun fixes their installer soon, before they run out of money sueing Google 
djben fucked around with this message at 06:13 on Aug 24, 2010 |
|
#
?
Aug 24, 2010 04:28
|
|
|
djben posted:32 bit java on 64-bit Windows is definitely a pain. There is an issue with the Java installer running in the 64-bit command shell. I spent a good bit of time searching around for an easy solution (I actually got it working by extracting the msi manually but that sucks). Many hours spent in regmon and filemon... not very fun. This might be the easiest way. I'm working really hard on zero touch imaging, then some stupid professor decided to buy the cheapest loving machines he could find (no XP drivers!). So boom, he's breathing down my back while I deploy a whole new OS on a whole new architecture (64 bit). It's even better because, due to some end of financial year fuckups, it took him two months to get these machines. A lot of that is his fault for not communicating properly. So when they show up in my office, he's been waiting for two months, but as far as I'm concerned, he's been waiting a few minutes. It's now been two weeks. I was going to have these done last Tuesday, and now I've been fighting with Java ever since.
|
|
#
?
Aug 24, 2010 04:54
|
|
|
I'll be honest, and excuse me for contradicting someone that is obviously very knowledgeable, but that Java install for x86 is way to complicated when you can simply UniExtract the downloaded installer and run the MSI within it. If you're using SCCM you just put the extracted files into a package and deploy it, telling it to run the MSI. It's really as simple as that. Across architecture doesn't change.
|
|
#
?
Aug 24, 2010 06:18
|
|
|
I don't know much about SCCM or Kaseya. I'm guessing it depends on which enviroment the agent initiating the installation runs in, and what means you have to control it? - Might work in SCCM if it defaults to x86 context on a x64 enviroment.
|
|
#
?
Aug 24, 2010 08:37
|
|
|
marketingman posted:I'll be honest, and excuse me for contradicting someone that is obviously very knowledgeable, but that Java install for x86 is way to complicated when you can simply UniExtract the downloaded installer and run the MSI within it. It shouldn't, yet somehow it does. People have reported that the x86.exe installer won't run under the SYSTEM user on x64 because the installer assumes the files are in system32, when they're in wow64. I can only guess that this is the same reason the MSI fails, because the MSI extract all of its files, but never extracts its compressed files. I don't know how MSIs usually run, but I suspect the Java MSI runs differently than most, that is, it extracts a zip file that then gets extracted, rather than just extracting the files.
|
|
#
?
Aug 24, 2010 14:43
|
|
|
OK fair enough. I'm not going to outright pan you like someone on SA might usually do so, all aggressive for an internet thrill - I'll just say that I've never had an issue deploying in the same exact situation you are talking about. Further, if I did I would simply repackage the product, using whatever tools that particular rear end in a top hat client site has available to me. Wise packaging tools? gently caress YOUUUUUUUUUU but I'll make it work. Anything else, gently caress you Sun, but I'll make it work. Actually to be brutally honest I'm just crazy jealous of the Kaseya guy - simply because he's described a solution I wouldn't even know how to go about discovering. How embarrassing, I think it's time I ended my CJ days and moved into management 
|
|
#
?
Aug 24, 2010 15:05
|
|
|
I'm hoping someone can clarify something for me regarding SCCM and licensing. We're looking at purchasing SCCM, primarily to use Forefront Endpoint Protection when it is released. We would install SCCM on a single server, and be pushing out the antivirus to about 300 client machines, and 10 servers. Does this mean that we would need 1 SCCM license, 10 server management licenses, and 300 client management licenses? That's going to be ridiculously expense in addition to the FEP costs, especially since I can't see much more value in SCCM that we aren't already getting from WSUS and WDS. We may consider the System Center Virtual Machine Manager for a new VM environment, and SCOM would be nice to have too, so would we be better off considering the System Center Server Management Suite? If so, how does the licensing differ on this product?
|
|
#
?
Aug 24, 2010 19:19
|
|
|
djben posted:32 bit java on 64-bit Windows is definitely a pain. There is an issue with the Java installer running in the 64-bit command shell. I spent a good bit of time searching around for an easy solution (I actually got it working by extracting the msi manually but that sucks). Many hours spent in regmon and filemon... not very fun. Quoting this, because you are a loving champion. Finally, a week of work culminates in Java actually loving installing.
|
|
#
?
Aug 24, 2010 19:38
|
|
|
Sorry, I think I missed this, but why aren't you guys just installing 64 bit Java?
|
|
#
?
Aug 25, 2010 00:07
|
|
|
Jadus posted:I'm hoping someone can clarify something for me regarding SCCM and licensing. If you want SCCM for a single reason, it's retarded. Think about what SCCM could do for you overall, and you might consider it worth it. (says someone who gets academic pricing)
|
|
#
?
Aug 25, 2010 03:05
|
|
|
Nomex posted:Sorry, I think I missed this, but why aren't you guys just installing 64 bit Java? Because 32 bit browsers on a 64bit machines needs 32 bit Java. And for some reason the default shortcut to IE on a Windows 7 x64 is to the 32 bit version.
|
|
#
?
Aug 25, 2010 07:03
|
|
|
Jadus posted:I'm hoping someone can clarify something for me regarding SCCM and licensing. What do you get 'extra' when you have both?
|
|
#
?
Aug 25, 2010 07:07
|
|
|
We use WSUS to push out updates. We are still 100% a Windows XP shop and WSUS pushes out Windows Media Player 11. Today the CFO posted a Windows Media video on his blog for the employees. It turns out Windows Media Player 11 wants to validate before it run. It also likes to fail when all the users who are non-admin (all of them) try to click through. I really don't want to have to log into 600 computers, run WMP as admin, and click next, next, next. Please tell me there is some policy/command line/permissions I can setup to get me out of the punishment known as Windows Genuine Advantage.
|
|
#
?
Oct 8, 2010 02:57
|
|
|
I am looking for a solution to PXE boot common discs that we use such as:
I have WDS configured and deploying Windows 7 and Windows Server 2008 discs via PXE (because they contain the *.wim files), but I haven't been able to connect the dots to just loading up a simple ISO and PXE boot it through WDS. I have been trying to get a simple Memtest boot disc imported in for starters. Am I missing something here? Is it easier to just run tftpd32 and call it a day? What is a better way to run the two side by side and not have to give them different ports to distinguish them? I fear I am making this way harder than it should be.
|
|
#
?
Oct 8, 2010 03:09
|
|
|
gbeck posted:We use WSUS to push out updates. We are still 100% a Windows XP shop and WSUS pushes out Windows Media Player 11. Today the CFO posted a Windows Media video on his blog for the employees. It turns out Windows Media Player 11 wants to validate before it run. It also likes to fail when all the users who are non-admin (all of them) try to click through. I really don't want to have to log into 600 computers, run WMP as admin, and click next, next, next. In Group Policy you can disable first run startup for Windows Media Player. Computer Policies/admin templates/Windows Components/Windows Media Player/Do Not Show First Use Dialog Boxes e: I don't know if that is the same as the validating process.
|
|
#
?
Oct 8, 2010 16:22
|
|
|
Naramyth posted:In Group Policy you can disable first run startup for Windows Media Player. It turns out the validation does work if you just open WMP by itself or directly open the file. I am thinking the validation failure is related to trying to open the file from Internet Explorer. Disabling the first use dialog didn't seem to work but it was a good idea.
|
|
#
?
Oct 9, 2010 18:14
|
|
|
I'm preparing the images for our upgrade from XP > Win7. I'm using MDT2010 to prepare the images. How does inserting windows updates work? If I get the latest security update and insert it, will that be installed when I deploy the image, or will it install the update after the deployment, like it does with applications? Edit - And is it worth doing? I'm starting to think I'll just let WSUS update the image once its deployed. Swink fucked around with this message at 01:11 on Oct 10, 2010 |
|
#
?
Oct 10, 2010 01:06
|
|
|
I used the ZTIWindowsUpdate script (part of MDT2008, have not used 2010), which was nice because it essentially hammered the WSUS until you were fully updated. Sure, the imaging took longer, but you skipping having people complain about all the updates that needed to be run once they got their new computer. Currently I use SCCM, and it annoys me that there is not a simple option to do this, they assume you will tie SCCM into WSUS. The annoyance level of updates post image is moving this issue up my list of things to take care of.
|
|
#
?
Oct 10, 2010 04:09
|
|
|
Noel posted:I used the ZTIWindowsUpdate script (part of MDT2008, have not used 2010), which was nice because it essentially hammered the WSUS until you were fully updated. Sure, the imaging took longer, but you skipping having people complain about all the updates that needed to be run once they got their new computer. I don't understand: 1) Why wouldn't you tie it in? 2) And that script is the same as SCCM installing all the updates during imaging - how come one is acceptable and the other is not to you?
|
|
#
?
Oct 10, 2010 14:25
|
|
|
Yeah, sorry, was drunk when I wrote that last post. We don't run out own WSUS, our central IT group does. To tie together WSUS and SCCM, you need to install a SCCM role on the WSUS. I keep saying we should just set up a downstream WSUS for this purpose, even if we don't point our clients at it. ZTIWindowsUpdate is different in that it doesn't require the SCCM+WSUS tie-in. The end result may be the same, but the process is not. Unfortunately this has nothing to do with me. I stupidly asked about doing this instead of just doing it.
|
|
#
?
Oct 10, 2010 15:33
|
|
|
Well you've still got it around arse backwards... You don't install the SCCM "role" on the WSUS server, you install SCCM on a server, and then you install WSUS, and SCCM controls WSUS from that point forward. Further, setting up WSUS is like, 10 minutes work. It has basically no impact on server load, and setting it to be a downstream server would be easy as pie, just point it at the upstream IP address. Just go ahead and do it! What's the worst that can happen? "Oh no you've improved our systems and made everything better, you're fired!!!" (Don't answer that :P)
|
|
#
?
Oct 11, 2010 08:19
|
|
|
Swink posted:I'm preparing the images for our upgrade from XP > Win7. I'm using MDT2010 to prepare the images. How does inserting windows updates work? If I get the latest security update and insert it, will that be installed when I deploy the image, or will it install the update after the deployment, like it does with applications? You can also download and inject .msu's straight into your .wim image. http://technet.microsoft.com/en-us/library/dd744346(WS.10).aspx
|
|
#
?
Oct 11, 2010 19:27
|
|
|
|
| # ? Apr 25, 2024 11:33 |
|
|
marketingman posted:Well you've still got it around arse backwards... If it makes it easier, let's agree that the Software Update Point (SUP) site role and WSUS have to be installed on the same machine. So either I get to install SUP on the existing WSUS (not going to happen), or I set up a downstream on my existing SCCM server. You seem to be missing the fact that my hesitance is not what is stopping this from happening. I stupidly asked my boss about installing WSUS, and got a no. I should have just done it and not told anyone.
|
|
#
?
Oct 11, 2010 20:08
|
|