|
Our domain(s) right now is held together with WSUS and GPO installed software, but we're working on SCCM right now. Our Windows guy doesn't know much about SCCM (which he will freely admit), but togheter we're kludging through it. We've got software deployment pretty much figured out (I hope) but we're pretty confused about imaging. Which is to say, we don't even know what the gently caress imaging is yet. We're just building fresh images for our installs so far, even though we both know there's a better way. But we're confused about where drivers go, and I brought up a doozy today: How do we keep an image up to date if it's full of frequently updated software (Firefox, Thunderbird, Adobe Reader, Flash, etc)? I know somebody here has to be way better than we are at this, so I was hoping for some advice. Also, feel free to hijack this thread for other Enterprisy Windows talk, since there don't seem to be any threads for such things. E: You want an OP? Here's an OP Powershell thread in CoC http://forums.somethingawful.com/showthread.php?threadid=3286440 FISHMANPET fucked around with this message at 23:31 on Jan 22, 2015 |
#
¿
Jul 13, 2010 04:11
|
|
|
|
| # ¿ May 1, 2024 11:00 |
|
|
devmd01 posted:WSUS and GPOs for security policies, the rest is handled through Altiris. I have no thoughts on Altiris, other than that the people that ran one of these domains used Altiris, were obsessed about patching, and hadn't installed 2.5 year old Windows Updates (or even SP3) and had oodles of old software laying around (Whoo Java 5.0 and Adobe Acrobat Reader 7.0!) Also the loving hidden Altiris boot partition makes me want to hurt somebody. I hope you are better with Altiris. Unless your office is now just down the hall from me, in which case, gently caress.
|
|
#
¿
Jul 13, 2010 15:56
|
|
|
demonachizer posted:Bleh no admin control over DHCP. Just over the AD for our area of the university and of course all of our clients. You would only need DHCP to do PXE installs, and you can work around that by creating a task sequence disk that basically contains the boot image that PXE would give you, so that it can pull the rest of the stuff off the server. And once you're going with SCCM you don't need to PXE boot anymore, because you can advertise a reinstall to a running client, and SCCM will just do it. I have these fantastical visions of reimiging the whole office to Win 7 one night while I sleep, but I know that won't happen. I can dream.
|
|
#
¿
Jul 13, 2010 18:58
|
|
|
monkeybounce posted:There's (in my opinion) an easier way to do a deployment with SCCM that supports multiple configurations and doesn't require a stock image. We're currently trying to figure out if we want to build and capture then image, or just build each time. We don't have a lot of the same hardware (although it's all Dell Optiplex, so it's probably pretty similair) so I'm thinking it might just make more sense to do a new build each time.
|
|
#
¿
Jul 14, 2010 17:01
|
|
|
SCCM guys, how do you deal with your drivers? Right now we're making a folder for each driver, and then putting the driver in that folder, and then making a package named the same as the folder. I know this is a terrible way to do it, but we just don't know enough about SCCM yet to know how to do it the right way.
|
|
#
¿
Jul 16, 2010 19:58
|
|
|
bob arctor posted:We have an awesome GPO thread, a virtualization thread, Cisco thread and a few others, does anyone think perhaps a Windows Server Network Admin Megathread is called for? I made this thread with the intention of it turning into something like this
|
|
#
¿
Jul 16, 2010 20:55
|
|
|
gently caress, this is killing me. Is there a way to stop advertising a task sequence to a collection?
|
|
#
¿
Jul 19, 2010 23:12
|
|
|
Noel posted:As in, "oops, I didn't mean to do that"? We want to get rid of an advertisement of a task sequence. We're still in testing, so we make a lot of advertisements, and the best we've come up with is to make a new collection for each new iteration of our task sequence.
|
|
#
¿
Jul 20, 2010 03:02
|
|
|
Noel posted:Right click disable? (although that disables each each advertisement of the task sequence) I don't even know where to find a task sequence advertisement. Let's try it this way I suppose. I've got my task sequence all good to go, and I set it to advertise to a collection. Whoops, I forgot to check the box that says "Advertise this to PXE boots." So, I want to keep the collection, and I want to keep the task sequence, but I don't want to keep that particular advertisement. Does that make sense, or have I gone so far off the deep end that I should go back to playing with blocks? 
|
|
#
¿
Jul 20, 2010 13:58
|
|
|
zapateria posted:Just go to Software Distribution -> Advertisements, you'll find your advertised task sequences there. Delete it. Task Sequence is still alive (under Operating System Deployment -> Task Sequences), advertisement is gone. gently caress we are such idiots how did we never see this. I thought I'd looked in that section already, but I forgot to actually use my eyes.
|
|
#
¿
Jul 20, 2010 14:35
|
|
|
I finally managed to get a task sequence all by myself to actually install the loving operating system!
|
|
#
¿
Jul 21, 2010 19:17
|
|
|
Wow, thanks Ricoh, your drivers suck. The Dell provided driver extracts to... another executable, and that doesn't extract to anything. So I guess no INF for SCCM to push out.
|
|
#
¿
Jul 22, 2010 00:02
|
|
|
Any suggestions for a thread title? My unimaginitve idea is "Tell me about your Enterprise Windows management, Megathread edition!" Onto other things, I've figured out how I want to deploy the OS to my clients. Since we have so many hardware types I'm not going to bother to capture an image, just build it on each machine. I'm trying to figure out how to install software. I don't want to put an explicit "install this package" for each of our 10 basic packages into each task sequence (I'm going to have a task sequence for each hardware models) because that makes it a huge pain in the rear end when a new version of Firefox comes out. Right now I'm just advertising everything to the client as regular software and hoping it gets picked up. What I'd really like to do is have a task sequence to install core apps (We already have this actually) and have my deployment task sequence run that task sequence for me, so I would only ever have to update the core apps task sequence and keep all my builds up to date.
|
|
#
¿
Jul 23, 2010 22:10
|
|
|
zapateria posted:Wouldn't you just update your "Firefox" package and not have to do anything with task sequences since they would just include the updated package? Noel posted:Don't do this.  I never would have thought about that. I'm assuming that WMI data gets pulled from the hardware itself, so I don't have to do anything myself?
|
|
#
¿
Jul 24, 2010 02:27
|
|
|
Noel posted:WinPE can query WMI when running a task sequence. That link I posted goes into pretty fine detail. Well in that case it wouldn't at all be a big deal to make a new package for software update, because I only update it once. E: If I have a group for machine specific application installs, and give it a WMI query, it will only run it's sub tasks if the WMI query is true, correct? E2: A closer reading reveals my assumption to be correct. FISHMANPET fucked around with this message at 03:01 on Jul 24, 2010 |
|
#
¿
Jul 24, 2010 02:50
|
|
|
marketingman, that tool worked for the Ricoh drivers, but not for 2 other drivers. Oh well, every little bit helps. Anyway, does anybody have a problem with SCCM where it stops advertising to a client? I was all excited to day to troubleshoot this laptop, and after one sucesful reimage, it doesn't get any advertisements anymore. I've had to delete the machine and re-add a computer association, now it sees everything again. What gives?
|
|
#
¿
Jul 26, 2010 22:28
|
|
|
Here's a fun fact that stumped me: Each Driver package needs a unique data source. The guy who set it up assumed that SCCM would be smart enough to segregate the driver files, and only download the right stuff to the client. Wrong. It just blindly downloads whatever is in that directory to the client and tries to apply it all. Also, it looks like if you delete a driver from the database without first deleting it from the package, it stays in the package forever. So make sure each of your driver packages has a unique data source folder. Now a question: Is there a way to rename the advertised name of packages? I love that you can be super specific with the name, but nobody really cares that they're installing "Skype Technologies S.A. SkypeTM 4.2 4.2.169 Enlish (United States) - Per-system unattended." They just want Skype.
|
|
#
¿
Aug 9, 2010 22:49
|
|
|
Noel posted:Use "Apply Driver Package" instead of "Auto Apply Drivers". Better to have control over what is happening. As far as I can tell it just copied everything from the driver source folder onto the local machine and lets XP sift through the pile for the right infs. I noticed that if I'd watch my task sequence it would download stuff like DellTouchpad.exe, which I know isn't in my dekstop driver package. No more problems since putting each driver package in its own folder. Now, am I stupid, or are intel 64 bit storage drivers a pain in the rear end? I'm getting a new machine going with Win 7, and even though I don't need SATA drivers to do the install, I'd still rather install the actual Intel SATA drivers than use the generic Windows ones. So I download the driver, extract it, and there's no .inf or txtsetup.oem file in the drive package. If I run the installer on the machine it installs a driver and it shows up as being used for the disk controllers, but I can't figure out how to add it into the driver package. I shouldn't have to execute a silent install of the package in my TS to get this to work. C'mon, this is intel, they know better! E: And I think I figured it out myself. I had to get the F6 drivers from Intel, instead of the installer. FISHMANPET fucked around with this message at 00:11 on Aug 13, 2010 |
|
#
¿
Aug 13, 2010 00:01
|
|
|
COCKMOUTH.GIF posted:We manage just fine with a single virtual Server 2008 print server and about 40-60 printers. There's definitely some driver hell, but it handles the load just fine. If you're going to be dealing with 150 printers then I suppose one virtual print server with a single failover would work okay. If you're paranoid about a driver install you can always make a snapshot before you install it (if you decide to take the virtualization route.) How do you guys install your drivers? We've got a CUPS server that shares the printers to Windows clients via SAMBA, and we just browse to the share from a Windows machine, and install the drivers onto each printer on the server. Then when a client adds the printer, it downloads the driver. This whole thing sucks for some reason, and we're not adverse to the idea of throwing the printers on our Windows file server. What's the best way to deal with print drivers in Windows?
|
|
#
¿
Aug 13, 2010 05:30
|
|
|
gently caress Java. That's all I have to say.
|
|
#
¿
Aug 23, 2010 17:54
|
|
|
FISHMANPET posted:gently caress Java. So what the gently caress Java. I'm trying to install 32 bit Java on a 64 bit Win 7 machine, because of course we still have 32 bit browsers. It looks like Java is making GBS threads itself because the MSI basically drops a zip file into the JRE directory, and then extracts it. But it just sits spinning its wheels forever, because I think it's looking in C:\Program Files, and not C:\Program Files (x86) for its Zip file. gently caress man, I don't even know. Jesus, I've slipped so far into the rabbit whole. Apparently there's a packing committee on campus, just for packaging software? FISHMANPET fucked around with this message at 23:44 on Aug 23, 2010 |
|
#
¿
Aug 23, 2010 23:27
|
|
|
djben posted:32 bit java on 64-bit Windows is definitely a pain. There is an issue with the Java installer running in the 64-bit command shell. I spent a good bit of time searching around for an easy solution (I actually got it working by extracting the msi manually but that sucks). Many hours spent in regmon and filemon... not very fun. This might be the easiest way. I'm working really hard on zero touch imaging, then some stupid professor decided to buy the cheapest loving machines he could find (no XP drivers!). So boom, he's breathing down my back while I deploy a whole new OS on a whole new architecture (64 bit). It's even better because, due to some end of financial year fuckups, it took him two months to get these machines. A lot of that is his fault for not communicating properly. So when they show up in my office, he's been waiting for two months, but as far as I'm concerned, he's been waiting a few minutes. It's now been two weeks. I was going to have these done last Tuesday, and now I've been fighting with Java ever since.
|
|
#
¿
Aug 24, 2010 04:54
|
|
|
marketingman posted:I'll be honest, and excuse me for contradicting someone that is obviously very knowledgeable, but that Java install for x86 is way to complicated when you can simply UniExtract the downloaded installer and run the MSI within it. It shouldn't, yet somehow it does. People have reported that the x86.exe installer won't run under the SYSTEM user on x64 because the installer assumes the files are in system32, when they're in wow64. I can only guess that this is the same reason the MSI fails, because the MSI extract all of its files, but never extracts its compressed files. I don't know how MSIs usually run, but I suspect the Java MSI runs differently than most, that is, it extracts a zip file that then gets extracted, rather than just extracting the files.
|
|
#
¿
Aug 24, 2010 14:43
|
|
|
djben posted:32 bit java on 64-bit Windows is definitely a pain. There is an issue with the Java installer running in the 64-bit command shell. I spent a good bit of time searching around for an easy solution (I actually got it working by extracting the msi manually but that sucks). Many hours spent in regmon and filemon... not very fun. Quoting this, because you are a loving champion. Finally, a week of work culminates in Java actually loving installing.
|
|
#
¿
Aug 24, 2010 19:38
|
|
|
I've gotten SCCM down to completely hands free once I boot from CD. My SCCM server sits on one network, and my clients are on three separate network. On one network we run ISC DHCP, and on the the other two I don't have that much control (all I can do is change the MAC for an IP), so I haven't bothered much with PXE booting. I'm also not sure how I feel about the unknown computer stuff, though it could be useful, but I worry with my users that they'll break it and abuse it somehow. I've also taken the hard route of importing every driver into SCCM and then creating driver packages, mostly because I didn't know you could do it any other way.
|
|
#
¿
Feb 6, 2011 21:05
|
|
|
Noel posted:I use driver packages as well, and I definitely believe it's the way to go. I overload my OSD Task Sequences with each driver package with a WMI condition. I've read that what some people do is import the network and SATA drivers into SCCM so that they can put them into boot images, but the rest they just copy into the sccm drivers folder on the file system, because all SCCM does is copy that folder onto the computer after it dumps the image and says "hey, do any of these infs work for you?" Took forever to figure out how that worked, because the guy who set this up had all the drivers dump into the root folder, so it was the same as applying all drivers always, which didn't work for well when Win 7 x64 drivers got installed onto 32 bit Win XP.
|
|
#
¿
Feb 7, 2011 16:34
|
|
|
Noel posted:lol internet., I'm not quite sure what you mean. I always use "Apply Driver Package" and never "Auto Apply Drivers", but I still have to import the drivers and put them in the driver packages. I think he's adding an extra step, but one less than what you're doing. When you create a new driver package, you specify a path for the files to get stored at. On our server we've got it set up like this: \\server\drivers\SCCM \\server\drivers\source(xp3|Win7_x64|Win7_x32)\Model Name I make the driver package directory something like \\server\drivers\SCCM\XP Latitude E6410. I drop the uncompressed files into source, based on what they're called. Import into SCCM, then add them to the drive package. Then SCCM copies whatever's at \\server\drivers\sccm\<package name> to the Distribution Point(s). You can eliminate the middle man by only importing storage and network into SCCM, then just copying the files from source directory to SCCM directory. I'm still not sure what I like best. If I did it the raw way I could just dump the extracted driver CAB that Dell gives out into the SCCM directory and make my deployments a hell of a lot easier, but it seems so hackish. For reference, here's what my driver console looks like: 
|
|
#
¿
Feb 7, 2011 18:10
|
|
|
Crazak P posted:I hope this is the right place to ask. I'm not an expert on AD, but that should work. At some point you should raise the domain to 2008 functional level.
|
|
#
¿
Feb 9, 2011 21:50
|
|
|
I'm confused. Wouldn't dumping their user file mean poo poo like Skype history would get copied too?
|
|
#
¿
Feb 10, 2011 15:38
|
|
|
Noel posted:At least Google put out an MSI and ADM for Chrome. That's what I love about SCCM. If I can get a program to install automatically, I can have it run through SCCM. Firefox and Thunderbird are as easy as extracting the downloaded file with 7zip, and running 'setup.exe -ms'
|
|
#
¿
Feb 10, 2011 23:44
|
|
|
lol internet. posted:Anyone have suggestions for folder structure on imported Storage and Ethernet drivers? All our machines are Dell, which makes things a bit easier. I make a folder for the driver name, then a sub folder that is "<dell revision number> <driver version number>" Then when I get a new model I can easily see if I have the driver imported or not.
|
|
#
¿
Feb 11, 2011 06:36
|
|
|
lol internet. posted:Is the out of SCCM folder structure the same? The "Source" is structured like this: Source\(XP3|Win7x64|Win7x32)\Computer Model\(vga|nic|audio|etc) I only did that for convience of getting new models of computers going. I create a package in SCCM for the model of computer, then add to the driver package any drivers I've already imported (these are mostly optiplexes or latitudes so they use the same audio/chipset/storage/nic for the most part). Then I download the rest of the drivers I need, and extract them to C:\Dell\Drivers (which I clear out before hand). I rename the R216818 style folders to something more descriptive (vga, wireless, etc). Then I drag all these into the "Computer Model" folder. From there I import into SCCM, then add the new drivers to the package. When you create the drive package, you pick a filesystem path for it. I'm not sure what SCCM does with the drivers once it imports them. The grey beard thinks everything gets imported into the SQL database, but I'm not really sure about that.
|
|
#
¿
Feb 11, 2011 07:34
|
|
|
lol internet. posted:But what do you do when two different models have the same driver? (ie. ethernet.) I only put in the Source directory those drivers I don't already have imported. For example, my Source folder for the Latitude E6410 has 20 drivers in, but the similair Latitude E6400 only has 10 drivers, because I just reuse the existing ones. I imported the a broadcom GigE driver a year ago and have used it in almost all of the driver packages.
|
|
#
¿
Feb 11, 2011 18:34
|
|
|
Noel posted:I do the same as FISHMANPET. I have a similar structure, but I don't care if, for example, the Optiplex330 folder has the audio driver, but the Optiplex360 folder does not. The driver packages I make in SCCM are the definitive articles. I could delete my source folders if I wanted. Yep, it's a practice I started when I first started with SCCM because I wasn't sure what I was doing, but now I keep doing it because I can drop a new folder into my source folder for a new machine rather than dump all the drivers into a root directory.
|
|
#
¿
Feb 11, 2011 23:56
|
|
|
lol internet. posted:- How do you deal with multiple advertisements that need to run in a specific order. (ie. Office 2007 x32 needs to be uninstalled prior to installing Office x64 2010) Is there a reason you're going to 2010 x64? Even Microsoft recommends you still use the 32 bit version, unless you're working with enormous files (aka excel spreadsheets bigger than a couple Gb). As for the uninstall/install, there's a few ways you can do that. You can have to packages, one to uninstall 2007, another to install 2010. You can have the 2010 install package run the 2007 uninstall package first. You could also write a script that does the uninstall for you, and then the install. This is probably the best idea, as it allows you a bit more control over what's going to happen (what do you do if you come to a computer that doesn't have 2007?). A task sequence would work, but is kind of ugly, as it advertises to the user as a mandatory operating system deployment, which might freak them out. You can set a package to only run when the user is logged off, though that requires your users to log themselves off. But when it all comes down to it, it depends on how well the install package works. Firefox and Thunderbird are happy to be installed while the old version is running, they'll just ask the user for a restart if you want to open Firefox again. And software updates, those are up to the vendor. All SCCM will do is run the program. If installing Adobe 9 on a system with Adobe 8 would remove Adobe 8 normally, then that's what will happen. If that's not the case, the you'll need to manually remove Adobe 8. FISHMANPET fucked around with this message at 19:00 on Feb 14, 2011 |
|
#
¿
Feb 14, 2011 18:51
|
|
|
lol internet. posted:Sorry for filling the thread with tons of questions as SCCM has a huge learning curve I found. But any tricks/tips/cool things you've noticed with SCCM that you would like to share? Or perhaps some mistakes\solutions you've made? For me, drivers was a total clusterfuck, I just spent a poo poo load of hours doing it and doing it wrong everytime till eventually I got a solid understanding of it. No problem, that's why I made the thread, because I was in the same boat. Here's a tip that somebody else gave me that blew my mind: Overload your OSD with all the driver packages you need. You can add a WMI query so it only applies the package if the computer is the right hardware model, so you only have one task sequence to keep up to date with new software packages.
|
|
#
¿
Feb 15, 2011 16:06
|
|
|
Noel posted:Why would it show a notification at all if I set it to Mandatory (As soon as possible) and uncheck "Allow users to run the program independently of assignments" I haven't played around with this very much to be honest. All I've done with OSD is advertise it to a collection that allows the user to run it, then only put machines I want imaged right now in that collection. I've only done the mandatory thing once, and then the user was still allowed to run it on their own. But I think some software packages and Windows updates will pop up a warning "this poo poo is gonna happen in 30 minutes, or right now if you click this button," so I wouldn't be surprised if task sequences did the same thing. I also get spergy because they all co-mingle in the Add/Remove Programs dialog box, but in the "Run Advertised Programs" thing in the control panel, task sequences show up as Operating System Deployments and everything else is Software Packages.
|
|
#
¿
Feb 16, 2011 06:37
|
|
|
djben posted:32 bit java on 64-bit Windows is definitely a pain. There is an issue with the Java installer running in the 64-bit command shell. I spent a good bit of time searching around for an easy solution (I actually got it working by extracting the msi manually but that sucks). Many hours spent in regmon and filemon... not very fun. Since I just had to deal with this myself again, I feel like quoting to point out that this exact method is still needed for 6u24.
|
|
#
¿
Mar 3, 2011 02:19
|
|
|
Spudman posted:I have 6 DCs and 3 sites, 2 DCs per site. Each DC is Windows 2008 x64... I'm considering performing an adprep /forestprep and /domainprep on my live environment so that I can begin introducing 2008 R2 DCs into the mix. I don't really foresee any problems, but anyone have any experience with this and have any considerations before I go loving up our domain? If you're that paranoid, you don't need to upgrade the functional level to add 2008 R2 DCs, they'll just operate at 2008 functional level. Hell, you can join a 2008 DC to an NT domain and keep it at the NT functional level. Also, I don't think you can raise the functional level to anything higher than the lowest DC, so you'd have to replace all your 2008 DCs to raise to R2.
|
|
#
¿
Mar 3, 2011 15:51
|
|
|
|
| # ¿ May 1, 2024 11:00 |
|
|
Spudman posted:I actually don't plan on raising the functional levels at all. At least not right now. Just upgrade the DCs. Is it completely 100% necessary? No, but obviously it's thinking toward the future since Microsoft's future endeavors are all going to be focused on R2. Plus I have a DC at each site right now with WDS on it... and the R2 version of WDS is so much better than the 2k8 one. Just set up WDS on a member server and leave your DCs alone, you say? Well I'd be doing the upgrade eventually anyway... but thanks for allaying my paranoia. Welp, that's what I get for not reading closely enough. And now that I think about it, when I setup my most recent domain on 2008 R2, 2000 was the lowest possible level it supported.
|
|
#
¿
Mar 3, 2011 17:31
|
|
