|
demonachizer posted:Is SCCM an addon for the Domain Controller? The place I work at is a bit strange in that we have full control over a section of our AD but we can't make higher level changes. We can put management tools on our servers no problem so I just want to confirm that it is possible. It may need to do a schema modification depending on what has been used before. The SCCM installer has a quick prerequisite checker that will tell you if that needs to be done. If the schema is ok, you can manage software deployment just by having administrative control over the clients, updating with a group policy and image deployment by having admin control over the DHCP server.
|
#
¿
Jul 13, 2010 18:50
|
|
|
|
| # ¿ May 1, 2024 10:48 |
|
|
demonachizer posted:Are there lots of things that have to be done on the DHCP server to get the deployment end up and running? We have a decent relationship with the network group so if it is a one time configuration issue we might be ok but if it is something that has to be done with each new client probably not. Currently we can request static IP addresses and poo poo from them based on MACs so if that is all that is needed we are ok. It's just a 1 minute change to one of the DHCP options of your scope to enable F12 booting.
|
|
#
¿
Jul 14, 2010 07:53
|
|
|
spog posted:I'd like to hear people's experience of USMT, specifically Loadstate. USMT worked fine for us, the problem is more that it tends to grab too much poo poo and copies files over into the c:\windows directory that I'd rather keep clean. So I used the uncompressed option /nocompress for USMT. This creates an editable data structure on the server that you can then clean up by deleting everything outside of the documents and settings folder. The precedence for exclusions/inclusions seemed to be too confusing to do this in the configuration xml. Hardlinking also seemed a bit risky to me, I uploaded it to our file server. If someone had enough data to make hardlinking useful it always was an iTunes library which we told people to put on a private external hard disk because we don't support it.
|
|
#
¿
Feb 10, 2011 09:26
|
|
|
devmd01 posted:User migration? What's that? Dump the user profile elsewhere, reimage, have them log in, dump files back. We gives no fucks about your profile customizations. That's ok for people's background image and poo poo, but if we kill their Skype history there will be murder.
|
|
#
¿
Feb 10, 2011 15:33
|
|
|
FISHMANPET posted:I'm confused. Wouldn't dumping their user file mean poo poo like Skype history would get copied too? No, it keeps its data in AppData\Roaming Even worse is Chrome that keeps its settings in AppData\Local
|
|
#
¿
Feb 10, 2011 15:55
|
|
|
Mostly for saving time during a large scale deployment. 3 takes maybe an hour to finish depending on how much software and updates you need to install, 7 can be done in 10 minutes. But on the other hand it costs you additional time for the setup, I never do 4-6 even if it takes a bit longer to setup.
|
|
#
¿
Feb 24, 2011 13:17
|
|
|
FISHMANPET posted:Since I just had to deal with this myself again, I feel like quoting to point out that this exact method is still needed for 6u24. Couldn't you instead do code:Edit: I just tried that out of curiosity and it didn't work. gently caress Sun/Oracle. peak debt fucked around with this message at 11:30 on Mar 4, 2011 |
|
#
¿
Mar 3, 2011 18:55
|
|
|
Tip of mine: Unless you have a setup with a lot of branch offices, don't bother using SCCM for Updates. The one nice thing about it is that you can have the distribution points architecture create a lot of local update servers so you don't overload the VPN whenever a patch day comes. The downsides are that authorizing new updates in SCCM is a lot more cumbersome, and the reporting is at best almost as good as WSUS, in some points it is actually quite a bit worse.
|
|
#
¿
Mar 4, 2011 11:30
|
|
|
I don't have a test machine with it handy, but you should be able to go to Programs, display updates, then choose uninstall IE9. Then load up process explorer and see what GUID was passed to msiexec to uninstall.
|
|
#
¿
May 25, 2011 19:23
|
|
|
Take a few hard drives out of old PCs and put them into the server to extend the drive space. If they are too slow for server use, make a RAID0 out of them.
|
|
#
¿
Dec 10, 2011 23:44
|
|
|
"Obsolete" in SCCM parlance means that there is a second entry that references the same physical computer. You shouldn't need to keep them around for anything.
|
|
#
¿
Jan 27, 2012 10:43
|
|
|
Cpt.Wacky posted:I've been testing out WDS today. With MDT I was able to use OSDComputerName=%SerialNumber% to set the computer name to the serial number. Is that possible to do with WDS? Would running the tests in a VM cause it to fail for lack of a serial number? No, the %serialnumber% variable is an MDT specific thing. You would have to hack something using powershell and code:
|
|
#
¿
Feb 13, 2012 22:01
|
|
|
Why aren't you installing the updates in the image before you capture it?
|
|
#
¿
Feb 16, 2012 22:06
|
|
|
I have the hope that SCCM 2012 is finally automatable with Powershell instead of having to develop stuff in C# .NET
|
|
#
¿
Feb 17, 2012 10:28
|
|
|
Ifan posted:What kind of tasks are you thinking about? A big plus would be the ability to add users to collections to publish software. One of the more stupid things about SCCM is that you can publish software to AD groups, but if you do it like that, the user has to logoff/logon again for the software to show up. If you just stick them into a collection, they get their software within 15 minutes.
|
|
#
¿
Feb 17, 2012 23:11
|
|
|
If the parent domain has a forest functional level of 2008 you're hosed. Its domain functional level doesn't matter though. And the procedure is pretty straightforward, start dcpromo on the new to-be domain controller, choose advanced mode, check "new domain in an existing forest" and provide a password to an enterprise admin in the parent domain.
|
|
#
¿
Mar 29, 2012 16:57
|
|
|
I'd say lovely drivers are a reason to go virtual. Not many developers will test their application with every weird network adapter there is out there, but almost everyone will at least try to test on Hyper-V and ESXi.
|
|
#
¿
Apr 16, 2012 11:13
|
|
|
$1300 for a server license when you can buy decent 1U servers for $3000 is a bit silly. I sure hope you can get big discounts off that price...
peak debt fucked around with this message at 16:45 on Apr 26, 2012 |
|
#
¿
Apr 26, 2012 16:37
|
|
|
Do the VMware drivers have an inf file? If yes, you can inject it into your WIM with DISM and have it available from the first boot.
|
|
#
¿
Apr 26, 2012 19:10
|
|
|
InfiniteDonkey posted:Has anybody had any experience with Dell's Kace? I played around with the VM for evaluation and it's pretty decent in a "not quite as good as SCCM for much cheaper" kind of way.
|
|
#
¿
Apr 30, 2012 09:44
|
|
|
If price is that important, then WSUS is free.
|
|
#
¿
Jun 4, 2012 21:55
|
|
|
If you run such scripts, they need to be run under the actual "administrator" account. That one ignores all UAC settings and lets scripts run with admin rights by default. So you will need to enable the administrator account in the unattend xml instead of it creating the normal Win7 default account. To get the model name you can use: gwmi win32_computersystem | select model
|
|
#
¿
Jun 7, 2012 01:32
|
|
|
Powershell is a full programming language, you can do whatever you want with it once you have a text value in a variable somewhere... i.e. $computer = gwmi win32_computersystem $computer.rename($computer.model) This code of course won't make much sense like this because the model name probably contains spaces that you cannot use in the PC name, and you cannot name every PC the same name of course so you will need to do some additional manipulation.
|
|
#
¿
Jun 7, 2012 02:15
|
|
|
MDT will help with adding applications and making editing the unattend file more convenient, but it cannot do everything either. I'm pretty sure if you want to change the description you will still have to do it by a script. But you can find this stuff out on the Internet, as: http://lmgtfy.com/?q=powershell+change+computer+description The first result mentions that you can change the local computer description with: $comp = gwmi win32_operatingsystem $comp.description = "User: $dn Location: $office" $comp.put() So to use the model name, you change this to: $computer = gwmi win32_computersystem $comp = gwmi win32_operatingsystem $comp.description = $computer.model $comp.put()
|
|
#
¿
Jun 7, 2012 09:44
|
|
|
If you can only see the two abovementioned tasks, it means it's not getting the policy correctly from the server. So you will probably be missing the SCCM settings published in AD, and the SMSMP option passed to the client installer.
|
|
#
¿
Jun 21, 2012 19:47
|
|
|
There is nothing special needed to add a 2008 server to a 2003 domain. You just install it, run dcpromo and there you go. You won't get the special features (more robust sysvol replication, readonly DCs) until you upgrade the domain of course but it runs on the same level as the 2003 servers. Dell has the "Dell Driver Download Manager" which is pretty awesome and lets you make easy batch files that update your hardware.
|
|
#
¿
Jul 17, 2012 16:16
|
|
|
Gyshall posted:Q: Has anyone found a reliable solution for automated off-site backups? As far as my experience with "tape drive - carry offsite" goes, it just doesn't work. It does work for a month or two then the assistant/receptionist who's supposed to do the work inevitably gets lazy or fucks up the sorting. By the time you actually have a hardware failure and need to disaster recovery something you can be 100% sure that Murphy is going to gently caress you. The domain unjoin thing is most likely related to stale backups. If you backup a computer, then leave the backup lying around for weeks while the live system does all kinds of edits to its account, the domain will get confused if there's suddenly a version from the past showing up and claiming to be the genuine thing, and refuse authentication. It seems that Windows 8 will improve on this. Personally as far as bare metal backups go, I've had great experiences with Disk2VHD from SysInternals. On Windows 6.x it perfectly backs up the current hard disk, and once you launch the virtual machine or restore it to a physical one you can just boot and log in provided the backup is not more than a week old or so. Note that starting a recovered copy of a system where it can contact the domain will kick off the old PC from the domain though. It doesn't work that well with Windows XP because of the whole HAL/drivers problems inherent to that platform, you will most likely have to sysprep a computer after restoring it. As far as your problems with Axcient go, this is really more of a political issue... Best advice I can give you there is to document exactly what went wrong when, filing emails, ticket numbers and short descriptions so that you have something solid to back your opinion when the poo poo hits the fan (or you eventually have had enough and want to talk to the CEO about the contract). If you actually have solid proof they lost the hard disk (invoice from the courier showing that it was sent out and an email from them telling that they never got anything) that's already pretty good and proving that they suck.
|
|
#
¿
Jul 18, 2012 02:34
|
|
|
The 2012 MMC isn't really any better though, mine that I run in a site with 1500 PCs needs around 2GB of RAM and 2GHz of processing power.
|
|
#
¿
Jul 21, 2012 13:02
|
|
|
Don't be overly dramatic about that storage space. 100 emails per user times 100kB per image times $15k per TB is 15 cents per day and user. And those are extremely generous numbers. Give management that number and they can decide for themselves whether having prettied up emails is worth a couple hundred additional expenses per day. If marketing says that they will get more customers with pretty pictures in the signature and that it will be worth it in the long time, then let them try.
|
|
#
¿
Sep 23, 2012 22:24
|
|
|
jassa posted:How do you guys manage drivers in SCCM? I've had to step up and take over the apps/drivers/OSD stuff at my work recently (I'm teaching myself as I go) and it seems a lot of people think creating driver packages/using WMI queries is the best way to go in an environment with many different models of PC. At the moment we basically rely on Auto Apply Drivers to choose and install the right drivers, and whenever I mention changing things our SCCM consultant tries to talk me out of it, mostly because of the increased overhead involved. I use WMI queries and "Install Package" because it allows me to keep the file structures as they are from the HP packages, which makes updating easier and removing superceded drivers actually possible. If I receive a HP driver update email for a PC model that I have in use I can just look up what package that replaces and swap them out instead of having to go fish for multiple drivers in a 1000+ list. Besides, not all drivers play well with "auto apply". Case in point is the Quick Keys driver for the EliteBook 2540p. If you have that in SCCM and use auto apply, the 2530p will try to install that driver and then bluescreen on the next boot. peak debt fucked around with this message at 16:34 on Nov 6, 2012 |
|
#
¿
Nov 6, 2012 16:32
|
|
|
You can do that in SCCM 2007 too. What I use is I download updates with https://www.wsusoffline.net Then inject them into the WIM with code:
|
|
#
¿
Nov 8, 2012 15:19
|
|
|
You cannot create user accounts that have the same pre-2000 user name - even if they do differentiate afterwards - so this shouldn't be a problem.
|
|
#
¿
Nov 26, 2012 20:08
|
|
|
This is the reason for why a DNS server itself should never be multihomed. If you have a different server for every VLAN, then computers will only report each respective address to their assigned DNS so this problem won't happen.
|
|
#
¿
Jan 14, 2013 20:33
|
|
|
This is the script I usecode:
|
|
#
¿
Jan 18, 2013 17:36
|
|
|
Back in 2007 or so when working for an office where there were like 40 printers for 150 people I made an HTA script that listed all available printers with their fancy names (taken from an AD property) and added them through WSH when clicked on. Where I currently work at the official way is to send people asking for help adding printers a one-page PDF telling them how to go to Start->Printers->Add Printer
|
|
#
¿
Jan 30, 2013 01:21
|
|
|
Sacred Cow posted:Same thing happened to me a few weeks ago. I did the registry hack they suggested in the KB and everything started working again after reinstalling the Management Point. But it will also disable automatic client reinstallation, so you'll have to do the manual resets again like in 2007 
|
|
#
¿
Jan 30, 2013 20:09
|
|
|
That's the official way. You switch on account logon success events on your domain controllers (all of them, remember), let the whole thing run for a couple days then filter the security logs of all DCs by the account name you are looking for. Or just disable the account and wait until somebody complains, that works too...
|
|
#
¿
Feb 8, 2013 21:53
|
|
|
"Audit account logon events" is what you want, that's for when some other PC uses this DC to verify a password. "Audit logon events" is when somebody actually logs in to this DC. And to be honest, that first setting should be on at least for failures just for security best practices...
|
|
#
¿
Feb 9, 2013 00:57
|
|
|
Italy's Chicken posted:Enterprise Print Management question: How do you deal with multiple sites (10+) and users who randomly work at each site? GPO works fine to add printers to profiles we specify with a windows groups, but then the end-user ends up with 10 different sites' printers in their single profile. I'd really like the users to only see printers that are physically at the site they are signed into at that moment in time. Is there anyway do add printers based on what IP the user's machine is getting or another way??? http://blogs.technet.com/b/askperf/archive/2009/10/10/windows-7-windows-server-2008-r2-location-aware-printing.aspx
|
|
#
¿
Feb 11, 2013 02:03
|
|
|
|
| # ¿ May 1, 2024 10:48 |
|
|
But note that GPPs execute on logon, while location aware printing does when the laptop receives an IP address. If people carry their laptops around on standby or have to manually connect to the WLAN after logging in, GPPs won't work.
|
|
#
¿
Feb 11, 2013 11:27
|
|