|
marketingman posted:lol internet., as frustrating as all that sounds I just have to point out that in these matters, users never "just somehow have the TS available to them". Check the section "Problems that can occur through duplicate GUIDs" from my link, it looks like different computers could effectively swap places in and out of the "Windows Deployment" collection as each reports in. However, I'm curious why your OSD TS would ever be run as a non-mandatory advertisement? Why not PXE them, or push a mandatory TS? As for Visio, over what period of time did these 30 installs happen? That one sounds like operator error unless it was over a long period of time, or you have really fast discovery intervals.
|
# ¿ Mar 1, 2011 04:42 |
|
|
# ¿ May 22, 2024 17:03 |
|
As much as I enjoy pandering to my mild OCD, is there any reason to uninstall pre 1.6u10 versions of java (when in-place upgrades began)? I assume that I can push the newest version out via GP, and it will in-place upgrade 1.6u10 and above, and install beside anything newer. Can I assume that if the newest version is installed, an older version (like 1.6u05) won't be prompting to update?
|
# ¿ Mar 1, 2011 17:35 |
|
Ok, I imagine I will end up pushing the newest out, then running one of those massive msiexec.exe /x scripts to clean the rest.
|
# ¿ Mar 2, 2011 18:34 |
|
We're a pretty small shop, but we made the same decision - SCCM performing Windows Updates just didn't make sense.
|
# ¿ Mar 4, 2011 14:23 |
|
lol internet. posted:- How do you know who owns what computer when it comes to deploying software to it? Do you use a separate asset tracking program? (Search for user, see computers assigned to?) or is there something you do through SCCM? I know there is a report which tells last logged on, I've used it a couple times and sometimes it comes up with no results. Some times it does work quite well. (A lot of our users don't move pc to pc.) There's 'last logged on', which can be inaccurate for what you need, especially since it sometimes says "SYSTEM". There's 'frequent user', which only works on Vista/7 (iirc). Are your users local admins on their own boxes? That's how it works where I am, so I used a baseline configuration script trick to pull that. (I can find the link when I get to work). You could also manually store the name of the computer user in a file/reg on that local computer, and have SCCM inventory pull that. I use a FileMaker database, because that's the tool I had. It pulls all of the above (except the file/reg), and shows it on the inventory entry or the computer. I also added in a manually populated 'user' field, and once a week I look for computers for which it is not populated and populate it based on those other fields. I'd love to hear of a better way to do this.
|
# ¿ Mar 8, 2011 14:26 |
|
Does your school district have decent pricing with Microsoft? Although we're not the best example (relatively large university), I picked up SCCM and CALs for 350 PCs for sub $3k for my department. What specific features are you looking for? Imaging, inventory, software deployment, remote control, other? Solely for Windows?
|
# ¿ Mar 9, 2011 16:48 |
|
I would consider separating out the 'remote assistance' feature. There are a number of tools that do this really well, and it allows you to choose your management server based on the other criteria. Are you running AD? Inventory is relatively easy to make happen with a standalone product as well, although I particularly like being able to use inventory data in SCCM to control software deployment etc. How is your scripting? Remote shutdown is pretty easy to perform (psshutdown).
|
# ¿ Mar 9, 2011 23:35 |
|
Teamviewer seems to be popular. We're in the process of rolling out Bomgar. Windows has 'Remote Assistance' built in. I'm sure others could answer better than I (and in one of the 'ticket came in' or 'poo poo that pisses you off' there was very recently a discussion about it). There's plenty of WoL tools, but I can't say I have dug into them much. If you find something good, please post back. I do know that SCCM has WoL features built in (although I don't use them at the moment). Don't get me wrong, I love SCCM, but it has a relatively steep learning curve, and if you don't need a lot of what it offers, other solutions may work better.
|
# ¿ Mar 10, 2011 02:29 |
|
TheRife posted:I remember doing a demo of Bomgar for its remote support service, like logmein rescue. Actually, I should look into logmein.. Either way, let me know how you like Bomgar. How much are you paying per client? We have more money than sense sometimes, hence the Bomgar. It's very, very slick, but compete overkill for what we need (which seems very similar to your needs). I'm a report whore in SCCM. There's the useful built-in ones (Software in Add/Remove on a specific computer, instances of a specific file on all computers, etc), and then some fun custom things I've done (created a report to pull the specific data I want for all of our computers, hostname, serial, model, OS, memory, MAC, warranty, blah, blah). Reports are also very useful to win arguments with management. "Our users are competent, they're updating their own software" - (report says less than 25% of people have at least one of reader/flash/java up to date).
|
# ¿ Mar 10, 2011 15:40 |
|
SCCM is not something to lightly jump into. The learning curve is tough, the interface sucks, there's 50,000 logs, and you have to make sure you're looking in the right one, etc. There's a fully functioning trial (http://www.microsoft.com/downloads/en/details.aspx?FamilyId=5AAE62E8-4B7F-4AF7-BE01-AEFAA4BF059A&displaylang=en), I recommend playing with it in a test environment before jumping in. And make sure to leave yourself enough time to implement.
|
# ¿ Mar 10, 2011 19:57 |
|
I found SCE was missing a lot of the software deployment options I would want when I looked (SCE2007, iirc).
|
# ¿ Mar 11, 2011 23:00 |
|
Instead of performing the user selection tasks in the XML files, we call USMT with the user flags. Here's an abbreviated version: Scanstate.exe %destination% /i:blah.xml /i:moreblah.xml /localonly /ue:*\* /ue:* /ui:DOMAIN\%u%
|
# ¿ Apr 7, 2011 22:41 |
|
I would think hard about whether 60 PCs and 90 users makes SCCM worthwhile. We got it for very cheap (edu) for our ~350 PC, ~200 user environment, and I believe we're on the lower end size-wise for deployments. There's a significant learning curve to SCCM.
|
# ¿ Apr 9, 2011 15:29 |
|
FISHMANPET posted:Well I've got about 150 clients about to be split between two management servers (currently two departments on same server, but splitting for political reasons). The tricky part about SCCM compared to Group Policy software deployment is that SCCM does not have an "install on startup" option for packages. This matters for those programs that actually need other programs to be closed when installing. I'm looking at you, Flash, Creative Suite, etc. If your environment already has a well defined "everyone logs off/shuts down their computer every night", this isn't an issue. But in my environment, I can't force that kind of thing, partially because people have to lock their laptops in their desks at night. Because of this, I still use SCCM for most things, but frequently updated software (Flash, Java, Adobe Reader, etc) is being pushed out through Group Policy.
|
# ¿ Apr 10, 2011 16:49 |
|
marketingman posted:Guys, I'm thinking of deploying SCCM into a server only environment, for quick deployment of new servers and being able to roll "Application ABC" server at a moments notice to add into the load etc. Reporting would be a big plus too. How many servers? What are you currently using to deploy servers and software? Is this a vSphere environment? Are you the only person who needs to use it?
|
# ¿ Apr 10, 2011 16:55 |
|
What about using templates? With that many servers, depending what you need to do with them, and whether you have an existing inventory infrastructure, I could definitely see SCCM being useful. However, I use it exclusively with non-servers, so my opinion is only so useful in your case. Also, will the other devs take to using it?
|
# ¿ Apr 11, 2011 13:23 |
|
lol internet. posted:Anyone push out SP1 for Windows 7 through OS deployment yet? Haven't done it yet, but I don't see why I wouldn't slipstream it.
|
# ¿ Apr 20, 2011 02:12 |
|
Syano posted:Can some of you make some suggestions for what sort of enterprise management software we should be looking at. I know this thread is primarily focused on SCCM but Im not entirely sure this is the exact product we need. Our environment consists of about 500 client machines. Most are Dell/Windows but we have some different types of machines out there would like to manage that include basic workgroup machines, IOS devices, a Mac client here and there. I would also love to be able to integrated management of my network devices (routers, access points, etc) if at all possible. We took at look at Kace but the entry price is pretty high and doesnt fit all our wish list items. We also looked at Systems Center and the price looks right but I am not sure how well it is going to fulfill our wish list. Anyone have any suggestions? Back when we were looking at bringing our Macs into SCCM, I investigated this: http://www.quest.com/quest-management-xtensions-device-management-CM/ And by investigate, I mean got a quote and downloaded a trial that I never ended up installing.
|
# ¿ Apr 21, 2011 14:54 |
|
ryo posted:I have a few questions: SCCM does require SQL and IIS. However, after the initial setup (of which a lot is automated), you never really have to touch them again. That being said, SCCM sounds like overkill. Have you looked at MDT 2010? (Microsoft Deployment Toolkit). It has a decently easy learning curve, and is quite powerful for deploying OSs. It can tie into WDS, or you can use a boot CD which connects to the deployment PC and starts the deployment.
|
# ¿ May 26, 2011 01:59 |
|
lol internet. posted:Anyone have experiencing deploying patches through SCCM? What do you mean by "update component"? I looked into updating software with SCCM for things like java, flash, reader, but in the end I'm going back to Group Policy for these. Main reason: I can't control the computing environment sufficiently, especially with laptops. In the case of laptops, if one is powered on, someone is logged on, and likely has browsers etc open. If, in your environment, the PCs spend some amount of time on but with no user logged on, using the "nobody logged on" condition would work. I would love an "at startup" condition in SCCM.
|
# ¿ May 26, 2011 03:10 |
|
LoKout posted:You can require users to be logged off and force logoffs too. Try exploring the task sequence options - they can enable a lot more state checks than a basic package deployment, and they aren't only for OSD. Yes, but when do you force logoffs for laptop users? Desktops are not an issue, since they are on at night, bu laptop users have to lock their laptops in a drawer at night, or they take them home. I agree about Task Sequences, it's stupid that they're hidden in OSD. I use them for tons of things, replacing scripting in some cases.
|
# ¿ May 26, 2011 04:12 |
|
lol internet. posted:The WSUS portion of SCCM. But essentially then for java/flash reader, what you do is grab the latest MSI and run a msiexec upgrade as the login script or group policy? I was completely unaware that you could use the update component for third party software. We decided to stick with WSUS and not tie it into SCCM, as it seemed more flexible in our relatively small environment. As for upgrading flash/java/reader with SCCM, you are correct, I would create a package+program that runs msiexec. At least for the software just mentioned, they all manage their own upgrades pretty cleanly in my experience, ie: I don't need to uninstall the previous version myself before pushing the new version.
|
# ¿ May 26, 2011 13:23 |
|
LoKout posted:You'll have to make that decision likely with management approval. Yeah, we don't have set start times, people are at work anywhere between 7am and 11pm, and people don't install updates themselves (I have a great picture in my head of a VP who claimed people just had to be told to do it, and his reaction a month later when I showed him the statistics. I think he lost some faith in humanity that day). I agree that management buy in and set policies are the way to go, but Group Policy software installation makes the situation a lot less complex. IT likes it because it happens like magic, no chance of interfering software running. Management likes it because they don't have to chase people around. Staff like it because they don't have to care. The days of updating your own software (other than large packages) are coming to an end. See: Chrome, Firefox 4, IE, Steam games, etc.
|
# ¿ May 26, 2011 21:38 |
|
demonachizer posted:Office 2010 deployment using GPOs. Error 5 is usually a permissions error, or sometimes 'file not found' in my experience. Post the command you are calling to install Office. When you run it as a startup script, you're running it as the computer account, not the user account, so make sure (iirc) that 'domain computers' have read access to the folder containing your installation files. EDIT: Oh, and PS, 'domain computers' is a member of 'domain users', so you can use that instead of 'everyone' for your NTFS permissions on the share that contains your installation files and catch both logon and startup scripts. quackquackquack fucked around with this message at 22:05 on May 26, 2011 |
# ¿ May 26, 2011 21:48 |
|
Are there any good sites out there for setting up Remote Desktop Services (Terminal Services)? The initial setup and app installation is straightforward, but I'd appreciate any blogs etc that have good information.
|
# ¿ Jun 10, 2011 21:33 |
|
johnnyonetime posted:Is USMT what I need to use? Is there a good howto video out there? The MDT2010 video that was posted a few pages back was excellent. USMT is an amazing tool, but it can take some time to set up properly, or at least it did with version 3. Is the 2008 R2 domain a completely new domain, I assume?
|
# ¿ Jun 14, 2011 13:31 |
|
lol internet. posted:In SCCM is it possible to use both Auto apply drivers and apply driver packages within one task sequence? My understanding is that you are correct, imported drivers do not live on the DP. However, from this technet article, it looks like the drivers you want to use in the 'Auto Apply Drivers' step have to be in a driver package, it just doesn't matter which: http://technet.microsoft.com/en-us/library/bb680990.aspx I've personally always been warned to never use auto-apply, but of course never been told why.
|
# ¿ Jun 14, 2011 13:36 |
|
johnnyonetime posted:Yes it's a completely new domain. The Windows 2000 server had a strange naming scheme so I setup a brand new forest name. I would consider the "semi-automated" method. Write a script to create each of the users with dummy passwords and create their profiles on the new server. Then copy over the data (robocopy or similar) on top of their fresh profiles, reset their passwords, and they should be good to go. Not that much different than what you were doing already, mind you. USMT is pretty awesome though, and moving from 2k/XP to 7 I would personally want some of the behind the scenes magic it uses.
|
# ¿ Jun 14, 2011 21:26 |
|
Definitely stop using Computers CN. You can't target Group Policy to it directly, unlike if you created an OU. We have our people organized by physical location, but only so that printers can be deployed by GP to computers. I've wanted to change printer deployment to be user based for a long time, but that's been a tough sell for some reason (other admin's laziness in not wanting to maintain user groups).
|
# ¿ Jun 23, 2011 04:55 |
|
For both of your command lines, you don't need to run CMD.EXE /C, as they're actually executables, and not shell commands (like copy, move, etc). Nor do you need to provide the patch to cmd.exe. For the second, in 'start in' put: C:\TEMP\Oracle\ and for the command line just put InstallODP.NET4.bat You also don't need START WAIT. SCCM does that automatically. Not sure that really helps you, but it makes it cleaner. I second the psexec comment. I think I call psexec.exe -i -s cmd.exe. Not sure if the -i is needed. Because I like things clean, I would also consider putting the .bat file for the second into a package, and call it from there. Why litter up the c: drive. I would probably also consider turning the batch file into a Task Sequence, that way I could get return codes from each step.
|
# ¿ Jun 28, 2011 04:36 |
|
Yeah, sorry, I read my post again, and it's pretty confusing (they make breathalyzers that disable the keyboard, right?) psexec.exe is for testing your install before it gets anywhere near SCCM. From an elevated command prompt, run 'psexec.exe -s -i cmd.exe', which will open up another command prompt in the SYSTEM context (which is how SCCM installs things). In this SYSTEM command prompt, run 'C:\TEMP\Oracle\InstallODP.NET4.bat' and see what happens. Also try your massive IIS7 command, but chop everything before DISM. Completely unrelated to the above comments about psexec, I was suggesting that instead of using InstallODP.NET4.bat, it might be possible to take the contents of it and change it into a task sequence. For example (please excuse the syntax): If a line says : IF EXIST c:\program\file1.exe c:\temp\setup.exe Translate that to a 'Run command line' task sequence step: Command-line: setup.exe Start in: c:\temp (or better yet, use some environment variables) On the Options tab (and this is from memory), add a condition that 'c:\program\file1.exe' exists. Why are task sequences better than batch files? When a batch file runs, the best you'll get is a single error code from the batch file. In a task sequence, each step can provide an error code, and the error code is from the program itself, not the batch file. So if one step is to create a directory, but permission is denied, you get a message that permission was denied. If you do end up definitely needing to use a batch file, I recommend putting it into a package, and then either making a program in that package that runs the batch file, or using a 'run command-line' step to call that batch file (I don't really know which is better). This way you're not littering the target computer with files which might become out of date, the end user might run them out of curiosity (I love curious users, yet boy can they be frustrating). If you post the contents of the batch file I would be happy to take a stab at turning it into a task sequence for you so you can see what I mean.
|
# ¿ Jun 29, 2011 13:35 |
|
I recently upgraded from SCCM SP1 to SCCM SP3 (note: no R2/R3). Everything appeared to go peachy keen, except now a bunch of my clients are not reporting back. The SCCM server is in domain "HORSE", and it's the only server related to SCCM (ie: it runs SQL, IIS, etc). 80% of my clients are in HORSE. The AD schema was extended in HORSE. The other 20% of my clients are in domain "COW". In this domain I don't have much control, the schema is not extended. There is no trust with HORSE. I noticed that the clients in COW were not reporting hardware inventory. SCCM server did not have any errors in Status. I checked the logs on a client in COW, and LocationServices.log has: quote:[CCMHTTP] HTTP ERROR: URL=http://SCCM-SERVER.HORSE.COM/sms_slp/slp.dll?site&sc=LOL, Port=80, Protocol=http, SSLOptions=0, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE And in Clientlocation.log, before the upgrade it said: quote:Current Management Point is SCCM-SERVER.HORSE.COM with version 6221 and capabilities: <Capabilities SchemaVersion="1.0"/>. quote:Current Management Point is with version 0 and capabilities: . These errors do not appear on clients in HORSE. I would guess it is because they do not have to look for the SLP, since they find the info they need in AD. On the SCCM server firewall I have 80 and 443 poked (the canned IIS rules) Suggestions?
|
# ¿ Jun 29, 2011 16:55 |
|
lol internet. posted:http://www.oracle.com/technetwork/database/windows/downloads/index-090165.html I am not registered, but I did not realize it was a vendor provided batch file. In that case I would probably throw the whole thing in a package and call the batch.
|
# ¿ Jun 29, 2011 16:56 |
|
And now for something completely different! I have a program that is mostly self-contained in the install folder, and of course, it has to install in c:\program\. There is a DLL or two that gets installed to the Windows folder. However, as long as the program has been installed on a computer, I can copy the install directory and put it somewhere else without needing to re-install. I want to have this program on my Remote Desktop Server, but since it keeps the configuration files in the install directory (and each person logging in might want different configuration settings), I can't just install it normally and let people at it. What's the best way to handle this? One option would be to install it in each person's profile. Or, is it possible to create a symlink from c:\program\conf\ (where all the configuration files are) to %appdata%, and create a copy of those configuration files for each person that logs on? I'm leaning toward no, as I don't think symlinks can point different places at the same time. Ideas? quackquackquack fucked around with this message at 20:23 on Jun 29, 2011 |
# ¿ Jun 29, 2011 20:20 |
|
Trying to do imaging with mixed licenses will be a pain in the rear end. Nitr0 is right about using WDS, but I would strongly, strongly recommend using MDT (Microsoft Deployment Toolkit), which can use WDS for the actual transport portion of the deployment.
|
# ¿ Jun 30, 2011 19:01 |
|
The Enterprise VLKs you buy are only for "upgrade", ie: computer that were purchased with some form of Windows. I have no clue what we pay for our Windows licenses. To me, they're unlimited. So when I purchase new PCs from Dell, I buy them with Vista Home Basic to save a couple bucks on each PC.
|
# ¿ Jul 1, 2011 01:52 |
|
I assume when you say "access the internet", you mean "access websites we don't want them to"? See if you can solve the problem somewhere other than the GPO level. Do you have control over the network?
|
# ¿ Jul 5, 2011 13:14 |
|
"Roaming Profiles" is forever tainted around here, even though nobody has ever used them. "Folder Redirection" is too difficult to explain, and not catchy enough. What can I use to pitch Roaming Profiles with extensive Folder Redirection (as per the thread here in the SH/SC)? I was thinking "Cloud Profiles". Makes me throw up in my mouth a little, but VPs tend to understand how GMail works, and they've been reading about clouds in random ads. I've also been using the Outlook OST concept to help explain it. Still worried about making it over the "VP support" hurdle.
|
# ¿ Jul 5, 2011 17:44 |
|
That's why I asked about whether you have control over the network. Doing this at PC level sucks. If you cut off the ability to "access the internet" (which is too vague to be a useful statement) how do they run Windows Updates? Do you have your own WSUS, or do they normally connect directly to MS? How do people get data onto the PCs? Do they need to perform any tasks that require access to websites? Tutorials? Schedules? Other?
|
# ¿ Jul 6, 2011 03:07 |
|
|
# ¿ May 22, 2024 17:03 |
|
FISHMANPET posted:So here's an SCCM problem I can't run away from. Is it the 64bit boot disk with the 64bit network driver added? and when you said "Then when it reboots, it fails", can you be more specific? Can you post the relevant part of the smsts.log?
|
# ¿ Oct 28, 2011 21:52 |