|
I'm looking to push out the Altiris 7 client to Win7 machines. It seems that it cannot be installed as a startup script, this article claims it is because Group Policy startup scripts run in a "lesser" SYSTEM context. http://www.symantec.com/connect/articles/installingupgrading-altiris-agent-active-directory-group-policy-startup-scripts-including-w Is this true? Is there a lesser SYSTEM account that's used when running startup scripts, compared to the SYSTEM account I use to test software installs to be performed through SCCM? (psexec.exe -s -i cmd.exe) Where can I find documentation (technet, etc)? So far not having any luck tracking down more info.
|
# ¿ May 17, 2012 22:59 |
|
|
# ¿ May 22, 2024 17:44 |
|
At the end of our deployment process (MDT), I want to expire the local Administrator account's password. If you're curious about the reasoning, in MDT the local Administrator account is set to autolog while it runs the Task Sequence (unlike SCCM, which uses the SYSTEM account). This means you have to either specify the Administrator password in the customsettings.ini file, or type it in when running the Task Sequence. I'm trying a simple vbscript, but not having any l luck: code:
I'm a real novice when it comes to vbscript, but all the various sites I looked at seemed to agree this was the code to do it. Win7-64.
|
# ¿ May 29, 2012 14:53 |
|
lol internet. posted:Try executing a net user command with the expire switch to last year. Unfortunately, there does not appear to be an option to force a password change on next logon, only to expire the entire account.
|
# ¿ Jun 1, 2012 14:52 |
|
It's the way MDT works. It' configures autolog with the Administrator account, and uses that account to perform all of the actions. It looks like you are right. I made a second user and put it in the administrators group, and the script worked against that account. The vbscript also worked on a 2008R2 box, but that was joined to the domain. The reason I want to do this: some of our computers, once imaged, go to different areas that have their own IT staff, while some are managed by our internal IT staff. We don't want the computers to go out with a standard password that people never end up changing, and everyone ends up knowing. If I can expire the password at the end of the Task Sequence, the first person to turn it on and log in to the Administrator account is forced to change the password. I can think of a few workarounds for this, I'll just have to determine which one makes most sense.
|
# ¿ Jun 1, 2012 16:01 |
|
You're right about password expiration needing to be enabled on the account before I can expire it. I'll use Powershell and WMI, because they make way more sense to me than vbscript. Thanks
|
# ¿ Jun 1, 2012 16:28 |
|
Stop trying to reinvent the wheel. Look at MDT (with or without WDS).
|
# ¿ Jun 7, 2012 01:27 |
|
RICHUNCLEPENNYBAGS posted:I didn't know I was reinventing the wheel, to be honest. I wasn't trying to be insulting. MDT has a relatively low learning curve, but will do a lot of what you want to do without writing custom scripts. Why is the computer model important to put in the description?
|
# ¿ Jun 7, 2012 02:36 |
|
RICHUNCLEPENNYBAGS posted:It's not absolutely crucial, I guess, but I'd like to be able to see the models at a glance in AD. My boss would appreciate it as well, I think. I mean, yeah, you can get the information through Spiceworks or whatever else too so the world won't collapse if we don't have it. But I didn't imagine it would be very difficult to do. I strongly recommend you dive into MDT, and we'll be happy to answer any questions you might have while implementing it.
|
# ¿ Jun 7, 2012 03:26 |
|
MDT uses WAIK (although you never really have to launch it), and can use WDS as a delivery mechanism... or you can use a boot CD, or a "thick" DVD (all the data is on the DVD) You want to grab the "print ready documentation", and the "technical reference" (iirc) for when you have specific questions. The "standard client task sequence" (I'm sure I am getting the exact name wrong) has a lot of conditional logic in it, and is a hell of a lot more complicated than it needs to be if you're just deploying new PCs. I'll try and remember to post a screenshot of my pared down task sequence tomorrow.
|
# ¿ Jun 7, 2012 04:11 |
|
burritonegro posted:I know this is heresy in a Windows thread, but do any of yall use tools to manage updates for Macs? Define "manage updates".
|
# ¿ Apr 23, 2013 20:44 |
|
You can run an Apple Software Update Server on OS X Server. Another option is Reposado (https://github.com/wdas/reposado)
|
# ¿ Apr 23, 2013 22:12 |
|
What are you guys using for clients? Granted I haven't looked very hard, but I haven't come across a decent client that comes as an MSI.
|
# ¿ May 1, 2013 17:52 |
|
burritonegro posted:So we're looking for a patch management tool to handle our 1200+ computers, about 5:1 Mac:Windows. Ideally it would handle all OS/Flash/Java updates, app install/removal, preferences/policies, etc. Looking at KACE and IBM/Tivoli Endpoint Manager so far. Would folks recommend any others to check out or discourage these? SCCM would be nice, but my boss thinks it might be superfluous for only ~200 Windows machines. I'm of the opinion that it's better to use separate tools for each platform. For Mac, Casper is the big one, although it's pricey (not knowing anything about Tivoli Endpoint or KACE pricing). Would AD+GP+WSUS be sufficient for the Windows PCs?
|
# ¿ May 14, 2013 17:16 |
|
I would rather patch Adobe and Java with Group Policy instead of SCCM. I would rather Java especially install at startup, when no programs are open. Otherwise I have to set logic in SCCM to warn people to close their browsers, kill them if they don't, and cross my fingers that no other program is using Java. Which isn't to say Java/Adobe play nice no matter how you deploy them, but I don't think it's worse with GP than SCCM.
|
# ¿ May 21, 2013 17:38 |
|
|
# ¿ May 22, 2024 17:44 |
|
Is anyone using USMT to migrate from Office 2007 (or 2010) to Office 2013? I'm using USMT5, but looking at the MigApp.xml, Office 2013 is not mentioned. And nobody else on the internet seems to be talking about it.
|
# ¿ May 22, 2013 18:57 |